Lawyer Client

Privacy Policy

How we collect, use, share, and protect your personal data.

Effective Date: 29/06/2025

Last Updated: 10/08/2025

Version: 1.0

This Privacy Policy explains how CounselGrid Private Limited (“CounselGrid”, “we”, “us”, “our”) collects, uses, discloses, and protects information about you when you access or use our websites, applications, and services (the “Services”).

1. Scope

This policy applies to personal data processed through the Services. For enterprise customers, additional terms may apply under a Data Processing Addendum (DPA).

2. Information We Collect

  • Account data: name, email, phone, role, firm/tenant identifiers, login metadata.
  • Case/matter content: matter descriptions, documents, notes, communications you upload or create.
  • Usage data: pages/screens used, feature usage, settings, device/browser logs, diagnostics.
  • Payment/billing: limited billing metadata; payment processing may be handled by third-party payment providers.
  • Support communications: messages sent to support or sales, including attachments.

You may choose to upload sensitive information as part of legal matters. We provide controls and security measures, but you remain responsible for deciding what to upload and for complying with professional obligations (see Terms of Service).

3. How We Use Information

  • Provide, maintain, and improve the Services (including AI-assisted workflows)
  • Authenticate users and enforce role-based access and entitlements
  • Enable collaboration and matter management within a tenant (firm)
  • Prevent fraud, secure the platform, and audit access
  • Provide customer support and respond to requests
  • Comply with legal obligations and enforce our policies

4. DPDP Act (India) – Our Approach

Where the Digital Personal Data Protection Act, 2023 (“DPDP Act”) applies, we implement reasonable security safeguards and support lawful processing. Depending on context, CounselGrid may act as a data fiduciary or a data processor (especially for enterprise tenants under a DPA).

Data principal rights (where applicable) may include access, correction, erasure, and grievance redressal.

Advocates Act / Bar Council of India Rules and confidentiality: Nothing here is intended to reduce an advocate’s duty of confidentiality, privilege, or ethical obligations. Data protection laws (including the DPDP Act) generally operate in addition to other applicable laws. In practice, some requests or disclosures may be limited where confidentiality/privilege applies or where disclosure is restricted by law. If you are an advocate or legal professional, you must comply with professional duties and handle data principal requests in a legally compliant manner. We will support lawful compliance to the extent feasible (including enterprise controls and administrative tooling).

5. Sharing and Disclosure

We may share information with:

  • Service providers (cloud hosting, analytics, email, customer support) under contractual confidentiality and security obligations
  • Payment processors to process subscription payments (we do not store full card details)
  • Enterprise administrators within your tenant, consistent with your role and settings
  • Legal compliance when required by applicable law or to protect rights and safety

6. Security

We use technical and organizational measures designed to protect personal data, including access controls, logging, encryption in transit, and secure key management where applicable. See Security & Trust for an overview.

7. Data Retention

We retain personal data for as long as necessary to provide the Services, comply with legal obligations, resolve disputes, and enforce agreements.

Specific Retention Periods:

  • Active user accounts: Retained for the duration of your subscription
  • Case files and legal documents: Retained for 7 years after case closure (in line with Indian limitation periods and Bar Council requirements)
  • AI analysis sessions: Retained for 90 days unless configured otherwise by enterprise customers
  • Billing and payment records: Retained for 7 years to comply with tax and accounting regulations
  • Audit logs: Retained for 3 years for security and compliance purposes
  • Deleted accounts: Data is retained for 30 days to allow account recovery, then permanently deleted

You may request early deletion of your data by contacting privacy@counselgrid.com, subject to our legal retention obligations.

8. International Transfers

Depending on infrastructure and vendors, data may be processed in locations outside India. Where required, we apply contractual and security safeguards. Enterprise customers may request additional controls under a DPA.

9. Cookies and Similar Technologies

We may use cookies or similar technologies for authentication, session management, and improving user experience. You may be able to control cookies through browser settings.

10. Contact / Grievance

For privacy questions or requests, contact privacy@counselgrid.com. For legal questions, contact legal@counselgrid.com.

Related documents: Terms · Acceptable Use · Security & Trust · Compliance · DPA