VakilisSign in

Privacy Policy

Last updated: March 30, 2026

Vakilis (“we”, “us”, “our”) provides a cloud workspace for legal professionals, including our website, web application, and mobile applications (together, the Services). This Privacy Policy explains how we collect, use, disclose, and safeguard information when you use the Services.

By using the Services, you agree to this Privacy Policy. If you do not agree, please do not use the Services. We may update this policy from time to time; the “Last updated” date above will change, and we will take reasonable steps to notify you of material changes where required by law.

1. Who this applies to

This policy applies to individuals who visit our marketing pages, create an account, are invited to a workspace, or otherwise interact with the Services. It also covers information processed about your end clients, counterparties, and matter-related data that you or your organisation choose to store in the Services (“Customer Content”).

2. Information we collect

  • Account and profile: name, email address, professional identifiers you provide (such as bar council ID), workspace membership, role, and authentication data (e.g. tokens when you sign in with Google or email/password).
  • Customer Content: case and matter details, hearings, notes, uploaded documents, client registry entries, messages you send to AI features, and other content you or your workspace submits. This may include special categories of data if you choose to include them in your files or notes.
  • Usage and diagnostics: log data, device or app version, approximate location derived from IP (for security and fraud prevention), and similar technical metadata needed to operate and secure the Services.
  • Payments and billing: if you subscribe through integrated billing, our payment processor may collect billing contact and payment instrument details; we typically receive limited transaction metadata, not full card numbers.
  • Communications: messages you send to support and your communication preferences.
  • Push notifications: if you enable them on mobile, a push token associated with your device may be stored to deliver notifications you request.

3. How we use information

We use the information above to:

  • Provide, maintain, and improve the Services (including AI-assisted features you invoke).
  • Authenticate users, manage workspaces, and enforce access controls.
  • Process subscriptions, invoices, and customer support requests.
  • Monitor security, prevent abuse, and comply with legal obligations.
  • Analyse aggregated or de-identified usage to improve product quality (not to sell personal data).
  • Send service-related notices and, where permitted, product updates (you can opt out of non-essential email where the law allows).

Artificial intelligence: When you use AI features (e.g. document Q&A, case assistant, drafting helpers), we send the relevant Customer Content and prompts to our AI subprocessors to generate responses. Outputs are assistive only and must be reviewed by you. Do not submit information you are not authorised to process.

4. Legal bases (India and general)

Where the Digital Personal Data Protection Act, 2023 (India) or similar laws apply, we rely on appropriate grounds such as your consent (e.g. account creation, marketing where required), performance of a contract (providing the Services to your workspace), legitimate interests (security, product improvement balanced against your rights), and legal obligations. Workspace administrators may act on behalf of their organisation in deciding what matter data to upload.

5. Sharing and subprocessors

We do not sell your personal information. We may share information with:

  • Service providers who host infrastructure, send email, process payments, provide analytics, or supply AI/model APIs, subject to confidentiality and data-processing terms.
  • Your workspace — other members of the same workspace can see Customer Content according to their roles and your organisation’s practices.
  • Authorities when required by law, court order, or to protect rights, safety, and integrity of users and the Services.
  • Business transfers — in connection with a merger, acquisition, or asset sale, with notice where required.

6. International transfers

Our servers or subprocessors may be located outside your country (including outside India). Where required, we implement appropriate safeguards such as contractual clauses approved by regulators or other lawful transfer mechanisms.

7. Retention

We retain information for as long as your account or workspace is active and as needed to provide the Services, comply with law, resolve disputes, and enforce agreements. You may request deletion of your account subject to workspace policies and legal holds. Backups may persist for a limited period after deletion.

8. Security

We implement technical and organisational measures designed to protect data, including encryption in transit, access controls, and monitoring. No method of transmission or storage is completely secure; you use the Services at your own risk to the extent permitted by law.

9. Your rights

Depending on applicable law, you may have rights to access, correct, update, or delete certain personal data, withdraw consent where processing is consent-based, object to or restrict certain processing, and lodge a complaint with a supervisory authority. To exercise rights, contact us using the details below. We may need to verify your identity. Workspace admins may control certain data on behalf of your organisation.

10. Children

The Services are not directed to children under 18 (or the age of majority in your jurisdiction). We do not knowingly collect personal information from children. If you believe we have, contact us and we will take appropriate steps to delete it.

11. Third-party links

The Services may link to third-party sites. We are not responsible for their privacy practices. Please read their policies before providing information.

12. Contact

For privacy questions, requests, or complaints, contact us at privacy@vakilis.in.