Privacy Policy

1. Introduction

Lexshastra ("we," "our," or "us") is a litigation management platform operated by Lexshastra Private Limited, a company incorporated under the laws of India, with its registered office at Flat 5, S No 33/12a, Amrita Heights Chsl, Deccan Gymkhana, Pune, Pune City, Maharashtra, India, 411004.

This Privacy Policy explains how we collect, use, store, disclose, and safeguard your personal information when you access or use our website at lexshastra.in, our mobile applications, and all related services (collectively, the "Platform"). By using the Platform, you consent to the practices described in this Privacy Policy. If you do not agree with any part of this policy, please discontinue use of the Platform immediately.

This policy is published in compliance with Section 43A of the Information Technology Act, 2000, the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, and any other applicable data protection laws and regulations in India.

2. Information We Collect

2.1 Personal Information You Provide

When you register, subscribe, or interact with the Platform, we may collect the following categories of information:

• Identity Information: Full name, email address, phone number, and professional credentials such as bar council enrollment number and practice area.
• Account Credentials: Username, password (stored in encrypted form), and authentication tokens for third-party sign-in services (Google, Microsoft).
• Billing Information: Payment method details processed through Razorpay, subscription plan details, invoices, and transaction history. We do not store your credit/debit card numbers directly on our servers.
• Case Data: Case details, party names, hearing dates, court orders, documents, notes, and any other litigation-related information you enter into the Platform.
• Communication Data: Messages exchanged with team members through the Platform's built-in messaging feature, and any correspondence with our support team.
• Workspace Information: Organisation name, team member details, roles, and workspace configuration preferences.

2.2 Automatically Collected Information

When you access or use the Platform, we automatically collect certain technical and usage information, including:

• Device Information: Browser type and version, operating system, device model, screen resolution, and unique device identifiers.
• Log Data: IP address, access timestamps, pages viewed, referring URLs, and actions performed on the Platform.
• Usage Analytics: Feature usage patterns, session duration, interaction data, and performance metrics collected through Google Analytics and similar tools.
• Location Data: Approximate geographic location derived from your IP address. We do not collect precise GPS location data.

2.3 Information from Third Parties

We may receive information about you from third-party services you connect to the Platform, including:

• eCourts Integration: Case status, hearing schedules, court orders, and cause list information fetched from the eCourts India portal on your behalf.
• OAuth Providers: Basic profile information (name, email, profile picture) from Google or Microsoft when you choose to sign in using these services.
• Payment Processors: Transaction confirmation, payment status, and subscription lifecycle events from Razorpay.

3. How We Use Your Information

We use the information we collect for the following purposes:

• Service Delivery: To provide, operate, maintain, and improve the Platform's features, including case management, document storage, calendar, task management, billing tools, AI-powered research, and team collaboration.
• Account Management: To create and manage your account, authenticate your identity, process subscription payments, and manage billing.
• Communication: To send you service-related notifications, including hearing reminders, case status updates, cause list alerts, payment confirmations, and security alerts.
• Analytics & Improvement: To analyse usage patterns, diagnose technical issues, monitor Platform performance, and develop new features and functionality.
• Legal Compliance: To comply with applicable legal obligations, respond to lawful requests from authorities, and protect our legal rights and interests.
• Customer Support: To respond to your queries, troubleshoot issues, and provide technical assistance.
• Security: To detect, prevent, and address fraud, abuse, security incidents, and other harmful activities on the Platform.

4. Legal Basis for Processing

We process your personal information on the following legal grounds:

• Consent: Where you have provided explicit consent for specific processing activities, such as receiving marketing communications or using AI-powered features.
• Contractual Necessity: Where processing is necessary to perform our obligations under the terms of service and subscription agreement.
• Legitimate Interest: Where processing is necessary for our legitimate business interests, such as improving the Platform, preventing fraud, and ensuring security, provided these interests are not overridden by your rights.
• Legal Obligation: Where processing is necessary to comply with applicable laws, regulations, or court orders.

5. Data Sharing & Disclosure

We do not sell, rent, or trade your personal information to third parties for marketing purposes. We may share your information in the following limited circumstances:

• Service Providers: With trusted third-party vendors who assist us in operating the Platform, including cloud hosting providers (Amazon Web Services), payment processors (Razorpay), email delivery services, and analytics providers (Google Analytics). These providers are contractually bound to use your information only for the specific services they provide to us.
• AI Service Providers: When you use AI-powered features (legal research, case summarisation), your queries and relevant case context may be sent to AI model providers (Google Gemini) for processing. We do not share personally identifiable case party information with AI providers.
• Workspace Members: Within your workspace, other authorised members may access shared case data, documents, messages, and tasks in accordance with the roles and permissions you configure.
• Legal Requirements: When required to do so by law, regulation, legal process, or enforceable governmental request, or to protect the rights, property, or safety of Lexshastra, our users, or the public.
• Business Transfers: In connection with a merger, acquisition, reorganisation, or sale of assets, your information may be transferred to the acquiring entity, subject to the same privacy protections described in this policy.

6. Data Security

We implement industry-standard technical and organisational measures to protect your personal information against unauthorised access, alteration, disclosure, or destruction. These measures include:

• Encryption of data in transit using TLS/SSL and encryption of sensitive data at rest.
• Secure authentication mechanisms including bcrypt password hashing and JWT token-based access control.
• Role-based access controls to ensure users can only access data they are authorised to view.
• Regular security reviews and monitoring of our infrastructure.
• Hosting on secure, industry-certified cloud infrastructure (AWS) with physical and network security controls.

While we strive to use commercially acceptable means to protect your personal information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security, and you use the Platform at your own risk.

7. Data Retention

We retain your personal information for as long as your account remains active or as needed to provide you with the Platform's services. Specifically:

• Account Data: Retained for the duration of your active account and for a reasonable period thereafter to allow for account reactivation or to comply with legal obligations.
• Case Data: Retained as long as the case remains in your workspace. You may delete individual cases at any time, and the associated data will be permanently removed.
• Payment Records: Retained for a minimum of 8 years as required under applicable Indian tax and financial regulations.
• Log Data: Server logs and analytics data are retained for up to 12 months for security and diagnostic purposes.

Upon account deletion, we will delete or anonymise your personal information within 30 days, except where retention is required by law or for legitimate business purposes such as resolving disputes or enforcing our agreements.

8. Cookies & Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience on the Platform. The types of cookies we use include:

• Essential Cookies: Necessary for the Platform to function properly, including authentication tokens, session management, and security features. These cannot be disabled.
• Analytics Cookies: Used to collect anonymous usage statistics through Google Analytics to help us understand how users interact with the Platform and to improve its performance and usability.
• Preference Cookies: Used to remember your settings and preferences, such as language selection, theme (light/dark mode), and workspace configuration.

You can control cookie preferences through your browser settings. Please note that disabling essential cookies may impair the functionality of the Platform. Our Platform also uses local storage (localStorage) to persist authentication tokens and application state for a seamless user experience.

9. Your Rights

Subject to applicable Indian data protection laws, you have the following rights regarding your personal information:

• Right to Access: You may request a copy of the personal information we hold about you.
• Right to Correction: You may request correction of any inaccurate or incomplete personal information.
• Right to Deletion: You may request deletion of your personal information, subject to certain legal exceptions.
• Right to Withdraw Consent: Where processing is based on your consent, you may withdraw consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out prior to the withdrawal.
• Right to Data Portability: You may request a copy of your data in a structured, commonly used, and machine-readable format.
• Right to Object: You may object to the processing of your personal information for specific purposes.

To exercise any of these rights, please contact us at support@lexshastra.in. We will respond to your request within 30 days.

10. Third-Party Services

The Platform integrates with and relies on certain third-party services to deliver its functionality. These third-party services have their own privacy policies governing how they collect and use information. We encourage you to review the privacy policies of the following services:

• Amazon Web Services (AWS) – Cloud hosting and infrastructure.
• Razorpay – Payment processing and subscription management.
• Google Analytics – Website usage analytics.
• Google Gemini – AI-powered legal research and case analysis.
• eCourts India – Court case data retrieval.
• Indian Kanoon – Case law search and legal research.
• Firebase Cloud Messaging – Push notification delivery for mobile applications.

We are not responsible for the privacy practices of these third-party services. Your use of their services is governed by their respective privacy policies and terms.

11. Children's Privacy

The Platform is designed for use by legal professionals and is not intended for individuals under the age of 18. We do not knowingly collect personal information from children under 18 years of age. If we become aware that we have collected personal information from a child under 18, we will take steps to delete such information promptly. If you believe that a child under 18 has provided us with personal information, please contact us at support@lexshastra.in.

12. International Data Transfers

Your information is primarily stored and processed on servers located in India (AWS Mumbai region). However, certain third-party service providers we use may process data in other jurisdictions. When your data is transferred outside India, we ensure that appropriate safeguards are in place to protect your information in accordance with applicable data protection laws.

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will notify you by updating the "Effective Date" at the top of this page and, where appropriate, by sending you a notification through the Platform or via email. We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information. Your continued use of the Platform after any changes constitutes your acceptance of the revised policy.

14. Grievance Officer

In accordance with the Information Technology Act, 2000 and the rules made thereunder, the Grievance Officer for the purpose of this Privacy Policy is:

If you have any complaints or concerns regarding the processing of your personal information, you may contact the Grievance Officer. We will acknowledge your complaint within 24 hours and endeavour to resolve it within 30 days from the date of receipt.

15. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at: