Privacy Policy

LawSathi – AI-Powered Legal Practice Management Platform

Effective Date: January 8, 2026
Last Updated: January 8, 2026

1. Introduction

Welcome to LawSathi (“we,” “our,” or “us”). LawSathi Technologies operates the LawSathi platform, a comprehensive AI-powered legal practice management solution accessible at https://lawsathi.in and https://app.lawsathi.in.

We are committed to protecting your privacy and ensuring the security of your personal and professional data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our services.

By accessing or using LawSathi, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with this policy, please do not use our services.

2. Information We Collect

2.1 Account Information

When you register for LawSathi, we collect:

Name (as provided by you)
Email address (used for authentication and communication)
Password (stored in encrypted/hashed form)
Role information (individual practitioner, team member, team manager)
Team association (if applicable)

2.2 Client Information

When you use our Client Management features, you may store information about your clients, including:

Personal Details: Name, date of birth, gender, occupation, nationality
Contact Information: Phone numbers, email addresses, communication preferences, preferred language
Identity Documents: Aadhar number, PAN number, passport details, voter ID
Address Information: Residential, correspondence, and previous addresses
Business Information: Company name, CIN number, registration numbers, business type
Status Information: Client status, priority, risk level, source of referral
Notes: Internal notes and tags for client management

Important: We do not access, use, or process your client data for any purpose other than providing the service to you. Your client data remains confidential and under your control.

2.3 Case Information

When using our Case Management features connected to eCourt Services, we process:

Case Details: CNR numbers, diary numbers, case types, filing dates
Court Information: Court name, court type (Supreme Court, High Court, District Court), jurisdiction
Party Information: Names of petitioners, respondents, and legal representatives
Case Status: Hearing dates, case stages, next hearing information
Orders and Judgments: Downloaded from official eCourt portals

2.4 Documents and Files

Our Document Management system stores:

Document Content: Text, images, and formatting of documents you create
Document Metadata: File names, creation dates, modification dates, file sizes
Document Versions: Historical versions for recovery and tracking
Folder Structure: Your organizational hierarchy for documents

2.5 Chat and AI Interaction Data

When using our AI Legal Assistant (“Research Sathi”), we process:

Conversation Messages: Your queries and AI responses
Context Information: Case or document attachments for context-aware responses
Research Data: Web search results, citations, and sources used in responses
Usage Metrics: Number of messages, cost per interaction, model performance data

2.6 Calendar and Task Information

Events: Hearing dates, appointments, deadlines, reminders
Tasks: Task descriptions, priorities, due dates, assignees, status updates

2.7 Payment and Billing Information

For subscription and payment processing:

Billing Details: Invoice settings, GST information, bank details (stored locally for invoicing)
Payment Transactions: Processed through Razorpay (we do not store complete card details)
Subscription Status: Plan type, billing cycle, payment history
Invoice Data: Generated invoices, payment receipts

2.8 Technical and Usage Data

We automatically collect:

Device Information: Browser type, operating system, device identifiers
Log Data: IP addresses, access times, pages viewed, features used
Performance Data: Page load times, error logs, API response times
Session Information: Login timestamps, session duration, activity metrics

3. How We Use Your Information

3.1 Primary Service Delivery

Providing case management, document creation, and practice management features
Processing and displaying your legal cases synced from eCourt Services
Storing and organizing your documents, templates, and client records
Generating AI-assisted legal research and document drafting
Processing and managing your subscription payments

3.2 Communication

Sending account-related notifications (password reset, email verification)
Delivering subscription and payment confirmations
Providing task reminders and calendar notifications
Sending product updates and feature announcements (with opt-out option)

3.3 Service Improvement

Analyzing usage patterns to improve features and user experience
Monitoring system performance and reliability
Identifying and resolving technical issues
Developing new features based on user needs

3.4 Security and Compliance

Protecting against unauthorized access and fraudulent activity
Enforcing our Terms of Service
Complying with legal obligations and regulatory requirements

4. AI and Large Language Model (LLM) Usage

4.1 How AI Features Work

LawSathi uses advanced AI models to power features such as:

Legal Research Assistant: Context-aware question answering with citations
Document Analysis: Summarization and comprehension of legal documents
Argument Generation: Multi-step analysis, research, and drafting assistance
Smart Search: Semantic search across templates and legal databases

4.2 AI Data Processing

When you use AI features:

Input Processing: Your queries and relevant context (case details, document content) are sent to AI service providers for processing.
Third-Party AI Providers: We use third party AI service providers
Data Handling by AI Providers:
- AI requests are processed in real-time and are not stored long-term by providers for training purposes.
- We do not use your confidential legal data to train or improve third-party AI models.
- Conversation context is temporary and session-specific.

4.3 Safeguards for Legal Data

All AI communications are encrypted in transit (HTTPS/TLS)
We implement request-level isolation to prevent data leakage between users
Sensitive client information should be anonymized before using AI features for research
AI outputs should always be reviewed by qualified legal professionals before use

4.4 AI Limitations Disclosure

AI-generated content is provided as an assistive tool and:

May contain errors or inaccuracies
Should not be relied upon as legal advice
Must be verified and reviewed by qualified professionals
Does not replace professional legal judgment

5.1 Third-Party Service Providers

We share information with trusted third parties who assist in operating our platform:

Provider	Purpose	Data Shared
Razorpay	Payment processing	Name, email, payment details
DigitalOcean	Cloud storage for documents	Encrypted document files
Zilliz Cloud (Milvus)	Vector database for AI search	Document embeddings (anonymized)
AI Providers (OpenRouter, Perplexity, etc.)	AI processing	Query content, context data
SMTP Provider	Email delivery	Email addresses, notification content

All third-party providers are bound by confidentiality agreements and data protection obligations.

5.2 eCourt Integration

When syncing with India’s eCourt Services:

We access only publicly available case information using CNR/diary numbers you provide
Downloaded orders and judgments are stored in your account only
We do not share your eCourt data with unauthorized parties

5.3 Team and Collaboration

For Team Plan users:

Team members within your organization may access shared cases, documents, and clients
Access is controlled through role-based permissions configured by Team Managers
Team billing information is visible to Team Managers

5.4 Legal Requirements

We may disclose information when required:

To comply with applicable laws, regulations, or legal processes
To respond to lawful requests from government authorities
To protect our rights, privacy, safety, or property
To enforce our Terms of Service

5.5 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the successor entity. We will notify you of any such change.

6. Data Storage and Security

6.1 Data Location

Primary Database: Hosted on secure servers with encrypted storage
Document Storage: DigitalOcean Spaces (S3-compatible, with regional availability)
AI Processing: Processed in real-time by respective AI providers’ secure infrastructure

6.2 Security Measures

We implement industry-standard security practices:

Encryption: All data is encrypted in transit (TLS 1.3) and at rest
Authentication: JWT-based secure authentication with session management
Password Security: Bcrypt hashing with salt for password storage
Access Control: Role-based permissions and resource-level authorization
API Security: Signature verification for payment webhooks
Infrastructure: Firewall protection, intrusion detection, regular security audits

6.3 Data Backup and Recovery

Automated Backups: Daily database backups with point-in-time recovery capability
Document Versioning: Soft-delete with recovery for accidentally deleted documents
Backup Verification: Regular testing of backup integrity

6.4 Incident Response

In the event of a data breach, we will:

Investigate and contain the incident immediately
Notify affected users within 72 hours of confirmed breach
Report to relevant authorities as required by law
Implement measures to prevent future occurrences

7. Data Retention

7.1 Active Accounts

Account Data: Retained while your account is active
Documents: Retained until deleted by you; soft-deleted items retained for 30 days
AI Conversations: Retained with soft-delete capability for space management
Payment Records: Retained for 7 years as per Indian financial regulations

7.2 Inactive and Deleted Accounts

After account deletion request, personal data is deleted within 30 days
Backup copies may persist for up to 90 days before complete purging
Anonymized analytics data may be retained indefinitely
Legal hold data retained as required by regulatory obligations

7.3 Data Export

You may request a complete export of your data at any time through your account settings or by contacting support.

8. Your Rights and Choices

8.1 Access and Portability

You have the right to:

Access all personal data we hold about you
Request a copy of your data in a machine-readable format
View and download your documents, cases, and client records

8.2 Correction and Update

You can:

Update your profile information through account settings
Correct inaccurate client or case information
Modify document content and metadata

8.3 Deletion

You have the right to:

Delete individual documents, cases, clients, or conversations
Request complete account deletion
Recover soft-deleted items within the retention period

8.4 Restriction and Objection

You may:

Opt-out of marketing communications
Disable specific notifications
Request restriction of certain data processing activities

8.5 Exercising Your Rights

To exercise any of these rights, please contact us at:

Email: privacy@lawsathi.in
Support: support@lawsathi.in

We will respond to requests within 30 days.

9. Cookies and Tracking Technologies

9.1 Essential Cookies

We use cookies necessary for:

User authentication and session management
Security and fraud prevention
Remembering user preferences

9.2 Analytics Cookies

With your consent, we may use analytics to:

Understand feature usage and user behavior
Improve platform performance and user experience
Track conversion metrics for business planning

9.3 Managing Cookies

You can control cookies through:

Browser settings (block or delete cookies)
In-app preferences for analytics consent
Disabling specific tracking features

Note: Blocking essential cookies may prevent certain platform features from working correctly.

10. Children’s Privacy

LawSathi is designed for legal professionals and is not intended for use by individuals under 18 years of age. We do not knowingly collect personal information from children. If we become aware of any such data, we will delete it promptly.

11. International Data Transfers

11.1 Data Localization

LawSathi primarily operates within India and prioritizes data storage within Indian jurisdiction where possible.

11.2 Third-Party Providers

Some of our service providers (AI providers, cloud infrastructure) may process data outside India. Where data is transferred internationally:

We ensure appropriate safeguards are in place
Providers are bound by contractual data protection obligations
Transfers comply with applicable Indian data protection laws

12. Compliance with Indian Law

12.1 Applicable Regulations

We strive to comply with:

Information Technology Act, 2000 and associated rules
Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data) Rules, 2011
Digital Personal Data Protection Act, 2023 (as applicable)
Professional ethics requirements for legal practitioners

12.2 Legal Professional Privilege

We respect and protect attorney-client privilege:

Your client communications and case strategies are confidential
We do not access or disclose privileged information
Document content is not used for marketing or analytics

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we do:

The “Last Updated” date will be revised
Material changes will be notified via email or in-app notification
Continued use after changes constitutes acceptance of the updated policy

We encourage you to review this policy periodically.

14. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

LawSathi Technologies

Email (Privacy): privacy@lawsathi.in
Email (Support): support@lawsathi.in
Email (General): contact@lawsathi.in
Website: https://lawsathi.in
Address: Surat, Gujarat

For grievances related to data protection, you may also contact our Grievance Officer:

Name: Henil Chopada
Email: henil.chopada@lawsathi.in

We will endeavor to resolve your concerns within 30 days.

15. Summary of Key Points

Topic	Summary
Data Collection	Account info, client data, documents, cases, AI interactions, payments
AI Usage	Third-party AI providers process queries; no training on your data
Sharing	Limited to service providers with contractual protections
Security	Encryption, JWT auth, role-based access, regular backups
Retention	Active until deletion; backups up to 90 days
Your Rights	Access, export, correct, delete, restrict processing
Jurisdiction	India, compliant with IT Act and DPDP Act

Your trusted AI-powered legal companion.