We collect various types of personal information (“Personal Data”) to provide and improve our services. The types of data we collect include:

• Contact and Identity Information: Name, address, email address, phone number, and other identifiers that can identify you. For example, when you register an account or fill out forms on our site, we may ask for your full name, contact details, and proof of identity.
• Financial Information: Payment details and financial account information you provide for transactions. This may include bank account numbers, credit/debit card details or other payment instrument details (note: card information is typically collected through secure payment gateways). If you seek litigation funding or other financial services on our Platform, we may also collect financial details about your case or investment capacity as needed.
• KYC and Verification Documents: Government-issued identification numbers or documents and other Know-Your-Customer (KYC) data for identity verification and compliance purposes. This may include PAN card, Aadhaar card, passport, driving license, corporate identification numbers, or any documents you submit for background verification. We only collect KYC documents where required for services (e.g. litigation funding due diligence, verification of lawyers/experts, compliance filings) and with your explicit consent.
• Service Usage and Consultation Data: Information related to your use of our legal services. For instance: details about your legal case or query, consultation history with lawyers/CA/CS, chat or call transcripts, documents or evidence you provide for dispute resolution, and any other information you submit during mediations or consultations on the Platform. This may include sensitive details about your legal matters; we treat all such consultation and dispute data as confidential Personal Data.
• Business and Compliance Information: If you use our compliance or registration services, we collect business-related data you provide (e.g. company name, registration number, directors' details, financial statements, etc.) as required to prepare filings or applications on your behalf. This information may overlap with personal data (for example, a director's PAN or DIN).
• Transactional and Behavioral Data: Records of services you have requested or availed (e.g. details of funding agreements, subscription plans, services purchased) and your interactions on the Platform. This includes records of payments made or received, subscription status, and logs of support queries or feedback.
• Technical and Usage Data: When you use our website, we automatically collect certain technical data. This includes your IP address, browser type and version, device identifiers, operating system, pages or screens you access, dates/times of visits, and browsing actions on our site. We also collect information through cookies and similar technologies (explained in the Cookies section below) about how you navigate our Platform. This usage data is generally not directly identifying, but if it can be linked to you it will be treated as Personal Data.

We do not intentionally collect any data about your racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, or health/medical information, as these are not required for our services. We also do not knowingly collect personal data from children under 18; our services are intended for adults and businesses. If you are under 18, please do not use this Platform or submit personal information.

We collect personal data from you in the following ways:

• Directly from You: Most information is provided directly by you. You may enter or upload data when you register an account, fill out contact or application forms, post a legal query, participate in a consultation or mediation, subscribe to services, or communicate with us (via chat, call, email, etc.). By voluntarily providing data in these ways, you consent to our collection and use of it for the intended purposes. For sensitive personal data or KYC documents, we will explicitly ask for your consent (e.g. by requiring you to tick a box or agree to terms) before you submit such information.
• Through Your Use of the Service (Automatic Collection): When you visit NoLegalPaisa.com or use our app/Platform, we use technological tools to collect technical and usage information automatically. For example, we use cookies, web beacons, and log files to record your device information, IP address, and browsing behavior. This helps us understand how users use our Platform and enables certain features like staying logged in, as detailed in our Cookie Policy section. We may also receive approximate location data from your IP or device, for instance to show you relevant content (such as lawyers in your region) or for fraud prevention.
• From Third Parties: In some cases, we may receive information about you from third-party sources, but only where you have given those third parties consent to share it or where it is legally obtained. For example, if you use a third-party login (like Google/LinkedIn single sign-on) to register, we receive basic profile info from them. Or, if you are referred to our litigation funding service by a partner, they might give us your contact and case referral information with your consent. We may also collect information from publicly available sources for verification (e.g. verifying a business registration via a government database). In all such cases, we ensure that the third party had a lawful basis (your consent or a legal requirement) to provide us your data.

We do not intentionally collect any data about your racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, or health/medical information, as these are not required for our services. We also do not knowingly collect personal data from children under 18; our services are intended for adults and businesses. If you are under 18, please do not use this Platform or submit personal information.

We collect and process personal data solely for legitimate purposes connected with the functioning of NoLegalPaisa.com and to provide you with our various legal tech services. We do not use your data for any purpose that is incompatible with those originally disclosed to you. Below is a summary of the purposes for which we use your data (and, where relevant, examples of the legal services to which they relate):

• Providing and Improving Services: To deliver our services to you and ensure they function correctly. For example, using your contact and account data to create your user account and authenticate you at login, and using your feedback or usage patterns to improve our Platform's interface and features. We use personal data to personalize your experience (such as suggesting relevant legal solutions) and to develop new features that better meet user needs.
• Litigation Funding Services: If you apply for or participate in litigation funding through our Platform, we use your personal and case data to evaluate funding opportunities and facilitate the funding process. This includes reviewing case details and financial information to assess eligibility, performing due diligence and risk assessments, verifying your identity and credentials (KYC checks), and connecting funders with litigants. We process payment information to disburse funds or collect returns, and we generate necessary legal agreements or documentation for the funding transaction. These activities are done to fulfill our contract with you and in compliance with legal requirements (such as anti-money laundering laws).
• Consultations with Lawyers, CAs, CS and Experts: For our online consultation services, we use the information you provide about your legal/tax/consulting query and your background details to match you with an appropriate lawyer, chartered accountant, company secretary, or other professional. We share the necessary details with that professional so they can advise you (see “Data Sharing” below). We may record or store chat transcripts, call recordings, or written advice given to you for quality control, to allow you to review the advice later, and to resolve any disputes or follow-up questions. These consultation records are accessible to you and the consulting professional, and internally to our authorized personnel if required for customer support or legal compliance.
• Dispute Resolution and Mediation: If you use our platform to resolve a dispute (for example, via mediation or arbitration services), we use the data you submit about the dispute (claims, evidence, communications) to facilitate the resolution process. This includes sharing your submitted information with the mediator or arbitrator assigned to your case and, as appropriate, with the opposing party to the dispute (since mediation is a collaborative process). Your communications during the dispute resolution (chat logs, settlement agreements, etc.) may be monitored or reviewed by our case administrators and the neutral mediator for quality and evidentiary purposes. We retain these records to document the outcome and in case of any future legal issues arising from the dispute resolution.
• Compliance and Regulatory Services: For services like business registrations, tax filings, compliance management or any legal filings, we use the personal and business data you provide to prepare the necessary applications or documents. For example, if you request company incorporation, we will use the directors' personal details and ID proof to fill MCA forms; if you request a tax return filing, we will use your financial data to prepare the return. We process and share this data with the relevant government authorities or regulatory bodies as needed to fulfill your requested service (e.g. submitting your incorporation documents to the Corporate Affairs Ministry, or filing your GST returns to the tax department). The purpose is strictly to carry out your requested compliance service and to meet the legal requirements on your behalf.
• Subscription-Based Legal Advisory: If you subscribe to an ongoing legal advisory plan, we use your information to provide continuous support and updates. This includes tracking your inquiries or legal service usage under the subscription, sending you regulatory updates or alerts pertinent to your business, and maintaining records of the advice or documents provided over the subscription period. We also use your contact information to send renewal reminders and process subscription payments. The purpose is to fulfill our contractual obligations to you as a subscriber and ensure you receive the benefits of the service.
• Payments and Transactions: We use personal and financial information to process payments for any services you purchase or fees you owe, as well as any payouts or reimbursements to you (for instance, payouts to investors in a funding deal). This includes using your payment card details or UPI/bank info to charge you for services, and using your bank account details to transfer funds that are due to you. Payment processing may be handled by integrated third-party payment gateways which adhere to required security standards (we do not store your card details on our servers beyond what is necessary). We use transaction data to maintain financial records, invoices, receipts, and to resolve any payment disputes.
• Communication and Customer Support: We use your contact information (email, phone) to send you service-related communications. These include confirmations and receipts, updates on the status of your requests (e.g. that your legal document is ready), reminders (for upcoming consultation appointments or deadlines), and alerts for new features or policy updates. If you contact us with a question or support issue, we will use your information to investigate and respond. With your consent, we may also send promotional messages or newsletters about new services, offers, or legal updates - you can opt-out of such marketing at any time (see “Your Rights” below). All communications will be done in accordance with applicable communication laws and your preferences.
• Legal Obligations and Compliance: Certain processing of data is done to comply with our legal and regulatory obligations. For example, we may be required by law to verify the identity of our users, especially for financial transactions (hence the KYC data collection), and to maintain records of such verifications. We retain invoices and transaction records as required by tax laws. If we facilitate litigation funding, we must ensure compliance with any financial regulations and prevent money laundering or fraud. Thus, we may process personal data to run fraud detection checks or to ensure none of our users are on sanctions lists, etc. We also may use and retain data as necessary to respond to lawful requests by public authorities or court orders (e.g. providing data when compelled by a subpoena in a legal case).
• Enforcement and Protection: We may process your data as needed to enforce our Terms of Service or other agreements, and to investigate or prevent any violation of our Platform's rules or the law. This includes using data to monitor for fraudulent activities, security breaches, or other potentially illegal activities on our Platform. If we detect such issues, we will use relevant data to mitigate and address them (for example, using account information to ban an abusive user, or using logs to trace a cybersecurity incident). We also might use your information to defend our legal rights or the rights and safety of our users or others, in case of disputes or legal claims.
• Analytics and Product Development: We use collected data (mostly in aggregated or anonymized form) to perform internal analytics. This helps us understand how our services are used, identify trends, and improve our offerings. For example, we might analyze which pages on our site are most visited, or what types of legal services are most requested, to inform our business strategy. We ensure that any analytics use of data is done in a way that does not identify you personally, whenever feasible. We may also use anonymous feedback or survey responses to improve user satisfaction.

We will only use your personal data for the purposes stated above or for closely related purposes. If we ever need to use your data for a new purpose that is not compatible with these, we will seek your consent beforehand. We do not engage in any selling of personal data to third parties for their own marketing use, nor do we use your data for automated profiling in a way that produces legal effects for you without human involvement. Your data is used strictly to manage and enhance the services you sign up for and for compliance with the law. We also abide by the principle of purpose limitation - meaning once the specific purpose for which data was collected is fulfilled, we will not continue to use the data for other purposes unless you consent or the law requires it.

Our legal basis for collecting and processing your personal data varies depending on the context and nature of the information, but generally includes:

• Consent: In many cases, we rely on your consent to process your personal data. By providing information to us, you consent to its processing for the intended purpose. We obtain explicit consent for processing sensitive personal data (like financial details or identity documents) as required by Indian law. We also rely on consent for sending any direct marketing communications – for example, you will only receive promotional emails if you have opted in. You have the right to withdraw your consent at any time (see “Your Rights” below), and we will stop the processing in question unless another legal basis applies.
• Performance of a Contract: When we process data to provide you with services you have requested, the legal basis is that the processing is necessary for the performance of our contract with you (the Terms of Service or specific service agreement). For instance, when you provide details for a legal consultation or compliance filing, we process that data to carry out our obligations and deliver the service. Similarly, processing your payment and contact details is necessary to bill you and provide customer support under our agreement. Without this data, we would not be able to fulfill our services, so this processing is contractually required.
• Legal Obligation: In some cases, we must process and retain certain data to comply with our legal obligations. For example, financial regulations and the Information Technology Act may require us to collect and retain KYC information and transaction records for a certain period. If a law enforcement agency lawfully requests user data, we are obligated to provide it. Such processing is grounded in the necessity to comply with a legal obligation to which we are subject. We only do this to the extent that the law requires (e.g. retaining sensitive data only as long as mandated).
• Legitimate Interests: We may process data as necessary for our (or third parties’) legitimate interests, provided such processing is fair, balanced, and does not unduly impact your rights. Our legitimate interests include: maintaining the security of our platform, preventing fraud and abuse, improving and developing our services, analyzing usage to make informed business decisions, and marketing our services to existing customers. For example, it is in our legitimate interest to monitor accounts for suspicious activity to protect our platform from breaches. When we rely on this basis, we ensure that we consider and respect your privacy rights – for instance, for marketing to past customers, we give a clear opt-out option. We do not use legitimate interest as a basis for any processing that would override your fundamental rights or for processing sensitive personal data.

We may process data as necessary for our (or third parties’) legitimate interests, provided such processing is fair, balanced, and does not unduly impact your rights. Our legitimate interests include: maintaining the security of our platform, preventing fraud and abuse, improving and developing our services, analyzing usage to make informed business decisions, and marketing our services to existing customers. For example, it is in our legitimate interest to monitor accounts for suspicious activity to protect our platform from breaches. When we rely on this basis, we ensure that we consider and respect your privacy rights – for instance, for marketing to past customers, we give a clear opt-out option. We do not use legitimate interest as a basis for any processing that would override your fundamental rights or for processing sensitive personal data.

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required or permitted by law. We do not keep your information indefinitely by default. Our retention practices are designed to comply with the principle that personal data should not be stored longer than needed. Below is how we handle retention for different categories of data:

• Account Information: Information you provide when registering and maintaining an account (like your name, contact info, login credentials) is kept for as long as you have an active account with us. We retain this to serve you and to meet our contractual obligations. If you choose to close your account, or if your account becomes inactive for an extended period, we will either delete or anonymize this information, or if that’s not immediately feasible (e.g. stored in backups), securely isolate it until deletion is possible.
• Consultation and Case Data: Records of your consultations with professionals, legal case files, dispute resolution files, and compliance documents are retained as long as needed to provide our services and for you to access your history. Typically, we keep such records while your account remains active so that you (and we) can reference past advice or case outcomes. If you delete your account or specifically request deletion of certain case data, we will remove those records from our live systems (unless retention is required for legal reasons described below). However, note that professionals (lawyers, mediators) who provided services may be required by their own professional obligations to retain a copy of communications or documents they worked on. We only retain our copy as your service provider for your benefit and ours (for example, to defend against any claims).
• KYC Documents and Sensitive Data: For identity verification documents (e.g. copies of PAN, Aadhaar, passports) and other sensitive personal data, our policy is to retain them only for the minimum period necessary. Once your identity is verified and it’s clear that the document is no longer needed, we will either not store it at all or store it in a secure, encrypted manner for a limited retention period. For example, if you underwent a one-time KYC check, we may promptly delete your uploaded KYC documents after successful verification to ensure security. In cases where a law or regulation requires us to retain KYC records for a certain duration (for instance, some financial regulations mandate retention for a few years), we will retain them for that period, after which we will delete them. We will not use your KYC documents for any purpose other than compliance and verification, and we will dispose of them safely when the purpose is fulfilled.
• Transaction and Financial Records: We retain transaction histories, invoices, receipts, and related financial records as long as required under applicable tax and accounting laws. Typically, this may be for a period of 5 to 8 years (depending on the law) or as needed for auditing. Even if you delete your account, we may need to keep invoice records associated with your name for the legally mandated period. However, we will not retain your payment method details (like credit card numbers) beyond what is necessary for that transaction, except if you have saved them for future use (and even then, those may be stored by our payment gateway and not on our servers).
• Usage Data and Cookies: Usage logs and analytics data are generally retained for shorter periods, unless used for security analysis. We might keep raw web server logs for a few weeks or months, and aggregated analytics reports indefinitely (since they do not identify users personally). Any usage data that is stored in identifiable form (like IP addresses linked to accounts) will either be deleted or anonymized once it’s no longer needed for our analysis. We retain cookie data according to the lifespans of the cookies (see Cookie section) – some cookies (like login cookies) clear when you log out, others may persist for a defined time unless you clear them.
• Backup and Archival: Like most businesses, we perform routine data backups for disaster recovery. These backups are kept secure and are retained for limited durations under strict access control. If personal data is deleted from our main systems, it may still persist in encrypted backups for a short period until those backups are cycled out. We have retention schedules to ensure old backups are deleted or overwritten. During that interim, we continue to protect any data in backups and will not restore or use deleted data unless absolutely necessary for security or legal compliance.
• Legal Retention and Disputes: Notwithstanding any general retention schedules, if we are involved in an ongoing legal proceeding or investigation that requires certain data, we will retain that data as long as necessary to resolve the matter. Additionally, if you exercise your right to deletion, we may retain a minimal subset of your information if required for us to demonstrate compliance with your request or to establish, exercise, or defend legal claims. For example, if you had a transaction with us, we may keep a record that “User X’s data was deleted on Y date” and retain proof of any consents or contracts, in case of future disputes.

In summary, we do not keep personal data longer than the purpose requires, in line with Indian privacy rules. When data is no longer needed, we take appropriate steps to have it deleted, destroyed, or anonymized in a secure manner. If you have specific questions about our data retention periods for any particular type of data, feel free to contact us. Also, if you wish to delete your data, see the “User Rights” section below on how you can request deletion. We will honor such requests in accordance with law, ensuring that no unnecessary data about you lingers in our systems.

We understand the importance of safeguarding your personal information and have implemented a range of security measures to protect it from unauthorized access, disclosure, or alteration. We store and process your data on secure servers and cloud services with robust security practices. In particular:

• Secure Hosting: All personal data collected is stored on reputable cloud servers (such as Amazon Web Services) and data centers that employ industry-standard security protocols. Our servers are protected by firewalls, encryption technologies, and access control mechanisms. We typically choose servers located in India for storing user data; however, some data might be processed or backed up on servers located in other jurisdictions (see “Data Transfers” below). In any case, our cloud providers are contractually bound to protect your data and implement adequate security measures.
• Encryption: We use encryption to protect data in transit and at rest. All communication between your browser/app and our Platform is secured via SSL/TLS encryption (HTTPS), ensuring that any personal data you send us (like passwords or form entries) is encrypted during transmission. For sensitive data stored in our databases (such as passwords, which are hashed, or identity documents), we employ encryption and/or hashing so that even if someone gained unauthorized access to the data, it would not be easily readable.
• Access Controls: The personal data we store is accessible only to authorized personnel of our company or trusted service providers who need that access to perform their job (need-to-know basis). We limit and strictly regulate staff access to sensitive information. All employees, agents, and contractors of the Company who handle personal data are bound by confidentiality obligations. We have authentication controls (like strong passwords, 2FA) in place for our internal systems to prevent unauthorized internal access.
• Organizational Measures: We have internal policies and training for our team to ensure we handle user data with care and in compliance with law. We conduct periodic reviews of our data collection, storage, and processing practices, and update our security practices in light of new risks or standards. We follow “reasonable security practices and procedures” as required under the IT Act, 2000 and SPDI Rules, which include administrative, technical, and physical safeguards appropriate to the sensitivity of the information. For example, we maintain up-to-date antivirus and intrusion detection systems, and we monitor our systems for possible vulnerabilities or attacks.
• Payment Security: Any online payment transactions on NoLegalPaisa.com are processed through PCI-DSS compliant payment gateways. We do not handle or store your full payment card details on our own servers; those are handled by the secure payment processor. This means that when you enter payment information, it is transmitted directly and securely to the payment gateway, and we receive a confirmation token but not the sensitive card number or CVV. This adds an extra layer of security for financial data.
• Third-Party Security: When we use third-party service providers for infrastructure, communications, or other services (for example, cloud hosting on AWS, or email service), we ensure through contracts that they also implement adequate privacy and security measures. We do not allow third parties to access personal data unless they are subject to equivalent confidentiality and security obligations.
• Account Security: It is also important for you as a user to safeguard your account credentials. We encourage you to use a strong, unique password for your NoLegalPaisa account and to keep it confidential. We will never ask you for your password via phone or email. If you suspect any unauthorized access to your account, please notify us immediately. We also provide the option of two-factor authentication (2FA) for logging in (if enabled, you will need to enter an OTP or use an authenticator app code in addition to your password), which we recommend for enhanced security.
• No Guarantee: While we employ best practices to protect your data, please note that no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security of information, and any transmission of data to us is at your own risk. However, we strive to use commercially acceptable means and up-to-date technologies to protect your personal data. In the unlikely event of a security breach that affects your personal information, we will notify you and the appropriate authorities as required by law.
• Data Breach Response: We have a data breach response plan in place. If we discover any security breach leading to unauthorized access of personal data, we will take immediate steps to contain and investigate the breach. Affected users will be informed in a timely manner, and we will provide guidance on steps to protect yourself (if needed). We will also inform law enforcement or government agencies as required under the IT Act and any other applicable data protection regulations.

By using our Platform, you acknowledge that you understand the inherent security risks of providing information online and agree that we have implemented reasonable measures to protect your data. We continuously evaluate new security technologies and practices, and update our measures to keep your data as safe as possible. If you have specific questions about our security practices, feel free to contact our Grievance Officer (details provided below).

We treat your personal data with confidentiality and do not share it with third parties except in the situations described below. We never sell or rent your personal information to unrelated third parties for their marketing purposes without your explicit consent. Any sharing is done in a responsible manner, limited to achieving the purposes outlined above or as required by law. The circumstances under which we may share your data include:

• With Your Consent or At Your Direction: We will share your information with third parties if and when you explicitly ask us to or consent to such sharing. For example, if you request us to refer you to a partner law firm, or you opt-in to a service where a third-party expert is involved, we will share the necessary details with them as per your request.
• Service Providers (Processors): We employ trusted third-party companies and individuals to perform certain functions on our behalf – such as cloud infrastructure providers, email/SMS delivery services, analytics providers, customer support tools, identity verification services, and payment gateway processors. These third parties have access to personal information only as needed to perform these tasks for us. For instance, our cloud hosting provider will store your data on its servers, our email service will process your email address to send communications, and payment processors handle your card transactions. We ensure that all such service providers are bound by appropriate confidentiality and data protection agreements so that your data is safeguarded. They are not permitted to use your data for any purpose other than the specific service they are providing to us. Key service provider categories include:

  • Cloud Hosting & IT: e.g., Amazon Web Services (for server and database hosting).
  • Communications: e.g., SMS gateway or email newsletter service for sending OTPs, updates.
  • Analytics: e.g., Google Analytics, which may collect usage data and device identifiers to help us analyze traffic (subject to Google’s privacy policy).
  • Marketing and Advertising: If we run marketing campaigns, we might use platforms like Google Ads or Facebook, which use tracking cookies on our site (see Cookies section) – we share minimal data (like your email in hashed form for custom audience matching, if at all) and these platforms act on our instructions to show ads.
  • Identity Verification: e.g., if we use a third-party API to verify your PAN or Aadhaar, your info might go through them solely for verification.
  • Payment Processors: e.g., Razorpay, PayU, or banks to process transactions – they receive your payment details and billing info to complete payments securely.
• Legal Professionals and Experts on our Platform: A core aspect of NoLegalPaisa is connecting you with independent professionals (lawyers, chartered accountants, mediators, etc.) to deliver legal or consulting services. When you choose to consult with or are matched with such a professional through our Platform, we will share with them the information necessary to perform the service. For example, if you book a consultation with a lawyer, that lawyer will receive your name, contact info, and the details of your query or case so that they can prepare and advise you. Similarly, a mediator handling your dispute will see the submissions and communications relevant to the dispute. These professionals are typically not our employees but independent providers. We contractually or through our terms require these professionals to keep your information confidential and use it only for the purposes of your consultation/case. They are generally bound by professional ethics as well to maintain client confidentiality. However, note that any information you directly share with a professional outside of our Platform’s scope is at your discretion and subject to whatever agreement you have with them.
• Within Our Corporate Group/Affiliates:If our company has affiliates, subsidiaries, or joint venture partners that are involved in providing the services, we may share data with them to the extent needed to operate the Platform. For example, if in the future we partner with another company to expand services, user data might be accessed by that affiliate. Any such entity will be under similar obligations to protect your data and will only use it as per this Policy. We will inform you if any significant new data sharing with an affiliate occurs.
• Business Transfers: : If NoLegalPaisa (Kaahmuchee Solution Pvt. Ltd.) is involved in a merger, acquisition, restructuring, financing, reorganization, bankruptcy, or sale of some or all of its assets, user information may be transferred to the acquiring or merged entity as part of that transaction. We would ensure that the new owner continues to handle your data in accordance with this Privacy Policy (or you would be given notice and a chance to opt-out if they have a materially different policy). We will notify you via the website or email if such a transfer occurs, and the new entity will assume the rights and obligations regarding your personal data as described in this Policy.
• For Legal Compliance and Protection: We may disclose personal information to third parties (such as courts, law enforcement or government agencies, or opposing parties in litigation) if we in good faith believe that such disclosure is necessary to:

  • Comply with a legal obligation or valid legal process. For example, responding to a court order, summons, or subpoena requiring us to provide certain user data. We only provide the data specifically demanded and only if we believe the request has valid legal basis.
  • Enforce our Terms of Service or other agreements; investigate and defend the Company against any third-party claims or allegations; or protect the security or integrity of our Platform. This could involve sharing information with legal counsel, auditors, or collection agencies if needed.
  • Prevent fraud or illegal activities: If we suspect that someone is attempting fraud or a cybercrime on our platform, we may share relevant info with law enforcement or specialized security organizations to investigate and prevent harm.
  • Protect rights and safety:If a user’s actions threaten the rights, property, or safety of other users, the public, or the Company, we may share data with appropriate authorities or affected parties to mitigate that threat. For example, providing information to law enforcement in case of imminent harm or to financial institutions about fraudulent transactions.
• Third-Party Integrations: Our Platform may integrate with third-party services or APIs (for example, a scheduling tool for appointments, or a video conferencing service for online meetings). If you choose to use those features, some data (like your name or email for the meeting invite) may be shared with the third-party service to facilitate the integration. We will inform you at the point of use what information will be shared and with whom. You can decide whether or not to use the integrated feature.
• Aggregated or Anonymized Data: We may share data that has been aggregated or anonymized (so it no longer identifies any individual) with third parties for research, marketing, or analytical purposes. For instance, we might publish usage statistics or trends (e.g., “X% of users filed trademark applications”). Such information does not contain personal details and is not traceable back to you.

Whenever we share your data with third parties, we take steps to ensure that they handle it with an adequate level of protection and solely for the intended purpose. We also ensure any third-party access is limited to the information necessary. For example, our marketing email provider doesn’t get payment info, and our payment processor doesn’t get your legal case details. We also require any third party receiving sensitive personal data to sign a contract agreeing to equivalent levels of data protection as we do, as mandated by Indian SPDI Rules.

Importantly, we do not share your sensitive personal data (like financial or KYC info) with any third party except:
(a) with your consent,
(b) as agreed in a contract (e.g., sharing with a bank for a funding service you signed up for), or
(c) where required by law. If a government agency lawfully requests your KYC info for identity verification or investigation purposes, we may be obliged to share it, but we will verify the request’s authenticity and ensure proper documentation before disclosure. Any government request for sensitive data will state the purpose and assure that the data will not be used beyond that purpose as per law.

Finally, if we ever have to share your personal data in a manner not covered above, we will notify you and obtain your consent when required. We remain accountable for the protection of your information when it is transferred to or handled by third parties on our behalf. If you have questions about third parties that may have your data (because they assisted us), you may contact us to get a list of our current significant service providers.

When you visit our Platform, we or authorized third parties may set several cookies in your browser. The types of cookies we use include:

• Essential Cookies: These are necessary for the operation of our website and Platform. For example, when you log into your account, we use session cookies to keep you logged in as you navigate between pages. Without these cookies, certain services or functionalities (like accessing secure account areas or submitting forms) would not work properly.
• Preference Cookies: These cookies remember your preferences and settings to enhance your experience. For example, a cookie may remember your chosen language or the last service you viewed, so that we can show you a localized experience or pre-fill certain forms for you.
• Analytics Cookies: We use analytics tools (like Google Analytics) that set cookies to collect information about how users interact with our site. This includes information like pages visited, time spent on site, links clicked, and user demographics (if available). We use this information in aggregate form to understand user behavior and improve our site’s performance and content. The data collected via analytics cookies is typically anonymized (e.g., we see total number of visitors to a page, not who each visitor was). Google Analytics may set its own cookies; however, we do not allow Google to use the data for their own purposes beyond providing us these analytics.
• Security Cookies: We may use cookies to enable and support our security features, and to help detect malicious activity or violations of our terms. For example, a cookie might help prevent cross-site request forgery or remember when you’ve repeatedly failed login attempts (to trigger extra verification). These cookies help keep your account and our site safe.
• Advertising and Marketing Cookies: As of now, NoLegalPaisa does not display third-party ads, but we may use cookies for our own marketing and re-targeting. For instance, we might use Facebook Pixel or Google Ads cookies to show you NoLegalPaisa ads on other websites you visit (this is called retargeting). These cookies remember that you visited our site and help us advertise our services to you again. Any such cookies are used only if you have allowed cookies, and they primarily track anonymized identifiers. If in future we participate in any ad networks or allow third-party ads on our site, we will update this policy and ensure those parties provide opt-outs.
• Third-Party Cookies: Some cookies on our site are placed by third parties acting on our behalf (like the analytics and advertising tools mentioned). Also, if we embed content from external sites (like a YouTube video or a social media widget), those external sites may set their own cookies on your browser. For example, if there’s a LinkedIn “share” button, LinkedIn might set a cookie to remember that action. We do not have direct control over third-party cookies, but we do not intentionally integrate any third-party cookies that are not in line with the purposes stated. Third-party cookies usage is governed by the privacy/cookie policies of the third party. For instance, Google’s privacy policy for analytics and ads can be found on Google’s site.

When you first visit our website, you will be notified about our use of cookies. By continuing to use the site, you consent to our use of cookies as described. However, you have the right to control cookies:

• Browser Settings: You can set or modify your web browser controls to refuse or delete cookies. Most browsers allow you to see what cookies you have and delete them on an individual basis or block cookies from specific or all sites. Please note that if you disable cookies entirely, our website may not function properly for you – for example, you might not be able to log in or use certain features. It may affect your experience of our services (as an example, if you block cookies, you may have to re-enter your preferences each time).
• Cookie Banner/Settings: We may provide a cookie consent banner or settings on our site that allows you to manage which categories of cookies to accept (e.g., allowing essential cookies but rejecting analytics/advertising cookies). If available, you can use that tool to customize your preferences at any time.
• Do Not Track: Some browsers have a “Do Not Track” (DNT) feature that sends a signal to websites you visit indicating you do not wish to be tracked. The internet industry is currently still working on DNT standards, and therefore, our site may not respond to those signals in a uniform way yet. We treat all users similarly, and will consider DNT signals if and when a consensus standard is established.
• Third-Party Opt-Outs: For analytics and advertising partners, you can often opt-out directly. For example, to opt-out of Google Analytics, you can install the “Google Analytics Opt-out Browser Add-on.” For interest-based ads, websites like the Network Advertising Initiative (NAI) or Digital Advertising Alliance (DAA) offer opt-out tools to remove you from targeted advertising by participating companies.

We do not use cookies to retrieve information from your device that was not originally set by us, and we do not plant any malware or spyware via cookies. The cookies we use are solely to improve your experience and our service quality. Any information collected by cookies is stored separately from personal data you provide to us, and we do not attempt to identify you from cookie data alone.

If you have any concerns or questions about our cookie usage, you can contact us for more information. We can provide more details on specific cookies if needed. Our aim is to be transparent about tracking and respect your choices regarding privacy.

We want you to be in control of your personal data. In accordance with applicable laws (including the IT Act’s privacy rules and general data protection principles), you have certain rights regarding the personal information we hold about you. We outline these rights below and explain how you can exercise them. Please note that these rights may not be absolute in all cases (for example, we might not delete data that we are required by law to keep), but we will honor them to the fullest extent possible.

• Right to Access Your Data: You have the right to request access to the personal data we hold about you and to obtain a copy of it. This means you can ask us to confirm whether we are processing your personal information and provide you with a copy of that information in a commonly used format. For example, you can request: “Please send me a copy of all information you have about me on your systems.” We will provide the data, typically electronically, after verifying your identity (for your protection). This allows you to know exactly what data we have collected.
• Right to Rectification (Correction): If you believe that any personal information we have about you is incorrect, incomplete, or outdated, you have the right to have it corrected or updated. For instance, if your phone number or address has changed, or we spelled your name wrong, you can ask us to fix it. Many changes you can do yourself by logging into your account profile and editing the details. For changes that you cannot do on your own, you can contact us and we will make the corrections as needed. We strive to ensure that all information is accurate and up-to-date, and appreciate your help in keeping it that way.
• Right to Deletion (Right to be Forgotten): You have the right to request the deletion of your personal data that we hold, subject to certain exceptions. If you no longer want us to have your information, you can request that we erase it from our records. For example, if you decide to discontinue using our services, you can ask us to delete your account and associated personal details. We will comply with such requests and delete your data from our active databases, provided we have no legal obligation or other justified reason to retain it. Note that we may retain data as needed to comply with legal requirements or for the establishment or defense of legal claims (in which case we will inform you). Also, some data might remain in backups for a short period but will be purged according to our retention policy. Once your data is deleted, your account will be deactivated and you may lose access to our services (which is expected if you request deletion).
• Right to Withdraw Consent: If we are processing any of your data based on your consent (for example, you consented to receive newsletters or you consented to us holding your KYC documents), you have the right to withdraw that consent at any time. Withdrawal of consent will not affect the lawfulness of processing done prior to such withdrawal, but it will mean we stop the specific processing going forward. For instance, if you withdraw consent for marketing emails, we will cease sending them. If you withdraw consent for us to hold your sensitive data, we will delete those items (unless another legal basis applies to keep them). To withdraw consent, you can use the opt-out mechanisms provided (like “unsubscribe” link in emails) or contact us directly with your request.
• Right to Object to Processing: In certain cases, you may have the right to object to the processing of your personal data. For example, if we were processing your data on the basis of “legitimate interests” and you feel our processing impacts your rights, you can object to that. If you object, we will re-evaluate the necessity of processing. If it’s for direct marketing purposes, you always have a right to object and we will stop such processing. If it’s for another purpose, we will either stop processing or demonstrate compelling legitimate grounds for the processing.
• Right to Opt-Out of Marketing: Separately from general consent withdrawal, you can opt out of our marketing communications at any time. If you prefer not to receive promotional or newsletter emails, you can click the “unsubscribe” link at the bottom of those emails or adjust your preferences in your account settings. You can also inform our support or Grievance Officer, and we will remove you from marketing lists. Note that even if you opt out of marketing, we may still send you transactional or important service communications (such as payment receipts or legal notices), as those are not promotional.
• Right to Data Portability: To the extent applicable (more relevant under GDPR-like regimes), you can request that we provide your personal data in a machine-readable format so that you can transfer it to another service provider. For example, if you wanted to switch to a competing service, you might want a copy of your data (like your consultation history) to take with you. If requested, we will provide the data in a structured, commonly used format (like CSV or JSON) that is reasonably feasible for us to generate, covering the data you provided to us. Currently, given Indian law, this may not be a frequently exercised right, but we support it in principle for user convenience.
• Right to Not be Subject to Automated Decisions: We generally do not make any purely automated decisions about you that have legal or similarly significant effects (like credit scoring or profiling without human oversight). In case we ever implement such features, you would have the right to request human intervention or an explanation, and to contest the decision.
• Right to Review and Update Your Information:As per Indian IT rules, providers of information have the option to review the information they provided and ensure any inaccuracies are corrected. We encourage you to log into your account to review and update your profile information periodically. If you need assistance, let us know.

You can exercise most of the rights above by contacting us via email or through your account settings. For any formal requests (access, deletion, etc.), please reach out to ourGrievance Officer (contact details provided in the next section). Please be specific about which rights you want to exercise and what data your request pertains to, so we can process it efficiently. We may need to verify your identity before fulfilling certain requests (for example, by confirming ownership of your email or asking for an ID) to ensure that we do not disclose or delete data at the request of someone impersonating you.

We will respond to your request within a reasonable timeframe. Under law, we aim to do so within 30 days of receipt of your request or grievance, and often much sooner. If for some reason we need more time (due to complexity or number of requests), we will inform you of the reason and extension. There is usually no fee for exercising your rights; however, if a request is unfounded or excessive (e.g., repetitive), we may charge a reasonable fee or refuse it with an explanation.

Please note, as mentioned, some rights are subject to exceptions. For example, if you request deletion of data which we must keep by law (such as financial records), we may decline deletion of that specific data but will explain our reasoning. Likewise, access to certain data might be limited if providing it could violate another person’s privacy or if it’s legally privileged. Nonetheless, our policy is to be as open and accommodating as possible

We want you to have confidence in how we handle your personal information. These rights empower you to have a say in that process. If you have any concerns about your data or wish to exercise any rights, do not hesitate to contact us. We will do our best to resolve any issues and honor your choices in line with legal requirements.

We have appointed a Grievance Officer to address any questions, concerns, or grievances you may have regarding your personal data or this Privacy Policy, in compliance with the Information Technology Act, 2000 and rules made thereunder. If you have any complaints or issues about how we are handling your information, you can reach out to our Grievance Officer, and we will do our best to resolve your issue expeditiously.

Grievance Officer:
Name: Rahul Raj Purohit (Grievance Officer)
Email: grievance@nolegalpaisa.com
Contact Number: +91-XXXXXXXXXX (available Mon–Fri, 10am–6pm)
Postal Address: Kaahmuchee Solution Pvt. Ltd., Shop No. 05, Yamuna Bldg, Lodha Heaven, Kalyan-Shill Road, Nilje, Thane, Maharashtra – 421204, India

You may contact the Grievance Officer by email (preferably) or mail with any issues such as: requests for clarification on this Policy, complaints about misuse of your data, concerns about security incidents, or to exercise your rights as listed above. Please provide details of your grievance and any relevant information (like your account email, specific issue, etc.) to help us address it effectively.

The Grievance Officer will acknowledge receipt of your complaint and initiate an investigation into the matter. As per the IT Act rules, we will address and attempt to resolve your grievance within 30 days from the date of receipt of the grievance. In many cases, we strive to resolve issues much sooner. You may receive a response outlining the steps taken and the resolution or next steps required. If the issue is complex or requires input from a third party (e.g., if a service provider’s action is involved), we will keep you informed about the progress and may seek an extension, but our goal is to resolve all grievances as quickly as possible.

We value your feedback and view grievances as an opportunity to improve our services and policies. If you are not satisfied with the resolution provided by the Grievance Officer, you may escalate the matter by replying to our communication or indicating your dissatisfaction. We will then review the issue at a higher level of management. Additionally, under Indian law, if the grievance is not resolved, you have the right to seek further recourse, including approaching the relevant authorities or courts for relief.

Your trust is important to us, and we are committed to resolving any issues in a fair and transparent manner. Please do not hesitate to contact the Grievance Officer for any privacy-related concerns. The Grievance Officer’s name and contact details are also published on our website as mandated.

Primarily, we store and process personal data within India. However, given the nature of internet services and cloud infrastructure, your data may be transferred to and stored on servers located in other countries in certain situations. For example, if we use a cloud service or email service whose servers are outside India, or if you are accessing the Platform from outside India, your data might cross international borders. Some of these countries might have data protection laws that are different from (and potentially not as protective as) the laws in India.

Whenever we transfer personal data out of India, we will ensure that adequate safeguards are in place to protect it. In practice, this means:

• We transfer data only to countries or entities which are deemed to have “equal” or sufficient data protection as per Indian law requirements, or we take your consent for such transfers.
• We may use standard contractual clauses or similar legally recognized transfer mechanisms to contractually ensure that the foreign recipient of the data is obligated to protect it with the same level of security and privacy as required by Indian law.
• For instance, if our servers in the US or EU hold some data, those data centers are under contracts that include data protection commitments aligned with Indian SPDI Rules and/or GDPR (whichever is stricter in protection).
• You acknowledge that by using our Platform or submitting your information, you agree to this potential transfer, storage, and processing of your information outside of India. We will take all steps reasonably necessary to ensure your data is treated securely and in accordance with this Policy during such transfers.

If in the future India designates certain countries as not having adequate protection, we will refrain from storing data in those jurisdictions or will seek explicit consent from you for any necessary transfers. At this time, most of our data resides in servers in India, but backups or certain data flows might involve servers in (for example) the United States or European Economic Area (EEA). Those regions have strong data protection laws (like GDPR), and our practices ensure compliance with those as well.

In summary, we handle cross-border data transfers with care and legality, so that your rights are preserved regardless of where data is processed. Should you require more details about cross-border transfer safeguards (for example, if you want to know if any of your data is stored abroad and under what protections), you can contact our Grievance Officer for more information.

This Privacy Policy and any issues or disputes arising from it are governed by the laws of India. We are an Indian company, and we operate in compliance with Indian privacy and IT laws. By using NoLegalPaisa.com, you agree that the laws of India shall govern any matter relating to your privacy or the terms of this Policy. In particular, we adhere to the Information Technology Act, 2000 and its relevant rules (notably the Reasonable Security Practices and Procedures and Sensitive Personal Data or Information Rules, 2011), as well as any other applicable Indian laws or regulations concerning data protection. We also align our practices with principles from international laws like the EU’s GDPR where feasible, but our legal obligations are primarily under Indian law.

In the event of any dispute or claim arising out of this Privacy Policy or our handling of your personal data, the courts located in Maharashtra, India shall have exclusive jurisdiction. Specifically, since our registered office is in Thane (Maharashtra), any legal proceedings shall be brought in the appropriate courts in the State of Maharashtra, India. We do not intend to subject ourselves to the laws or jurisdiction of any state, country or territory other than India.

If you are accessing our services from outside India, please be aware that you are transferring your data to India and/or to the jurisdictions where our servers are located. By providing your data or using the service, you consent to that transfer and processing in India. Our data protection commitments under this Policy will still apply to you, but we cannot guarantee that any other country’s laws (such as the GDPR, unless you are an EU resident to whom it directly applies) will govern our relationship. That said, we extend the spirit of key privacy rights to all users, as described in the Your Rights section, regardless of nationality.

This Policy does not create any rights that are enforceable by any party other than the user and the Company, but it is a statement of our intent and commitment. If any provision of this Policy is held to be unlawful or unenforceable by an Indian court, that provision will be deemed severable and will not affect the validity of the remaining provisions.

• Information Technology Act Compliance: This document is an “electronic record” in terms of the IT Act, 2000 and rules thereunder, and is published in accordance with Rule 4 of the SPDI Rules which require the publishing of a privacy policy. It does not require any physical or digital signatures. We confirm that we have appointed a Grievance Officer and published their details as required, we obtain consent before collecting sensitive data, we do not retain sensitive data longer than necessary, and we follow reasonable security practices including ISO 27001 aligned measures. We also permit users to review and correct information and withdraw consent as noted in this Policy. We wanted to highlight that we are in full compliance with these Indian legal requirements.
• GDPR Alignment: While GDPR (EU General Data Protection Regulation) is not directly applicable to our India-focused operations, we have voluntarily incorporated many of its principles (such as transparency, user rights, data minimization, purpose limitation, security, etc.) to provide a high standard of privacy protection. If you happen to be an EU resident using our services, you will find that our practices align closely with GDPR requirements, and you may contact us to exercise any additional rights under GDPR. We do not currently have an EU establishment, but we still care about all users’ privacy.
• Children’s Privacy: As mentioned, our services are not meant for minors. We do not knowingly solicit or collect personal information from children under 18. If we become aware that we have inadvertently collected personal data from someone under 18, we will take steps to delete such information as soon as possible. Parents or guardians who believe that their child may have provided us personal data can contact the Grievance Officer to request deletion.

• We may update or revise this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or for other operational reasons. If we make any material changes to this Policy, we will notify you by means of a prominent notice on our website (for example, a banner or pop-up, or as part of your dashboard) or via email, prior to the change becoming effective. We will also update the “Last Updated” date at the top of this Policy to indicate the new revision date. We encourage you to review this Privacy Policy periodically for any changes.
• Your continued use of NoLegalPaisa.com after any modifications to the Policy have been posted will signify your acceptance of those changes, provided that we have obtained any required consents in accordance with law. If you do not agree with the changes, you should stop using the services and can request us to delete your data as per your rights.

---

• Contact Us: If you have any questions or comments about this Privacy Policy, or any concerns regarding your privacy on our Platform, please do not hesitate to contact us at support@nolegalpaisa.com. We will be happy to assist you.
• By using our Platform, you acknowledge that you have read and understood this Privacy Policy. We are dedicated to protecting your personal data and upholding your privacy rights. Thank you for trusting NoLegalPaisa.com with your legal service needs.