NRILegal360
Legal & Compliance framework

Privacy & Data Compartmentalization Policy

Effective Date: January 1, 2026
Version: 2.1 (Strict Confidentiality Protocols)
Executive Summary: NRILegal360 operates on a strict non-disclosure architecture. We are a coordination platform, not an open marketplace. Your matter details, uploaded documents, and contact information are strictly compartmentalized and never sold or shared with any unverified third parties under any circumstances.

1. Information Architecture & Collection

During the intake and coordination process, we collect highly specific structural data regarding your matter to facilitate accurate routing and legal assessment. This may include:

  • Identity Data: Full legal name as per passport, current domicile, nationality (NRI, OCI, Foreign National).
  • Contact Data: Secure email addresses, international contact numbers, and timezone information.
  • Matter Data: Details of the legal requirement, property location (State/City), nature of the dispute/transaction, and associated counterparties.
  • Cryptographic Data: IP addresses, browser agents, and access logs securely hashed for audit and anti-fraud purposes.

2. Purpose Limitation

The data collected is strictly utilized for the following explicit purposes:

  • Categorizing the complexity and jurisdiction of your legal requirement.
  • Providing structural oversight and connecting your matter to the appropriate, vetted architectural team.
  • Executing encrypted communications regarding your matter's status.
  • Complying with mandatory KYC/AML regulations and the Digital Personal Data Protection (DPDP) Act, 2023 of India.

We explicitly prohibit the utilization of your data for third-party marketing, lead generation reselling, or unauthorized indexing.

3. Document Vault Encryption Protocols

Any documents uploaded during the intake or subsequent phases (e.g., identity proofs, registered deeds, notices) are transited via TLS 1.3 and stored at rest utilizing AES-256 encryption. Access to these vaults is restricted purely to the specific principal architects assigned to your matter via role-based access control (RBAC).

4. Data Retention & Destruction

We retain your data only for the duration necessary to fulfill the coordination mandate and satisfy regulatory legal archiving requirements. Upon the conclusion of a matter or upon verifiable request by the data principal, non-essential data is cryptographically wiped from active servers under strict erasure protocols.

5. DPDP Act Adherence

In accordance with the Digital Personal Data Protection Act, 2023, you hold the right to access, correct, and erase your data. You also maintain the right of grievance redressal. Requests regarding data portability or erasure protocols must be directed to our designated Data Protection Officer via the secure portal.

Have a question regarding our confidentiality architecture?

Contact the Data Protection Officer