Privacy Notice
Issued under the Digital Personal Data Protection Act, 2023. Last updated: 2026-06-19.
1. Who is the Data Fiduciary?
Askadvocates.in is the Data Fiduciary for personal data processed via this platform. Our registered office and Grievance Officer contact are listed on the Grievance page.
2. What personal data we collect
- Users: name, email, mobile, optional pin code, language preference, payment metadata (Razorpay tokens only — we never store card details), Q&A and booking records.
- Advocates: all of the above plus BCI enrolment data, Sanad, ID document, bank/UPI for payouts, profile content, KYC document references.
- All visitors: server logs (IP, timestamp, URL, user-agent) for security and abuse prevention; cookies as detailed below.
3. Purposes and legal basis
| Purpose | Basis (DPDPA §6) |
|---|---|
| Account creation & auth | Performance of contract |
| Q&A & booking facilitation | Performance of contract |
| Payment processing | Performance of contract |
| BCI compliance moderation | Legitimate use / legal obligation |
| Product analytics (PostHog, self-hosted) | Consent |
| Marketing emails | Consent |
4. Who we share data with
Limited to Data Processors necessary to operate the service: Razorpay (payments), Resend (email), Vonage / Twilio (SMS), Cloudflare R2 (file storage), Anthropic Claude (BCI moderation, anonymised text), Deepgram (consultation transcription, opt-in), Sentry (error monitoring). We never sell your data.
5. Cross-border transfer
DPDPA permits cross-border transfer except to countries on the Central Government's Negative List. Some processors operate from outside India; we have appropriate contractual safeguards in place.
6. Your rights
- Right to access: request a summary of data we hold.
- Right to correction & erasure: request correction or deletion via your dashboard.
- Right to nominate: nominate another individual to exercise rights on your behalf.
- Right to grievance redressal: contact our Grievance Officer.
7. Retention
- Account data: while account is active + 7 years (statutory limitation under Limitation Act 1963 + GST records).
- Erased data: 30-day soft-delete window then hard purge.
- Server logs: 90 days.
- Financial records: 7 years (Income Tax Act and GST Act requirement).
8. Security
We use TLS 1.3 for transport, envelope encryption for PII at rest, E2EE for advocate-user messages, 2FA mandatory for advocate and admin accounts, and Cloudflare Turnstile for bot protection.
9. Cookies
- Strictly necessary: session, CSRF.
- Analytics (consent): PostHog session identifier.
10. Children
We do not knowingly process personal data of any child under 18 years. Accounts are restricted to adults.
11. Changes
Material changes notified by email and dashboard at least 14 days in advance.
12. Contact
Data protection queries: privacy@askadvocates.in.