Privacy Policy & Data Protection
Comprehensive privacy policy covering AI data processing, professional confidentiality, and data protection rights.
Last updated: 2026-02-23
Data Controller Information
Legal Entity: LawyerDesk Advocacy Pvt Ltd
Operating as: LegiTract
Registered Address: #32-20-20, Captain Ramarao Jn, Allipuram, Visakhapatnam - 530004, Andhra Pradesh, India
Data Protection Officer: Data Protection Officer
Contact Email: info@legitract.com
Document Version: 2.0 (Effective: 2026-03-25)
At LegiTract, we recognize that privacy, confidentiality, and data protection are fundamental pillars of the legal profession. This comprehensive Privacy Policy explains how we collect, process, use, protect, and disclose your information when you use our AI-powered legal technology services, with particular emphasis on professional confidentiality and data sovereignty.
Professional Confidentiality Commitment
As a legal technology platform, we maintain professional confidentiality standards and implement data protection measures that meet or exceed industry requirements for handling sensitive legal information.
- • All client and case-related data treated with utmost confidentiality
- • AI processing occurs in secure, isolated environments
- • Core data stored in India with limited international transfers for AI processing (see Data Sovereignty section)
- • Professional-grade security measures implemented throughout
Consent and Acceptance: By using our platform, you explicitly consent to the collection and processing of information in accordance with this policy. We are committed to transparency, data minimization, and maintaining the highest standards of information security expected in legal practice.
Information Collection & Processing Categories
Data Collection Principles
We adhere to data minimization principles, collecting only information necessary for service provision and legal compliance. Professional confidentiality is maintained at all times.
- • Purpose Limitation: Data collected only for specific, legitimate purposes
- • Data Minimization: Only essential information is requested and stored
- • Accuracy: Measures to ensure data accuracy and regular updates
- • Storage Limitation: Data retained only as long as necessary
Professional & Account Information
Professional Credentials
- • Full name and professional titles
- • Phone number (primary identifier for OTP login)
- • Google account email (if using Google OAuth)
- • Institution type (individual, law firm, bank, NBFC)
- • Professional designation
- • Practice areas and jurisdictions
Account & Billing Data
- • Email address (primary identifier)
- • Phone OTP verification records
- • Google OAuth tokens (encrypted)
- • Payment method information
- • Billing address and GST details
- • Transaction history and invoices
- • Credit balance and usage records
Free Tool Data Collection
Checklist Generator (Free, No Account Required)
For the Property Document Checklist Generator, we collect minimal data to provide the service:
- • IP address (for abuse prevention only)
- • Selected state and property type
- • Browser and device information
- • No personal identification is collected
- • Data is not linked to any user account
Legal Documents & Confidential Information
Professionally Confidential Material
The following categories of sensitive legal information are processed with the highest level of confidentiality:
Property Documents
- • Title deeds and ownership documents
- • Sale agreements and transfer deeds
- • Encumbrance certificates
- • Survey settlements and revenue records
- • Building approvals and permits
- • Property tax assessments
Case-Related Data
- • Client identification (minimal, as needed)
- • Transaction details and parties
- • Legal analysis and findings
- • Risk assessment information
- • Professional opinions and recommendations
- • Case metadata and classifications
AI Processing & Technical Data
AI Analytics Data
- • Document processing metrics
- • AI model confidence scores
- • Analysis completion times
- • Quality assurance indicators
- • Error detection and correction logs
- • Performance optimization data
Technical & Usage Data
- • IP addresses and session identifiers
- • Device and browser information
- • Login times and access patterns
- • Feature usage statistics
- • Platform navigation behavior
- • Performance and error diagnostics
Advertising & Analytics Tracking
We use third-party advertising and analytics services to measure the effectiveness of our marketing campaigns and improve our platform:
Google Ads
Conversion tracking via gtag.js. Enhanced Conversions may send hashed email addresses to Google for attribution matching.
Google Analytics 4 (GA4)
Page views, user journeys, feature usage, and session data for platform improvement.
Meta Pixel
Page views and conversion events sent to Meta/Facebook for ad optimization.
TikTok Pixel
Page view and conversion tracking for TikTok ad campaigns.
LinkedIn Insight Tag
Professional demographic insights and conversion tracking for LinkedIn ad campaigns.
You can manage your tracking preferences through our Cookie Policy page or your browser settings.
Cookies & Local Storage
Strictly Necessary
Authentication cookies for session management. These are essential for the platform to function.
Analytics
GA4 cookies (_ga, _ga_*) for measuring platform usage and performance.
Advertising
Google Ads (_gcl_*), Meta (_fbp, _fbc), TikTok (_ttp), LinkedIn (li_*) cookies for ad conversion tracking.
Functional & Session
localStorage caches for report drafts and UI preferences. sessionStorage for UTM parameters used in campaign attribution.
For complete details, see our Cookie Policy.
Generated Reports & Work Product
Professional Work Product
AI-generated reports and analysis created for professional use, maintained with appropriate confidentiality:
- • Completed Property Reports in PDF/Word format
- • Legal risk assessments and recommendations
- • Document analysis summaries
- • Compliance check results
- • Professional review comments and annotations
- • Historical report access logs
How We Use Your Information
Service Delivery
Generate accurate Property Reports, process documents, and provide AI-powered legal analysis
Account Management
Maintain your account, process payments, provide customer support
Legal Compliance
Meet regulatory requirements and legal obligations under applicable Indian law
Platform Improvement
Enhance AI accuracy, improve user experience, develop new features (anonymized data only)
Marketing & Advertising
Measure ad campaign effectiveness, retargeting, and conversion attribution via third-party advertising platforms
Data Protection & Security
Security Measures
- • Encryption: AES-256 encryption for data at rest and TLS 1.3 for data in transit
- • Access Controls: Multi-factor authentication and role-based access
- • Infrastructure: Industry-standard security practices with cloud-hosted infrastructure
- • Regular Audits: Third-party security assessments and penetration testing
Professional Confidentiality
We maintain professional confidentiality standards and ensure that your legal documents are treated with the same care and confidentiality as traditional legal practice. Our AI processing occurs in secure, isolated environments with strict access controls.
Data Sharing & Disclosure
Third-Party Data Recipients
We share data with the following named third-party service providers to deliver and improve our platform:
| Recipient | Purpose | Data Shared | Location |
|---|---|---|---|
| Cashfree Payments | Payment processing | Transaction details, billing info | India |
| Third-party AI providers | AI-powered document analysis | Uploaded documents, property data | USA (API processing) |
| Cloud infrastructure provider | Database, authentication & file storage | Account data, documents, reports | India (primary) |
| Email service provider | Transactional email delivery | Email addresses, notification content | USA (API) |
| Google Ads | Ad conversion tracking | Hashed email (Enhanced Conversions), page events | USA |
| Meta / Facebook | Ad conversion tracking | Page events, pixel data | USA |
| TikTok | Ad conversion tracking | Page events, pixel data | Singapore / USA |
| Ad conversion tracking | Page events, professional demographics | USA |
Limited Sharing Scenarios
- • Legal Compliance: When required by Indian courts or regulatory authorities
- • Service Providers: Named recipients listed above who assist in service delivery
- • Emergency Situations: To protect legal rights or prevent fraud
We never sell your data or share it for purposes beyond what is described in this policy.
Data Sovereignty & International Transfers
We are transparent about where your data is stored and processed. Not all data remains within India:
Core Data Storage (India)
User accounts, documents, and reports are stored in India via cloud infrastructure providers hosted in Indian regions.
AI Processing (USA)
Documents are sent to third-party AI service providers hosted in the United States for analysis. Documents are processed in transit and not permanently stored by these providers per their data processing agreements.
Ad Tracking (Global)
Behavioral data is transmitted to advertising platforms (Google, Meta, TikTok, LinkedIn) with servers globally distributed across the USA, Singapore, and other regions.
Email Delivery (USA)
Transactional emails are routed through Gmail SMTP services hosted in the United States.
Your Rights & Choices
Access & Portability
Request copies of your data in a portable format
Available within 30 days
Correction & Updates
Update or correct your personal information
Immediate processing
Deletion
Request deletion of your account and data
Subject to legal retention requirements
Data Processing Objection
Object to certain types of data processing
May affect service availability
Data Retention
| Data Type | Retention Period | Purpose |
|---|---|---|
| Account Information | Duration of service + 7 years | Legal compliance |
| Legal Documents | 7 years after last access | Professional standards |
| Generated Reports | 10 years | Legal documentation |
| Usage Analytics | 2 years (anonymized) | Service improvement |
| Ad Tracking Data | Per third-party provider policy | Marketing attribution |
Data Breach Notification
In compliance with the Digital Personal Data Protection Act, 2023, we have established the following breach notification procedures:
- • User Notification: Affected users will be notified within 72 hours of a confirmed breach
- • Regulatory Notification: The Data Protection Board of India will be notified as required under the DPDP Act
- • Details Provided: Nature of the breach, categories of data affected, remedial actions taken, and contact information for follow-up
- • Communication Channels: Notification will be published on the platform and sent via registered email address
Grievance Officer
In accordance with the Information Technology Act, 2000 and the Digital Personal Data Protection Act, 2023, we have appointed a Grievance Officer:
Designation: Grievance Officer, LegiTract
Email: info@legitract.com
Phone: +91 6262 868600
Address: #32-20-20, Captain Ramarao Jn, Allipuram, Visakhapatnam - 530004, Andhra Pradesh, India
Response Timeline: Within 72 hours of receipt
Escalation: If you are not satisfied with the Grievance Officer's response, you may approach the Data Protection Board of India established under the DPDP Act, 2023.
Privacy Rights & Data Protection Contact
Data Protection Officer
Officer: Data Protection Officer
Email: info@legitract.com
Phone: +91 6262 868600
Response Time: Within 72 hours
Escalation: Available for complex matters
Additional Contact Options
General Privacy: info@legitract.com
Legal Matters: info@legitract.com
Compliance: info@legitract.com
Postal Address:
#32-20-20, Captain Ramarao Jn, Allipuram, Visakhapatnam - 530004, Andhra Pradesh, India
Exercise Your Privacy Rights
You have comprehensive rights regarding your personal data. Contact us to exercise any of the following:
Data Rights
- • Right to access your personal data
- • Right to correct inaccurate information
- • Right to delete personal data
- • Right to restrict processing
Additional Rights
- • Right to data portability
- • Right to object to processing
- • Right to withdraw consent
- • Right to lodge complaints
Professional Consideration: As legal professionals, we understand the importance of timely responses. Most privacy requests are handled within 48 hours, with complex matters receiving priority attention.
Government Disclaimer & Data Source Information
Government Association Disclaimer
WE ARE NOT ASSOCIATED WITH OR AUTHORIZED BY ANY GOVERNMENT
LawyerDesk Advocacy Pvt Ltd operating as LegiTract is a private technology company providing AI-powered property analysis services.
- • Private Entity: We are not a government agency, department, or affiliated organization
- • No Official Authority: We have no official governmental authorization or endorsement
- • Independent Service: Our services are provided independently of any government body
- • Commercial Operation: We operate as a private commercial enterprise
- • No Regulatory Powers: We have no regulatory, enforcement, or official governmental powers
Data Source & Analysis Disclaimer
Our platform exclusively analyzes publicly available information and openly accessible data sources for privacy protection.
Privacy-Safe Data Sources
- • Publicly available government websites
- • Open data portals and registries
- • User-uploaded documents with proper authorization
- • Publicly accessible records and databases
- • Openly available regulatory information
Copyright & Data Ownership
- • Data sourced from websites is not copyrighted by us
- • Information analyzed comes from open, public sources
- • No proprietary or restricted data is accessed
- • All analysis based on legitimately accessible information
- • We do not claim ownership over source data
"AS IS" Privacy & Data Disclaimer
ALL DATA PROCESSING PROVIDED "AS IS" WITHOUT WARRANTIES OR GUARANTEES
Our data processing, analysis, and privacy protection measures are provided on an "as is" and "as available" basis without any express or implied warranties.
No Privacy Warranties For
- • Absolute data security or breach prevention
- • Complete anonymization or de-identification
- • Third-party service privacy practices
- • Regulatory compliance in all jurisdictions
- • Future changes in data protection laws
No Guarantees About
- • Preventing all unauthorized access
- • Complete data deletion or anonymization
- • Third-party data handling practices
- • Continuous service availability
- • Future privacy law compliance
User Responsibility: Users must independently assess privacy risks and seek Expert Advice for sensitive data handling.
Policy Updates & Legal Compliance
Privacy Policy Amendment Process
We maintain transparency in privacy policy updates and ensure legal professionals are adequately informed of changes that may affect their practice or client obligations.
- • Material Changes: 60 days advance notice via email and platform notification
- • Legal Compliance Updates: Immediate implementation with prompt notification
- • Technical Changes: 30 days notice for processing method changes
- • Professional Impact: Special consideration for changes affecting professional confidentiality
Current Policy Information
Policy Version:
2.0
Effective Date:
2026-03-25
Last Updated:
2026-02-23
Previous Update:
2025-09-03
Legal Compliance & Professional Standards
Regulatory Compliance
- • Information Technology Act, 2000
- • IT (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011
- • Digital Personal Data Protection Act, 2023
- • Consumer Protection Act, 2019
- • GST and financial compliance laws
Professional Standards
- • Professional confidentiality standards
- • Legal technology ethics guidelines
- • Data sovereignty requirements
- • Professional liability considerations
- • Industry-standard security practices
Privacy Policy Authority: This privacy policy is maintained by LawyerDesk Advocacy Pvt Ltd (LegiTract). For privacy-related questions or to exercise your data rights, contact our Data Protection Officer at info@legitract.com.
Professional Compliance: This policy is designed to meet the confidentiality and data protection requirements expected in legal practice. Legal professionals should review this policy in conjunction with their professional obligations.
Data Controller: LawyerDesk Advocacy Pvt Ltd, #32-20-20, Captain Ramarao Jn, Allipuram, Visakhapatnam - 530004, Andhra Pradesh, India