Privacy Policy

1. Who we are. ClauseOne is a legal practice-management platform operated by ClauseOne Pvt. Ltd. (incorporation in progress) ("ClauseOne", "we", "us"). This policy explains how we collect, use, store, and protect your personal data when you use clauseone.in and related services (the "Platform"), in accordance with the Digital Personal Data Protection Act, 2023 ("DPDP Act") and applicable Indian law.

2. Data we collect. Account and identity data (name, email, phone, professional details such as Bar registration number, designation, PAN where provided); workspace and organisation data you create; case, client, document, billing, and task data you enter; usage and device data (log data, IP address, browser type) for security and performance; and communications you send us.

3. Why we use your data (purposes). To provide and operate the Platform; to authenticate you and secure your account; to enable features you use (case management, document handling, assignments, billing, email integration); to communicate service information; to comply with legal obligations; and to improve and maintain the service. We do not sell your personal data.

4. Legal basis. We process your data on the basis of the consent you provide when you create an account and use the Platform, and for legitimate uses permitted under the DPDP Act, including providing the service you have requested.

5. Where your data is stored. Platform data is currently hosted on Supabase infrastructure located in Singapore, and application hosting is provided by Vercel. By using the Platform you acknowledge that your data may be processed and stored outside India on secure infrastructure operated by these providers. We are evaluating migration to India-based infrastructure.

6. Third-party processors. We share data only with service providers who help us run the Platform, under appropriate safeguards: Supabase (database and authentication), Vercel (hosting), Resend (transactional email), Anthropic (AI features you invoke), and Google (where you choose Sign-in with Google). Each processes data only as needed to provide their service.

7. Data sharing within the Platform. When you assign a case or share a document with another user, firm, or external counsel, the data you choose to share becomes visible to them. You control what is shared. ClauseOne does not independently disclose your case or client data to other users.

8. Retention. We retain your data for as long as your account is active and as needed to provide the service, and thereafter only as required to comply with legal obligations, resolve disputes, and enforce agreements. You may request deletion as set out below.

9. Your rights under the DPDP Act. You have the right to access your personal data, to correct or update it, to request erasure, to withdraw consent, and to grievance redressal. To exercise these rights, contact our Grievance Officer (clause 11).

10. Security. We use access controls, row-level security, encryption in transit, and audit logging to protect your data. No system is perfectly secure; you are responsible for keeping your login credentials confidential.

11. Grievance Officer. In accordance with the DPDP Act and the Information Technology Act, you may contact our Grievance Officer for any data-protection concern: clauseone.erp@gmail.com. We will acknowledge and address grievances within the timelines prescribed by law.

12. Cookies. We use essential cookies for authentication and session management. We do not use advertising cookies.

13. Children. The Platform is intended for legal professionals, law students, and organisations. It is not directed at children under 18, and we do not knowingly collect their data.

14. Changes. We may update this policy; material changes will be notified through the Platform. Continued use after changes constitutes acceptance.

15. Contact. Questions: clauseone.erp@gmail.com.