Jurisynk Privacy Policy

This Privacy Policy is issued for the Jurisynk platform and services available at https://www.jurisynk.com/ (the "Service"). Jurisynk Ventures Private Limited is the data fiduciary for personal data processed to provide the Service, subscriptions, billing and support, except where an order form or separate written arrangement identifies another contracting entity. References to "Jurisynk", "we", "us" or "our" in this Policy refer to the applicable entity performing the relevant processing activity.

As a Data Fiduciary under the DPDP Act and body corporate under SPDI Rules, we publish this Policy prominently on our Site for easy access, ensuring transparency, notice, and choice. It applies to all users ("Users" or "Data Principals") in India and governs Digital Personal Data (DPD) processing.

Definitions

Personal Information (PI): Any data relating to an identified or identifiable natural person, as per Section 43A of IT Act and Section 2(s) DPDP.

Sensitive Personal Data or Information (SPDI): Passwords, financial details, official identifiers, sexual orientation, biometric data, or any detail belonging to a child, per Rule 3 SPDI.

Data Principal: Individual to whom DPD relates (Section 2(t) of DPDP).

Data Fiduciary: Jurisynk Ventures Private Limited, determining processing purpose/means (DPDP Section 2(4)).

Processing: Collection, storage, use, sharing, erasure, etc., of DPD.

User: Registered legal professional using services.

Information We Collect

We collect only necessary DPD to deliver services, categorized as:

Registration and Profile Data

Full name, email, mobile number, Bar Council ID/enrolment number, law firm details, professional designation (e.g., advocate, litigator), and password.

Usage and Technical Data

IP address, device ID, browser/OS details, geolocation (city-level for service optimization), session logs, and interaction patterns with AI features (e.g., query timestamps).

Litigation-Specific Data

Uploaded case files, pleadings, judgments, evidence PDFs, annexures, client details, case numbers, legal queries, AI-generated outputs and collaboration notes. These materials may contain personal data of clients, counterparties, witnesses, court officers or other third parties uploaded by a User; the User is responsible for ensuring that it has authority to upload and process such third-party personal data through the Service. We process such Case Data only to provide, secure and support the requested litigation-AI functionality and do not use client-identifiable Case Data for advertising or model training unless separately agreed in writing.

Consent and Preference Data

Records of consents given/withdrawn, newsletter opt-ins, cookie preferences.

Payment, Subscription and Mandate Data

Subscription plan, amount, currency, trial start and end date, activation date, renewal date, cancellation status, invoice/GST particulars, billing contact details, payment status, refund/chargeback status, mandate status, mandate reference/token, last four digits of a card, card network, issuing bank, UPI VPA/handle where applicable, payer name, transaction reference numbers and gateway response codes. Jurisynk does not store full card numbers, CVV, UPI PINs, net-banking passwords or one-time passwords. Such credentials and regulated payment instrument data are collected and processed by [Payment Gateway Provider(s)], banks, card networks, UPI applications, NPCI and/or payment aggregators in accordance with their security and regulatory obligations; we receive only limited tokens, identifiers and status information required to administer subscriptions, mandates, invoices, refunds, chargebacks and disputes.

Methods of Information Collection

We collect personal data through two primary channels to facilitate our services and ensure operational security:

Information You Provide

We collect information that you explicitly provide to us. This includes data entered into registration forms, content uploaded to the platform, communications via chat interfaces, and preferences configured within your account settings.

Automatically Collected Information

When you interact with our platform, certain information is gathered automatically to maintain service integrity. This includes server logs generated during site navigation and metadata captured during the processing of AI queries.

Change in purpose triggers fresh notice/consent.

Purpose and Usage of Data

We process personal data strictly for specified, legitimate purposes communicated at the time of collection, adhering to the principle of data minimization. Your information is utilized solely to:

• Deliver and operate our litigation AI services and functionality.
• Manage monthly SaaS subscriptions, administer the seven (7) day free trial, create and maintain card and UPI autopay mandates, process the ₹1 mandate setup/verification charge, initiate automatic recurring debits after the trial ends and on each renewal, issue invoices and tax records, record cancellations submitted through the portal, and handle billing, refund, chargeback and payment-dispute inquiries. Once a subscription is purchased or activated, refunds are governed by our separate Refund and Cancellation Terms; this Policy describes only how personal data is processed for billing, refund, chargeback and dispute records.
• Improve, monitor and secure the Service using de-identified, aggregated or synthetic data and operational telemetry. We do not train or fine-tune foundation models or other third-party AI models on uploaded case files, user legal queries, client-identifiable data, confidential legal materials or AI outputs generated for a User, unless the User has separately agreed to such use in writing and any required notices/consents have been obtained.
• Maintain the security of our infrastructure, prevent fraud, and ensure compliance with applicable legal and regulatory obligations.
• Send essential service updates, security alerts, and customer support responses.

Consent Framework and Management

We process your data based on consent that is free, specific, informed, unconditional, and unambiguous. We adhere to a granular consent model, allowing you to approve specific data types and processing purposes independently.

At checkout and mandate creation, we present a separate payment privacy and consent notice before you confirm payment or autopay. The notice identifies the subscription amount, seven (7) day free-trial period, ₹1 mandate setup/verification charge, payment method selected (card or UPI autopay), the fact that automatic recurring debits will begin after the trial and continue on each renewal unless cancelled, the relevant payment gateway/bank/UPI processing parties, and the method for cancelling future renewals through the portal. By confirming the checkout or mandate instruction, you authorise the payment-processing parties to process the payment and mandate data necessary to set up, authenticate and operate the recurring payment arrangement.

You may withdraw privacy consent or submit data-rights requests by contacting us as described below. Withdrawal is prospective and may affect our ability to provide the Service. Cancelling a subscription through the portal stops future subscription renewals and future autopay debit instructions after cancellation is processed, but it does not automatically delete your account, invoices, mandate records, consent logs, cancellation logs, refund/chargeback records, support records or records we must retain for legal, tax, accounting, security, dispute-resolution or regulatory purposes. Account deletion or erasure requests are handled separately under the rights section of this Policy.

To demonstrate compliance, we maintain records of your consent and withdrawal requests for a period of three (3) years following the withdrawal date.

We strictly prohibit the sale, auction, or commercial trading of your personal data.

Data Sharing, Disclosures, and Processors

We are committed to maintaining the confidentiality of your data. We do not sell, trade, or rent your personal information to third parties for marketing purposes. Your data is only shared in the following limited circumstances:

Service Providers

We engage trusted service providers and processors for cloud hosting, security, analytics, communications, customer support, AI functionality, payment processing and subscription management. For payments and mandates, we may share or make available limited personal data and transaction/mandate metadata to [Payment Gateway Provider(s)], acquiring and issuing banks, card networks, UPI applications, NPCI, payment aggregators, payment service providers and fraud-prevention or dispute-management vendors for checkout, authentication, tokenisation, mandate creation, recurring debit processing, settlement, invoicing, refunds, chargebacks, reconciliation, compliance and dispute resolution. Our processor arrangements require confidentiality, security safeguards, purpose limitation and restrictions on using uploaded Case Data or client-identifiable legal materials to train models except as separately agreed.

Affiliates

We may disclose data to our affiliates solely for operational support and service delivery. These transfers are governed by valid DPAs to ensure your data remains protected to the same standard.

Legal Requirements

We may disclose information to law enforcement agencies, regulators, or public authorities only upon receipt of a valid legal order or when required to comply with applicable laws.

Data Security and Protection

We implement reasonable security practices and procedures as mandated by the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, and the Digital Personal Data Protection (DPDP) Act. To safeguard your information, we utilize a multi-layered security approach:

Encryption and Infrastructure

Your data is protected using industry-standard AES Encryption at rest and during transmission. Our infrastructure is fortified by advanced firewalls to prevent unauthorized access.

Access Control

We strictly adhere to the "principle of least privilege," ensuring that only authorized personnel with a legitimate business need can access your data. Furthermore, we mandate Multi-Factor Authentication (MFA) for administrative access and conduct regular security audits to verify compliance.

Breach Notification

In the unlikely event of a personal data breach, we will assess the incident promptly, take containment and remedial steps, and notify the Data Protection Board of India and affected Data Principals in the manner and within the timelines prescribed under applicable law. Where other incident-reporting obligations apply, including sectoral, payment, contractual or computer-security requirements, we will make those notifications as required. We avoid committing in this Policy to a fixed statutory timeline unless that timeline is expressly applicable to the relevant incident.

Data Retention and Disposal

We implement distinct retention schedules based on the nature and sensitivity of the data we process:

Case Data

Retention periods by category: (a) Case Data, including uploaded documents, legal queries, collaboration notes and AI-generated outputs, is retained for up to thirty (30) days from creation/upload unless the User saves it in the workspace, requests earlier deletion, or a longer period is required for security, dispute resolution or legal compliance; (b) account and subscription profile data is retained while the account or subscription remains active and for up to three (3) years thereafter unless a longer legal basis applies; (c) invoices, GST/tax and accounting records are retained for the period required under applicable tax, accounting and company-record laws; (d) payment mandate records, gateway tokens/references and recurring-payment status logs are retained while the mandate/subscription is active and for up to eight (8) years thereafter for audit, banking, chargeback and regulatory purposes; (e) consent, checkout notice and mandate authorisation logs are retained for up to eight (8) years or as required to demonstrate authorisation; (f) cancellation logs are retained for up to three (3) years after cancellation; (g) refund, chargeback, failed-payment and dispute records are retained for up to eight (8) years after closure; and (h) support, grievance and dispute communications are retained for up to three (3) years after resolution unless legal proceedings or regulatory inquiries require longer retention. After the applicable period, data is deleted, anonymised or archived with restricted access.

Account Data

Information necessary for the administration of your account (including login credentials, billing details, and usage preferences) is retained indefinitely for the duration of your active relationship with us, or until you explicitly request account deletion.

Legal Obligations

Notwithstanding the above, we may retain specific data for longer periods if strictly required to comply with applicable legal obligations, resolve disputes, or enforce our agreements.

Rights of Data Principal

In accordance with the Digital Personal Data Protection (DPDP) Act, you are entitled to specific rights regarding your personal information. As a Data Principal, you may exercise the following:

• Right to Access and Correction: You may request a summary of the personal data we process and the identities of any Data Processors with whom it has been shared. You also have the right to correct inaccurate or misleading data and complete any incomplete data.
• Right to Erasure: You may request the deletion of personal data ("Right to be Forgotten"), provided its retention is not required for a specific legal purpose.
• Right to Grievance Redressal: You have the right to register a complaint with our designated Grievance Officer if you believe your rights have been compromised.
• Right to Withdraw Consent: You may withdraw consent for data processing at any time, with such withdrawal applicable to future processing activities.
• Right to Nominate: You are entitled to nominate an individual to exercise your rights as a Data Principal in the event of death or incapacity.

Data Breach Protocol

In the event of a personal data breach, we adhere to a strict incident response framework. Upon becoming aware of a breach, we will:

• Intimate the Data Protection Board of India within 72 hours, providing details of the nature of the breach, affected data, and remedial actions taken.
• Inform affected Data Principals without undue delay, outlining the likely consequences and the measures taken to mitigate harm.

Cookies and Tracking Technologies

We use essential cookies, local storage, SDKs and similar technologies to keep users logged in, secure the Service, remember preferences, measure basic performance, detect abuse and support payment checkout sessions. During checkout, [Payment Gateway Provider(s)] and related payment parties may set cookies, device identifiers, session tokens or SDK telemetry to authenticate the payment method, create or manage a card/UPI mandate, prevent fraud, process recurring-payment instructions and complete settlement or reconciliation. We do not use third-party advertising cookies for behavioural advertising unless we provide a separate notice and obtain any consent required by applicable law. You can manage non-essential cookies through the cookie banner or browser settings, but disabling essential or payment-session technologies may prevent login, checkout, mandate creation or subscription renewal.

Amendments to Policy

We reserve the right to modify this Privacy Policy to reflect changing legal or operational requirements.

Material changes will be communicated via email or a prominent notice on our platform.

We will issue an annual notification regarding our Terms and Policies as mandated by the IT Rules.

Your continued use of the platform following the effective date of such changes constitutes your acceptance of the revised terms.

Grievance Redressal Mechanism

We have designated a Grievance Officer to address privacy grievances, data-rights requests and questions regarding this Policy. Please include your name, registered email address, account identifier (if any), the nature of the request or grievance, and any relevant transaction or mandate reference number so that we can verify and respond to the request. Grievance Officer: Manan Dubey, Jurisynk Ventures Private Limited; Email: manan@synk-ai.com; Address: Building No./Flat No.: 472/7 Name Of Premises/Building: Balaji Arcade Ejipura Road/Street: A V S Gompound, 20th L cross Rd, AVS Layout Locality/Sub Locality: Koramangala City/Town/Village: Bengaluru District: Bengaluru Urban State: Karnataka PIN Code: 560095. We will acknowledge and resolve grievances within the periods prescribed by applicable law and will inform you if additional verification or time is required for a complex request.

Grievance Officer: Manan Dubey

Email: manan@synk-ai.com

We acknowledge all grievances within 24 hours and commit to resolving them within a maximum period of thirty (30) days from the date of receipt.

If your grievance is not resolved to your satisfaction within the stipulated period, you may escalate the matter to our Data Protection Officer (DPO).

Governing Law and Jurisdiction

This Privacy Policy shall be governed by and construed in accordance with the laws of the Republic of India, including the Information Technology Act, 2000, and the Digital Personal Data Protection Act, 2023.

Any disputes arising out of or in connection with this Policy shall be subject to the exclusive jurisdiction of the competent courts located in Bengaluru, Karnataka.

If any provision of this Policy is determined to be invalid, unlawful, or unenforceable, such provision shall be severed from the remaining terms, which shall continue to be valid and enforceable to the fullest extent permitted by law.

Contact Information

For inquiries, clarifications, or feedback regarding this Privacy Policy, please contact the Jurisynk Team:

Email: preeti@jurisynk.com

Website: https://www.jurisynk.com

By using our Service, you acknowledge that you have read and understood this Privacy Policy.

Version: 1.0