GoLegal Comply← Back to Home

Privacy Policy

Last updated: 3 April 2026

1. Introduction

GoLegal Comply ("we", "us", or "our") operates the GoLegal Comply platform (the "Platform"), a DPDP compliance monitoring service. This Privacy Policy explains how we collect, use, store, disclose, and protect your personal data in accordance with the Digital Personal Data Protection Act, 2023 ("DPDP Act"), the Information Technology Act, 2000 ("IT Act"), the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 ("SPDI Rules"), and other applicable Indian laws.

By accessing or using our Platform, you consent to the collection and processing of your personal data as described in this policy. If you do not agree, please do not use the Platform.

2. Data Fiduciary Information

For the purposes of the DPDP Act, GoLegal Comply acts as the Data Fiduciary. Our contact details are:

  • Entity Name: GoLegal Comply
  • Email: support@thegolegal.com
  • Address: India

3. Personal Data We Collect

We may collect the following categories of personal data:

a) Data Provided Directly by You

  • Full name, email address, and company name when you create an account or sign up
  • Website URL(s) you submit for compliance scanning
  • Contact information when you reach out to us for support or enquiries
  • Payment and billing information (if applicable)

b) Data Collected Automatically

  • IP address, browser type, operating system, and device information
  • Pages visited, time spent on pages, and navigation patterns
  • Cookies and similar tracking technologies (see Section 9)
  • Log data and analytics information collected via Microsoft Clarity and similar tools

c) Data from Third Parties

  • Authentication data from OAuth providers (e.g., Google) when you choose third-party sign-in

4. Purpose of Data Collection & Lawful Basis

Under Section 4 of the DPDP Act, we process your personal data only for lawful purposes with your consent or as permitted by law. The specific purposes include:

  • To provide, operate, and maintain our compliance scanning and monitoring services
  • To create and manage your user account
  • To generate compliance reports and dashboards for websites you submit
  • To communicate with you about your account, scans, updates, and support requests
  • To improve and personalise our Platform through analytics and usage data
  • To comply with legal obligations under Indian law
  • To prevent fraud, security threats, and misuse of the Platform
  • To send marketing communications (only with your explicit consent, which may be withdrawn at any time)

5. Consent

In accordance with Section 6 of the DPDP Act, we obtain your free, specific, informed, unconditional, and unambiguous consent before collecting your personal data. Consent is collected through:

  • Account registration forms with clear consent checkboxes
  • Cookie consent banners for non-essential cookies
  • Opt-in mechanisms for marketing communications

You have the right to withdraw your consent at any time by contacting us at support@thegolegal.com. Withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal.

6. Rights of Data Principals

Under Chapter III of the DPDP Act, you (as a Data Principal) have the following rights:

  • Right to Access Information (Section 11): You may request a summary of your personal data being processed and the processing activities undertaken.
  • Right to Correction and Erasure (Section 12): You may request correction of inaccurate or misleading data, completion of incomplete data, or erasure of data that is no longer necessary for the purpose for which it was collected.
  • Right to Grievance Redressal (Section 13): You may raise grievances with our Grievance Officer (details in Section 14 below).
  • Right to Nominate (Section 14): You may nominate another individual to exercise your rights in the event of your death or incapacity.

To exercise any of these rights, please email us at support@thegolegal.com. We will respond to your request within 30 days or as prescribed under applicable law.

7. Data Retention

We retain your personal data only for as long as is necessary to fulfil the purposes for which it was collected, or as required under applicable law. Specifically:

  • Account data is retained for as long as your account is active
  • Scan reports and compliance data are retained for 3 years from the date of generation for audit and reference purposes
  • Log and analytics data are retained for up to 1 year
  • Upon account deletion or withdrawal of consent, personal data will be erased within 30 days, except where retention is required by law

8. Data Security Measures

In accordance with Section 8 of the DPDP Act and Rule 8 of the SPDI Rules, we implement reasonable security practices and procedures to protect your personal data, including:

  • Encryption of data in transit (TLS/SSL) and at rest
  • Secure authentication mechanisms including OAuth 2.0 and session-based security
  • Access controls restricting data access to authorised personnel only
  • Regular security assessments and vulnerability scans
  • Secure hosting infrastructure with reputable cloud providers

9. Cookies and Tracking Technologies

We use the following types of cookies and tracking tools:

  • Essential Cookies: Required for authentication, session management, and core Platform functionality
  • Analytics Cookies: Microsoft Clarity and similar tools to understand user behaviour and improve our services

You can manage your cookie preferences at any time using the Cookie Preferences link in our website footer. Disabling essential cookies may affect Platform functionality.

10. Data Sharing and Disclosure

We do not sell your personal data. We may share your data with third parties only in the following circumstances:

  • Service Providers: Hosting providers (e.g., Supabase, Vercel), analytics tools, and payment processors who act as Data Processors on our behalf under appropriate contractual safeguards
  • Legal Obligations: When required by law, regulation, court order, or governmental authority under Indian law
  • Business Transfers: In the event of a merger, acquisition, or sale of assets, with adequate notice and protection of your data rights
  • With Your Consent: For any purpose you have expressly agreed to

11. Cross-Border Data Transfer

Your personal data may be transferred to and processed in countries outside India where our service providers operate. Such transfers will be made in compliance with Section 16 of the DPDP Act and any rules notified by the Central Government regarding permissible jurisdictions. We ensure adequate data protection safeguards are in place for all cross-border transfers.

12. Children's Data

In compliance with Section 9 of the DPDP Act, our Platform is not intended for use by individuals below the age of 18 years. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child without verifiable parental consent, we will take steps to delete such data promptly.

13. Data Breach Notification

In the event of a personal data breach, we will notify the Data Protection Board of India as required under Section 8(6) of the DPDP Act. Where the breach is likely to result in a risk to your rights, we will also notify you without undue delay through the email address associated with your account.

14. Grievance Officer

In accordance with the DPDP Act and the IT Act, we have appointed a Grievance Officer to address your concerns regarding data processing:

  • Name: Grievance Officer, GoLegal Comply
  • Email: support@thegolegal.com

The Grievance Officer will acknowledge your complaint within 48 hours and endeavour to resolve it within 30 days from the date of receipt. If you are unsatisfied with the resolution, you may escalate your complaint to the Data Protection Board of India.

15. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or regulatory guidelines. Any material changes will be communicated to you via email or a prominent notice on the Platform. We encourage you to review this page periodically. Continued use of the Platform after changes constitutes your acceptance of the revised policy.

16. Governing Law & Jurisdiction

This Privacy Policy is governed by and construed in accordance with the laws of India, including the DPDP Act, 2023, the Information Technology Act, 2000, and rules made thereunder. Any disputes arising out of or in connection with this policy shall be subject to the exclusive jurisdiction of the courts in India.

17. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us at:

  • Email: support@thegolegal.com
  • Grievance Officer: support@thegolegal.com