Legal

Privacy Policy

How we collect, use, and protect your personal data.

Privacy Policy — DekhLaw

1. Data Fiduciary

DekhLaw is the Data Fiduciary under the Digital Personal Data Protection Act 2023 (DPDPA 2023). Contact: grievance@dekhlaw.com

2. Data We Collect

We collect: Identity & Contact Data (name, email, mobile, city); Usage Data (IP address, device type, session data); Consultation Data (practice area, date/time — not the substance of consultations); Privileged Communications (stored separately with strict access controls); Payment Data (transaction records for facilitation fees — we do not store full card numbers).

3. Legal Basis & Consent

We process your data based on: your consent (withdrawable at any time by emailing grievance@dekhlaw.com); performance of a contract; legal obligation; and legitimate interests (security, fraud prevention).

4. How We Use Your Data

We use your data only to: manage your account; connect you with lawyers; facilitate consultations; process payments; send service notifications; comply with legal obligations; prevent fraud; and improve platform functionality using aggregated, anonymised data. We do not sell your data or use it for advertising profiling.

5. Data Sharing

We share data with: lawyers (only information necessary to connect you); payment processors (for facilitation fee processing); technology service providers (bound by confidentiality agreements); and regulatory/law enforcement authorities (only where required by valid legal order).

6. Your Rights (DPDPA 2023)

You have the right to: access your personal data; correct inaccurate data; nominate a person for data rights; and withdraw consent. Email grievance@dekhlaw.com with subject 'Data Principal Rights Request'.

7. Privileged Communications

Communications between you and a lawyer for legal advice purposes are potentially subject to attorney-client privilege. DekhLaw stores these in a separate access-controlled environment. They are not used for analytics, AI training, or any commercial purpose. They are not shared with any third party except the lawyer party, or where required by court order.

8. Data Security

We implement encryption in transit and at rest, access controls, and regular security assessments. In the event of a breach likely to cause harm, we will notify the Data Protection Board of India and affected users as required by the DPDPA 2023. Effective Date: 1 January 2025