Privacy Policy

Effective Date: 15 April 2026 • Version 1.0

This Privacy Policy ("Policy") is published by Exactable, a company having its registered office at Daman - 396210, India ("Company", "we", "us", or "our"), in compliance with the Information Technology Act, 2000, the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 ("SPDI Rules"), and applicable global data protection principles.

This Policy governs the collection, receipt, storage, processing, disclosure, transfer, and handling of information in connection with your access and use of Courtexa ("Platform"), a legal case management and workflow software-as-a-service product operated by the Company.

BY ACCESSING OR USING THE PLATFORM, YOU CONFIRM THAT YOU HAVE READ, UNDERSTOOD, AND EXPRESSLY AGREED TO THIS PRIVACY POLICY IN ITS ENTIRETY. IF YOU DO NOT AGREE, YOU MUST IMMEDIATELY CEASE USE OF THE PLATFORM.

1. Definitions

For the purposes of this Policy, the following terms shall have the meanings ascribed to them below:

  • "Platform" means the Courtexa web application, mobile interfaces, APIs, and all associated services operated by the Company.
  • "User" or "You" means any natural person who accesses or uses the Platform, including visitors, registered users, subscribers, and trial users.
  • "Personal Information" means any data that relates to an identified or identifiable natural person, as defined under the SPDI Rules and applicable law.
  • "Sensitive Personal Data or Information (SPDI)" has the meaning assigned under Rule 3 of the SPDI Rules, and includes passwords, financial information, health records, and biometric data, to the extent applicable.
  • "Public Court Data" means case records, party names, hearing dates, case statuses, and related procedural information retrieved from officially published, publicly accessible government court portals.
  • "Workspace" means the private, user-specific environment within the Platform where user-generated content is stored and managed.
  • "Processing" means any operation or set of operations performed on data, including collection, recording, organisation, structuring, storage, use, disclosure, or destruction.

2. Scope and Applicability

This Policy applies to:

  • All Users of the Platform, including visitors, registered users, trial users, and paying subscribers;
  • All features, functionalities, services, and workflows offered through or in connection with Courtexa;
  • All information collected, processed, or stored by the Company in connection with the operation of the Platform.

This Policy does not apply to:

  • Third-party services, websites, platforms, payment gateways, or external systems that may be integrated with, linked from, or accessed through the Platform;
  • Information independently collected by third parties whose services the User accesses through the Platform.

Users are advised to review the privacy policies of all third-party services before engaging with them. The Company is not responsible for the data practices of any third party.

3. Nature and Description of the Platform

Courtexa is a legal case management and workflow platform designed exclusively for advocates, law firms, and legal professionals. The Platform enables Users to:

  • Retrieve and organise publicly available court case data using user-provided identifiers such as CNR numbers and case parameters;
  • Track case status, hearings, and procedural history;
  • Schedule and manage hearings and appointments;
  • Manage legal workflows from a centralised, private workspace.

Important Characterisation: Courtexa is a facilitator of access to publicly available data and a workflow management tool. It is not a source of legal data, does not create or control court records, and does not provide legal advice. All court data displayed on the Platform originates from publicly accessible government systems.

4. Information We Collect

4.1 Information Provided Directly by Users

When you register for or use the Platform, we collect the following categories of personal information:

  • Identity data: Full name, designation, bar enrolment details (if provided);
  • Contact data: Email address, phone number;
  • Account credentials: Username and password (stored in cryptographically hashed, salted form; plaintext passwords are never stored or transmitted in readable format);
  • Operational inputs: Case identifiers (CNR numbers, filing numbers), search parameters, hearing notes, annotations, scheduling data, and appointment details;
  • User-generated content: Notes, tags, case labels, and organisational data entered by the User within their Workspace;
  • Document data: Where document management features are enabled, any documents uploaded or created by the User.

4.2 Publicly Available Court Data

The Platform retrieves publicly available legal data from official government court portals based solely on User-provided inputs. This data may include:

  • Case numbers and filing information;
  • Party names and counsel details as recorded in public court records;
  • Hearing schedules, adjournment histories, and next dates;
  • Case status (Active, Disposed, etc.) and procedural orders;
  • Court name, bench details, and jurisdiction information.

This data is not created, modified, or controlled by the Company. It is sourced from publicly accessible government systems. The Company retrieves, structures, and stores such data solely to provide the Platform's case management functionality. Users access this data in their professional capacity as legal practitioners.

4.3 Automatically Collected Technical Information

When you access or use the Platform, we may automatically collect:

  • IP address and approximate geolocation;
  • Device type, operating system, and browser version;
  • Access timestamps, session duration, and navigation patterns;
  • Platform feature usage and interaction logs;
  • Error reports and diagnostic data.

This information is used to maintain, secure, and improve the Platform and does not, in isolation, identify any individual User by name.

4.4 Cookies and Tracking Technologies

The Platform uses cookies and similar tracking technologies for the following limited purposes:

  • Authentication: To verify User identity and maintain secure login sessions;
  • Session management: To preserve User preferences and Platform state during a session;
  • Security: To detect and prevent fraudulent or unauthorised access;
  • Analytics: To understand aggregate usage patterns and improve Platform performance.

We do not use tracking technologies for behavioural advertising, cross-site tracking, or sale of User data to third parties. Users may control or disable cookies through their browser settings; however, disabling certain cookies may impair Platform functionality, including authentication.

5. Purpose of Data Processing

We process User information strictly for the following purposes:

  • Service delivery: To register accounts, authenticate Users, and provide full access to Platform features;
  • Case management operations: To retrieve, structure, display, and manage Public Court Data and User-generated case information;
  • Scheduling and workflow: To enable hearing tracking, appointment management, and calendar functionality;
  • Platform improvement: To analyse usage, identify technical issues, and develop new features;
  • Security and fraud prevention: To monitor for unauthorised access, protect data integrity, and enforce our Terms of Service;
  • Communication: To send service notifications, system alerts, product updates, and transactional messages;
  • Legal and regulatory compliance: To fulfil obligations under applicable Indian law and judicial or regulatory orders;
  • Dispute resolution and enforcement: To investigate complaints, enforce agreements, and assert or defend legal claims.

We do not process User data for the purpose of selling, licensing, or otherwise commercially exploiting personal information to third parties for their own marketing purposes.

6. Legal Basis for Processing

Our processing activities are conducted under the following legal bases:

  • Consent: Where Users have provided explicit, informed consent for specific processing activities, including optional features and marketing communications;
  • Contractual necessity: Processing required to perform the agreement between the Company and the User for Platform access and use;
  • Legitimate interests: Processing necessary for our legitimate business interests, including platform security, fraud prevention, and product analytics, provided such interests do not override User rights;
  • Legal obligation: Processing required to comply with applicable laws, regulations, court orders, or governmental directives.

Users may withdraw consent for consent-based processing at any time by contacting us at privacy@exactable.in. Withdrawal of consent does not affect the lawfulness of processing conducted prior to withdrawal.

7. Data Storage and Security

7.1 Infrastructure

All User data and Platform data is hosted on secure cloud infrastructure provided by DigitalOcean, with servers located in Bangalore, India. Data is stored within the territory of India unless otherwise disclosed in this Policy.

7.2 Security Measures

The Company implements reasonable technical and organisational security measures in accordance with Rule 8 of the SPDI Rules, including:

  • Encryption of passwords using industry-standard one-way hashing with salting;
  • HTTPS/TLS encryption for all data transmission between the User's device and our servers;
  • Role-based access controls ensuring that personnel access data only on a need-to-know basis;
  • Workspace-level data isolation so that one User's data is not accessible to other Users;
  • Regular security assessments and monitoring of infrastructure for unauthorised access or anomalies;
  • Logging and auditing of access to sensitive data.

7.3 No Absolute Security Guarantee

Despite our implementation of reasonable safeguards, no method of electronic transmission or digital storage is completely secure. The Company does not warrant or guarantee the absolute security of User data. In the event of a security breach that is likely to result in a high risk to Users, we will take reasonable steps to notify affected Users and relevant authorities as required by applicable law. The Company may monitor, log, and review system activity for security, compliance, and operational purposes.

8. Data Retention

We retain User personal information and Platform data for the following periods:

  • Active account data: Retained for the duration of the active subscription or account relationship;
  • Post-termination: Data may be retained for a reasonable period after subscription cancellation or account closure for the purposes of legal compliance, dispute resolution, fraud prevention, and backup integrity. Termination or cancellation of a subscription does not trigger automatic deletion of data;
  • Legal hold: Data subject to a legal hold, regulatory inquiry, investigation, or litigation will be retained for as long as required by applicable law or court order, regardless of the above periods;
  • Analytics and logs: Anonymised or aggregated usage data may be retained indefinitely for product improvement purposes.

Users who wish to request deletion of their personal data upon account closure may do so pursuant to Section 10 of this Policy. Such requests are subject to the Company's right to retain data where legally required or operationally necessary.

The Company reserves the right to retain certain categories of data notwithstanding a deletion request, including but not limited to data required for legal compliance, fraud prevention, system integrity, backup restoration, and enforcement of contractual rights.

8.1 Data Portability and Access Post-Termination

The Company does not guarantee export, portability, or continued accessibility of any data, including case data, user-generated content, or Public Court Data, following account termination or subscription cancellation, unless such functionality is explicitly provided as part of the Platform.

9. Data Sharing and Third-Party Disclosure

The Company does not sell, rent, or trade User personal information. We may share data only in the following limited and specific circumstances:

9.1 Payment Service Providers

To process subscription payments, we integrate with third-party payment gateways, which may include Razorpay, Cashfree, PayU, Paytm, and other regulated payment processors. These providers collect and process payment data directly. The Company does not store, access, or process sensitive financial information such as card numbers, CVV codes, or bank account credentials. The Company may share limited billing-related information (such as name, email address, and transaction identifiers) with payment service providers solely for the purpose of processing payments, generating invoices, and maintaining transaction records.

9.2 Infrastructure and Technology Providers

We engage third-party service providers to operate the Platform's infrastructure, including DigitalOcean for cloud hosting. These providers access data only to the extent necessary to provide their contracted services and are bound by contractual obligations to protect data.

9.3 Analytics Providers

We may use third-party analytics tools (including but not limited to Google Analytics) to collect aggregated, non-personally identifiable usage data. Such providers process data in accordance with their own privacy policies and are not permitted to use data for independent commercial purposes.

9.4 Legal Disclosures

We may disclose User data without prior notice where required to:

  • Comply with a court order, judicial process, or statutory obligation;
  • Respond to lawful requests by government or regulatory authorities;
  • Enforce our Terms of Service or protect the Company's legal rights;
  • Investigate, prevent, or take action regarding illegal activities, fraud, or threats to security.

9.5 Business Transfers

In the event of a merger, acquisition, restructuring, sale of assets, or insolvency proceeding involving the Company, User data may be transferred to a successor entity. We will provide reasonable notice to Users via the Platform or email before such a transfer, and the acquiring entity will be bound by this Policy or a successor policy of equivalent standard.

9.6 Future Third-Party Integrations

As the Platform expands, we may engage additional service providers for communication services, document management, billing, legal research APIs, or other features. Any such providers will be disclosed in an updated version of this Policy and will have access to data only to the extent necessary to provide their services.

10. User Rights and Data Requests

Subject to applicable law and the Company's operational and legal requirements, Users have the following rights with respect to their personal information:

  • Right of access: To request a copy of the personal information the Company holds about you;
  • Right to correction: To request correction of inaccurate, incomplete, or outdated personal information;
  • Right to deletion: To request deletion of your personal information, subject to the Company's right to retain data for legal, operational, or security purposes;
  • Right to withdraw consent: To withdraw any consent previously given for processing activities that are consent-based;
  • Right to grievance redressal: To raise a grievance regarding the handling of your personal data with our designated Grievance Officer.

To exercise any of the above rights, Users must submit a written request to:

Email: support@exactable.in

Privacy Officer: privacy@exactable.in

The Company reserves the right to:

  • Verify the identity of the requesting User before processing any data request;
  • Decline requests that are legally unfounded, repetitive, or technically infeasible;
  • Retain certain data categories notwithstanding a deletion request, where required by law, for audit purposes, or to prevent fraud.

We will endeavour to respond to all valid requests within 30 days of receipt.

11. Public Court Data - Accuracy and Liability Disclaimer

The Platform retrieves data from publicly accessible government court systems. The Company:

  • Does not create, author, edit, or validate any Public Court Data;
  • Does not guarantee the accuracy, completeness, currency, or reliability of data sourced from government systems;
  • Does not provide legal advice, opinions, or recommendations;
  • Is not responsible for errors, delays, omissions, inconsistencies, or discrepancies in Public Court Data, which originate entirely from source systems outside the Company's control.

All information made available through the Platform is for informational and organisational purposes only. Users must independently verify all court data before relying on it for any legal purpose, professional decision, court filing, or client communication. The Company expressly disclaims all liability for any loss, adverse outcome, professional negligence claim, or prejudice arising from reliance on data displayed through the Platform. Use of the Platform does not substitute for independent legal research or professional judgement. The Platform is provided strictly as a facilitative tool and does not replace independent verification, professional diligence, or statutory compliance obligations of the User.

Any updates, corrections, or changes to Public Court Data are dependent on the source government systems. The Company does not guarantee real-time synchronisation or currency of displayed court information.

12. Workspace Privacy and User Responsibilities

12.1 User-generated content, including notes, annotations, case labels, scheduling data, and documents, is stored within the User's private Workspace and is not accessible to other Users or shared with third parties except as described in this Policy.

12.2 Users are solely responsible for:

  • Ensuring that any information they input, upload, or process through the Platform does not violate applicable laws, professional obligations (including bar council regulations), duties of confidentiality, third-party intellectual property rights, or client privilege;
  • Users are solely responsible for the accuracy, legality, and appropriateness of all data entered into the Platform;
  • Obtaining all necessary consents and authorisations before uploading personal data of third parties (including clients) into the Platform;
  • Maintaining the confidentiality of their login credentials and ensuring that unauthorised persons do not access their account.

12.3 The Company accepts no responsibility for User-generated content and its lawfulness. The User indemnifies the Company against all claims, losses, damages, and expenses arising from the User's violation of this Section.

13. Limitation of Company Liability

To the maximum extent permitted by applicable law:

  • The Company shall not be liable for any inaccuracies in Public Court Data sourced from government systems;
  • The Company shall not be liable for any direct, indirect, incidental, consequential, special, or punitive damages arising from the User's reliance on Platform data;
  • The Company shall not be liable for any loss arising from Platform unavailability, data loss, or system failure beyond its reasonable control;
  • The Company's aggregate liability to any User shall in no event exceed the subscription fees paid by such User in the three (3) months immediately preceding the event giving rise to the claim.

These limitations apply whether the claim arises in contract, tort, negligence, or any other legal theory, and regardless of whether the Company has been advised of the possibility of such damages.

The Company shall not be responsible for any disruption, delay, or failure in data retrieval or display arising from unavailability, changes, or technical limitations of external systems or public court portals.

14. International Data Transfers

Data collected through the Platform is primarily hosted in India (DigitalOcean, Bangalore). However, certain third-party service providers (including analytics, communication, and payment processors) may process data in jurisdictions outside India.

Where data is transferred outside India, we will ensure such transfers are subject to appropriate contractual safeguards or other lawful mechanisms. By using the Platform, Users expressly consent to such cross-border transfers where technically necessary to operate the services engaged.

15. Age Restriction

The Platform is designed for professional use and is intended exclusively for individuals aged 18 years and above. We do not knowingly collect personal data from minors. If we become aware that personal data of a person under the age of 18 has been collected, we will take prompt steps to delete such data. If you believe a minor has submitted data through the Platform, please contact us at privacy@exactable.in.

16. Grievance Officer

In accordance with the Information Technology Act, 2000 and the SPDI Rules, the Company has designated a Grievance Officer to address complaints or concerns regarding the processing of personal data. Users may contact the Grievance Officer at:

Grievance Officer, Exactable

Address: Daman - 396210, India

Email: privacy@exactable.in

We will endeavour to acknowledge grievances within 24 hours and resolve them within 30 days of receipt of the complaint.

17. Changes to This Privacy Policy

The Company reserves the right to amend, update, or replace this Policy at any time to reflect changes in legal requirements, business practices, or Platform functionality. In the event of material changes, we will:

  • Post the updated Policy on the Platform with a revised effective date;
  • Where reasonably practicable, notify registered Users via email or in-Platform notification prior to the changes taking effect.

Continued use of the Platform following the effective date of any updated Policy constitutes the User's acceptance of the revised terms. If a User does not accept the updated Policy, they must discontinue use of the Platform and may request deletion of their data pursuant to Section 10.

18. Governing Law and Jurisdiction

This Policy shall be construed and governed in accordance with the laws of the Republic of India, including the Information Technology Act, 2000, the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, and any successor legislation including the Digital Personal Data Protection Act, 2023, as and when it becomes fully operative.

Any dispute, claim, or controversy arising out of or relating to this Policy shall be subject to the exclusive jurisdiction of the competent courts located at Daman, India.

19. Contact Information

For any questions, concerns, or requests relating to this Privacy Policy or the handling of your data, please contact:

Exactable

Daman - 396210, India

General enquiries: support@exactable.in

Privacy / data requests: privacy@exactable.in

Document Control

This Privacy Policy has been approved and adopted by Exactable for publication on the Courtexa Platform.

Document TitleCourtexa Privacy Policy
Version1.0
Effective Date15 April 2026
Next Review Date15 April 2027
Approved ByJaynam Modi
Founder
Date of Approval14 April 2025