LegalMind

Privacy Policy

Last updated: June 2026

This Privacy Policy explains how [LEGAL ENTITY NAME] ("LegalMind", "we", "us", "our") collects, uses, stores, shares, and protects your personal data when you use the LegalMind website (legalmind.app), mobile application (app.legalmind.in), and related services (together, the "Services").

We act as the Data Fiduciary for the personal data described below, and we process it in accordance with India's Digital Personal Data Protection Act, 2023 (the "DPDP Act") and the rules made under it. By "personal data" we mean any data about an identifiable individual; references to "you" mean the Data Principal to whom that data relates.

1. Personal Data We Collect

Account & Identity Data

When you create an account, we collect your name and email address through our authentication provider, Clerk. If you sign in with Google, we receive your basic Google profile (name, email, profile image) for the same purpose. This data is used for account creation, authentication, and service communication.

Subscription & Payment Data

If you subscribe to a paid plan, payments are processed by Razorpay. We store your subscription status, plan tier, and billing history. We do not collect or store your full card, UPI, or bank credentials on our servers — these are handled directly by Razorpay.

Content You Create

The LegalMind app is local-first. Documents you open, highlights, annotations, notes, questions you ask Lex, search queries, drafts, checklists, calendar entries, and files you add to your workspace are stored on your device by default and are not sent to our servers unless a feature you actively use requires it (for example, generating a document with AI, or enabling Diary Sync as described in Section 3).

Usage, Device & Diagnostic Data

To operate and improve the Services we collect limited technical data: app and device identifiers, app version, language preference, push-notification tokens, crash reports, and product-analytics events (such as which features are used). We aim to limit this to identifiers, counts, and event names rather than the content of your work.

2. How We Use Your Data

  • To provide, maintain, and secure your account and the Services
  • To process subscription payments and provide billing records
  • To run AI features you invoke, such as drafting and research assistance
  • To power optional memory features, where you have enabled Diary Sync (Section 3)
  • To send transactional messages (receipts, security and account notices)
  • To diagnose problems, prevent abuse, and improve product quality
  • To respond to your support and grievance requests
  • To comply with legal obligations applicable to us

We rely on your consent as the lawful basis for processing your personal data, except where the DPDP Act permits processing for certain legitimate uses. We do not sell or rent your personal data, and we do not share it with third parties for their own marketing.

3. Diary Sync & Your Consent

Diary Sync is an optional feature that uploads a defined set of your activity — such as notes, completed drafts and checklists, highlights, and questions you ask Lex — to our secure backend so that LegalMind can remember context across your devices and assist you more effectively over time.

Diary Sync is off by default. Nothing from this category leaves your device unless you explicitly turn it on. You can withdraw your consent at any time from the app's privacy settings; after withdrawal we stop receiving new data, and you may request deletion of data already synced. Withdrawing consent is as easy as giving it.

4. Sharing & Data Processors

We share personal data only with service providers (Data Processors) who process it on our behalf, under contract, and only for the purposes below:

  • Authentication & account management
  • Payment processing
  • Cloud hosting, file storage & AI model inference
  • Product analytics & crash diagnostics
  • Push-notification delivery

A current list of our named sub-processors is available on request. Each operates under its own privacy policy governing how it handles your data.

5. International Data Transfers

Some of our service providers store or process data on servers located outside India. Where this happens, we transfer your personal data only to jurisdictions and providers consistent with the DPDP Act and any restrictions notified by the Central Government, and we require appropriate safeguards from those providers.

6. Children's Data

The Services are intended for legal professionals and law students aged 18 and over. They are not directed to children, and we do not knowingly collect the personal data of any individual under the age of 18. If we learn that we have collected such data without verifiable parental or guardian consent, we will delete it. If you believe a child has provided us personal data, please contact our Grievance Officer (Section 10).

7. Data Retention

We retain your account and subscription data for as long as your account is active. When you delete your account, we erase the personal data associated with it from our active systems within [30] days, except where we are required to retain certain records (for example, tax or billing records) to comply with law. Content stored locally on your device is removed when you delete it in-app or uninstall the app.

8. Security

We use reasonable security safeguards to protect your personal data, including encryption in transit (HTTPS/TLS), storage of credentials and on-device data through your operating system's secure storage facilities (iOS Keychain / Android Keystore), authenticated access, and access controls on our backend. No method of storage or transmission is completely secure, and we cannot guarantee absolute security. We will notify you and the Data Protection Board of any personal-data breach as required by the DPDP Act.

9. Your Rights

As a Data Principal under the DPDP Act, you have the right to:

  • Access a summary of the personal data we process about you and how we process it
  • Request correction, completion, or updating of inaccurate or incomplete data
  • Request erasure of your personal data, subject to legal retention requirements
  • Withdraw consent at any time, including for Diary Sync and optional communications
  • Nominate another individual to exercise your rights in the event of death or incapacity
  • Raise a grievance with us and have it addressed within the timelines under the DPDP Act

To exercise any of these rights, contact us using the details in Section 10. If you are not satisfied with our response, you may escalate your complaint to the Data Protection Board of India.

10. Grievance Officer & Contact

We have appointed a Grievance Officer to address your questions and complaints about how we handle your personal data:

  • Grievance Officer: [GRIEVANCE OFFICER NAME]
  • Email: GRIEVANCE EMAIL
  • Address: [REGISTERED ADDRESS]

For general privacy questions you can also email hello@legalmind.in.

11. Changes to This Policy

We may update this policy from time to time. Material changes will be posted on this page with an updated revision date and, where required, notified to you. Continued use of LegalMind after changes take effect constitutes acceptance of the updated policy.