Privacy Policy
Version 1.0 · Effective 18 June 2026 · Governed by DPDP Act 2023
1. Who we are
LegalSaaS ("we", "us") is an AI-powered legal document generation platform for Indian legal professionals. We are a Data Fiduciary under the Digital Personal Data Protection Act 2023 (DPDP Act).
Grievance Officer: Founder, LegalSaaS
Email: grievance@legalsaas.in
2. What data we collect
We collect only what is necessary:
- Account data: name, email, password (stored as a one-way hash — we cannot read it).
- Document field data: names, addresses, and details you enter to generate documents. Used solely for generation.
- Usage data: document types generated, language selected, timestamps. No analytics SDKs.
- Payment data: handled by Razorpay. We store only payment status and plan type — never card or bank details.
We do NOT collect: phone numbers, location data, biometric data, or device identifiers.
3. How we use your data
• To authenticate you and manage your account.
- To generate legal documents using AI on your instruction.
- To record your document history.
- To process subscription payments via Razorpay.
- To respond to grievances and support requests.
We do NOT use your data for advertising, profiling, or sale to third parties.
4. Who we share data with
We share data with these processors, all bound by Data Processing Agreements:
- Google LLC (USA) — Gemini AI: document field content sent for generation.
- Supabase Inc (USA/Singapore) — database and file storage.
- Razorpay Software Pvt Ltd (India) — payment processing.
- Vercel Inc (USA) — frontend hosting (IP address and request logs only).
- Railway Corp (USA) — backend hosting (IP address and request logs only).
- Resend Inc (USA) — transactional email delivery.
IMPORTANT: Party names and addresses you enter are sent to Google's Gemini AI to generate documents. Enter only information necessary for the document.
We do not sell, rent, or trade your personal data.
5. Cross-border transfers
Our AI providers, database, and hosting are based in the USA. Your data is transferred under Data Processing Agreements. We monitor the Central Government's blacklist under DPDP Act and will cease transfers to any blacklisted country.
6. Data retention
• Account data: until you delete your account.
- Document history: 1 year from generation, then auto-deleted.
- Payment records: 7 years (Indian financial regulations).
- Server logs: maximum 90 days.
When you delete your account, all personal data is removed within 30 days except legally required payment records.
7. Your rights under DPDP Act 2023
As a Data Principal, you have:
- Right to Information: download all your data from Account Settings.
- Right to Correction: edit your profile in Account Settings.
- Right to Erasure: delete your account and all data from Account Settings.
- Right to Withdraw Consent: manage consents in Account Settings.
- Right to Nominate: contact our Grievance Officer to register a nominee.
- Right to Grievance: file a complaint at /grievance or email grievance@legalsaas.in. We respond within 30 days.
If unsatisfied, approach the Data Protection Board of India at dpdpboard.gov.in.
8. Grievance Officer
Name: Founder, LegalSaaS
Email: grievance@legalsaas.in
Response time: 30 days
Submit grievances at legalsaas.in/grievance.
9. Children's data
LegalSaaS is exclusively for legal professionals aged 18+. We do not knowingly collect data from anyone under 18. If a minor has created an account, contact grievance@legalsaas.in for immediate deletion.
10. Security
We protect your data with: bcrypt password hashing, HTTPS/TLS encryption, Row Level Security in our database, and secure session tokens. In case of a data breach, we will notify the Data Protection Board within 72 hours and affected users promptly.
11. Changes to this policy
When updated, we will notify you by email and prompt re-consent on your next login.