Privacy Policy

Last Updated: 20/02/2026

1. Introduction

OpenVakil ("Company," "we," "us," or "our") is committed to protecting the privacy and security of your personal information. This Privacy Policy ("Policy") explains how we collect, use, store, share, and protect information obtained through our website at openvakil.com and our related services (collectively, the "Platform").

This Policy is published in compliance with the Information Technology Act, 2000 ("IT Act"), the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 ("SPDI Rules"), and other applicable data protection regulations in India. Where our services are accessed by users in the European Economic Area, we also align our practices with the principles of the General Data Protection Regulation (GDPR).

By accessing or using the Platform, you consent to the collection, use, and processing of your information as described in this Policy. If you do not agree with this Policy, please do not use the Platform.

2. Information We Collect

We collect various types of information to provide and improve our services. The categories of information we collect include:

2.1 Personal Information You Provide

  • Account Information: When you create an account, we collect your full name, email address, phone number, and authentication credentials. If you sign in via Google, we receive your name, email, and profile photo from Google.
  • Case Information: When you use our services to draft a legal notice, we collect details about your case, including sender name and address, recipient name and address, recipient email and phone number, facts of the dispute, legal basis for the notice, demands, deadlines, and any other information you provide during the AI-assisted conversation.
  • Payment Information: When you make a payment, your payment card details, UPI ID, or net banking credentials are collected directly by our payment processor, Razorpay. We receive only a transaction reference, payment status, and the last four digits of your card (if applicable). We do not store your full payment card details on our servers.
  • Contact Information: When you contact us through our contact form or via email, we collect your name, email address, subject, and message content.
  • Communication Records: We retain records of your communications with us, including emails and support queries, for quality assurance and dispute resolution.

2.2 Information Collected Automatically

  • Device Information: We collect information about the device you use to access the Platform, including device type, operating system, browser type and version, screen resolution, and device identifiers.
  • Usage Data: We collect information about your interactions with the Platform, including pages visited, features used, time spent on pages, click patterns, and navigation paths.
  • Log Data: Our servers automatically record information including your IP address, access times, referring URLs, and error logs.
  • Cookies and Similar Technologies: We use cookies, local storage, and similar technologies to collect information about your browsing activity. See Section 7 for more details.

2.3 Sensitive Personal Data or Information (SPDI)

Under the SPDI Rules, certain categories of information are classified as sensitive. The case details you provide may contain sensitive information depending on the nature of your legal matter. By providing such information, you explicitly consent to its collection and processing for the sole purpose of delivering our services.

3. How We Use Your Information

We use the information we collect for the following purposes:

  • Service Delivery: To process your orders, generate legal notices, and dispatch them through your chosen channels (Registered Post, Email, WhatsApp).
  • Account Management: To create and manage your user account, authenticate your identity, and provide account-related support.
  • Payment Processing: To process transactions, verify payments, and generate invoices and receipts.
  • Communication: To send you order confirmations, dispatch updates, tracking information, and respond to your inquiries and support requests.
  • Platform Improvement: To analyze usage patterns, diagnose technical problems, and improve the functionality, performance, and user experience of the Platform.
  • AI Model Improvement: To improve the accuracy and quality of our AI-assisted notice drafting capabilities. We may use anonymized and aggregated conversation data for this purpose.
  • Legal Compliance: To comply with applicable laws, regulations, legal processes, or enforceable governmental requests.
  • Security: To detect, prevent, and address fraud, security incidents, and technical issues.
  • Marketing: With your consent, to send you promotional communications about our services, offers, and updates. You may opt out of marketing communications at any time.

4. Data Storage and Security

Your data is stored on secure cloud infrastructure provided by Google Firebase and Google Cloud Platform. Our primary data storage is configured in the Asia South 1 (Mumbai, India) region to ensure data residency within India and to provide low-latency access for our users.

We implement reasonable security practices and procedures as required under the SPDI Rules, including:

  • Encryption in Transit: All data transmitted between your browser and our servers is encrypted using TLS (Transport Layer Security) encryption.
  • Encryption at Rest: Data stored in our databases is encrypted at rest using industry-standard encryption algorithms provided by Google Cloud.
  • Access Controls: We implement strict role-based access controls to ensure that only authorized personnel can access user data, and only to the extent necessary for their job functions.
  • Authentication Security: User authentication is managed through Firebase Authentication, which implements industry-standard security measures including secure token management and protection against brute-force attacks.
  • Regular Security Reviews: We periodically review our security practices and update them to address emerging threats and vulnerabilities.

While we take reasonable measures to protect your information, no method of transmission over the Internet or method of electronic storage is completely secure. We cannot guarantee absolute security of your data.

5. Sharing of Information

We do not sell, rent, or trade your personal information to third parties. However, we may share your information in the following circumstances:

  • Payment Processor (Razorpay): We share necessary transaction details with Razorpay to process your payments securely. Razorpay's handling of your data is governed by their own privacy policy, which we encourage you to review.
  • India Post: When you opt for Registered Post dispatch, we share the sender's name and address, recipient's name and address, and the notice document with India Post for physical delivery.
  • Email Service Providers: When notices are dispatched via email, we share the recipient's email address and the notice document with our email delivery service provider.
  • WhatsApp Business API: When notices are dispatched via WhatsApp, we share the recipient's phone number and the notice content with Meta's WhatsApp Business API.
  • Legal Requirements: We may disclose your information if required to do so by law or in response to valid requests by public authorities, such as a court order, summons, or government investigation.
  • Business Transfers: In the event of a merger, acquisition, or sale of all or a portion of our assets, your information may be transferred as part of that transaction. We will notify you via email or prominent notice on the Platform before your information becomes subject to a different privacy policy.
  • With Your Consent: We may share your information with third parties when you have given us explicit consent to do so.

6. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes for which it was collected, including:

  • Account Data: Retained for as long as your account is active. If you request account deletion, we will delete your account data within thirty (30) days, except where retention is required by law.
  • Order and Notice Data: Retained for a minimum of three (3) years from the date of order completion, as legal notices may be referenced in legal proceedings during this period.
  • Payment Records: Retained for a minimum of eight (8) years in compliance with Indian tax and accounting regulations.
  • Conversation History: AI conversation logs associated with your orders are retained for one (1) year after order completion for quality assurance purposes, after which they are anonymized.
  • Contact Messages: Retained for one (1) year after resolution of the inquiry.
  • Log Data: Server logs are retained for ninety (90) days for security and debugging purposes.

After the applicable retention period expires, your data will be securely deleted or anonymized so that it can no longer be associated with you.

7. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience on the Platform. The types of cookies we use include:

  • Essential Cookies: These are strictly necessary for the Platform to function, such as session cookies for authentication and security. You cannot opt out of essential cookies.
  • Analytics Cookies: We may use analytics tools to understand how users interact with the Platform. These cookies collect information in an aggregated form to help us improve the Platform.
  • Preference Cookies: These cookies remember your settings and preferences, such as language and display preferences, to provide a more personalized experience.

You can control cookies through your browser settings. Most browsers allow you to refuse or delete cookies. However, disabling essential cookies may affect the functionality of the Platform.

8. Your Rights

Under the Information Technology Act, 2000 and the SPDI Rules, you have the following rights regarding your personal information:

  • Right to Access: You have the right to request access to the personal information we hold about you. You can view most of your information through your account dashboard.
  • Right to Correction: You have the right to request correction of any inaccurate or incomplete personal information. You can update your account information directly through the Platform or by contacting us.
  • Right to Withdrawal of Consent: You have the right to withdraw your consent for the collection and processing of your information at any time. Please note that withdrawal of consent may affect your ability to use certain features of the Platform.
  • Right to Deletion: You have the right to request deletion of your personal information, subject to our legal obligations to retain certain data. To request deletion, please reach out through our contact form.
  • Right to Grievance Redressal: You have the right to file a complaint with our Grievance Officer if you believe your privacy rights have been violated.

For users in the European Economic Area, additional rights under GDPR may apply, including the right to data portability, the right to restrict processing, and the right to object to processing. To exercise any of these rights, please contact us using the details provided in Section 12.

9. Children's Privacy

The Platform is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children under 18 years of age. If we become aware that we have collected personal information from a child under 18, we will take steps to delete such information promptly. If you are a parent or guardian and believe that your child has provided us with personal information, please reach out to us immediately through our contact form so that we can take appropriate action.

10. Cross-Border Data Transfers

While our primary data storage is in India, certain third-party service providers we use (such as Google Cloud for specific processing tasks) may process data in other jurisdictions. When your data is transferred outside India, we ensure that appropriate safeguards are in place, including contractual obligations with our service providers to protect your data in accordance with applicable Indian data protection laws and, where applicable, GDPR standards.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes, we will:

  • Update the "Last Updated" date at the top of this page.
  • Notify you via email or a prominent notice on the Platform.
  • Where required by law, obtain your consent to the updated Policy before continuing to process your data.

We encourage you to review this Policy periodically to stay informed about how we protect your information. Your continued use of the Platform after any changes to this Policy constitutes your acceptance of the updated Policy.

12. Grievance Officer / Data Protection Officer

In accordance with the Information Technology Act, 2000 and the SPDI Rules, we have appointed a Grievance Officer who is responsible for addressing any concerns or complaints regarding the processing of your personal information. If you have any privacy-related questions, concerns, or complaints, please contact:

Grievance Officer / Data Protection Officer

OpenVakil

Contact Us

The Grievance Officer shall acknowledge your complaint within forty-eight (48) hours of receipt and shall endeavor to resolve it within thirty (30) days. If you are not satisfied with the resolution, you may escalate your complaint to the appropriate regulatory authority.

13. Contact Us

If you have any questions or concerns about this Privacy Policy or our data practices, please contact us:

OpenVakil

Email: openvakil@agentmail.to

Contact Us

Website: openvakil.com