PRIVACY POLICY

Tesatech Corporation Private Limited ("we/TCPL") is committed to protecting your privacy. This policy outlines how we handle data in compliance with the Digital Personal Data Protection Act, 2023 (DPDPA) and the Information Technology Act, 2000. This Privacy Policy is only applicable to paid users of LexoDesk.

User as Data Fiduciary: When you (a lawyer/firm) upload personal data of your clients (e.g., names in a divorce petition) to LexoDesk, YOU are the "Data Fiduciary" under the DPDPA. You are responsible for obtaining the necessary consent from your clients.

TCPL as Data Processor: We act as the "Data Processor" processing this data solely on your instructions to provide the Service.

TCPL as Data Fiduciary: We act as the Data Fiduciary only for your account information (your name, email, billing details).

Account Data: Name, email, Bar Council Registration Number (for verification), Phone number.

Payment Data: We do not store card details. Transactions are processed via [Razorpay/Stripe]. We only store the Transaction ID.

Voluntarily Shared Data: Case files, drafts, and notes uploaded by you.

Technical Data: IP address, browser type, device info (for security and fraud prevention).

We process data for the following specific purposes:

• To provide the SaaS functionality (drafting, management).
• To prevent fraud and abuse of the system.
• To comply with legal obligations (e.g., retaining invoice data for GST compliance).

Your data is stored on secure servers located within India. We ensure that Sensitive Personal Data (SPD) remains within the jurisdiction unless explicit consent is obtained for cross-border transfer.

We implement ISO 27001 aligned security measures, including:

Encryption: Data is encrypted in transit (TLS 1.2+) and at rest (AES-256).

Access Control: Strict role-based access control (RBAC) for our internal staff.

Audit Logs: We maintain logs of all system access.

Subject to the DPDPA, you have the right to:

Access: Request a summary of your personal data being processed.

Correction: Request updates to inaccurate data.

Erasure: Request deletion of your data (subject to our legal retention obligations).

Grievance Redressal: Contact our Grievance Officer.

We utilize third-party vendors to provide services. By using LexoDesk, you consent to our use of:

Cloud Infrastructure: [e.g., AWS / Google Cloud]

Email Services: [e.g., SendGrid / SES]

Analytics: [e.g., Google Analytics (Anonymized)]

In the event of a data breach, we will notify the Data Protection Board of India and affected users in accordance with the timelines prescribed by CERT-In directions.

For any privacy concerns, please contact: