DPDPA 2023 Compliant
This policy is prepared in accordance with India's Digital Personal Data Protection Act, 2023. Hindi translation will be available shortly.
1. Introduction
Welcome to Guvio. We are committed to protecting your personal data and respecting your privacy in accordance with the Digital Personal Data Protection Act, 2023 ("DPDPA 2023") and other applicable laws of India.
This Privacy Policy explains how we collect, use, store, and protect your personal data when you use our legal practice management platform.
2. Data Controller Information
3. Personal Data We Collect
Account Information
- Full name
- Email address
- Phone number (optional)
- Bar Council registration
- Profile photo (optional)
Case & Client Data
- Case details (number, type, status)
- Client information
- Legal documents
- Court hearing schedules
- Consultation records
AI Interaction Data
- Queries submitted to AI
- AI-generated responses
- Research history and analysis
Technical Data
- IP address
- Browser type
- Device information
- Usage logs
4. Purpose of Processing
Service Delivery
Provide our platform features
Account Management
Create and manage your account
AI Services
Power document generation & research
Communication
Send notifications and updates
Improvement
Analyze usage to improve services
Security
Detect and prevent threats
5. Legal Basis for Processing
Under DPDPA 2023, we process your data based on:
- Consent: Your explicit consent provided during registration
- Contractual Necessity: Processing necessary to fulfill our service agreement
- Legitimate Interests: Our legitimate business interests, balanced against your rights
- Legal Obligation: Compliance with applicable Indian laws
6. Third-Party Services
We use select third-party providers bound by data processing agreements:
| Provider | Purpose |
|---|---|
| Google Cloud / Gemini | AI features, document analysis |
| OpenAI | Natural language processing |
| Pinecone | Semantic search capabilities |
| Cloud Storage | Encrypted document storage |
7. Data Retention
| Data Type | Retention Period |
|---|---|
| User Profile | Until deletion + 30 days backup |
| Active Cases | Duration + 7 years |
| Closed Cases | 7 years from closure |
| Documents | 7 years from case closure |
| AI Chat Logs | 90 days (unless linked to case) |
| Audit Logs | 7 years (retained for compliance) |
Retention periods align with Indian Limitation Act and professional requirements.
8. Your Rights Under DPDPA 2023
As a Data Principal, you have the following rights:
Access
Request a summary of your personal data
Correction
Request correction of inaccurate data
Erasure
Request deletion of your data
Grievance Redressal
Lodge complaints about data processing
Exercise your rights via Settings → Privacy & Consent or contact dpo@guvio.in.
9. Data Security
We implement robust security measures:
Encryption
TLS 1.3 in transit, AES-256 at rest
Access Control
Role-based permissions
Auditing
Regular security testing
10. Contact Us
For questions about this Privacy Policy:
Grievance response time: within 30 days. You may also file complaints with the Data Protection Board of India.
© 2026 Guvio Private Limited. All rights reserved.