1. Scope and Applicability
At LegiScore, we recognize that privacy, confidentiality, and data protection are fundamental pillars of the legal profession. This comprehensive Privacy Policy explains how we collect, process, use, protect, and disclose your information when you use our AI-powered legal technology services, with particular emphasis on professional confidentiality and data sovereignty.
Data Controller.
- Legal Entity: LawyerDesk Advocacy Pvt Ltd.
- Operating as: LegiScore.
- Registered Address: #32-20-20, Captain Ramarao Jn, Allipuram, Visakhapatnam - 530004, Andhra Pradesh, India.
- Data Protection Officer: Data Protection Officer.
- Contact Email: [email protected].
- Document Version: 3.0 (Effective: 2026-05-22).
Professional Confidentiality Commitment. As a legal technology platform, we maintain professional confidentiality standards and implement data protection measures that meet or exceed industry requirements for handling sensitive legal information. All client and case-related data are treated with utmost confidentiality. AI processing occurs in secure, isolated environments. Core data is stored in India with limited international transfers for AI processing (see International Data Transfers). Professional-grade security measures are implemented throughout.
Consent and Acceptance. By using our platform, you explicitly consent to the collection and processing of information in accordance with this policy. We are committed to transparency, data minimization, and maintaining the highest standards of information security expected in legal practice.
2. Information We Collect
We adhere to data minimization principles, collecting only information necessary for service provision and legal compliance. Professional confidentiality is maintained at all times.
- Purpose Limitation: Data collected only for specific, legitimate purposes.
- Data Minimization: Only essential information is requested and stored.
- Accuracy: Measures to ensure data accuracy and regular updates.
- Storage Limitation: Data retained only as long as necessary.
2.1 Professional Credentials
- Full name and professional titles
- Phone number (primary identifier for OTP login)
- Google account email (if using Google OAuth)
- Institution type (individual, law firm, bank, NBFC)
- Professional designation
- Practice areas and jurisdictions
2.2 Account & Billing Data
- Email address (primary identifier)
- Phone OTP verification records
- Google OAuth tokens (encrypted)
- Payment method information
- Billing address and GST details
- Transaction history and invoices
- Credit balance and usage records
2.3 Free Tool Data Collection
For the Property Document Checklist Generator (free, no account required), we collect minimal data to provide the service:
- IP address (for abuse prevention only)
- Selected state and property type
- Browser and device information
- No personal identification is collected
- Data is not linked to any user account
2.4 Legal Documents & Confidential Information
The following categories of sensitive legal information are processed with the highest level of confidentiality.
Property Documents:
- Title deeds and ownership documents
- Sale agreements and transfer deeds
- Encumbrance certificates
- Survey settlements and revenue records
- Building approvals and permits
- Property tax assessments
Case-Related Data:
- Client identification (minimal, as needed)
- Transaction details and parties
- Legal analysis and findings
- Risk assessment information
- Professional opinions and recommendations
- Case metadata and classifications
2.5 AI Analytics Data
- Document processing metrics
- AI model confidence scores
- Analysis completion times
- Quality assurance indicators
- Error detection and correction logs
- Performance optimization data
2.6 Technical & Usage Data
- IP addresses and session identifiers
- Device and browser information
- Login times and access patterns
- Feature usage statistics
- Platform navigation behavior
- Performance and error diagnostics
2.7 Advertising & Analytics Tracking
We use third-party advertising and analytics services to measure the effectiveness of our marketing campaigns and improve our platform:
- Google Ads: Conversion tracking via gtag.js. Enhanced Conversions may send hashed email addresses to Google for attribution matching.
- Google Analytics 4 (GA4): Page views, user journeys, feature usage, and session data for platform improvement.
- Meta Pixel: Page views and conversion events sent to Meta/Facebook for ad optimization.
- TikTok Pixel: Page view and conversion tracking for TikTok ad campaigns.
- LinkedIn Insight Tag: Professional demographic insights and conversion tracking for LinkedIn ad campaigns.
You can manage your tracking preferences through our Cookie Policy page or your browser settings.
2.8 Generated Reports & Work Product
AI-generated reports and analysis created for professional use, maintained with appropriate confidentiality:
- Completed Property Reports in PDF/Word format
- Legal risk assessments and recommendations
- Document analysis summaries
- Compliance check results
- Professional review comments and annotations
- Historical report access logs
3. How We Use Information
- Service Delivery: Generate accurate Property Reports, process documents, and provide AI-powered legal analysis.
- Account Management: Maintain your account, process payments, provide customer support.
- Legal Compliance: Meet regulatory requirements and legal obligations under applicable Indian law.
- Platform Improvement: Enhance AI accuracy, improve user experience, develop new features (anonymized data only).
- Marketing & Advertising: Measure ad campaign effectiveness, retargeting, and conversion attribution via third-party advertising platforms.
4. Lawful Basis for Processing (DPDP Act 2023 — Digital Personal Data Protection Act, 2023)
Processing is carried out in accordance with the Digital Personal Data Protection Act, 2023 and applicable rules. We process personal data on the lawful bases of user consent, contractual necessity for service delivery, compliance with legal obligations, and legitimate interests in platform improvement and security. Additional regulatory compliance includes the Information Technology Act, 2000; the IT (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011; the Consumer Protection Act, 2019; and GST and financial compliance laws. Our practices follow professional confidentiality standards, legal technology ethics guidelines, data sovereignty requirements, professional liability considerations, and industry-standard security practices.
5. Sharing With Third Parties
We share data with the following named third-party service providers to deliver and improve our platform.
Where your data lives. Document storage, account records, generated reports, search results, audit logs, and transactional email delivery are all on India-region servers (Google Cloud Platform asia-south1 Mumbai or DigitalOcean BLR1 Bangalore). Only the third-party AI analysis APIs and advertising pixels we call out to are accessed via globally distributed endpoints; LegiScore does not control the data residency of those specific API calls.
| Recipient | Purpose | Data Shared | Location |
|---|---|---|---|
| Cashfree Payments | Payment processing | Transaction details, billing info | India |
| Third-party AI providers | AI-powered document analysis | Uploaded documents, property data | Global (API — no fixed residency) |
| Cloud infrastructure provider | Database, authentication & file storage | Account data, documents, reports | India (GCP Mumbai or DigitalOcean Bangalore) |
| Email service provider | Transactional email delivery | Email addresses, notification content | India |
| Google Ads | Ad conversion tracking | Hashed email (Enhanced Conversions), page events | Global (ad network) |
| Meta / Facebook | Ad conversion tracking | Page events, pixel data | Global (ad network) |
| TikTok | Ad conversion tracking | Page events, pixel data | Global (ad network) |
| Ad conversion tracking | Page events, professional demographics | Global (ad network) |
Limited Sharing Scenarios.
- Legal Compliance: When required by Indian courts or regulatory authorities.
- Service Providers: Named recipients listed above who assist in service delivery.
- Emergency Situations: To protect legal rights or prevent fraud.
We never sell your data or share it for purposes beyond what is described in this policy.
6. Data Retention
| Data Type | Retention Period | Purpose |
|---|---|---|
| Account Information | Duration of service + 7 years | Legal compliance |
| Legal Documents | 7 years after last access | Professional standards |
| Generated Reports | 10 years | Legal documentation |
| Usage Analytics | 2 years (anonymized) | Service improvement |
| Ad Tracking Data | Per third-party provider policy | Marketing attribution |
7. International Data Transfers
We are transparent about where your data is stored and processed. Not all data remains within India.
- Document Storage (India): Uploaded documents, account records, generated reports, search results, and audit logs are stored on India-region servers — Google Cloud Platform asia-south1 (Mumbai) or DigitalOcean BLR1 (Bangalore).
- Email Delivery (India): Transactional emails are routed through email infrastructure hosted on India-region servers.
- AI Processing (Global API): Documents are sent to third-party AI service providers via globally distributed API endpoints (no fixed residency). Documents are processed in transit and not permanently stored by these providers per their data processing agreements.
- Ad Tracking (Global): Behavioural data is transmitted to advertising platforms (Google, Meta, TikTok, LinkedIn) over their global networks; LegiScore does not control the storage region for those platforms.
8. Security Safeguards
- Encryption: AES-256 encryption for data at rest and TLS 1.3 for data in transit.
- Access Controls: Multi-factor authentication and role-based access.
- Infrastructure: Industry-standard security practices with cloud-hosted infrastructure.
- Regular Audits: Third-party security assessments and penetration testing.
Professional Confidentiality. We maintain professional confidentiality standards and ensure that your legal documents are treated with the same care and confidentiality as traditional legal practice. Our AI processing occurs in secure, isolated environments with strict access controls.
9. Your Rights
9.1 Access and Portability
Request copies of your data in a portable format. Available within 30 days.
9.2 Correction and Update
Update or correct your personal information. Immediate processing.
9.3 Deletion
Request deletion of your account and data. Subject to legal retention requirements.
9.4 Data Processing Objection
Object to certain types of data processing. May affect service availability.
9.5 Consent Withdrawal
Withdraw consent for any optional data processing at any time. Send a written request to the Grievance Officer at the email shown below. We will action your withdrawal within 30 days and confirm in writing.
Note: withdrawing consent may limit or end your ability to use the platform.
9.6 Additional Rights and Exercise
You have comprehensive rights regarding your personal data. Contact us to exercise any of the following.
Data Rights:
- Right to access your personal data
- Right to correct inaccurate information
- Right to delete personal data
- Right to restrict processing
Additional Rights:
- Right to data portability
- Right to object to processing
- Right to withdraw consent
- Right to lodge complaints
Professional Consideration: As legal professionals, we understand the importance of timely responses. Most privacy requests are handled within 48 hours, with complex matters receiving priority attention.
10. Cookies
We use cookies and local storage for authentication, analytics, advertising, and functional purposes.
- Strictly Necessary: Authentication cookies for session management. These are essential for the platform to function.
- Analytics: GA4 cookies (
_ga,_ga_*) for measuring platform usage and performance. - Advertising: Google Ads (
_gcl_*), Meta (_fbp,_fbc), TikTok (_ttp), LinkedIn (li_*) cookies for ad conversion tracking. - Functional & Session: localStorage caches for report drafts and UI preferences. sessionStorage for UTM parameters used in campaign attribution.
For complete details, see our Cookie Policy.
11. Breach Notification
In compliance with the Digital Personal Data Protection Act, 2023, we have established the following breach notification procedures.
- User Notification: Affected users will be notified within 72 hours of a confirmed breach.
- Regulatory Notification: The Data Protection Board of India will be notified as required under the DPDP Act.
- Details Provided: Nature of the breach, categories of data affected, remedial actions taken, and contact information for follow-up.
- Communication Channels: Notification will be published on the platform and sent via registered email address.
Service-Level Commitment: LegiScore commits to a maximum 72-hour notification window for any confirmed personal data breach, in line with the Digital Personal Data Protection Act, 2023. This is a hard SLA, not a best-effort target.
12. Grievance Officer
In accordance with the Information Technology Act, 2000 and the Digital Personal Data Protection Act, 2023, we have appointed a Grievance Officer.
- Designation
- Grievance Officer, LegiScore
- [email protected]
- Phone
- +91 6262 868600
- Address
- #32-20-20, Captain Ramarao Jn, Allipuram, Visakhapatnam - 530004, Andhra Pradesh, India
- Response Timeline
- Within 72 hours of receipt
For complaints unresolved within 30 days, escalate to the Data Protection Board of India established under the Digital Personal Data Protection Act, 2023.
Escalation:If you are not satisfied with the Grievance Officer's response, you may approach the Data Protection Board of India established under the DPDP Act, 2023.
13. Updates to This Policy
We maintain transparency in privacy policy updates and ensure legal professionals are adequately informed of changes that may affect their practice or client obligations.
- Material Changes: 60 days advance notice via email and platform notification.
- Legal Compliance Updates: Immediate implementation with prompt notification.
- Technical Changes: 30 days notice for processing method changes.
- Professional Impact: Special consideration for changes affecting professional confidentiality.
Current Policy Information.
- Policy Version
- 3.0
- Effective Date
- 2026-05-22
- Last Updated
- 2026-05-22
- Previous Update
- 2026-02-23
14. Contact
Data Protection Officer.
- Officer
- Data Protection Officer
- [email protected]
- Phone
- +91 6262 868600
- Response Time
- Within 72 hours
- Escalation
- Available for complex matters
Additional Contact Options.
- General Privacy
- [email protected]
- Legal Matters
- [email protected]
- Compliance
- [email protected]
- Postal Address
- #32-20-20, Captain Ramarao Jn, Allipuram, Visakhapatnam - 530004, Andhra Pradesh, India
Privacy Policy Authority: This privacy policy is maintained by LawyerDesk Advocacy Pvt Ltd (LegiScore). For privacy-related questions or to exercise your data rights, contact our Data Protection Officer at [email protected].
Professional Compliance: This policy is designed to meet the confidentiality and data protection requirements expected in legal practice. Legal professionals should review this policy in conjunction with their professional obligations.
Data Controller: LawyerDesk Advocacy Pvt Ltd, #32-20-20, Captain Ramarao Jn, Allipuram, Visakhapatnam - 530004, Andhra Pradesh, India.