Cookie Policy | Cladbe

1. Introduction & Scope

Cladbe Platforms LLP ("Cladbe", "we", "us", or "our"), a limited liability partnership having its registered office at Tulsi Nagar, Bareilly, Uttar Pradesh – 243006, operates a real estate technology ecosystem comprising the Cladbe corporate website, the Property.new B2C marketplace, the Cladbe OS dashboard for builders and channel partners, the customer post-purchase mobile application, and physical Experience Centres.

This Master Cookie & Tracking Technology Policy ("Cookie Policy", "Policy") describes the cookies and similar tracking technologies we use to operate, secure, and improve our Services, the lawful basis on which we deploy them, and the choices available to you to manage your preferences.

This Policy is published in compliance with: (a) the Digital Personal Data Protection Act, 2023 and the Digital Personal Data Protection Rules, 2025 ("DPDP Act and Rules"); (b) the Information Technology Act, 2000 and the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 (as amended) ("IT Rules"); (c) the Consumer Protection (E-Commerce) Rules, 2020; (d) the directions issued by the Indian Computer Emergency Response Team ("CERT-In") under Section 70B(6) of the IT Act; and (e) where applicable to non-resident users, the EU General Data Protection Regulation ("GDPR") and equivalent foreign privacy regulations.

This Cookie Policy must be read together with the Master Privacy Policy and the Master Terms of Use, both published at cladbe.com. In the event of any inconsistency in respect of personal data processing, the Master Privacy Policy shall prevail.

Coverage

This Policy covers tracking technologies deployed across the following surfaces:

The Cladbe corporate website at cladbe.com and all subdomains;
The Property.new B2C marketplace at property.new and all subdomains, including any specialised landing pages or campaign micro-sites;
The Cladbe OS dashboard accessed through web browsers by Builders, Channel Partners, Staff, Vendors, and Site Users;
The customer post-purchase mobile application available on the Apple App Store and Google Play Store;
Email communications dispatched by Cladbe through its third-party email service provider;
Push notifications delivered to mobile devices through our push-notification provider;
Tracking and analytics within physical Experience Centres operated under the Cladbe brand (where applicable, including QR-code-driven session capture and Wi-Fi-based footfall analytics).

2. Definitions

Capitalised terms used in this Policy have the meanings assigned below. Terms not defined here have the meanings assigned in the Master Privacy Policy or the Master Terms of Use.

Term	Meaning
Cookies	Small text files placed on a User's device by the website or application being visited, used to remember preferences, maintain authenticated sessions, support analytics, and enable certain features. Cookies may be "first-party" (set by Cladbe domains) or "third-party" (set by external service providers).
Session Cookies	Cookies that exist only for the duration of the User's browsing session and are deleted when the browser is closed.
Persistent Cookies	Cookies that remain on the User's device for a defined retention period (ranging from minutes to years) until they expire or are manually deleted.
Local Storage / IndexedDB	Browser-side storage mechanisms used to retain larger volumes of structured or unstructured data on the User's device, typically for offline-first functionality, draft caching, or preference persistence.
Pixel Tag / Web Beacon	A transparent 1×1 image or invisible script element embedded in a web page or email that records that a page has been viewed or an email has been opened.
SDK	A Software Development Kit — a set of libraries integrated into mobile applications that may collect device, behavioural, or analytics data.
Device Identifier	Any unique identifier associated with a device or operating system instance, including the Advertising ID (Google Ad ID, Apple IDFA), Android ID, Vendor ID, push notification token, or platform-specific identifier.
Fingerprinting	The process of combining multiple non-unique browser or device characteristics (such as installed fonts, screen resolution, timezone, language, and user agent) to create a probabilistic identifier capable of recognising a User across sessions or devices.
Strictly Necessary Cookies	Cookies essential for the Services to function (authentication, security, fraud detection, load balancing, session continuity).
Performance / Analytics Cookies	Cookies and similar technologies that help Cladbe understand how Users interact with the Services, identify usability issues, and improve product features.
Functionality / Preferences Cookies	Cookies that remember User choices (language, time zone, layout preferences, recently viewed projects).
Targeting / Advertising Cookies	Cookies used to deliver, measure, and personalise advertisements on or off the Services.
Consent Banner	The opt-in interface presented to Users on first visit to a Cladbe surface, allowing the User to accept, reject, or granularly configure cookie preferences.

3. What Cookies & Tracking Technologies Are

When you visit a website or open a mobile application, the operator may store small files or run small pieces of code on your device. These technologies serve a range of legitimate purposes, including keeping you signed in, remembering your preferences, protecting against fraud, and helping the operator understand how its product is being used.

This Policy uses "tracking technologies" as an umbrella term covering, in addition to traditional Cookies, the following:

Local Storage and IndexedDB — used by Property.new and the OS Dashboard for draft caching, offline support, and preference persistence;
Pixel Tags and Web Beacons — used in Cladbe email communications and on certain marketing pages;
SDKs — integrated into the customer post-purchase mobile application for analytics, push notifications, crash reporting, and feature flags;
Device Identifiers — used by mobile platforms for push notifications, install attribution, and authenticated session management;
Server-side logs — maintained by Cladbe and CERT-In-prescribed for incident investigation, IP geolocation, and abuse mitigation.

Some of these technologies are essential and operate without seeking your explicit consent ("Strictly Necessary"). Others are deployed only after you provide an affirmative opt-in through the Consent Banner.

4. Categories of Cookies & Trackers We Use

We organise the cookies and tracking technologies that operate across the Services into four functional categories. The Consent Banner allows you to accept or reject each non-essential category independently.

4.1 Strictly Necessary

These technologies are essential for the Services to function and cannot be disabled. They are deployed without consent on the lawful basis that they are necessary for the performance of a contract or for the legitimate use to enable a User to access the Services. Disabling them would render core functionality (such as login, payment, security, or session management) inoperable. Examples include authentication tokens, anti-forgery tokens, load balancer affinity cookies, and security challenge cookies.

4.2 Performance / Analytics

These technologies help us measure and understand how Users interact with the Services. They allow us to count visits and traffic sources, identify slow-loading pages, detect errors, and prioritise feature improvements. The information generated is generally aggregated and statistical in nature, although certain analytics platforms may also process pseudonymised User identifiers. These technologies are deployed only after you affirmatively opt in through the Consent Banner.

4.3 Functionality / Preferences

These technologies remember choices you make (such as language, currency, layout preferences, recently-viewed projects, saved searches, and notification preferences) so that we can deliver a smoother and more personalised experience. They are deployed only after you affirmatively opt in through the Consent Banner.

4.4 Targeting / Advertising

Where Cladbe runs paid marketing campaigns on third-party advertising platforms, these technologies may be used to (a) measure the effectiveness of such campaigns, (b) attribute conversions back to specific advertisements, and (c) display relevant Cladbe ads to you on other websites and applications based on your interaction with the Services. These technologies are deployed only after you affirmatively opt in through the Consent Banner. We do not sell your personal data to advertisers, and we do not use cross-device probabilistic fingerprinting (see Section 13).

5. Specific Cookies & Trackers Deployed

The tables below list the principal cookies and tracking technologies in operation at the time of publication. The list is illustrative; specific technologies may be added, removed, or replaced as we improve the Services. Material changes will be reflected in updated versions of this Policy and, where required, will trigger renewed consent collection.

5.1 Strictly Necessary

Cookie / Tracker	Provider	Duration	Purpose
session	Cladbe (1st party)	Session	Maintains your authenticated session across pages.
__Host-csrf	Cladbe (1st party)	Session	Anti-cross-site-request-forgery token for form submissions.
Security / bot-management cookies	Content delivery / security provider	30 min – 1 year	Bot management, DDoS protection, and edge load balancing.
Request-tracing cookie	Content delivery / security provider	Session	Request tracing across our content-delivery network for debugging.
lb_affinity	Cladbe (1st party)	Session	Routes you to the same backend server for the duration of your session.
Authentication token	Authentication provider	Up to 1 hour, refreshed	Maintains your signed-in state on the Cladbe OS Dashboard.
pn_jwt	Cladbe (1st party)	Up to 24 hours, refreshed	Maintains your signed-in state on Property.new.
consent_state	Cladbe (1st party)	12 months	Records your cookie preferences as expressed via the Consent Banner.

5.2 Performance / Analytics

Cookie / Tracker	Provider	Duration	Purpose
Product analytics cookies	Product analytics provider	Up to 12 months	Product analytics, feature usage measurement, conversion funnels. Pseudonymous User ID is generated client-side.
Web analytics cookies	Web analytics provider	13 months	Web and marketing analytics — traffic sources, audience segmentation, campaign attribution.
Web analytics cookies (short-window)	Web analytics provider	24 hours	Distinguishes Users for short-window analytics.
Monitoring cookies	Error and performance monitoring provider	Session	Server-side observability, error tracing, performance monitoring. No marketing use.

5.3 Functionality / Preferences

Cookie / Tracker	Provider	Duration	Purpose
lang_pref	Cladbe (1st party)	12 months	Stores your language and region preference.
recently_viewed	Cladbe (1st party)	30 days	Remembers projects you recently viewed for quicker access.
saved_search_id	Cladbe (1st party)	12 months	Restores saved-search filters across sessions on Property.new.
Video-streaming token	Video streaming provider	Short-lived (per video)	Authenticated streaming token for video tour playback. Set only when you actively initiate a video stream.
Real-time call token	Real-time communications provider	Per-call	Authenticated session token for in-product video / voice calls (where applicable).

5.4 Targeting / Advertising

Cookie / Tracker	Provider	Duration	Purpose
Advertising cookies (Meta)	Meta (where active)	90 days	Conversion measurement for paid campaigns on Meta platforms; only deployed when Cladbe runs an active Meta campaign.
Advertising cookies (Google)	Google (where active)	Up to 13 months	Conversion measurement and remarketing for paid advertising campaigns; only deployed when an active Google campaign is running.
Advertising cookies (LinkedIn)	LinkedIn (where active)	Up to 90 days	Conversion measurement and audience building for advertising campaigns; only deployed when an active LinkedIn campaign is running.

If a particular advertising campaign is not active during your visit, the corresponding targeting cookies will not be set, even if you have consented to the Targeting / Advertising category. Where a third-party advertising platform that we currently engage is replaced by another, the new provider's cookies will be deployed in lieu, subject to your existing consent for the category.

6. Mobile App SDKs & Device Identifiers

The customer post-purchase mobile application available on the Apple App Store and Google Play Store does not use traditional browser cookies. Instead, it integrates a controlled set of SDKs and platform-level identifiers that perform analogous functions.

6.1 SDKs in Use

SDK	Function	Data Categories
Authentication provider	User sign-in, session management, multi-factor authentication.	Phone number / email; auth tokens; sign-in events.
Push notification provider	Delivery of push notifications.	Push notification token; device platform; delivery receipts.
Product analytics SDK	Product analytics, feature usage measurement, feature flag evaluation.	Pseudonymous User ID; in-app event names; screen names; device model and OS version. Personally identifying free-text content is excluded by default.
Crash & performance reporting	Crash logs, ANR reporting, performance traces.	Stack traces; OS version; device model; non-personal app context.

6.2 Device Identifiers

The mobile application accesses the following platform-level identifiers as required for core functionality:

Push Notification Token — issued by the operating-system push-notification service (Apple or Google), used solely to deliver in-app notifications. The token is opaque, rotates over time, and is not shared with third parties for advertising;
Vendor / Install ID — a per-app identifier (a per-vendor identifier on iOS; an install-scoped identifier on Android) used for crash attribution and feature flag bucketing;
Advertising Identifier (Apple IDFA / Google Ad ID) — NOT USED. The Cladbe customer post-purchase mobile application does not request or process the platform Advertising Identifier.

6.3 In-App Permissions

Where the mobile application requires access to device features (location, camera, contacts, calendar, biometric authentication), such access is requested through the operating system's standard permission prompt. You may grant or deny each permission independently and may revoke any permission at any time through your device settings. Some Service features (such as virtual visit walkthroughs, biometric login, and document scan upload) require specific permissions and will be unavailable if permission is denied.

7. Email Tracking Pixels

Cladbe sends two broad categories of email through its third-party email service provider: (a) transactional emails (such as account verification, OTP, payment receipts, demand letters, and statutory notices); and (b) marketing emails (such as product newsletters, project announcements, and campaign communications).

7.1 Transactional Emails

Transactional emails relate to the performance of a service requested by you and are sent on the lawful basis of legitimate use under Section 7(a) of the DPDP Act. Such emails may contain a tracking pixel that records (i) whether the email was opened, and (ii) whether links contained therein were clicked. We use this minimal data to verify deliverability of statutorily mandated communications (such as Demand Letters and grievance acknowledgements) and to detect deliverability problems requiring corrective action. We do not use transactional email tracking for marketing or profiling purposes.

7.2 Marketing Emails

Marketing emails are sent only to recipients who have opted in to receive such communications. Marketing emails may contain a tracking pixel and link redirects that record open and click events for the purpose of campaign performance measurement and content optimisation. Every marketing email contains a one-click unsubscribe link. Unsubscribing from marketing emails will not affect your receipt of transactional emails.

7.3 Withdrawal of Consent

You may withdraw your consent to marketing email tracking at any time by clicking the unsubscribe link in any marketing email or by contacting info@cladbe.com. Withdrawal applies prospectively and does not invalidate processing carried out prior to the withdrawal.

8. Consent Mechanism & Cookie Banner

8.1 First-Visit Banner

On your first visit to cladbe.com or property.new from a particular browser or device, we display a Consent Banner offering you four primary actions:

Accept All — enables Strictly Necessary, Performance / Analytics, Functionality / Preferences, and Targeting / Advertising categories;
Reject All Optional — enables only Strictly Necessary cookies; all other categories remain disabled;
Customise — opens a granular preferences panel allowing you to enable or disable each non-essential category independently;
Read Cookie Policy — opens this Policy in a new tab.

The Consent Banner is presented in equal visual weight, with the Reject and Accept options of equivalent prominence. We do not use pre-ticked checkboxes for non-essential categories, and continued browsing of the Services without an explicit choice does not constitute consent.

8.2 Granular Preferences

Within the Customise panel you may independently toggle: Performance / Analytics; Functionality / Preferences; Targeting / Advertising. Each toggle is set to OFF by default and requires affirmative action to enable. Strictly Necessary cookies are listed for transparency only and cannot be disabled, as they are essential for the Services to function.

8.3 Consent Record

Your consent choices are recorded server-side against a pseudonymous identifier and locally in the consent_state cookie. The record includes: the categories you accepted; the time of consent; the version of this Policy in effect at the time; and the surface (cladbe.com, property.new, or in-app) where the consent was recorded. Consent records are retained for a minimum of three (3) years after the last record, in line with the DPDP Act and Rules audit-trail expectation.

8.4 Renewed Consent

Your consent choices are valid for twelve (12) months from the date recorded. After that period, or where this Policy is materially updated to introduce new categories of trackers, the Consent Banner will be re-displayed to seek renewed consent. You may also revisit and modify your consent choices at any time through the "Cookie Preferences" link in the website footer.

9. How to Manage or Withdraw Consent

9.1 In-Product Controls

You may at any time review and modify your cookie consent preferences using the "Cookie Preferences" link located in the footer of every page on cladbe.com and property.new. Changes take effect immediately upon submission and are recorded in the consent record described in Section 8.3.

9.2 Effect of Withdrawal

If you disable a previously enabled category, we will stop deploying the corresponding cookies and trackers prospectively. Cookies already set on your device before withdrawal will remain until they expire on their natural schedule or are deleted by you using your browser controls. Server-side data already collected lawfully under your prior consent will be retained, processed, or deleted in accordance with the Master Privacy Policy.

9.3 Mobile App Consent

In the customer post-purchase mobile application, opt-in to non-essential analytics and preferences SDKs is collected through an in-app consent flow on first launch. You may modify these choices at any time through the in-app Settings → Privacy menu. Push notifications, biometric login, location, camera, and contacts permissions are managed separately through your operating system's permission settings.

9.4 Withdrawal Through Grievance Channel

You may also withdraw consent or raise a query about cookie processing by writing to info@cladbe.com or to the Grievance Officer designated in Section 14. Withdrawal requests will be acted upon within seventy-two (72) hours of receipt and resolved within the timelines prescribed under the DPDP Act and Rules.

10. Browser-Level & Device-Level Controls

10.1 Browser Settings

Most modern browsers allow you to view, manage, and block cookies through their privacy and security settings. Specific instructions for the most widely used browsers are available at:

Google Chrome — support.google.com/chrome/answer/95647
Mozilla Firefox — support.mozilla.org/kb/cookies-information-websites-store-on-your-computer
Apple Safari — support.apple.com/guide/safari/manage-cookies-sfri11471
Microsoft Edge — support.microsoft.com/microsoft-edge

Please note that disabling all cookies through your browser will likely break Strictly Necessary cookies that are required for the Services to function. You will not be able to log in, complete transactions, or use most features of the OS Dashboard or Property.new with all cookies disabled.

10.2 Do Not Track Signals

Cladbe currently does not respond to browser-issued "Do Not Track" (DNT) signals, as there is no consensus interpretation of DNT under Indian law and major browser vendors have deprecated or removed the feature. You can achieve the equivalent outcome by selecting "Reject All Optional" in the Consent Banner.

10.3 Mobile Operating System Controls

Both iOS and Android offer system-level privacy controls including limit ad tracking, app tracking transparency (iOS), and per-app permission management. We respect any restriction expressed at the operating-system level: where the operating system prevents access to a device identifier, our SDKs will operate in a degraded mode that omits the affected functionality.

11. Cross-Border Transfers

Some of the cookies and tracking technologies described in this Policy are operated by service providers headquartered or processing data outside India. Where this is the case, transfer of personal data is governed by Section 16 of the DPDP Act and Rule 14 of the DPDP Rules, 2025, including any restrictions notified by the Central Government in respect of categories of personal data or destination jurisdictions.

The principal cross-border processors associated with cookie and tracking-technology operations are listed in the Sub-Processor Register, available on written request to info@cladbe.com. Cladbe maintains contractual data-protection commitments with each such processor consistent with the requirements of the DPDP Act and Rules.

12. Children's Privacy

The Services are not intended for use by individuals under the age of eighteen (18). We do not knowingly direct cookies or tracking technologies at children. Where we become aware that a User is a child within the meaning of the DPDP Act, we shall (a) cease processing of any personal data collected through cookies that requires consent, except as permitted under Section 9 of the DPDP Act and Rule 10 of the DPDP Rules; and (b) seek verifiable parental consent in accordance with Rule 10 before continuing any processing for which consent is required.

Where a real estate purchase is being effected in the name of a minor through a legal guardian, the guardian's consent (and not the minor's) is the operative consent for purposes of cookie deployment on the relevant transactional surfaces.

13. Changes to This Policy

We may update this Policy from time to time to reflect changes in technology, the Services, the third-party providers we engage, or applicable law. Where the change introduces new categories of cookies or trackers, materially expands the purposes for which existing trackers are used, or adds new cross-border transfers requiring consent, we will (a) update the version and effective date on the cover page; (b) trigger re-display of the Consent Banner on your next visit; and (c) where you have provided an email address, send a notice describing the material changes.

Minor edits (such as clarifications, fixes to broken links, or updates to provider names without change in function) may be made without re-displaying the Consent Banner, but will be reflected in an updated version of this Policy.

14. Grievance Officer & Contact

Questions, complaints, or rights requests relating to cookies and tracking technologies may be addressed to:

Field	Details
Entity	Cladbe Platforms LLP (LLPIN: ACH-4755)
Registered Address	Tulsi Nagar, Bareilly, Uttar Pradesh – 243006, India
Grievance Officer	Sumit Kashyap
General & Privacy / Cookie Queries	info@cladbe.com
General Grievances	grievance@cladbe.com
Phone	+91-8941999555
Acknowledgement Time	Within seventy-two (72) hours of receipt
Resolution Time	Within timelines prescribed under the DPDP Act and Rules; in any event not later than ninety (90) days from receipt

You may also raise grievances through the in-app support workflow available within the OS Dashboard, Property.new, the customer post-purchase mobile application, and the Cladbe website.