Legal

Privacy Policy

Last updated: 1 June 2026

goLex ("we", "our", or "us") operates the website golex.shopand the goLex mobile application (collectively, the "Platform"). This Privacy Policy describes how we collect, use, share, and protect personal information when you use our Platform to access legal services. It is governed by the Information Technology Act, 2000 ("IT Act") and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011.

By using the Platform, you consent to the collection and use of your information as described in this policy. If you do not agree, please do not use the Platform.

1. Information We Collect

1.1 Information You Provide Directly

  • Identity information: Full name, date of birth, gender, Aadhaar number (last 4 digits only for KYC), PAN number, passport number (where required for specific services).
  • Contact information: Mobile number, email address, residential/correspondence address.
  • Documents: Scanned copies or photographs of identity proofs, property documents, vehicle registration certificates, income documents, and any other documents required to fulfil the specific legal service you have ordered.
  • Payment information: We do not store card or bank account details. Payment is processed by Razorpay (see Section 4). We retain only the transaction ID, amount, and status.
  • Service-specific information: Details of the legal matter (e.g., names of tenants and landlords, vehicle registration numbers, party details for contracts) as entered in our service forms.

1.2 Information Collected Automatically

  • IP address, browser type, operating system, device identifiers.
  • Pages visited, time on page, referring URL — collected via server logs and analytics tools.
  • Session data stored in browser cookies and localStorage.

1.3 Information from Third Parties

  • Government portals (Parivahan, Income Tax, GST Network, MCA) — we access these on your behalf and receive status updates related to your service order only.
  • WhatsApp Business API — used to send order updates. We receive delivery receipts but not your WhatsApp contact list or messages to others.

2. How We Use Your Information

  • Service delivery: To complete the legal service you have ordered — filing applications, drafting documents, coordinating with government offices and assigned advocates.
  • Communication: To send you order confirmations, status updates, document delivery notifications, and support responses via email, SMS, and WhatsApp.
  • Account management: To create and maintain your goLex user account and order history.
  • Payment processing: To initiate and confirm payment via Razorpay.
  • Legal and regulatory compliance: To comply with applicable Indian law, respond to court orders, or cooperate with law enforcement requests.
  • Platform improvement: To understand usage patterns, diagnose technical issues, and improve service quality. Analytics are aggregated and de-identified where possible.
  • Marketing (with consent): To send promotional offers or new service announcements. You may opt out at any time by clicking "Unsubscribe" in any email or messaging us at help@golex.shop.

3. Sensitive Personal Data

Under the IT (SPDI) Rules 2011, certain data we collect constitutes Sensitive Personal Data or Information (SPDI), including financial information, Aadhaar-linked data, and health information (in the case of counselling services). We handle all SPDI with heightened security controls, restrict access to authorised personnel only, and do not share SPDI with third parties except as necessary to deliver the specific service you have ordered or as required by law.

4. Third-Party Service Providers

We share limited personal data with the following categories of third-party processors, solely for the purpose of delivering our services:

  • Razorpay Software Pvt. Ltd. — payment gateway. Processes your payment card and bank data under their own PCI-DSS Level 1 certified infrastructure. Privacy policy: razorpay.com/privacy.
  • Supabase Inc. — cloud database and authentication platform. Stores your account data, order records, and uploaded documents on AWS servers in the Asia Pacific (Mumbai) region. Data is encrypted at rest (AES-256) and in transit (TLS 1.2+).
  • Twilio Inc. — used for OTP verification via SMS. Receives your mobile number for the purpose of delivering a one-time password only.
  • Meta Platforms (WhatsApp Business API) — used to deliver order status updates via WhatsApp. Only your registered mobile number is shared.
  • Bar Council-verified Advocates — your service-specific documents and case details are shared with the assigned advocate who handles your matter. Advocates are bound by professional secrecy obligations under the Bar Council of India Rules.

We do not sell, rent, or trade your personal information to any third party for marketing purposes.

5. Cookies

We use the following types of cookies on our Platform:

  • Essential cookies: Required for authentication, session management, and core functionality. Cannot be disabled.
  • Analytics cookies: Used to understand aggregate usage patterns. No personally identifiable information is linked to these cookies.
  • Preference cookies: Store your language and display preferences.

You can configure your browser to block or delete cookies. Blocking essential cookies will prevent you from logging in or placing orders.

6. Data Retention

We retain your personal data for as long as necessary to deliver the service you ordered, and thereafter for the following periods:

  • Order records and associated documents: 7 years (required for tax and legal compliance under Indian law).
  • Account information: Retained until you close your account, plus 1 year.
  • Payment transaction records: 8 years (as required by the Prevention of Money Laundering Act, 2002).
  • Server logs: 90 days, then automatically purged.

7. Your Rights

Under applicable Indian law, and to the extent practicable, you have the following rights with respect to your personal data:

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Request correction of inaccurate or incomplete data.
  • Withdrawal of consent: Withdraw consent for processing where consent is the legal basis. This will not affect the lawfulness of prior processing.
  • Deletion: Request deletion of your account and associated data, subject to our legal retention obligations above.
  • Grievance redressal: Raise a complaint with our Grievance Officer (see Section 10).

8. Data Security

We implement industry-standard security measures including:

  • TLS 1.2+ encryption for all data in transit.
  • AES-256 encryption for data at rest on Supabase.
  • Role-based access control — employees and advocates only access data necessary for their function.
  • Regular security audits and penetration testing.
  • Two-factor authentication for all administrative access.

No method of transmission over the internet is 100% secure. In the event of a data breach that is likely to affect your rights, we will notify you and the relevant authority within the timeframe required by applicable law.

9. Cross-Border Data Transfers

Your data is primarily stored on servers in the AWS Mumbai (ap-south-1) region. Some data may be processed by our service providers (Twilio, Supabase) on servers outside India. Where this occurs, we ensure that the transfer is subject to appropriate contractual safeguards consistent with Indian law requirements.

10. Grievance Officer

In accordance with the IT Act and IT (SPDI) Rules, we have designated a Grievance Officer to address any concerns regarding the processing of your personal data:

  • Name: Grievance Officer, goLex
  • Email: grievance@golex.shop
  • Address: goLex, Gurgaon, Haryana, India
  • Response time: Within 30 days of receipt of your complaint.

11. Children's Privacy

The Platform is not directed at individuals under 18 years of age. We do not knowingly collect personal information from minors. If you believe we have inadvertently collected such information, please contact our Grievance Officer immediately.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email to registered users and/or a prominent notice on the Platform at least 7 days before they take effect. Continued use of the Platform after the effective date constitutes acceptance of the revised policy.

13. Contact Us

For any questions about this Privacy Policy or our data practices, contact us at:

  • Email: help@golex.shop
  • Phone: +91 99999 99999 (Mon–Sat, 9 AM–7 PM IST)
  • Address: goLex, Gurgaon, Haryana, India