Last Updated: June 13, 2026 | Compliant with the Digital Personal Data Protection Act, 2023
[Company Name] operating jurissetu.com is the Data Fiduciary as defined under the Digital Personal Data Protection Act, 2023 ("DPDP Act"). We are responsible for processing your personal data in accordance with applicable law.
We collect the following personal data: • Identity Data: Full name, date of birth (if provided), PAN (for KYC, if provided) • Contact Data: Email address, mobile number • Account Data: Password (hashed), profile information, KYC status • Query Data: Legal questions, documents uploaded, AI responses, expert opinions • Payment Data: Transaction ID, payment status (card/bank details are NOT stored — processed by Razorpay) • Technical Data: IP address, browser type, device information, cookies, log files • Consent Data: Timestamps and records of all consents given Sensitive Personal Data (as defined under DPDP Act) is not collected except as expressly consented.
We process your data for the following purposes: • Providing AI legal research services • Facilitating expert consultations • Processing payments and subscriptions • Sending compliance reminders and platform notifications • Improving AI models (anonymised, aggregated data only) • Legal compliance, fraud prevention, and audit requirements • Marketing communications (only with explicit consent)
We process your data based on: • Your explicit consent (obtained at registration and documented) • Contract performance (to provide services you've subscribed to) • Legal obligation (as required by applicable Indian law) • Legitimate interest (platform security, fraud prevention) You may withdraw consent at any time, subject to the impact on service availability.
We share your data with: • Verified experts (query details, with your consent) — only for the purpose of the consultation • Razorpay — payment processing (subject to Razorpay's privacy policy) • Supabase / AWS — cloud infrastructure and data storage • Anthropic / AI providers — query processing (anonymised where possible) • Law enforcement — when required by court order or applicable law We do NOT sell your personal data to any third party.
• Account data: Retained until account deletion request • Query data: 5 years (for audit and dispute purposes) • Payment data: 7 years (as required by financial regulations) • Consent records: 7 years (as required by DPDP Act) • Marketing data: Until withdrawal of consent Upon account deletion, personal identifiers are removed within 30 days, subject to legal retention requirements.
As a Data Principal, you have the following rights: • Right to access your personal data • Right to correction of inaccurate data • Right to erasure ("right to be forgotten"), subject to legal requirements • Right to grievance redressal • Right to nominate a person to exercise rights on your behalf • Right to withdraw consent at any time To exercise these rights, contact: privacy@jurissetu.com
We use essential cookies for platform functionality, analytics cookies (with consent), and preference cookies. You can manage cookie preferences in your browser settings. Disabling essential cookies may affect platform functionality.
We implement industry-standard security measures including: • 256-bit SSL/TLS encryption in transit • Encrypted storage at rest • Access controls and audit logging • Regular security assessments • Supabase Row Level Security for data isolation No system is 100% secure. Please use strong passwords and enable 2FA when available.
For privacy concerns, contact our Grievance Officer: Name: [Grievance Officer Name] Email: grievance@jurissetu.com Response time: Within 72 hours of receipt Resolution: Within 30 days If you are not satisfied with our response, you may escalate to the Data Protection Board of India.