Your Privacy Matters

Privacy Policy

We are committed to protecting your personal data. This policy explains what we collect, why we collect it, and how you can control it.

Last updated: 1 June 2026·Effective: 1 June 2026

256-bit Encrypted

All data in transit & at rest

Never Sold

Your data is never sold to anyone

You're in Control

Access, edit or delete anytime

India Data Residency

Stored on servers in India

1. Overview

LegalConnect India Private Limited ("LegalConnect," "we," "us," or "our") operates the LegalConnect platform, including our website and mobile applications (collectively, the "Platform"). This Privacy Policy explains how we collect, use, store, share, and protect your personal information when you use our Platform.

This policy applies to all users of the Platform, including Clients who seek legal advice and Lawyers who provide it. By using the Platform, you consent to the practices described in this Privacy Policy.

Our commitment: We collect only the data we genuinely need, use it only for the purposes described below, and give you meaningful control over it. We never sell your personal data to advertisers or third parties.

2. Data We Collect

We collect personal data in three ways: information you provide directly, information collected automatically, and information from third parties.

A. Information You Provide

Category	Examples	Who Provides It
Account Information	Full name, email address, phone number, date of birth, password	All users
Identity Verification	Government-issued ID, Aadhaar number (last 4 digits only), Bar Council enrolment number	Lawyers only
Professional Details	Law degree, practice areas, years of experience, languages spoken, consultation fee	Lawyers only
Legal Query Content	Matter description, supporting documents, audio/video recordings, uploaded files	Clients only
Payment Information	Bank account details (lawyers), UPI/card details processed by Razorpay (clients)	All users
Communications	Messages exchanged with lawyers, support tickets, feedback, reviews	All users
Profile Information	Profile photo, bio, location, language preferences	All users

B. Information Collected Automatically

Device & Technical Data: IP address, browser type and version, operating system, device identifiers, screen resolution, and time zone.
Usage Data: Pages visited, features used, search queries entered, links clicked, session duration, and navigation patterns.
Location Data: Approximate location derived from IP address. We do not collect precise GPS location without explicit consent.
Log Data: Server logs including access times, error reports, and platform performance metrics.

C. Information from Third Parties

Payment Processors: Transaction status and masked payment details from Razorpay.
Bar Council Verification: Public enrolment records from State Bar Council databases used to verify Lawyer credentials.
Social Login (if used): If you sign in via Google, we receive your name and email address as permitted by your Google account settings.

3. How We Use Your Data

Purpose	Data Used	Applies To
Create and manage your account	Name, email, phone, password	All users
Verify Lawyer credentials	Bar Council number, ID documents, degree	Lawyers
Facilitate Consultations	Query content, documents, messages, video	All users
Process payments and payouts	Payment details, bank account, transaction records	All users
Send service notifications	Email, phone (for OTP, booking alerts)	All users
Improve platform performance	Usage data, log data, device information	All users
Enforce Terms & Conditions	Account data, communications, usage logs	All users
Fraud detection and security	IP address, device ID, login patterns	All users
Send marketing communications	Email (opt-in only, unsubscribe anytime)	Opted-in users
Comply with legal obligations	As required by applicable law or court order	All users

We do not use your legal query content or Consultation communications for any purpose other than delivering the Services and maintaining platform safety. We do not use Consultation data to train AI models without explicit opt-in consent.

4. Legal Basis for Processing

Our processing of your personal data is based on the Information Technology Act, 2000 and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 ("SPDI Rules"), and, where applicable, general principles of data protection.

Contractual Necessity: Processing required to provide the Services you have requested, such as account creation, Consultation delivery, and payment processing.
Consent: Where you have explicitly consented, such as receiving marketing emails or sharing location data. You may withdraw consent at any time.
Legitimate Interests: Platform security, fraud prevention, service improvement, and internal analytics, where these interests are not overridden by your rights.
Legal Obligation: Where we are required to process data to comply with applicable Indian laws, regulations, or court orders.

We do not sell your personal data. We share data only in the following limited circumstances:

With Lawyers (for Clients): When you submit a query, the Lawyer assigned to your Consultation receives the information necessary to provide advice — your name, query content, and uploaded documents. Lawyers are bound by professional confidentiality obligations.
With Clients (for Lawyers): Your name, profile photo, specialisation, rating, and professional details are visible to Clients browsing the directory or assigned to your Consultations.
Payment Processors: Razorpay processes payment transactions. We share only the data necessary to complete transactions. Razorpay's privacy policy governs their data handling.
Cloud & Infrastructure Providers: We use AWS (Mumbai region) for data storage and processing. These providers act as data processors under strict contractual obligations.
Analytics Providers: Anonymised and aggregated usage data may be shared with analytics partners. No personally identifiable information is included.
Legal & Regulatory Authorities: Where required by law, court order, or to protect the rights, property, or safety of LegalConnect, its users, or the public.
Business Transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred to the successor entity, with advance notice provided to you.

6. Data Security

We implement industry-standard security measures to protect your personal data from unauthorised access, disclosure, alteration, or destruction:

End-to-End Encryption

All messages and documents are encrypted using AES-256 in transit and at rest.

TLS 1.3 in Transit

All data transferred between your device and our servers uses TLS 1.3 protocol.

India-Based Servers

Data is stored on AWS infrastructure in the Mumbai (ap-south-1) region.

Access Controls

Internal access to personal data is restricted to authorised personnel on a need-to-know basis.

While we take all reasonable steps to protect your data, no system is 100% immune to security incidents. If you suspect unauthorised access to your account, please contact us immediately at security@legalconnect.in.

7. Data Retention

We retain your personal data for as long as your account is active and as necessary to fulfil the purposes described in this Policy:

Data Type	Retention Period	Reason
Account Information	Duration of account + 2 years after closure	Legal compliance, dispute resolution
Consultation Records	5 years from Consultation date	Legal advice records, regulatory requirements
Payment Records	8 years	Tax and accounting obligations under Indian law
Support Communications	3 years	Quality assurance and dispute resolution
Usage & Log Data	12 months	Security monitoring and platform improvement
Marketing Data	Until opt-out + 30 days	Opt-in consent based

Upon account deletion, your personally identifiable information is removed or anonymised within 30 days, except where retention is required by law or for ongoing legal proceedings.

8. Cookies & Tracking Technologies

We use cookies and similar technologies to operate and improve the Platform. You can control cookies through your browser settings, though disabling certain cookies may affect Platform functionality.

Cookie Type	Purpose	Can Be Disabled?
Essential / Strictly Necessary	Login sessions, security tokens, CSRF protection. Required for the Platform to function.	No — essential for security
Functional	Remember your preferences (language, theme, location filter). Improves your experience.	Yes — some features may break
Analytics	Understand how users navigate the Platform using anonymised data (e.g., Google Analytics).	Yes — via cookie banner
Marketing (opt-in only)	Deliver relevant platform updates and offers if you have opted in to marketing communications.	Yes — via account settings

9. Your Rights

You have the following rights with respect to your personal data. To exercise any of these rights, contact us at privacy@legalconnect.in. We will respond within 30 days.

Right to Access

Request a copy of all personal data we hold about you.

Right to Rectify

Correct inaccurate or incomplete personal data in your account.

Right to Erasure

Request deletion of your data, subject to legal retention obligations.

Right to Portability

Receive your data in a structured, machine-readable format.

Right to Object

Object to processing based on legitimate interests or for direct marketing.

Right to Restrict

Request that we limit how we use your data while a dispute is under review.

To submit a data rights request, email privacy@legalconnect.in with the subject line "Data Rights Request" and include your registered email address and the specific right you wish to exercise. We may need to verify your identity before processing the request.

10. Children's Privacy

The Platform is not intended for, and does not knowingly collect personal data from, individuals under the age of 18. If you are under 18, please do not use the Platform or provide any personal information to us.

If we become aware that we have inadvertently collected personal data from a child under 18, we will take immediate steps to delete such data. If you believe a child has provided us with personal information, please contact us at privacy@legalconnect.in.

11. International Data Transfers

LegalConnect stores and processes all personal data on servers located within India (AWS Mumbai region) in accordance with the IT Act and SPDI Rules. We do not routinely transfer personal data outside of India.

Where an international transfer is unavoidable (for example, when using a globally distributed service provider), we ensure adequate safeguards are in place, including contractual data processing agreements requiring the recipient to maintain data protection standards equivalent to Indian law.

12. Policy Updates

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

Update the "Last Updated" date at the top of this Policy.
Send a notification to your registered email address at least 14 days before the changes take effect.
Display a prominent banner on the Platform for at least 30 days after the update.

Your continued use of the Platform after the effective date of a revised Policy constitutes your acceptance of the changes. If you do not agree, you may close your account before the effective date.

13. Contact & Data Protection Officer

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact our Data Protection Officer:

Data Protection Officer

LegalConnect India Pvt. Ltd.

4th Floor, Prestige Tower

MG Road, Bengaluru – 560001

Karnataka, India

Reach Us

privacy@legalconnect.in security@legalconnect.in

Response time: within 30 days