CounselGrid — Privacy Policy

Effective Date: 29/06/2025

Last Updated: 16/04/2026

Version: 1.2

This Privacy Policy explains how CounselGrid Private Limited (“CounselGrid”, “we”, “us”, “our”) collects, uses, discloses, and protects information about you when you access or use our websites, web applications, and the CounselGrid Lawyer mobile application for Android and iOS (collectively, the “Services”).

1. Scope

This policy applies to personal data processed through the Services, which include the CounselGrid websites (counselgrid.com and related subdomains), the CounselGrid web applications, and the CounselGrid Lawyer mobile application published on Google Play and the Apple App Store (the “Mobile App”). For enterprise customers, additional terms may apply under a Data Processing Addendum (DPA).

2. Information We Collect

Account data: name, email, phone, role, firm/tenant identifiers, login metadata.
Case/matter content: matter descriptions, documents, notes, communications you upload or create.
Usage data: pages/screens used, feature usage, settings, device/browser logs, diagnostics.
Payment/billing: limited billing metadata; payment processing may be handled by third-party payment providers.
Support communications: messages sent to support or sales, including attachments.
Mobile device data: device model, OS version, app version, language, time zone, and a non-persistent device identifier used for diagnostics and abuse prevention.
Push notification tokens: when you enable notifications in the Mobile App, we receive a token from Firebase Cloud Messaging (FCM) so we can deliver case updates and hearing reminders to your device.
Crash and performance diagnostics: if the Mobile App crashes or encounters an error, Firebase Crashlytics collects a stack trace, device state, and non-identifying diagnostic data to help us fix the issue. Crash reports do not include your case documents or AI chat content.
Biometric authentication: if you enable fingerprint or face unlock in the Mobile App, authentication is performed by your device’s secure hardware. Biometric data never leaves your device and is never transmitted to CounselGrid.

You may choose to upload sensitive information as part of legal matters. We provide controls and security measures, but you remain responsible for deciding what to upload and for complying with professional obligations (see Terms of Service).

3. How We Use Information

Provide, maintain, and improve the Services (including AI-assisted workflows)
Authenticate users and enforce role-based access and entitlements
Enable collaboration and matter management within a tenant (firm)
Prevent fraud, secure the platform, and audit access
Provide customer support and respond to requests
Comply with legal obligations and enforce our policies

4. DPDP Act (India) – Our Approach

Where the Digital Personal Data Protection Act, 2023 (“DPDP Act”) applies, we implement reasonable security safeguards and support lawful processing. Depending on context, CounselGrid may act as a data fiduciary or a data processor (especially for enterprise tenants under a DPA).

Data principal rights (where applicable) may include access, correction, erasure, and grievance redressal.

Advocates Act / Bar Council of India Rules and confidentiality: Nothing here is intended to reduce an advocate’s duty of confidentiality, privilege, or ethical obligations. Data protection laws (including the DPDP Act) generally operate in addition to other applicable laws. In practice, some requests or disclosures may be limited where confidentiality/privilege applies or where disclosure is restricted by law. If you are an advocate or legal professional, you must comply with professional duties and handle data principal requests in a legally compliant manner. We will support lawful compliance to the extent feasible (including enterprise controls and administrative tooling).

5. Sharing and Disclosure

We may share information with:

AI service providers (such as OpenAI, Anthropic, and Google) to process AI-assisted drafting, analysis, and research requests. Document content and case descriptions are sent to these providers for processing only. We do not permit these providers to use your data for training their AI models. See each provider’s data usage policies for details.
Service providers (cloud hosting, analytics, email, customer support) under contractual confidentiality and security obligations
Payment processors (Razorpay) to process subscription payments (we do not store full card details)
Enterprise administrators within your tenant, consistent with your role and settings
Legal compliance when required by applicable law or to protect rights and safety

6. Security

We use technical and organizational measures designed to protect personal data, including access controls, logging, encryption in transit, and secure key management where applicable. See Security & Trust for an overview.

6A. Mobile App Permissions (Android & iOS)

The CounselGrid Lawyer Mobile App requests the following device permissions. Each is used only for the stated purpose.

Biometric / Fingerprint (USE_BIOMETRIC, USE_FINGERPRINT / Face ID) — to unlock the app securely. Biometric data stays on the device.
Notifications (POST_NOTIFICATIONS) — to deliver case updates, hearing reminders, and important alerts.
Vibrate, Receive Boot Completed, Schedule Exact Alarm — to reliably deliver scheduled hearing reminders.
Read Media Images / Video / Audio — only when you explicitly choose to attach a document, image, audio, or video file to a case.
Network / Internet — required for sign-in, syncing cases, and using AI Copilot and eCourts search.

You can revoke any permission at any time from your device’s system settings. Some features will be unavailable if related permissions are denied.

6B. Push Notifications

We use Firebase Cloud Messaging (FCM) provided by Google to send push notifications to the Mobile App. FCM receives a device token that is used solely to route notifications to your device. You can turn off notifications at any time from the Mobile App settings or from your device’s system notification settings.

6C. Crash Reporting & Diagnostics

The Mobile App uses Firebase Crashlytics to report crashes and performance issues. Crash reports contain technical information (stack traces, device model, OS version, app version) and do not include your case documents or the content of your chats with the AI Copilot. This data is used only to identify and fix stability issues.

6D. AI Copilot — Data Sent from the Mobile App

When you use the AI Copilot or Prompt Generator inside the Mobile App, the text you enter (and any documents you attach to the request) is sent to our backend and onward to approved AI service providers (OpenAI, Anthropic, and/or Google) for processing. These providers are contractually prohibited from using your data to train their models. Please avoid entering data you do not have authority to share.

7. Data Retention

We retain personal data for as long as necessary to provide the Services, comply with legal obligations, resolve disputes, and enforce agreements.

Specific Retention Periods:

Active user accounts: Retained for the duration of your subscription
Case files and legal documents: Retained for 7 years after case closure (in line with Indian limitation periods and Bar Council requirements)
AI analysis sessions: Retained for 90 days unless configured otherwise by enterprise customers
Billing and payment records: Retained for 7 years to comply with tax and accounting regulations
Audit logs: Retained for 3 years for security and compliance purposes
Deleted accounts: Data is retained for 30 days to allow account recovery, then permanently deleted

You may request early deletion of your data by contacting privacy@counselgrid.com, subject to our legal retention obligations.

8. International Transfers

Depending on infrastructure and vendors, data may be processed in locations outside India. Where required, we apply contractual and security safeguards. Enterprise customers may request additional controls under a DPA.

9. Cookies and Similar Technologies

We may use cookies or similar technologies for authentication, session management, and improving user experience. You may be able to control cookies through browser settings.

Google Analytics: We use Google Analytics (GA4) on our marketing website (counselgrid.com) to understand page views, device types, and general usage patterns. Analytics runs only after you consent via our cookie banner. We use IP anonymization and do not collect personally identifiable information through analytics. You can choose “Essential only” to decline analytics cookies. For more on Google’s practices, see Google Privacy Policy and How Google uses data.

9A. Children’s Privacy

The CounselGrid Lawyer Mobile App is a professional tool intended for users who are 18 years of age or older. We do not knowingly collect personal data from children. If you believe a child has provided us personal data, contact privacy@counselgrid.com and we will delete it.

9B. Account & Data Deletion

You may request deletion of your CounselGrid account and associated personal data at any time:

From the Mobile App: Profile → Delete Account.
From the web: visit https://counselgrid.com/legal/account-deletion.html and submit the deletion request form.
By email: write to privacy@counselgrid.com from the email address on your account.

After verification, we will delete or anonymise your account data within 30 days, subject to the retention periods set out in Section 7 (for example, billing records retained for tax compliance).

9C. Google Play Data Safety

Our Google Play Data Safety declaration for the CounselGrid Lawyer Mobile App is consistent with this Privacy Policy. In summary:

Data is encrypted in transit.
You can request deletion of your data via the methods in Section 9B.
We do not sell your personal data to third parties.
Data collected includes: name, email, phone (optional), app activity, files/documents you upload, crash logs, and a device identifier used for diagnostics.

10. Contact / Grievance

For privacy questions, data requests, or legal inquiries, contact privacy@counselgrid.com.

Grievance Officer (DPDP Act, 2023):
Name: Purushotham Namani
Designation: Grievance Officer
Email: privacy@counselgrid.com
Response time: Within 72 hours of receipt of complaint

Related documents: Terms · Acceptable Use · Security & Trust · Compliance · DPA · Account Deletion