Lawyer Client

Compliance

Regulatory compliance documentation for CounselGrid.

Version: 1.0

This document is informational and summarizes our approach. It is not legal advice. Enterprise customers may have additional contractual terms (DPA / security addendum).

1. India: DPDP Act (Digital Personal Data Protection Act, 2023)

  • Purpose limitation and lawful processing (as applicable)
  • Reasonable security safeguards to protect personal data
  • Support for requests and grievance redressal via privacy@counselgrid.com
  • Contractual commitments for enterprise tenants via DPA

2. Advocates Act / Bar Council of India Rules (Professional Ethics)

CounselGrid is a technology platform. For advocates and legal professionals, professional rules govern confidentiality, advertising/solicitation constraints, and the practice of law. Users remain responsible for compliance with applicable rules.

How these interact (no blanket override): The DPDP Act and professional obligations generally operate in parallel, and the DPDP Act is intended to be in addition to other applicable laws. Where professional rules require a higher standard of confidentiality or additional safeguards, users must follow those rules. Where there is an apparent tension between a data protection obligation and privilege/confidentiality, users should address it in a legally compliant manner (including considering privilege), and seek counsel where appropriate. Nothing in CounselGrid’s documentation is intended to limit professional obligations.

3. Confidentiality and privilege

  • Access controls and tenant isolation are designed to prevent unauthorized access
  • Users should configure roles, permissions, and sharing appropriately
  • AI outputs must be reviewed, and sensitive data should be handled in line with professional obligations

4. Security and governance

See Security & Trust for an overview of security practices. Enterprise customers may request audit materials and contractual assurances subject to agreement.

5. Data Breach Response

In the event of a data breach that compromises personal data, we will:

  • Contain and investigate the breach within 24 hours of detection
  • Assess the risk to affected individuals
  • Notify the Data Protection Board of India as required under DPDP Act Section 6
  • Notify affected users if the breach poses a high risk to their rights and freedoms
  • Notify enterprise customers within 48 hours per our Data Processing Addendum
  • Take remedial measures to prevent recurrence

Reporting Security Issues: If you discover a security vulnerability, please report it responsibly to security@counselgrid.com. We will acknowledge receipt within 48 hours and provide updates on remediation.

6. Contact

Compliance & legal: legal@counselgrid.com
Privacy: privacy@counselgrid.com

Related documents: Terms · Privacy · Acceptable Use · DPA