Upscape Build

Privacy Policy

Effective June 3, 2026

1. Who we are

This privacy policy describes how Speckle Interiors Pvt. Ltd. (operating as “Upscape Build”), a company registered in India, collects, uses, stores, discloses, and protects the personal information of individuals who interact with our services — including prospective customers, lead enquiries, current and past clients, and visitors to our websites and WhatsApp channels.

Data Fiduciary: Speckle Interiors Pvt. Ltd. (operating as “Upscape Build”), Chennai, Tamil Nadu, India.
Grievance Officer / Data Protection contact: admin@upscape.in

2. The information we collect

We collect only what we need to plan, quote, build, and hand over a residential construction project. The categories of personal information we may hold:

  • Contact details — name, phone number, email, WhatsApp identifier.
  • Project details — site location, plot size, design preferences, timeline, budget, and tier selection.
  • Quotation and payment records — issued quotes, agreed price, milestone payments, GST details where required.
  • Communications — messages exchanged with us over WhatsApp, email, web forms, phone calls (recorded only with disclosure), and in-person consultations.
  • Site and project media — photographs, drawings, NABL test reports, and other documents produced during the build.
  • Marketing-source signals — whether you reached us through Instagram, our website, a referral, or a paid advertisement.
  • Technical data on our websites — basic anonymised analytics (page, device type, country) for performance monitoring. We do not use cross-site tracking cookies.

We do not collect or store payment card details — payments are processed by regulated third-party gateways and we receive only the transaction reference.

3. How we use the information

Your personal information is used strictly for the following purposes:

  • To respond to your enquiry, prepare a personalised quotation, and arrange consultations or site visits.
  • To execute the design, construction, and handover of your project — including communications with our architects, engineers, site supervisors, and your assigned Project Coordinator.
  • To send transactional updates (milestone reached, document ready, payment reminder, handover preparation) over WhatsApp, email, or SMS.
  • To meet legal, tax, and regulatory obligations — including GST filings, contract record-keeping, and warranty obligations.
  • To improve our services through anonymised analytics, training of internal AI tools, and quality reviews — never using identifying details for these purposes without consent.
  • With your explicit consent, to send occasional marketing messages about new offerings, design events, or referral programmes. You may withdraw this consent at any time (see section 9).

4. Lawful basis for processing

Where applicable under the Digital Personal Data Protection Act, 2023 (DPDPA) and any successor legislation, we process personal information on the following lawful bases:

  • Consent — when you submit an enquiry, message us on WhatsApp, or accept a quotation, you consent to the processing necessary to fulfil that purpose.
  • Performance of contract — once a construction agreement is executed, processing necessary to deliver the project is performed under contract.
  • Legitimate uses — recognised under section 7 of the DPDPA, including compliance with law and certain employment and corporate purposes.

5. WhatsApp and Meta platforms

We communicate with leads and clients primarily through the WhatsApp Business Platform, operated by Meta Platforms Ireland Limited. When you message our WhatsApp number (+91 73058 95594), your messages and the metadata associated with them (sender phone number, display name where shared, timestamps, delivery and read receipts) are received by us and stored in our internal customer record system.

Meta's own terms govern the WhatsApp service itself. We only access information you send to our business account; we do not access your contacts, your other WhatsApp conversations, or any personal data on your device. We use AI-assisted features (powered by large language models from Anthropic and OpenAI) to draft replies and summarise conversation history for our team — message content is sent to these providers solely for that purpose and is not used by them to train public models.

6. Where information is stored and who processes it

We use a small set of service providers, each chosen for security and data-handling practices:

  • Supabase — primary database hosting (Singapore region).
  • Vercel — application hosting and edge delivery.
  • Meta WhatsApp Business Platform — message transport for WhatsApp.
  • Anthropic and OpenAI — AI processing for reply drafting and conversation summarisation. Inputs are not retained for training.
  • FAL.ai — server-side image generation for personalised quote covers.
  • Exotel — cloud telephony for inbound calls and recording (where applicable).
  • Resend or equivalent — transactional email delivery.

Some processors are located outside India. Where they are, we rely on contractual safeguards and the lawful-transfer provisions of the DPDPA. We do not sell personal information to third parties under any circumstance.

7. How long we keep the information

  • Active leads and prospects — up to 24 months from last contact, after which the record is anonymised unless you become a customer.
  • Customer records — for the duration of the project plus the contractual warranty period (typically 10–25 years for structural warranty), and as required by tax, audit, and regulatory law.
  • Marketing consent records — until consent is withdrawn, plus a short period to evidence the withdrawal.
  • Recorded calls and WhatsApp transcripts — up to 36 months from the date of the conversation, unless required for an active project or legal matter.

8. How we protect the information

  • All data in transit is encrypted using TLS 1.2 or higher.
  • Database access is restricted by row-level security, with role-based scopes (sales, manager, admin, owner) enforced on every query.
  • Webhook receipts from Meta are verified by HMAC signature.
  • Production secrets are stored in encrypted environment variables and access-audited.
  • Staff access to customer records is logged in an immutable audit trail.
  • We conduct periodic reviews of our processors and update this policy when our processing changes materially.

9. Your rights

Under the DPDPA and other applicable law you have the right to:

  • Access — request a summary of the personal information we hold about you and how it is being used.
  • Correction — ask us to correct inaccurate or incomplete personal information.
  • Erasure — request deletion of your personal information where retention is not required for legal or contractual reasons (see section 10).
  • Withdraw consent — including stopping marketing messages, with effect for the future.
  • Nominate — under the DPDPA, appoint another person to exercise these rights in case of death or incapacity.
  • Grievance redressal — raise a concern with our Grievance Officer (contact below). If unresolved, you may approach the Data Protection Board of India.

10. How to delete your data

To request deletion of the personal information we hold about you, email us at privacy@upscape.in from the email address or phone number associated with your enquiry, with the subject line “Data Deletion Request”. We will:

  • Acknowledge your request within 7 working days.
  • Delete the data within 30 days, except where retention is required by law (for example, tax records and contractual warranty documents).
  • Confirm completion of the deletion in writing.

If you have only contacted us via WhatsApp, you may also send the words DELETE MY DATA to our WhatsApp number (+91 73058 95594) and the same process will follow.

11. Children

Our services are not directed at children under 18. We do not knowingly collect personal information from anyone under 18. If you believe we hold such information, please contact us at privacy@upscape.in and we will delete it.

12. Changes to this policy

We may update this policy from time to time to reflect changes in our services, legal requirements, or operational practices. The “Effective” date at the top of this page tells you when the most recent change was made. Material changes will be communicated to active clients via email or WhatsApp.

13. Contact us

For any privacy-related question, request, or complaint: