PRIVACY POLICY FOR NOLEGALPAISA.COM

Last Updated: 01 January 2026

INTRODUCTION

1. Kaahmuchee Solution Private Limited (“Company”, operating the NoLegalPaisa.com platform) is committed to protecting your privacy. We believe in clearly and transparently disclosing our data practices to you. This Privacy Policy explains how we collect, use, share, and protect your personal information when you use NoLegalPaisa.com (the “Service” or “Platform”). By using our services, you agree to the collection and use of information as described in this Policy. If you do not agree with any term herein, please do not use/subscribe to the Service. We will not use or share your information with anyone except as described in this Policy and in accordance with applicable law. We adhere to Indian information technology laws (including the Information Technology Act, 2000 and relevant Rules) and follow globally recognised privacy principles, similar to the GDPR, to ensure your data is handled lawfully and securely.

2. Scope: This Policy applies to all users of NoLegalPaisa.com and any services offered through it (such as litigation funding, online consultations with lawyers/CA/CS, dispute resolution via mediation, compliance services, and subscription-based legal advisory). It covers what data we collect, how we process it, the purposes and legal bases for processing, data retention, sharing, cookie use, your rights, and our grievance redressal mechanism. Any third-party websites or services you may access via our Platform have their own privacy policies, and we are not responsible for their practices. We encourage you to read this Policy carefully.

3. We collect various types of personal information (“Personal Data”) to provide and improve our services. The types of data we collect include:

1. Contact and Identity Information: Name, address, email address, phone number, and other identifiers that can identify you. For example, when you register an account or fill out forms on our site, we may ask for your full name, contact details, and proof of identity.
2. Financial Information: Payment details and financial account information you provide for transactions. This may include bank account numbers, credit/debit card details or other payment instrument details (note: card information is typically collected through secure payment gateways). If you seek litigation funding or other financial services on our Platform, we may also collect financial details about your case or investment capacity as needed.
3. KYC and Verification Documents: Government-issued identification numbers or documents and other Know-Your-Customer (KYC) data for identity verification and compliance purposes. This may include a PAN card, an Aadhaar card, a passport, a driving license, corporate identification numbers, or any documents you submit for background verification. We collect KYC documents only where required for services (e.g., litigation funding due diligence, verification of lawyers/experts, compliance filings) and only with your explicit consent.
4. Service Usage and Consultation Data: Information related to your use of our legal services. For instance: details about your legal case or query, consultation history with lawyers/CA/CS, chat or call transcripts, documents or evidence you provide for dispute resolution, and any other information you submit during mediations or consultations on the Platform. This may include sensitive details about your legal matters; we treat all such consultation and dispute data as confidential Personal Data.
5. Business and Compliance Information: If you use our compliance or registration services, we collect business-related data you provide (e.g. company name, registration number, directors’ details, financial statements, etc.) as required to prepare filings or applications on your behalf. This information may overlap with personal data (for example, a director’s PAN or DIN).
6. Transactional and Behavioural Data: Records of services you have requested or availed (e.g. details of funding agreements, subscription plans, services purchased) and your interactions on the Platform. This includes records of payments made or received, subscription status, and logs of support queries or feedback.
7. Technical and Usage Data: When you use our website, we automatically collect certain technical data. This includes your IP address, browser type and version, device identifiers, operating system, pages or screens you access, dates/times of visits, and browsing actions on our site. We also collect information through cookies and similar technologies (explained in the Cookies section below) about how you navigate our Platform. This usage data is generally not directly identifying, but if it can be linked to you, it will be treated as Personal Data.

4. We do not intentionally collect any data about your racial or ethnic origin, caste, political opinions, religious or philosophical beliefs, trade union membership, or health/medical information, as these are not required for our services. We also do not knowingly collect personal data from children under 18; our services are intended for adults and businesses. If you are under 18, please do not use this Platform or submit personal information.

5. Annexure A of this Policy gives a detailed overview of the various data points collected by us, their usage, and their retention timelines.

6. We collect personal data from you in the following ways:

1. Directly from You: Most information is provided directly by you. You may enter or upload data when you register an account, fill out contact or application forms, post a legal query, participate in a consultation or mediation, subscribe to services, or communicate with us (via chat, call, email, etc.). By voluntarily providing data in these ways, you consent to our collection and use of it for the intended purposes. For sensitive personal data or KYC documents, we will explicitly obtain your consent (e.g., by requiring you to tick a box or agree to terms) before you submit such information.
2. Through Your Use of the Service (Automatic Collection): When you visit NoLegalPaisa.com or use our app/Platform, we use technological tools to collect technical and usage information automatically. For example, we use cookies, web beacons, and log files to record your device information, IP address, and browsing behaviour. This helps us understand how users use our Platform and enables features such as staying logged in, as detailed in our Cookie Policy. We may also receive approximate location data from your IP address or device, for instance, to show you relevant content (such as lawyers in your region) or to prevent fraud.
3. From Third Parties: In some cases, we may receive information about you from third-party sources, but only where you have given those third parties consent to share it or where it is legally obtained. For example, if you use a third-party login (such as Google/LinkedIn single sign-on) to register, we receive basic profile information from them. Or, if you are referred to our litigation funding service by a partner, the partner might provide us with your contact and case referral information with your consent. We may also collect information from publicly available sources for verification (e.g. verifying a business registration via a government database). In all such cases, we ensure that the third party had a lawful basis (your consent or a legal requirement) to provide us with your data.

7. Consent Mechanisms: By using our services or otherwise submitting your personal information, you are providing consent for us to collect and use your data as described in this Policy. In the case of sensitive personal data or information (such as financial details or official ID documents), Indian law requires that we obtain your explicit consent for the specific use of the data before collection. We will typically do this by expressly asking you to agree (for example, by checking an “I Agree” box or clicking “Allow”) at the point of data submission. You have the right to withhold or withdraw consent for us to collect certain data; however, if you choose not to provide consent for necessary information, or later withdraw it, we may not be able to offer the related service to you. For instance, if you do not wish to provide a PAN or Aadhaar needed for KYC, we may be unable to process a litigation funding transaction for you. We will make it clear when certain data is optional and when it is required for the service.

8. We collect and process personal data solely for legitimate purposes connected with the functioning of NoLegalPaisa.com and to provide you with our various legal tech services. We do not use your data for any purpose that is incompatible with the purposes initially disclosed to you. Below is a summary of the purposes for which we use your data (and, where relevant, examples of the legal services to which they relate):

1. Providing and Improving Services: To deliver our services to you and ensure they function correctly. For example, using your contact and account data to create your user account and authenticate you at login, and using your feedback or usage patterns to improve our Platform’s interface and features. We use personal data to personalise your experience (such as suggesting relevant legal solutions) and to develop new features that better meet user needs.
2. Litigation Funding Services: If you apply for or participate in litigation funding through our Platform, we use your personal and case data to evaluate funding opportunities and facilitate the funding process. This includes reviewing case details and financial information to assess eligibility, performing due diligence and risk assessments, verifying your identity and credentials (KYC checks), and connecting funders with litigants. We process payment information to disburse funds or collect returns, and we generate necessary legal agreements or documentation for the funding transaction. These activities are carried out to fulfil our contract with you and comply with legal requirements (such as anti-money laundering laws).
3. Consultations with Lawyers, CAs, CS and Experts: For our online consultation services, we use the information you provide about your legal/tax/consulting query and your background details to match you with an appropriate lawyer, chartered accountant, company secretary, or other professional. We share the necessary details with that professional so they can advise you (see “Data Sharing” below). We may record or store chat transcripts, call recordings, or written advice given to you for quality control, to allow you to review the advice later, and to resolve any disputes or follow-up questions. These consultation records are accessible to you and the consulting professional, and internally to our authorised personnel if required for customer support or legal compliance.
4. Dispute Resolution and Mediation: If you use our platform to resolve a dispute (for example, via mediation or arbitration services), we use the data you submit about the dispute (claims, evidence, communications) to facilitate the resolution process. This includes sharing your submitted information with the mediator or arbitrator assigned to your case and, as appropriate, with the opposing party to the dispute (since mediation is a collaborative process). Your communications during the dispute resolution (chat logs, settlement agreements, etc.) may be monitored or reviewed by our case administrators and the neutral mediator for quality and evidentiary purposes. We retain these records to document the outcome and in case of any future legal issues arising from the dispute resolution.
5. Compliance and Regulatory Services: For services like business registrations, tax filings, compliance management or any legal filings, we use the personal and business data you provide to prepare the necessary applications or documents. For example, if you request company incorporation, we will use the directors’ personal details and ID documents to complete the MCA forms; if you request a tax return filing, we will use your financial data to prepare the return. We process and share this data with the relevant government authorities or regulatory bodies as needed to fulfil your requested service (e.g., submitting your incorporation documents to the Corporate Affairs Ministry or filing your GST returns with the tax department). The purpose is strictly to carry out your requested compliance service and to meet the legal requirements on your behalf.
6. Subscription-Based Legal Advisory: If you subscribe to an ongoing legal advisory plan, we use your information to provide continuous support and updates. This includes tracking your inquiries or legal service usage under the subscription, sending you regulatory updates or alerts pertinent to your business, and maintaining records of the advice or documents provided over the subscription period. We also use your contact information to send renewal reminders and process subscription payments. The purpose is to fulfil our contractual obligations to you as a subscriber and ensure you receive the benefits of the service.
7. Dialogue Box related - The Platform provides a secure service-specific digital Dialogue Box to enable communication and document sharing between users, assigned professionals, and authorised Platform personnel. Information shared in the Dialogue Box may include personal, business, legal, financial, and case-related data and is used solely to deliver the requested service, facilitate collaboration, prepare or file documents, comply with legal and regulatory requirements, and maintain necessary records and audit trails. Access to such data is strictly limited on a need-to-know basis to relevant users, professionals, and Platform administrators, and data is shared externally only where required for service delivery or by law, including with government authorities or courts. Data is retained only for as long as necessary to complete the service or meet legal obligations, after which it is securely deleted or anonymised, and is protected through appropriate technical and organisational security measures.
8. Payments and Transactions: We use personal and financial information to process payments for any services you purchase or fees you owe, as well as any payouts or reimbursements to you (for instance, payouts to investors in a funding deal). This includes using your payment card details or UPI/banking information to charge you for services, and using your bank account details to transfer funds due to you. Payment processing may be handled by integrated third-party payment gateways which adhere to required security standards (we do not store your card details on our servers beyond what is necessary). We use transaction data to maintain financial records, invoices, receipts, and to resolve any payment disputes.
9. Communication and Customer Support: We use your contact information (email, phone) to send you service-related communications. These include confirmations and receipts, updates on the status of your requests (e.g. that your legal document is ready), reminders (for upcoming consultation appointments or deadlines), and alerts for new features or policy updates. If you contact us with a question or support issue, we will use your information to investigate and respond. With your consent, we may also send promotional messages or newsletters about new services, offers, or legal updates – you can opt out of such marketing at any time (see “Your Rights” below). All communication will be done in accordance with applicable communication laws and your preferences.
10. Legal Obligations and Compliance: Certain processing of data is done to comply with our legal and regulatory obligations. For example, we may be required by law to verify our users' identities, especially for financial transactions (hence the KYC data collection), and to maintain records of such verifications. We retain invoices and transaction records as required by tax laws. If we facilitate litigation funding, we must ensure compliance with any financial regulations and prevent money laundering or fraud. Thus, we may process personal data to run fraud detection checks or to ensure none of our users are on sanctions lists, etc. We may also use and retain data as necessary to respond to lawful requests from public authorities or court orders (e.g., providing data when compelled by a subpoena in a legal case).
11. Enforcement and Protection: We may process your data as needed to enforce our Terms of Service or other agreements, and to investigate or prevent any violation of our Platform’s rules or the law. This includes using data to monitor for fraudulent activities, security breaches, or other potentially illegal activities on our Platform. If we detect such issues, we will use relevant data to mitigate and address them (for example, using account information to ban an abusive user, or using logs to trace a cybersecurity incident). We might also use your information to defend our legal rights or the rights and safety of our users or others in the event of disputes or legal claims.
12. Analytics and Product Development: We use collected data (mostly in aggregated or anonymised form) to perform internal analytics. This helps us understand how our services are used, identify trends, and improve our offerings. For example, we might analyse which pages on our site are most visited or which types of legal services are most requested to inform our business strategy. We ensure that any analytics use of data is conducted in a way that does not personally identify you, whenever feasible. We may also use anonymous feedback or survey responses to improve user satisfaction.

9. We will only use your personal data for the purposes stated above or for closely related purposes. If we ever need to use your data for a new purpose that is not compatible with these, we will seek your consent beforehand. We do not sell personal data to third parties for their own marketing use. Your data is used strictly to manage and enhance the services you sign up for and for compliance with the law. We also abide by the principle of purpose limitation – meaning once the specific purpose for which data was collected is fulfilled, we will not continue to use the data for other purposes unless you consent or the law requires it.

10. Our legal basis for collecting and processing your personal data varies depending on the context and nature of the information, but generally includes:

1. Consent: In many cases, we rely on your consent to process your personal data. By providing us with information, you consent to its processing for the intended purpose. We obtain explicit consent to process sensitive personal data (such as financial details or identity documents), as required by Indian law. We also rely on consent for sending any direct marketing communications – for example, you will only receive promotional emails if you have opted in. You have the right to withdraw your consent at any time (see “Your Rights” below), and we will stop the communication/requisite processing of data unless another legal basis applies.
2. Performance of a Contract: When we process data to provide you with services you have requested, the legal basis is that the processing is necessary for the performance of our contract with you (the Terms of Service or specific service agreement). For instance, when you provide details for a legal consultation or a compliance filing, we process that data to fulfil our obligations and deliver the service. Similarly, processing your payment and contact details is necessary to bill you and provide customer support under our agreement. Without this data, we would not be able to fulfil our services, so this processing is contractually required.
3. Legal Obligation: In some cases, we must process and retain certain data to comply with our legal obligations. For example, financial regulations and the Information Technology Act may require us to collect and retain KYC information and transaction records for a specific period. If a law enforcement agency lawfully requests user data, we are obligated to provide it. Such processing is necessary to comply with a legal obligation to which we are subject. We only do this to the extent required by law (e.g., retaining sensitive data only as long as mandated).
4. Legitimate Interests: We may process data as necessary for our (or third parties’) legitimate interests, provided such processing is fair, balanced, and does not unduly impact your rights. Our legitimate interests include: maintaining the security of our platform, preventing fraud and abuse, improving and developing our services, analysing usage to make informed business decisions, and marketing our services to existing customers. For example, it is in our legitimate interest to monitor accounts for suspicious activity to protect our platform from breaches. When we rely on this basis, we ensure that we consider and respect your privacy rights – for instance, for marketing to past customers, we give a clear opt-out option. We do not use legitimate interest as a basis for any processing that would override your fundamental rights or for processing sensitive personal data.

11. In practice, often multiple legal bases may justify our processing. For example, we might process your ID document both because you consented and because it’s a legal obligation under KYC rules. This layered approach ensures that your data is handled lawfully. If you have questions about the specific legal basis for any particular processing of your data, you can contact us for clarification.

12. We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required or permitted by law. We do not keep your information indefinitely by default. Our retention practices are designed to comply with the principle that personal data should not be stored longer than needed. Below is how we handle retention for different categories of data:

1. Account Information: Information you provide when registering and maintaining an account (like your name, contact info, login credentials) is kept for as long as you have an active account with us. We retain this to serve you and to meet our contractual obligations. If you choose to close your account, or if your account becomes inactive for an extended period, we will either delete or anonymise this information, or, if that’s not immediately feasible (e.g., stored in backups), securely isolate it until deletion is possible.
2. Consultation and Case Data: Records of your consultations with professionals, legal case files, dispute resolution files, and compliance documents are retained as long as needed to provide our services and for you to access your history. Typically, we keep such records while your account remains active so that you (and we) can reference past advice or case outcomes. If you delete your account or specifically request deletion of specific case data, we will remove those records from our live systems (unless retention is required for legal reasons described below). However, note that professionals (lawyers, mediators) who provided services may be required by their own professional obligations to retain a copy of communications or documents they worked on. We only retain our copy as your service provider for your benefit and ours (for example, to defend against any claims). We may retain such data till at least the expiration of the limitation period for any future claim.
3. KYC Documents and Sensitive Data: For identity verification documents (e.g. copies of PAN, Aadhaar, passports) and other sensitive personal data, our policy is to retain them only for the minimum period necessary. Once your identity is verified and it’s clear that the document is no longer needed, we will either not store it at all or store it in a secure, encrypted manner for a limited retention period. For example, if you underwent a one-time KYC check, we may promptly delete your uploaded KYC documents after successful verification to ensure security. In cases where a law or regulation requires us to retain KYC records for a particular duration (for instance, some financial regulations mandate retention for a few years), we will retain them for that period and then delete them. We will not use your KYC documents for any purpose other than compliance and verification, and we will dispose of them safely when the purpose is fulfilled.
4. Transaction and Financial Records: We retain transaction histories, invoices, receipts, and related financial records as long as required under applicable tax and accounting laws. Typically, this may be for a period of 5 to 8 years (depending on the law) or as needed for auditing. Even if you delete your account, we may need to keep invoice records associated with your name for the legally mandated period. However, we will not retain your payment method details (such as credit card numbers) beyond what is necessary for that transaction, except if you have saved them for future use (and even then, those may be stored by our payment gateway rather than on our servers).
5. Usage Data and Cookies: Usage logs and analytics data are generally retained for shorter periods, unless used for security analysis. We might keep raw web server logs for a few weeks or months and aggregated analytics reports indefinitely (since they do not personally identify users). Any usage data stored in an identifiable form (such as IP addresses linked to accounts) will be deleted or anonymised once it’s no longer needed for our analysis. We retain cookie data according to the cookies' lifespans (see Cookie section) – some cookies (such as login cookies) clear when you log out, while others may persist for a defined time unless you clear them.
6. Backup and Archival: Like most businesses, we perform routine data backups for disaster recovery. These backups are kept secure and are retained for limited durations under strict access control. If personal data is deleted from our main systems, it may still persist in encrypted backups for a short period until those backups are cycled out. We have retention schedules to ensure old backups are deleted or overwritten. During that interim, we continue to protect any data in backups and will not restore or use deleted data unless absolutely necessary for security or legal compliance.
7. Legal Retention and Disputes: Notwithstanding any general retention schedules, if we are involved in an ongoing legal proceeding or investigation that requires certain data, we will retain that data as long as necessary to resolve the matter. Additionally, if you exercise your right to deletion, we may retain a minimal subset of your information if required for us to demonstrate compliance with your request or to establish, exercise, or defend legal claims. We may retain such data till at least the expiration of the limitation period for any future claim. For example, if you had a transaction with us, we may keep a record that “User X’s data was deleted on Y date” and retain proof of any consents or contracts, in case of future disputes.

13. In summary, we do not keep personal data longer than the purpose requires, in line with Indian privacy rules. When data is no longer needed, we take appropriate steps to delete, destroy, or anonymise it in a secure manner. If you have specific questions about our data retention periods for any particular type of data, feel free to contact us. Also, if you wish to delete your data, see the “User Rights” section below for instructions on requesting deletion. We will honour such requests in accordance with the law, ensuring that no unnecessary data about you lingers in our systems.

14. We understand the importance of safeguarding your personal information and have implemented a range of security measures to protect it from unauthorised access, disclosure, or alteration. We store and process your data on secure servers and cloud services with robust security practices. In particular:

1. Secure Hosting: All personal data collected is stored on reputable cloud servers (such as Amazon Web Services) and data centres that employ industry-standard security protocols. Our servers are protected by firewalls, encryption technologies, and access control mechanisms. We typically store user data on servers located in India; however, some data may be processed or backed up on servers in other jurisdictions (see “Data Transfers” below). In any case, our cloud providers are contractually bound to protect your data and implement adequate security measures.
2. Encryption: We use encryption to protect data in transit and at rest. All communication between your browser/app and our Platform is secured via SSL/TLS encryption (HTTPS), ensuring that any personal data you send us (such as passwords or form entries) is encrypted in transit. For sensitive data stored in our databases (such as passwords, which are hashed, or identity documents), we employ encryption and/or hashing so that even if someone gained unauthorised access to the data, it would not be easily readable.
3. Access Controls: The personal data we store is accessible only to authorised personnel of our company or trusted service providers who need that access to perform their job (need-to-know basis). We limit and strictly regulate staff access to sensitive information. All employees, agents, and contractors of the Company who handle personal data are bound by confidentiality obligations. We have authentication controls (such as strong passwords and 2FA) in place for our internal systems to prevent unauthorised access.
4. Organisational Measures: We have internal policies and training for our team to ensure we handle user data with care and in compliance with the law. We conduct periodic reviews of our data collection, storage, and processing practices, and update our security practices in light of new risks or standards. We follow “reasonable security practices and procedures” as required under the IT Act, 2000 and SPDI Rules, which include administrative, technical, and physical safeguards appropriate to the sensitivity of the information. For example, we maintain up-to-date antivirus and intrusion detection systems and monitor our systems for potential vulnerabilities or attacks.
5. Payment Security: Any online payment transactions on NoLegalPaisa.com are processed through PCI-DSS compliant payment gateways. We do not store your full payment card details on our servers; they are handled by the secure payment processor. This means that when you enter payment information, it is transmitted directly and securely to the payment gateway, and we receive a confirmation token but not the sensitive card number or CVV. This adds an extra layer of security for financial data.
6. Third-Party Security: When we use third-party service providers for infrastructure, communications, or other services (for example, cloud hosting on AWS, or email service), we ensure through contracts that they also implement adequate privacy and security measures. We do not allow third parties to access personal data unless they are subject to equivalent confidentiality and security obligations.
7. Account Security: It is also crucial for you as a user to safeguard your account credentials. We encourage you to use a strong, unique password for your NoLegalPaisa account and to keep it confidential. We will never ask you for your password via phone or email. If you suspect any unauthorised access to your account, please notify us immediately. We also offer two-factor authentication (2FA) for logging in (if enabled, you will need to enter an OTP or use an authenticator app code in addition to your password), which we recommend for enhanced security.
8. No Guarantee: While we employ best practices to protect your data, please note that no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security of information, and any transmission of data to us is at your own risk. However, we strive to use commercially acceptable means and up-to-date technologies to protect your personal data. In the unlikely event of a security breach that affects your personal information, we will notify you and the appropriate authorities as required by law.
9. Data Breach Response: We have a data breach response plan in place. If we discover any security breach that results in unauthorised access to personal data, we will take immediate steps to contain and investigate it. Affected users will be informed promptly, and we will provide guidance on steps to protect themselves (if needed). We will also inform law enforcement or government agencies as required under the IT Act and any other applicable data protection regulations.

15. By using our Platform, you acknowledge that you understand the inherent security risks of providing information online and agree that we have implemented reasonable measures to protect your data. We continuously evaluate new security technologies and practices, and update our measures to keep your data as safe as possible. If you have specific questions about our security practices, feel free to contact our Grievance Officer (details provided below).

16. We treat your personal data with confidentiality and do not share it with third parties except in the situations described below. We never sell or rent your personal information to unrelated third parties for their marketing purposes. Any sharing is done in a responsible manner, limited to achieving the purposes outlined above or as required by law. The circumstances under which we may share your data include:

1. With Your Consent or At Your Direction: We will share your information with third parties if and when you explicitly ask us to or consent to such sharing. For example, if you request that we refer you to a partner law firm, or you opt in to a service involving a third-party expert, we will share the necessary details with them as requested.
2. Service Providers (Processors): We employ trusted third-party companies and individuals to perform certain functions on our behalf – such as cloud infrastructure providers, email/SMS delivery services, analytics providers, customer support tools, identity verification services, and payment gateway processors. These third parties have access to personal information only as needed to perform these tasks for us. For instance, our cloud hosting provider will store your data on its servers, our email service will process your email address to send communications, and payment processors will handle your card transactions. We ensure that all such service providers are bound by appropriate confidentiality and data protection agreements to safeguard your data. They are not permitted to use your data for any purpose other than the specific service they are providing to us. Key service provider categories include:
   1. Cloud Hosting & IT: e.g., Amazon Web Services (for server and database hosting).
   2. Communications: e.g., SMS gateway or email newsletter service for sending OTPs, updates.
   3. Analytics: e.g., Google Analytics, which may collect usage data and device identifiers to help us analyse traffic (subject to Google’s privacy policy).
   4. Marketing and Advertising: If we run marketing campaigns, we might use platforms like Google Ads or Facebook, which use tracking cookies on our site (see Cookies section) – we share minimal data (like your email in hashed form for custom audience matching, if at all) and these platforms act on our instructions to show ads.
   5. Identity Verification: e.g., if we use a third-party API to verify your PAN or Aadhaar, your info might go through to them solely for verification.
   6. Payment Processors: e.g., Razorpay, PayU, or banks to process transactions – they receive your payment details and billing info to complete payments securely.
3. Legal Professionals and Experts on our Platform: A core aspect of NoLegalPaisa is connecting you with independent professionals (lawyers, chartered accountants, mediators, etc.) to deliver legal or consulting services. When you choose to consult with or are matched with such a professional through our Platform, we will share with them the information necessary to perform the service. For example, if you book a consultation with a lawyer, that lawyer will receive your name, contact info, and the details of your query or case so that they can prepare and advise you. Similarly, a mediator handling your dispute will see the submissions and communications relevant to the dispute. These professionals are typically not our employees but independent providers. We contractually or through our terms require these professionals to keep your information confidential and use it only for the purposes of your consultation/case. Professional ethics generally bind them to maintain client confidentiality as well. However, note that any information you directly share with a professional outside of our Platform’s scope is at your discretion and subject to whatever agreement you have with them.
4. Within Our Corporate Group/Affiliates: If our company has affiliates, subsidiaries, or joint venture partners that are involved in providing the services, we may share data with them to the extent needed to operate the Platform. For example, if we partner with another company in the future to expand services, that affiliate might access user data. Any such entity will be subject to similar obligations to protect your data and will use it only in accordance with this Policy. We will inform you if any significant new data sharing with an affiliate occurs.
5. Business Transfers: If NoLegalPaisa (Kaahmuchee Solution Pvt. Ltd.) is involved in a merger, acquisition, restructuring, financing, reorganisation, bankruptcy, or sale of some or all of its assets, user information may be transferred to the acquiring or merged entity as part of that transaction. We would ensure that the new owner continues to handle your data in accordance with this Privacy Policy (or you would be given notice and a chance to opt out if they have a materially different policy). We will notify you via the website or email if such a transfer occurs, and the new entity will assume the rights and obligations regarding your personal data as described in this Policy.
6. For Legal Compliance and Protection: We may disclose personal information to third parties (such as courts, law enforcement or government agencies, or opposing parties in litigation) if we in good faith believe that such disclosure is necessary to:
   1. Comply with a legal obligation or valid legal process. For example, responding to a court order, summons, or subpoena requiring us to provide certain user data. We provide only the data specifically requested and only if we believe the request has a valid legal basis.
   2. Enforce our Terms of Service or other agreements; investigate and defend the Company against any third-party claims or allegations; or protect the security or integrity of our Platform. This could involve sharing information with legal counsel, auditors, or collection agencies if needed.
   3. Prevent fraud or illegal activities: If we suspect that someone is attempting fraud or a cybercrime on our platform, we may share relevant info with law enforcement or specialised security organisations to investigate and prevent harm.
   4. Protect rights and safety: If a user’s actions threaten the rights, property, or safety of other users, the public, or the Company, we may share data with appropriate authorities or affected parties to mitigate that threat. For example, providing information to law enforcement in case of imminent harm or to financial institutions about fraudulent transactions.
7. Third-Party Integrations: Our Platform may integrate with third-party services or APIs (for example, a scheduling tool for appointments, or a video conferencing service for online meetings). If you choose to use those features, some data (such as your name or email address for the meeting invite) may be shared with the third-party service to facilitate the integration.
8. Aggregated or Anonymised Data: We may share data that has been aggregated or anonymised (so it no longer identifies any individual) with third parties for research, marketing, or analytical purposes. For instance, we might publish usage statistics or trends (e.g., “X% of users filed trademark applications”). Such information does not contain personal details and is not traceable back to you.

17. Whenever we share your data with third parties, we take steps to ensure that they handle it with an adequate level of protection and solely for the intended purpose. We also ensure any third-party access is limited to the information necessary. For example, our marketing email provider doesn’t get payment info, and our payment processor doesn’t get your legal case details. We also require any third party that receives sensitive personal data to sign a contract agreeing to equivalent levels of data protection as we do, as mandated by the Indian SPDI Rules.

18. Importantly, we do not share your sensitive personal data (like financial or KYC info) with any third party except:(a) with your consent, (b) as agreed in a contract (e.g., sharing with a bank for a funding service you signed up for), or (c) where required by law. If a government agency lawfully requests your KYC information for identity verification or investigation purposes, we may be obliged to share it, but we will verify the authenticity of the request and ensure proper documentation before disclosure. Any government request for sensitive data will state the purpose and assure that the data will not be used for any purpose beyond that, as per law.

19. Finally, if we ever have to share your personal data in a manner not covered above, we will notify you and obtain your consent when required. We remain accountable for the protection of your information when it is transferred to or handled by third parties on our behalf. If you have questions about third parties that may have your data (because they assisted us), you may contact us to get a list of our current significant service providers.

20. Like most websites, NoLegalPaisa.com uses cookies and similar tracking technologies to provide a smooth user experience and to collect certain information automatically. This section explains our use of cookies, what choices you have, and how third parties may be involved in cookie-based data collection.

21. What Are Cookies? Cookies are small text files placed on your computer or device by websites you visit. They are widely used to make websites work, or work more efficiently, as well as to provide information to the site owners. Cookies allow a website to remember your actions or preferences over time. We also use related technologies, such as web beacons (tiny graphic images embedded in emails or pages) and pixels/tags (snippets of code), for similar purposes. For simplicity, we refer to all these as “cookies.”

22. How We Use Cookies: When you visit our Platform, authorised third parties or we may set several cookies in your browser. The types of cookies we use include:

1. Essential Cookies: These are necessary for the operation of our website and Platform. For example, when you log into your account, we use session cookies to keep you logged in as you navigate between pages. Without these cookies, certain services or functionalities (like accessing secure account areas or submitting forms) would not work properly.
2. Preference Cookies: These cookies remember your preferences and settings to enhance your experience. For example, a cookie may remember your chosen language or the last service you viewed, so that we can show you a localised experience or pre-fill certain forms for you.
3. Analytics Cookies: We use analytics tools (like Google Analytics) that set cookies to collect information about how users interact with our site. This includes information like pages visited, time spent on site, links clicked, and user demographics (if available). We use this information in aggregate form to understand user behaviour and improve our site’s performance and content. The data collected via analytics cookies is typically anonymised (e.g., we see the total number of visitors to a page, not who each visitor was). Google Analytics may set its own cookies; however, we do not allow Google to use the data for their own purposes beyond providing us with these analytics.
4. Security Cookies: We may use cookies to enable and support our security features, and to help detect malicious activity or violations of our terms. For example, a cookie might help prevent cross-site request forgery or remember when you’ve repeatedly failed login attempts (to trigger extra verification). These cookies help keep your account and our site safe.
5. Advertising and Marketing Cookies: As of now, NoLegalPaisa does not display third-party ads, but we may use cookies for our own marketing and re-targeting. For instance, we might use Facebook Pixel or Google Ads cookies to show you NoLegalPaisa ads on other websites you visit (this is called retargeting). These cookies remember that you visited our site and help us advertise our services to you again. Any such cookies are used only if you have allowed cookies, and they primarily track anonymised identifiers. If, in the future, we participate in any ad networks or allow third-party ads on our site, we will update this policy and ensure that those parties provide opt-outs.
6. Third-Party Cookies: Some cookies on our site are placed by third parties acting on our behalf (like the analytics and advertising tools mentioned). Also, if we embed content from external sites (such as a YouTube video or a social media widget), those sites may set their own cookies on your browser. For example, if there’s a LinkedIn “share” button, LinkedIn might set a cookie to remember that action. We do not have direct control over third-party cookies, but we do not intentionally integrate any third-party cookies that do not align with the stated purposes. Third-party cookie usage is governed by the third party's privacy/cookie policies. For instance, Google’s privacy policy for analytics and ads can be found on Google’s site.

23. Cookie Duration: Some cookies are “session cookies”, which get deleted when you close your browser. Others are “persistent cookies”, which remain on your device for a predefined period or until you delete them. For example, an essential session cookie might last only during your browsing session, while a persistent cookie that remembers your preferences might last for a few days or weeks. Analytics cookies can persist from 24 hours up to a couple of years, depending on the tool. We ensure no cookie remains longer than necessary.

24. Your Choices: When you first visit our website, you will be notified about our use of cookies. By continuing to use the site, you consent to our use of cookies as described. However, you have the right to control cookies:

• Browser Settings: You can set or modify your web browser controls to refuse or delete cookies. Most browsers allow you to see what cookies you have and delete them on an individual basis or block cookies from specific or all sites. Please note that if you disable cookies entirely, our website may not function properly for you – for example, you might not be able to log in or use certain features. It may affect your experience of our services (for example, if you block cookies, you may have to re-enter your preferences each time).
• Cookie Banner/Settings: We may provide a cookie consent banner or settings on our site that allow you to manage which categories of cookies to accept (e.g., allowing essential cookies but rejecting analytics/advertising cookies). If available, you can use that tool to customise your preferences at any time.
• Do Not Track: Some browsers have a “Do Not Track” (DNT) feature that sends a signal to websites you visit indicating you do not wish to be tracked. The internet industry is still working on DNT standards, so our site may not respond to those signals uniformly yet. We treat all users similarly, and will consider DNT signals if and when a consensus standard is established.
• Third-Party Opt-Outs: For analytics and advertising partners, you can often opt-out directly. For example, to opt-out of Google Analytics, you can install the “Google Analytics Opt-out Browser Add-on.” For interest-based ads, websites like the Network Advertising Initiative (NAI) or Digital Advertising Alliance (DAA) offer opt-out tools to remove you from targeted advertising by participating companies.

25. We do not use cookies to retrieve information from your device that we did not set initially, and we do not plant any malware or spyware via cookies. The cookies we use are solely to improve your experience and the quality of our service. Any information collected by cookies is stored separately from personal data you provide to us, and we do not attempt to identify you from cookie data alone.

26. You are encouraged to refer to our separate Cookie Policy for more detailed explanations regarding the types of cookies used, their purposes, retention periods, and available choices and controls. The Cookie Policy forms an integral part of our privacy framework and provides additional clarity on how cookies and similar technologies are managed on the Platform.

27. If you have any concerns or questions about our cookie usage, you can contact us for more information. We can provide more details on specific cookies if needed. We aim to be transparent about our tracking and respect your privacy choices.

28. We want you to be in control of your personal data. In accordance with applicable laws (including the IT Act’s privacy rules and general data protection principles), you have certain rights regarding the personal information we hold about you. We outline these rights below and explain how you can exercise them. Please note that these rights may not be absolute in all cases (for example, we might not delete data that we are required by law to keep), but we will honour them to the fullest extent possible.

1. Right to Access Your Data: You have the right to request access to the personal data we hold about you and to obtain a copy of it. This means you can ask us to confirm whether we are processing your personal information and provide you with a copy of that information in a commonly used format. For example, you can request: “Please send me a copy of all information you have about me on your systems.” We will provide the data, typically electronically, after verifying your identity (for your protection). This allows you to know exactly what data we have collected.
2. Right to Rectification (Correction): If you believe that any personal information we have about you is incorrect, incomplete, or outdated, you have the right to have it corrected or updated. For instance, if your phone number or address has changed, or we spelt your name wrong, you can ask us to fix it. You can make many changes yourself by logging into your account profile and editing the details. For changes you cannot make on your own, contact us, and we will make the corrections as needed. We strive to ensure that all information is accurate and up-to-date, and appreciate your help in keeping it that way.
3. Right to Deletion (Right to be Forgotten): You have the right to request the deletion of your personal data that we hold, subject to certain exceptions. If you no longer want us to have your information, you can request that we erase it from our records. For example, if you decide to discontinue using our services, you can ask us to delete your account and associated personal details. We will comply with such requests and delete your data from our active databases, provided we have no legal obligation or other justified reason to retain it. Note that we may retain data as needed to comply with legal requirements or to establish or defend legal claims (in which case we will inform you). Also, some data might remain in backups for a short period but will be purged according to our retention policy. Once your data is deleted, your account will be deactivated, and you may lose access to our services (which is expected if you request deletion).
4. Right to Withdraw Consent: If we are processing any of your data based on your consent (for example, you consented to receive newsletters or you consented to us holding your KYC documents), you have the right to withdraw that consent at any time. Withdrawal of consent will not affect the lawfulness of processing done before such withdrawal, but it will mean we stop the specific processing going forward. For instance, if you withdraw your consent to receive marketing emails, we will cease sending them. If you withdraw your consent for us to hold your sensitive data, we will delete those items unless otherwise required by law/regulation/best practices. To withdraw consent, you can use the opt-out mechanisms provided (like the “unsubscribe” link in emails) or contact us directly with your request.
5. Right to Object to Processing: In certain cases, you may have the right to object to the processing of your personal data. For example, if we were processing your data based on “legitimate interests” and you feel our processing impacts your rights, you can object to that. If you object, we will re-evaluate the necessity of processing. If it’s for direct marketing purposes, you always have the right to object, and we will stop such processing. If it’s for another purpose, we will either stop processing or demonstrate compelling legitimate grounds for the processing.
6. Right to Opt-Out of Marketing: Separately from general consent withdrawal, you can opt out of our marketing communications at any time. If you prefer not to receive promotional or newsletter emails, you can click the “unsubscribe” link at the bottom of those emails or adjust your preferences in your account settings. You can also inform our support or Grievance Officer, and we will remove you from marketing lists. Note that even if you opt out of marketing, we may still send you transactional or important service communications (such as payment receipts or legal notices), as those are not promotional.
7. Right to Data Portability: To the extent applicable (more relevant under GDPR-like regimes), you can request that we provide your personal data in a machine-readable format so that you can transfer it to another service provider. For example, if you wanted to switch to a competing service, you might want a copy of your data (like your consultation history) to take with you. If requested, we will provide the data in a structured, commonly used format (such as CSV or JSON) that is reasonably feasible for us to generate and that covers the data you provided. Currently, under Indian law, this may not be exercised frequently, but we support it in principle for user convenience.
8. Right to Not be Subject to Automated Decisions: We generally do not make any purely automated decisions about you that have legal or similarly significant effects (like credit scoring or profiling without human oversight). In case we ever implement such features, you would have the right to request human intervention or an explanation and to contest the decision.
9. Right to Review and Update Your Information: As per Indian IT rules, providers of information have the option to review the information they provided and ensure any inaccuracies are corrected. We encourage you to log in to your account periodically to review and update your profile information. If you need assistance, let us know.

29. Exercising Your Rights: You can exercise most of the rights above by contacting us via email or through your account settings. For any formal requests (access, deletion, etc.), please reach out to our Grievance Officer (contact details provided in the next section). Please be specific about which rights you want to exercise and what data your request pertains to, so we can process it efficiently. We may need to verify your identity before fulfilling certain requests (for example, by confirming ownership of your email or asking for an ID) to ensure that we do not disclose or delete data at the request of someone impersonating you.

30. We will respond to your request within a reasonable timeframe. Under law, we aim to do so within 30 days of receipt of your request or grievance, and often much sooner. If, for some reason, we need more time (due to complexity or the number of requests), we will inform you of the reason and extension. There is usually no fee for exercising your rights; however, if a request is unfounded or excessive (e.g., repetitive), we may charge a reasonable fee or refuse it with an explanation.

31. Please note, as mentioned, some rights are subject to exceptions. For example, if you request deletion of data that we must keep by law (such as financial records), we may decline to delete that specific data but will explain our reasoning. Likewise, access to certain data might be limited if providing it could violate another person’s privacy or if it’s legally privileged. Nonetheless, our policy is to be as open and accommodating as possible.

32. We want you to have confidence in how we handle your personal information. These rights empower you to have a say in that process. If you have any concerns about your data or wish to exercise any rights, do not hesitate to contact us. We will do our best to resolve any issues and honour your choices in line with legal requirements.

33. We have appointed a Grievance Officer to address any questions, concerns, or grievances you may have regarding your personal data or this Privacy Policy, in compliance with the Information Technology Act, 2000, and rules made thereunder. If you have any complaints or issues regarding how we are handling your information, you can reach out to our Grievance Officer, and we will do our best to resolve them expeditiously.

34. Grievance Officer:
Name: Mrs. Dimple Rajpurohit (Grievance Officer)
Email: support@nolegalpaisa.com
Contact Number: +91-9326024128 (available Mon–Fri, 10 am–6 pm)
Postal Address: Kaahmuchee Solution Pvt. Ltd., Shop No. 05, Yamuna Bldg, Lodha Heaven, Kalyan-Shill Road, Nilje, Thane, Maharashtra – 421204, India

35. You may contact the Grievance Officer by email (preferably) or mail with any issues, such as requests for clarification on this Policy, complaints about misuse of your data, concerns about security incidents, or to exercise your rights as listed above. Please provide details of your grievance and any relevant information (such as your account email, the specific issue, etc.) to help us address it effectively.

36. The Grievance Officer will acknowledge receipt of your complaint and initiate an investigation into the matter. As per the IT Act rules, we will address and attempt to resolve your grievance within 30 daysof receiving it. In many cases, we strive to resolve issues much sooner. You may receive a response outlining the steps taken and the resolution or next steps required. If the issue is complex or requires input from a third party (e.g., when a service provider’s action is involved), we will keep you informed of progress. We may seek an extension, but our goal is to resolve all grievances as quickly as possible.

37. We value your feedback and view grievances as an opportunity to improve our services and policies. If you are not satisfied with the resolution provided by the Grievance Officer, you may escalate the matter by replying to our communication or indicating your dissatisfaction. We will then review the issue at a higher level of management. Additionally, under Indian law, if the grievance is not resolved, you have the right to seek further recourse, including approaching the relevant authorities or courts for relief.

38. Your trust is important to us, and we are committed to resolving any issues fairly and transparently. Please do not hesitate to contact the Grievance Officer for any privacy-related concerns. The Grievance Officer’s name and contact details are also published on our website as mandated.

39. Primarily, we store and process personal data within India. However, given the nature of internet services and cloud infrastructure, your data may be transferred to and stored on servers located in other countries in certain situations. For example, if we use a cloud or email service whose servers are outside India, or if you access the Platform from outside India, your data might cross international borders. Some of these countries may have data protection laws that differ from (and potentially are less protective than) those in India.

40. Whenever we transfer personal data out of India, we will ensure that adequate safeguards are in place to protect it. In practice, this means:

1. We transfer data only to countries or entities which are deemed to have “equal” or sufficient data protection as per Indian law requirements, or we take your consent for such transfers.
2. We may use standard contractual clauses or similar legally recognised transfer mechanisms to contractually ensure that the foreign recipient of the data is obligated to protect it with the same level of security and privacy as required by Indian law.
3. For instance, if our servers in the US or EU hold some data, those data centres are under contracts that include data protection commitments aligned with Indian SPDI Rules and/or GDPR (whichever is stricter in protection).
4. You acknowledge that by using our Platform or submitting your information, you agree to this potential transfer, storage, and processing of your information outside of India. We will take all steps reasonably necessary to ensure your data is treated securely and in accordance with this Policy during such transfers.

41. If in the future India designates certain countries as not having adequate protection, we will refrain from storing data in those jurisdictions or will seek explicit consent from you for any necessary transfers. At this time, most of our data resides in servers in India, but backups or certain data flows might involve servers in (for example) the United States or European Economic Area (EEA). Those regions have strong data protection laws (such as GDPR), and our practices ensure compliance with them as well.

42. In summary, we handle cross-border data transfers with care and legality, so that your rights are preserved regardless of where data is processed. Should you require more details about cross-border transfer safeguards (for example, whether any of your data is stored abroad and under what protections), you can contact our Grievance Officer for more information.

43. This Privacy Policy and any issues or disputes arising from it are governed by the laws of India. We are an Indian company, and we operate in compliance with Indian privacy and IT laws. By using NoLegalPaisa.com, you agree that the laws of India shall govern any matter relating to your privacy or the terms of this Policy. In particular, we adhere to the Information Technology Act, 2000 and its relevant rules (notably the Reasonable Security Practices and Procedures and Sensitive Personal Data or Information Rules, 2011), as well as any other applicable Indian laws or regulations concerning data protection. We also align our practices with principles of international laws, such as the EU’s GDPR, where feasible, but our legal obligations are primarily governed by Indian law.

44. In the event of any dispute or claim arising out of this Privacy Policy or our handling of your personal data, the courts located in Maharashtra, India, shall have exclusive jurisdiction. Specifically, since our registered office is in Thane (Maharashtra), any legal proceedings shall be brought in the appropriate courts in the State of Maharashtra, India. We do not intend to subject ourselves to the laws or jurisdiction of any state, country or territory other than India.

45. If you are accessing our services from outside India, please be aware that you are transferring your data to India and/or to the jurisdictions where our servers are located. By providing your data or using the service, you consent to the transfer and processing of your data in India. Our data protection commitments under this Policy will still apply to you, but we cannot guarantee that any other country’s laws (such as the GDPR, unless you are an EU resident to whom it directly applies) will govern our relationship. That said, we extend the spirit of key privacy rights to all users, as described in the Your Rights section, regardless of nationality.

46. This Policy does not create any rights that are enforceable by any party other than the user and the Company, but it is a statement of our intent and commitment. If any provision of this Policy is held to be unlawful or unenforceable by an Indian court, that provision will be deemed severable and will not affect the validity of the remaining provisions.

47. Some special notes are as follows,

1. Information Technology Act Compliance: This document is an “electronic record” in terms of the IT Act, 2000 and rules thereunder, and is published in accordance with Rule 4 of the SPDI Rules, which require the publishing of a privacy policy. It does not require any physical or digital signatures. We confirm that we have appointed a Grievance Officer and published their details as required, that we obtain consent before collecting sensitive data, that we do not retain sensitive data longer than necessary, and that we follow reasonable security practices, including ISO 27001-aligned measures. We also permit users to review and correct information and withdraw consent as noted in this Policy. We want to highlight that we are fully compliant with these Indian legal requirements.
2. GDPR Alignment: While GDPR (EU General Data Protection Regulation) is not directly applicable to our India-focused operations, we have voluntarily incorporated many of its principles (such as transparency, user rights, data minimisation, purpose limitation, security, etc.) to provide a high standard of privacy protection. If you are an EU resident using our services, you will find that our practices align closely with GDPR requirements, and you may contact us to exercise any additional rights under the GDPR. We do not currently have an EU establishment, but we still care about all users’ privacy.
3. Children’s Privacy: As mentioned, our services are not meant for minors. We do not knowingly solicit or collect personal information from children under 18. If we become aware that we have inadvertently collected personal data from someone under 18, we will take steps to delete such information as soon as possible. Parents or guardians who believe that their child may have provided us with personal data can contact the Grievance Officer to request deletion.
4. Confidentiality viz. the Professionals: All professionals engaged through the Platform are bound both by professional confidentiality practices (including statutory requirements for maintaining confidentiality) as well as confidentiality agreements signed with the Platform at the time of onboarding of the professionals.

48. We may update or revise this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or for other operational reasons. If we make any material changes to this Policy, we will notify you by means of a prominent notice on our website (for example, a banner or pop-up, or as part of your dashboard) or via email, prior to the change becoming effective. We will also update the “Last Updated” date at the top of this Policy to indicate the new revision date. We encourage you to review this Privacy Policy periodically for any changes.

49. Your continued use of NoLegalPaisa.com after any modifications to the Policy have been posted will signify your acceptance of those changes, provided that we have obtained any/all required consent(s) in accordance with law. If you disagree with the changes, you should stop using the services and can request that we delete your data, as per your rights.

---

Contact Us: If you have any questions or comments about this Privacy Policy, or any concerns regarding your privacy on our Platform, please do not hesitate to contact us at support@nolegalpaisa.com. We will be happy to assist you.

By using our Platform, you acknowledge that you have read and understood this Privacy Policy. We are dedicated to protecting your personal data and upholding your privacy rights. Thank you for trusting NoLegalPaisa.com with your legal service needs.