KNOW YOUR CUSTOMER (KYC) AND ANTI-MONEY LAUNDERING (AML) POLICY FOR NOLEGALPAISA.COM

Last Updated: May 11, 2025

Effective Date: May 11, 2025

1. This KYC and AML Policy (“Policy”) outlines the procedures and guidelines adopted by Kaahmuchee Solution Private Limited for its legal tech platform NoLegalPaisa.com (“NLP” or the “Platform”). The Policy applies to all users of the Platform, including individual clients, business entities (such as MSMEs), and any professionals or partners engaging through the Platform. The objectives of this Policy are to:

1. Verify User Identity: Establish and confirm the identity of users to foster a trusted environment for legal services (document drafting, consultations, dispute resolution, litigation funding, compliance, etc.).
2. Mitigate Fraud and Misuse Risks: Deter and prevent fraudulent activities, identity theft, and the potential use of the Platform for illicit purposes such as money laundering or financing of unlawful activities.
3. Ethical Compliance: Voluntarily uphold the spirit of Know Your Customer (KYC) and Anti-Money Laundering (AML) best practices prevalent in the industry, even though NLP is not a regulated financial entity under AML laws.
4. Legal and Regulatory Awareness: Ensure that NLP’s operations remain in line with applicable laws and guidelines in India, and be prepared to adapt if future regulations impose KYC/AML obligations on platforms like ours.

2. Non-Regulatory Status: It is important to note that NLP is not currently classified as a “reporting entity” under the Prevention of Money Laundering Act, 2002 (PMLA) or related AML/CFT regulations. Legal tech service providers and lawyers in India are presently not mandated by law to perform formal AML reporting (though regulators have considered bringing legal professionals under the PMLA framework). Therefore, NLP is not legally obligated to implement the full scope of AML systems or report transactions to authorities. However, we choose to adhere to this Policy for ethical reasons and to mitigate risk. This voluntary compliance approach aligns with practices of reputable Indian legal tech platforms, which often institute basic KYC procedures for trust and safety even in the absence of a statutory requirement.

3. NLP shall mandatorily require KYC before initiation, depending on operational procedures/workflows, for services such as ODR, litigation funding (TPLF), business registrations, et cetera. In all such cases, users must complete KYC before the dialogue box is activated for these services.

4. By using NLP’s services, users (“Users”) agree to the collection and use of KYC information as described in this Policy. The Policy’s scope covers all services offered via the Platform, and it will be applied on a risk-based, proportional basis to the nature of each service (detailed below). We aim to protect both the Platform and its Users from fraud or misuse while respecting user convenience and privacy.

5. NLP collects certain identification information and documents from Users as part of its KYC process. The exact information required may vary depending on the service availed (see Service-Based KYC Requirements below), but generally falls into the following categories:

1. Personal Identifiers: Full name, date of birth, photograph, and nationality of the individual user. For business entities, this includes the entity’s legal name, registration number (CIN or LLPIN, etc.), and date of incorporation.
2. Contact Details: Current residential or business address, phone number, and email address. An address proof document (e.g., a recent utility bill, bank statement, or rental agreement) may be requested to verify the provided address.
3. Government-Issued Identification: Official ID proofs to validate identity. For Indian citizens, commonly accepted documents include a PAN (Permanent Account Number) card, an Aadhaar card, a Passport, a Voter ID, or a Driving License. For instance, various platforms require a PAN card and an additional address proof for each director when incorporating a company. NLP may similarly collect PAN, Aadhaar, or other IDs from users to authenticate their identity.
4. Business Documents (for Entity Clients): If the User is a company or partnership, we may collect entity KYC documents such as the Certificate of Incorporation, PAN card of the entity, GST registration, corporate address proof, and identification of authorised representatives.
5. Financial Information (when relevant): For services involving financial transactions (e.g. litigation funding or payments), additional information may be gathered. This can include bank account details (for disbursing or receiving funds), details of the source of funds or income, and any documents necessary to assess financial credibility (such as audited financials or bank statements, in the context of funding applications).
6. Other Supporting Documents: Depending on the service, we might request relevant documents like legal case papers (for litigation funding due diligence), proof of ownership or authorisation (if someone acts on behalf of another person or entity), or any document mandated by law for the specific service (for example, director KYC filings in compliance services).

6. No Independent Verification: While NLP collects the above documentation for record-keeping and basic validation, the Platform does not conduct independent verification of the documents beyond obvious authenticity checks. We rely on Users to provide genuine and correct information. In line with industry practice for online legal services, NLP generally will not independently validate the content or accuracy of documents provided (for example, we do not automatically cross-verify your PAN or Aadhaar details in government databases, unless a particular service explicitly requires such verification). The information is accepted in good faith and used as furnished, with the User bearing responsibility for its truthfulness (see User Responsibilities below). However, if any document appears dubious or inconsistent, NLP reserves the right to request clarification or additional proof.

7. All KYC information collected is handled in accordance with our data privacy and storage protocols (detailed in Data Handling and Storage Practices). Users who do not wish to provide required KYC details may be unable to avail certain NLP services, as submission of specified information is often essential to perform the service or to comply with legal filing requirements.

8. NLP offers a range of services, and the extent of KYC due diligence performed is tailored to the risk and regulatory profile of each service. Broadly, services that involve financial transactions or formal legal filings require more extensive KYC, whereas purely consultative or informational services may require only basic details. The following outlines the Platform’s KYC approach for each major category of service:

1. Online Legal Consultation and Advisory: For one-time consultations or advice sessions with lawyers and other professionals, KYC requirements are minimal.
   1. Typically, users need only provide their name and contact information when booking a consultation. Government ID may not be mandatorily collected for a basic consultation. The rationale is that consultation services pose low financial risk; however, if a consultation leads to further engagement (e.g. hiring the professional for representation), the professional may independently perform their own client due diligence outside the Platform. NLP may request ID proof before or during the consultation process, if needed to confirm the User’s identity (especially for sensitive or regulated advice), but generally relies on user-provided registration data.
   2. Before connecting users with professionals in a Dialogue Box, NLP will perform basic user identity verification, and Users must be registered on the Platform with verified contact details (verified email/phone) to ensure a valid identity.
2. Document Drafting: When Users use NLP for document drafting (e.g. contracts, wills, business documents), relevant KYC information is collected as required for the same. Identification of the parties involved in the document is gathered to accurately draft the document (for example, details of a will’s executors/beneficiaries or a contract’s signatories).
3. Tax and Compliance Services (including incorporation): When users use NLP for compliance filings (e.g. company incorporation, license registrations, tax filings), relevant KYC information is collected as required for the same.
   1. In compliance services, KYC documents required by law are collected – for instance, to register a company, we will collect PAN, address proof, DIN, etc., for each director as required by the Ministry of Corporate Affairs.
   2. Further, all services requiring submission to government portals shall additionally require KYC of the authorised representative, including valid authorisation.
   3. While NLP facilitates the preparation and submission of such KYC to the authorities, it does not itself certify their accuracy beyond what the government process entails. Users availing these services are expected to submit all legally mandated documents, and NLP’s role is to ensure the paperwork is complete and properly formatted for the relevant government agencies.
4. Online Dispute Resolution (ODR): For parties engaging in arbitration/mediation through the Platform, basic KYC is performed to identify the disputing parties.
   1. Each party may be asked to provide a government-issued ID (such as Aadhaar or PAN) to confirm their identity and age, and to ensure that the parties are in accordance with the underlying mediation/arbitration agreement. Since ODR is a facilitated negotiation/adjudication, not a financial service, KYC is limited to identity verification.
   2. In case of corporate users, as part of KYC, we shall require, in addition to the above, proof and verification of the authority of the authorised representative of the respective corporate user.
   3. We do not conduct background checks on parties, nor do we verify the truth of the dispute information – the focus is simply to know who is participating. This practice is consistent with other ODR platforms in India, which typically require participants to register with their real identities but do not subject them to extensive due diligence. All information shared in the mediation is kept confidential in line with mediation standards.
5. Litigation Funding Services: This is a high-risk category from an AML perspective, and thus carries the most rigorous KYC requirements on our Platform. Users seeking litigation funding (plaintiffs/claimants) must undergo thorough identity verification and provide extensive information about themselves and their case.
   1. We will require proof of identity and address (PAN, Aadhaar/Passport, etc.) of the claimant.
   2. Identity details of any beneficial owner of the claim (for example, in case of the claimant being a corporate entity).
   3. Additionally, the claimant must provide all pertinent case documents and financial information necessary for due diligence. NLP uses these documents to assess the case's merits and risks and to ensure the request is legitimate.
   4. Likewise, if NLP allows outside investors or funding partners to fund cases (third-party funders), those investors must also provide KYC documentation (identity and contact details, and if the investor is an entity, corporate KYC documents).
   5. This two-sided KYC (both for those receiving funds and those providing funds) helps prevent the platform from being used as a channel for money laundering or fraud. For example, an investor may be required to submit a PAN, proof of funds source, and bank details before investing, much like how dedicated litigation finance platforms require investors to complete KYC and verification before investing. All fund transfers in litigation funding are made through registered banking channels; cash contributions are not permitted to ensure an audit trail.
   6. It should be noted that while NLP collects KYC documents and performs due diligence on litigation funding applications, this is primarily to make an internal decision on whether to approve funding and to guard against blatant fraud. We do not have statutory power or duty to run background checks beyond this. Still, any blatantly false information or suspicious circumstances will result in the application being rejected and, if necessary, reported to legal authorities, and legal action taken, if deemed fit.
6. Subscription-Based Legal Support (for Businesses/MSMEs): Businesses that subscribe to NLP’s ongoing legal support services are required to undergo KYC at onboarding.
   1. Typically, the subscribing company will provide its registration details (Certificate of Incorporation, LLP Deed, etc.), corporate identity number, PAN, GST registration (if applicable), and the authorised signatory’s ID proof and proof of authority being granted to the authorised signatory (authorisation letter/board resolution). This is to clearly establish the client’s identity and ensure that we know the entity with which we are entering into a service contract. The authorised person acting on behalf of the business must also provide personal KYC (photo ID and contact details) as our point of contact. During the subscription period, if the business changes key details (like address, directors, etc.), updated KYC may be requested. The depth of KYC here aligns with what similar legal service providers collect for corporate clients – sufficient to verify the company's existence and representation, but not as exhaustive as a bank would require for loan issuance. Since payments for subscriptions are done via bank transfer or digital payment, the payment itself provides a traceable record of the source of funds.
7. Intellectual Property Services: When users use NLP for IP filings (e.g. Patent, Trademark, et cetera), relevant KYC information is collected as required for the same.
   1. Proof of identity of the applicant(s).
   2. Proof of authorship/ownership over the object of registration.
   3. Power of attorney (where required).

9. In all cases, failure or refusal to provide the requisite KYC information for a particular service will result in the Platform being unable to provide or continue that service.

10. Users will be notified of KYC requirements at the time of engaging a service (e.g. a checklist of documents needed for company registration, or an identity verification step before a mediation/arbitration begins). NLP strives to keep the KYC process as streamlined as possible, collecting only what is necessary for compliance and risk purposes.

11. NLP is committed to protecting the privacy and security of the KYC data collected from Users. All personal data and documents obtained under this Policy are handled in accordance with our Privacy Policy (incorporated herein by reference) and applicable data protection laws. Key data handling and storage practices include:

1. Secure Storage: KYC documents and personal information are stored on secure servers or cloud services with robust encryption and security measures. We utilise industry-standard security protocols (such as SSL/TLS for data in transit and encryption at rest) to prevent unauthorised access or data breaches. Physical copies of documents (if any) are kept to a minimum and stored in access-controlled facilities.
2. Access Control and Confidentiality: Access to Users’ KYC information is strictly limited to authorised personnel who need to know such information to perform their duties. For example, our compliance officers or certain operations staff may access KYC documents to verify completeness, and professionals (lawyers/mediators) may receive basic identifying details necessary to serve the User. Every staff member handling user data is bound by confidentiality obligations. We do not disclose your KYC documents or personal data to any third party except in the following cases:
   1. Service Delivery – sharing with a professional engaged by the User who needs the info (for instance, providing a mediator with names of the parties, or giving a lawyer the client’s ID for drafting a legal notice); or
   2. Legal Requirements – if we receive a lawful request from government authorities or courts for the information; or
   3. Company Operations – sharing with trusted service providers who assist us in data storage, verification, or processing (under strict data protection agreements). We never sell or rent KYC data to marketers.
3. Purpose Limitation: The KYC information collected is used solely for the purposes outlined in this Policy – namely, verifying identity, performing due diligence for the specific service, internal risk assessment, and complying with any legal requirements related to the service. The information is not used to make automated decisions beyond risk-rating, and it is not used for advertising or unrelated profiling. Users’ personal data is processed fairly and lawfully. Any use of identity documents for a government filing (e.g., submitting your PAN to MCA for a company registration) is done with your implicit consent by requesting the service.
4. Dialogue Box Governance: NLP undertakes the following measures, viz., the dialogue box,
   1. The Platform only allows the addition of KYC-verified users to a dialogue box.
   2. The NLP Admin, who is a part of every dialogue box, only has access to the communication log and not the documents/files shared in the dialogue box.
   3. At the conclusion of a service, access to the Dialogue Box of all, i.e., user(s), professional(s) and NLP Admin are removed.
   4. All communication, file/document uploads are logged and retained in terms of our data retention policy.
5. Retention of KYC Records: NLP retains KYC documents and information for as long as is necessary to fulfil the purpose for which it was collected, and as may be required by law or our legitimate interests. In practice, this means we will typically keep KYC records at least for the duration of the user’s engagement with the Platform. Even after a specific service is completed or a user relationship ends, we may securely retain KYC data for a defined period (for example, up to 5 years) to comply with legal record-keeping obligations, resolve disputes, or enforce agreements. After the retention period, or upon a verified user request for deletion (whichever is later), the data will be disposed of in a secure manner (secure erasure of electronic files and shredding of physical documents). Note that if certain records must be kept by law (for example, financial transaction logs), we will retain those as required, even if the user requests deletion of other data.
6. Data Privacy and User Rights: All personal information is collected and processed in accordance with the rights of the data subjects/legal requirements. Users may have the right to access the KYC data we hold about them, and to request corrections if any information is inaccurate or outdated. We encourage Users to review our Privacy Policy for detailed information on how we protect user data and the mechanisms available for grievance redressal related to personal data. If a user has concerns about how their KYC data is handled, they can contact our data protection officer or the support team as specified in the Privacy Policy.
7. Breach Response: In the unlikely event of a data breach involving KYC information, NLP will take immediate steps to contain and remedy the breach. Affected users and appropriate authorities will be notified in accordance with applicable law. We continuously update our cybersecurity measures to adapt to new threats and ensure that user information remains safe.

12. NLP recognises the sensitive nature of KYC documents (which often contain personal identifiable information). We treat these with the same level of care as financial institutions do under data security guidelines, even though those exact regulations do not legally bind us. By implementing strong data-handling practices, NLP aligns with the trustworthiness expected of major legal-tech and fintech platforms in India.

13. NLP verifies the identity, qualifications, and regulatory status of all empanelled professionals, including lawyers, CAs, CS, mediators, arbitrators, domain experts, et cetera. This may include membership verification with Bar Councils, ICAI/ICSI or other relevant bodies.

14. KYC compliance is a two-way street. We expect Users to uphold certain responsibilities to facilitate an effective KYC/AML regime on the Platform. By using our Platform and services, Users agree to the following obligations:

1. Provide Accurate Information: Users must submit true, accurate, current, and complete information as requested in any KYC or service-related forms. All statements made and documents provided should be genuine and unaltered. Misrepresenting identity or submitting false documents is strictly prohibited and could constitute fraud. Users are solely responsible for the accuracy of the information provided, as the Platform does not perform any independent validation or verification. NLP relies on the User’s honesty; the User is accountable for any discrepancies.
2. Timely Submission: Users should provide the required KYC documents and details promptly when requested, to avoid delays in availing services. If you are in the process of, say, applying for litigation funding or registering a business through our Platform, you are expected to promptly furnish all necessary information and documents upon request. Failure to provide required information or documentation may result in NLP’s inability to onboard you or continue services.
3. Update Changes: It is the User’s responsibility to inform NLP of any material changes in the provided KYC information. For example, if you change your address, renew your passport (resulting in a new number), or if a business client undergoes a change in ownership or directors, you should promptly update this information with us. Keeping KYC information up-to-date helps maintain the integrity of our records and ensures you can continue using the Platform without interruption. We may, from time to time, reach out to Users to reconfirm or refresh specific KYC details, especially in long-term engagements.
4. Use of Own Identity: Users must only use their own identity and information when registering or using services.
   1. You may not use the Platform on behalf of another person or entity unless you are explicitly authorised to do so (with proof of such authorisation provided as part of KYC). Impersonating someone else or hiding the true beneficial owner of a transaction or service request is strictly forbidden. Business users should disclose the actual beneficial owners if required (for instance, disclose shareholders in a litigation funding scenario if a company is the claimant).
   2. Users should only upload their documents and not documents belonging to some other person/entity, without authorisation.
5. Dialogue Box usage: Users must not impersonate or appoint unauthorised representatives in Dialogue Box.
6. Compliance with Law: Users must not use NLP for any illegal or illegitimate purposes. You agree that the funds you use to pay for services or invest through the Platform (in the case of litigation funding) are from legitimate sources and not derived from any criminal activity. You further agree that you will not attempt to use the Platform to launder money, finance terrorism, or commit financial fraud. If at any point you become involved in or charged with an offence related to financial or any other crime, you should cease use of our services and inform us, as this may affect our ability to continue a business relationship.
7. Cooperation in Verification: In some cases, NLP may need additional verification from the User to substantiate the KYC information (for example, a video KYC confirmation, or a request for a secondary ID, or an in-person verification if required by law for a specific service). Users are expected to cooperate in any reasonable verification process. This also extends to cooperating with any investigation if suspicious activity is detected – while not routine, if we have to inquire further about a particular transaction or behaviour, the User should respond honestly and transparently.
8. Confidentiality of Credentials: Although not directly a KYC obligation, it’s related to user integrity: Users must keep their account credentials (username, password, OTPs) secure and not share them. If, as a result of the disclosure of account credentials, someone other than the user accesses the user's account and uses our services, we will not be able to identify such unauthorised access. You are responsible for any activity under your account. Notify us immediately if you suspect any unauthorised access or identity breach in relation to your NLP account.

15. In summary, Users play a critical role in the success of KYC/AML measures. By adhering to these responsibilities, Users help us maintain a safe platform. If a User is found to be in violation of these obligations – for example, submitting fake documents or engaging in suspicious transactions – NLP reserves the right to take appropriate action, which may include rejecting the service request, terminating the user’s account, and if necessary, reporting the matter to law enforcement or relevant authorities and/or suing for damages. Users should refer to our Terms of Service for further details on the consequences of providing false information or engaging in prohibited activities.

16. Although NLP is not a bank or financial institution, we recognise the importance of having measures to prevent and detect potential money laundering or other illicit activities on our Platform. We have therefore implemented a risk-based approach to AML, proportionate to the nature of our services. Key risk prevention and mitigation measures include:

1. Risk-Based KYC Tiering: As outlined in the service-based requirements, we apply stricter KYC checks for higher-risk services. This allocation of effort is a fundamental AML principle – focusing resources where the risk is higher. For example, litigation funding (where money changes hands) is considered higher risk and triggers full KYC and due diligence, whereas downloading a template document from our site is low risk and may not require any KYC. By doing this, we align with best practices in which customers are categorised by risk level, and diligence is adjusted accordingly (financial services firms and even professional service providers often use such a risk-tiered approach). If a particular user or transaction is deemed high risk (e.g., unusual funding amount, politically exposed person involved, etc.), we may enhance our verification (ask for additional documents or information) before proceeding.
2. Transaction Monitoring (Internal): NLP monitors the usage of its platform for any red flags or anomalies. While our services are not primarily transactional like a bank, we do observe patterns such as: multiple funding applications from the same user, inconsistent information across different service requests, or attempts to route funds in unusual ways. If our system or staff detect suspicious indicators – for instance, a user trying to engage in a scheme that doesn’t match their profile, or payments coming from an unrelated third party – this will prompt a closer review. We maintain an internal log of any such suspicious incidents. Our team is trained to spot basic red flags (e.g., forged documents, reluctance to provide standard information, mention of illicit activities in communications). This is in line with the practices at many tech platforms, which, even if not under formal AML obligations, keep an eye out for fraud and abuse as part of customer safety.
3. No Cash or Anonymous Payments: NLP does not accept cash payments for any of its services. All payments (whether for service fees, subscription fees, or litigation funding transactions) must be made via traceable channels – such as online payment gateways, credit/debit cards, net banking, UPI, or bank transfers. These channels are operated by RBI-regulated entities, which have their own KYC/AML checks, thereby adding a layer of security. By disallowing cash, we reduce the risk of untraceable money flowing through our Platform. Additionally, we do not support payment from or to third parties who are not directly involved in the service (for example, a payment for a legal consultation should come from the client who booked it, not from an unknown third party). We do this by sending payment links only to verified users, via the dialogue box and/or verified communication channels (post-KYC). This ensures that the person footing the bill is identified and matches or is related to our user, closing a potential loophole for layering transactions.
4. Screening (Sanctions/PEP): As of now, given that the user base is primarily Indian, and our services are domestic, the risk of sanctioned individuals or entities using our platform is low. However, as a precaution, we reserve the right to screen users against publicly available government sanction lists or watchlists (such as UN sanctions or India’s UAPA list), especially in our funding and business services. We also ask users during onboarding if they or their organisation fall under any category of politically exposed persons (PEP). If we identify a user as a sanctioned party or if the user is found to be from a high-risk jurisdiction outside India (which is unlikely, as our services target Indian residents), we will reject the onboarding. This measure reflects standard AML compliance, in which even non-regulated entities avoid dealing with known bad actors.
5. Employee Training and Confidentiality: Our team members who handle onboarding, due diligence, or user data are given training on KYC/AML policies and how to execute them. They are made aware of the legal and ethical importance of these measures. They also understand the need for discretion and confidentiality – for example, if they suspect a user’s activity is unlawful, this concern is escalated to senior management privately; we do not “tip off” the user in a way that would violate any potential legal process. This training is periodically updated to incorporate any new typologies of fraud or changes in law. We also instil a culture of compliance where employees can report concerns without fear (internally).
6. Voluntary Reporting: While NLP is not obligated to file Suspicious Transaction Reports (STRs) with the Financial Intelligence Unit (FIU) under current law, we maintain an internal policy that, should we identify clear evidence of money laundering or any other crime, we will voluntarily report the matter to the relevant authorities. This could include filing a complaint or alerting law enforcement, even if not through the formal FIU-IND STR system (since we are not a reporting entity). Our ethical stance is that we will not knowingly allow our platform to be used to further illegal financial activities. This voluntary cooperation parallels how other conscientious companies operate – for instance, if a legal funding platform detects misuse, they would likely take action even beyond what is strictly required to protect their reputation and comply with the law’s intent.
7. Continuous Improvement: NLP continuously evaluates the effectiveness of its KYC/AML controls. As new risks emerge (for example, new forms of identity fraud or fraud schemes targeting online legal services), we adapt our measures. We may introduce additional verification steps or technologies (like OTP verification, facial recognition matching for IDs, etc.) if deemed necessary to combat evolving threats. We also keep an eye on regulatory developments. If the law expands AML requirements to our sector (for example, if, in the future, legal tech platforms or attorneys are officially brought under PMLA supervision), we will integrate those requirements into our processes promptly. In essence, our risk management is a living process – regularly refined to stay ahead of potential abuse.

17. By implementing the above measures, NLP aims to mimic the robust standards followed by major players in the industry, without creating undue friction for genuine users. We strike a balance between user convenience and necessary diligence, ensuring that legitimate users experience a smooth onboarding while bad actors face barriers to entry.

18. NLP provides the following disclaimers regarding its KYC/AML Policy, to clarify the extent and limits of our responsibilities:

1. Not a Regulated Entity: As noted, NLP is not regulated under the Reserve Bank of India (RBI) or PMLA frameworks as a bank, financial institution, or designated non-financial business. We facilitate legal and professional services, and while we handle user funds in specific contexts (e.g., passing through litigation funding or processing service fees), we do so as an intermediary and not as a bank or NBFC. Therefore, the KYC/AML measures we implement are voluntary and for risk management purposes. This Policy should not be construed as an assertion that NLP is compliant with any specific banking regulation or that it carries any regulatory approval for KYC/AML processes. We aim to follow best practices in spirit, but we are not subject to regulatory audits or filings under AML laws as banks or payment companies are. Users should be aware that, for example, we do not have an obligation to file currency transaction reports or maintain a centralised KYC registry entry for each user.
2. No Warranty on Verification: Because we do not independently verify all information, NLP does not guarantee the accuracy or validity of documents provided by Users. We accept documents in good faith and perform only basic checks. For instance, if a user uploads an identification document, we may check that it appears authentic and matches the user’s details. Still, we do not confirm its issuance with the government. Similarly, we do not run background checks on Users for criminal history or financial status outside the scope of the provided documents. Our KYC process’s primary intent is to identify our customers and gauge risk, not to certify a user’s credibility beyond doubt. Users and professionals interacting on the Platform should continue to exercise due diligence on their own behalf. For example, a lawyer who gets a new client via the Platform should independently satisfy themselves of the client’s bona fides, and a funding party should conduct their own assessment of a claimant, in addition to the Platform’s checks. NLP shall not be liable for any loss or damage arising from reliance on the KYC information of a User that later turns out to be false or misleading, except to the extent caused by our willful neglect or misconduct.
3. Scope of AML Efforts: Our AML efforts are limited by our role and visibility. We do not monitor users’ activities outside our Platform. We only have insight into transactions and communications that occur through or because of NLP. If a user takes a relationship off-platform or engages in financial dealings outside our purview, we cannot monitor or control that. Our commitments in this Policy apply strictly to the services and transactions occurring via NLP’s official channels. Furthermore, while we strive to detect and prevent illicit behaviour, we cannot guarantee that all illicit or suspicious activity will be caught or prevented. No screening system is foolproof; thus, there is always a residual risk. By using our Platform, Users acknowledge this limitation and agree that NLP’s role is one of good-faith monitoring and reporting, not absolute prevention.
4. Legal Cooperation: In instances where we do encounter evidence of potential wrongdoing, Users acknowledge that NLP may take actions such as account suspension or termination, and that we may share relevant information with law enforcement or regulatory bodies. This is done in accordance with applicable laws. We will endeavour to inform the affected user, unless prohibited by law (for example, certain government orders may forbid notifying the user). This Policy does not constitute a contract with any user to avoid reporting – if required by law or to prevent crime, we will cooperate with investigations. By onboarding onto the Platform, you consent to such cooperation and waive any claims against NLP for good-faith disclosures of information in such scenarios.
5. Third-Party Platforms: At times, NLP might use third-party services to assist in KYC (for example, an API to verify PAN or Aadhaar, or a secure storage service). While we conduct due diligence on such providers and bind them to our confidentiality requirements (to the extent feasible), we are not responsible for any breach or mishandling of data on their end beyond ensuring we choose reputable partners. Our liability for any third-party actions is limited as per our Terms of Service.
6. NLP’s Services Only: This Policy is only applicable to the use of NLP’s own services and platform. If a user, through the Platform, engages a third-party service (say, a payment gateway for transactions or an external lawyer outside our managed services), that third party may have its own KYC/AML requirements and policies. Users must comply with those independent requirements as well. For example, if a case is funded, the disbursal might be handled by a partner financial institution, which could ask for additional KYC under their regulatory obligations – the user should comply directly with them. NLP is not responsible for KYC processes outside its platform scope.

19. In essence, NLP disclaims any representation that it performs the level of due diligence that a regulated financial entity would. We act in good faith to know our customers and prevent misuse of our services, but there are practical and legal limits to what we undertake. Users and other stakeholders should consider this Policy as a commitment to best efforts, not an absolute guarantee of user identity or legitimacy.

20. This KYC and AML Policy is a living document and will undergo periodic review and revision. Kaahmuchee Solution Pvt. Ltd. commits to reviewing this Policy at least annually, or more frequently if required by changes in law, regulation, or the nature of our business. We monitor the regulatory environment and industry best practices (including any changes in the legal status of KYC/AML obligations for legal tech platforms in India, such as potential inclusion under PMLA or other laws) to ensure our Policy remains up-to-date and effective.

21. Changes to this Policy will be communicated by updating the Policy document on the NoLegalPaisa.com website and indicating a new Effective Date. In case of substantial changes that affect how we collect or process KYC data or Users' obligations, we may also notify registered users via email or an in-platform notification. Users are encouraged to review this Policy periodically to stay informed of our latest practices. Continued use of the Platform or our services after any modifications to the Policy constitutes acceptance of those changes.

22. If any User or stakeholder has questions or feedback regarding this Policy or wishes to seek clarification on any aspect of it, they may contact NLP through the provided customer support channels. We value transparency and will make efforts to address inquiries about our KYC/AML practices within a reasonable time.