1. Scope and Applicability

This Policy applies to all "Personal Data" (as defined under the DPDP Act) collected by us via:

• Our website, mobile applications, and learning management systems (LMS).
• Direct interactions (email, phone, WhatsApp).
• Our specialized services, including the "GoLegal" WhatsApp Business API integration.

2. Personal Data We Collect

We collect data necessary for the "Legitimate Uses" defined under the Act:

A. Data Provided by You Voluntarily

• Identity Data: Name, Username, Date of Birth.
• Contact Data: Email address, Phone number, Billing address, Shipping address.
• Professional Data: Enrollment details, Bar Council registration (if applicable for legal courses), and institutional affiliation.
• Correspondence: Feedback, survey responses, and support tickets.

B. Data Automatically Collected

• Technical Data: Internet Protocol (IP) address, browser type and version, time zone setting, browser plug-in types, operating system, and platform.
• Usage Data: Information about how you use our website, courses, and services (e.g., course progress, login frequency).

C. Payment Data

We process payments via authorized third-party payment aggregators (e.g., Razorpay, Stripe). We do not store your complete credit/debit card numbers or banking passwords. We retain only the transaction ID and payment status for tax and audit purposes.

3. Purpose of Processing (Grounds for Processing)

We process your data only for specific, lawful purposes:

• Service Delivery: To register you as a new customer, provide access to courses, and manage your account.
• Communication: To send you transactional notifications (invoices, password resets) and service updates.
• WhatsApp API Services: To configure, verify, and manage your WhatsApp Business Account (WABA) with Meta Platforms, Inc.
• Legal Compliance: To comply with tax laws (GST invoicing), Know Your Customer (KYC) norms, and court orders.
• Security: To detect fraud, abuse, and security incidents.

4. Specific Provisions: WhatsApp Business Cloud API

For clients utilizing our WhatsApp Business Cloud API integration services, we act as a Technology Provider. In this capacity:

• Meta Policy Compliance: We adhere strictly to the WhatsApp Business Policy.
• No Ownership of Chat Data: You (the Client) retain ownership of your customer chat data. We do not use your customer data for our own marketing or profiling.
• Limited Access: Our access is limited to technical configuration, template management, and API troubleshooting. We do not manually read end-user messages unless explicitly requested by you for technical support.

5. Disclosure of Personal Data

We do not sell your data. We may share your data only with:

• Service Providers: Third-party vendors who provide IT, system administration, LMS hosting (e.g., TutorLMS), and communication services. These processors are bound by contractual confidentiality obligations.
• Legal Authorities: Courts, Law Enforcement Agencies, or Government bodies if required under Indian law (e.g., Section 91 of CrPC/BNSS).
• Business Transfer: In the event of a merger, acquisition, or sale of assets, user data may be transferred to the acquiring entity.

6. Cookies and Trackers

We use cookies to enhance user experience. You may block cookies via your browser settings, but this may affect site functionality.

• Essential Cookies: Required for login and site security.
• Analytics Cookies: Used to understand site traffic (anonymized).

7. Children’s Privacy

Our services are generally intended for individuals above the age of 18 (e.g., legal professionals, law students). In compliance with Section 9 of the DPDP Act, we do not knowingly track or behaviorally monitor children. If we discover that a minor has provided personal data without verifiable parental consent, we will delete such data immediately.

8. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting requirements (typically 12 to 24 months after the cessation of services, unless a longer period is mandated by tax laws).

9. Your Rights (Data Principal Rights)

Under the DPDP Act, 2023, you have the following rights:

• Right to Access: You may request a summary of your personal data being processed by us.
• Right to Correction: You may request correction of inaccurate or misleading personal data.
• Right to Erasure (Right to be Forgotten): You may request deletion of your data, provided retention is not required by law.
• Right to Grievance Redressal: You have the right to register a grievance regarding our data processing activities.
• Right to Nominate: You may nominate an individual to exercise your rights in the event of your death or incapacity.

10. Cross-Border Data Transfer

We may transfer data to service providers (e.g., cloud servers like AWS or Google Cloud) located outside India. We ensure such transfers are restricted to countries not notified as "restricted" by the Central Government of India, and that the transferee ensures the same level of data protection as mandated under Indian law.

11. Data Security Practices

We implement reasonable security practices and procedures (as per ISO/IEC 27001 standards) including SSL encryption, role-based access control, and regular security audits to protect your data from unauthorized access, loss, or misuse.

12. Contact & Grievance Redressal

If you have any questions about this Policy or wish to exercise your rights, please contact our designated Grievance Officer.

13. Updates to this Policy

We reserve the right to modify this Policy at any time. Significant changes will be notified via email or a prominent notice on our website. The "Effective Date" at the top of this page indicates when the latest changes were made.