← eVaqil.com · Terms of Service →

eVaqil.com

Privacy Policy

Last updated: 11 June 2026

This Privacy Policy describes how eVaqil ("we", "us") collects, uses, shares, and protects personal data when you use eVaqil.com. It is published in accordance with the Digital Personal Data Protection Act, 2023 ("DPDPA") and the Information Technology Act, 2000 and the rules made thereunder. For the purposes of the DPDPA, eVaqil is the Data Fiduciary in respect of personal data you provide to or generate through the Service, except where stated otherwise.

1. Definitions used in this notice

Personal data. Any data about an individual who is identifiable by or in relation to such data.

Data Principal. The individual to whom the personal data relates — that means you.

Data Fiduciary. The person who, alone or with others, determines the purpose and means of processing personal data. For most data in the Service, that is eVaqil.

Data Processor. A person who processes personal data on behalf of a Data Fiduciary — for example, our cloud and notification providers.

2. Categories of personal data we process

2.1 Information you provide

  • Mobile number (used for OTP authentication, account identification, and reminders).
  • Profile details: name, photo, role, bar enrolment number, court(s), areas of practice, address, alternative contact details (WhatsApp, email).
  • Case and matter data you add or import: case titles, case numbers, CNR numbers, parties, opposing parties, courts, hearing dates, stages, notes, and tags.
  • Files and documents you upload, including PDFs, images, and attachments.
  • Content you post in features such as broadcasts, job listings, feature requests, and the advocate directory.
  • Support and feedback messages, including messages you submit through the contact form on our website (your name, contact details, and the message itself).

2.2 Information generated by your use of the Service

  • Authentication events (sign-in, sign-out, OTP issuance), session metadata, and device identifiers used to bind a session to a device.
  • App-event logs, error reports, and diagnostics used to keep the Service reliable.
  • Notification delivery state (for example, whether a hearing reminder has been sent for a given hearing).
  • Aggregated usage signals derived from your interactions, used to operate and improve the Service.

2.3 Information fetched from public court systems

Where you ask the Service to look up case information, we retrieve publicly available data from sources such as the eCourts Services portal and the High Court / district court micro-sites. This data is then associated with your account so that it can be shown to you, sorted, refreshed, and used for reminders.

2.4 Device permissions

  • Notifications — to deliver hearing reminders and product alerts.
  • Calendar (write) — to create or update an "eVaqil" calendar on your device with your hearings. Calendar data written on your device stays on your device.
  • Storage / Files — to read PDFs you select for on-device OCR, compression, or hash generation, and to save outputs locally.
  • Camera / Photos — if and where you choose to attach an image or document.

You can revoke any permission at any time through your operating-system settings. Revoking a permission may disable the dependent feature.

2.5 Sensitive personal data

We do not intentionally seek special-category data. You should not upload personally sensitive material (for example, health, financial, biometric, or children's data, or data that would attract legal privilege) unless its processing is genuinely necessary for your professional purpose and you have lawful authority and a clear basis under your professional obligations to do so.

3. Purposes of processing

We process personal data only for the following specified purposes:

  • To authenticate you and operate your account.
  • To provide and maintain the features you use — case management, hearings, reminders, document storage, AI assistance, hash reports, the directory, broadcasts, and jobs.
  • To send transactional notifications (OTP, hearing reminders, security alerts, important product changes).
  • To detect, investigate, and prevent fraud, abuse, security incidents, and breaches of the Terms.
  • To improve the Service through aggregated and de-identified analytics.
  • To comply with legal obligations, court directions, and lawful requests from authorities.

4. Lawful basis for processing

Under the DPDPA, our processing relies on one or more of the following grounds:

  • Your consent — when you sign in, grant device permissions, or opt into specific features (s. 6 DPDPA).
  • Legitimate uses — including providing the Service you have requested, complying with law, and responding to medical or other emergencies (s. 7 DPDPA), as applicable.
  • Performance of a service you have asked us to provide, such as fetching public case data on your behalf.

5. Sharing of personal data

We share personal data only with the categories of recipients described below, and only to the extent necessary for the purpose listed.

5.1 Data processors we engage

  • Cloud database, authentication, storage, and serverless functions (Supabase) — to host your account, case data, files, and run backend logic.
  • Push-notification service (OneSignal) — to deliver reminders and product notifications to your device. Your account identifier is shared with the provider so notifications reach the right device.
  • Product analytics (PostHog, hosted in the EU) — usage events, crash reports, and diagnostics tied to your account identifier, used to understand and improve how the Service is used. On our marketing website, sessions may additionally be recorded for product improvement with all text and form inputs masked. We do not use analytics data for advertising.
  • AI / language-model providers — where you use AI features, the content you submit is transmitted to the model provider solely to generate a response.
  • Maps, fonts, CDNs, and similar infrastructure providers — to deliver static assets and standard web behaviour.

Each processor is bound by contract to process personal data only on our documented instructions, to maintain confidentiality, and to apply appropriate security safeguards.

5.2 Court and public systems

When you initiate a lookup, the Service interacts with eCourts and related public systems. The request is generated by the Service; the responses are stored against your account.

5.3 Other users

Some features are designed for visibility to other verified advocates — for example, limited profile details in the directory, broadcast messages, and job listings that you publish. You control what to publish.

5.4 Legal, regulatory, and safety disclosures

We may disclose personal data where required by applicable law, court order, valid request from a competent authority, or where necessary to protect rights, property, safety, or the integrity of the Service.

5.5 Business transfers

If eVaqil is involved in a merger, acquisition, restructuring, or sale of assets, personal data may be transferred as part of that transaction, subject to equivalent protection.

We do not sell personal data, and we do not share it for cross-context behavioural advertising.

6. International transfers

We aim to keep personal data within India. Where a processor we engage stores or processes data outside India, we do so consistent with the DPDPA and any restrictions notified by the Central Government, and we apply contractual safeguards with that processor.

7. On-device features and what stays local

Certain features run entirely on your device and do not transmit the underlying file to eVaqil or any third party unless you choose to share the output:

  • On-device PDF OCR (text extraction).
  • On-device PDF compression.
  • On-device file-hash generation (MD5) and report creation.
  • Native calendar writes (events created in the "eVaqil" calendar on your device).

8. Cookies and similar technologies

The Service uses local storage and session storage on your device to remember sign-in state, your selected views, and small caches used to render the app quickly. The Service and our website also store a first-party analytics identifier used to recognise repeat usage. We do not set advertising cookies and do not run cross-site tracking pixels.

9. Data retention and deletion

We retain personal data for as long as your account is active and as long as needed for the purposes set out in this Policy. After deletion is requested or after extended inactivity:

  • Account deletion request — your profile enters a soft-delete restoration window. After the window closes, the active profile and associated case data are removed from the active database.
  • Operational logs and backups — may persist for a limited additional period for security, audit, fraud prevention, and legal compliance.
  • Communications and content shared publicly within the Service (for example, broadcasts and job posts) may be retained or anonymised to preserve the integrity of the relevant feature.

10. Your rights as a Data Principal

Subject to applicable law, you have the right to:

  • Access a summary of the personal data we process about you and the categories of recipients.
  • Correct inaccurate or misleading personal data, and complete personal data that is incomplete.
  • Update personal data you have provided.
  • Erase personal data that is no longer needed for the purposes for which it was collected, subject to lawful retention obligations.
  • Nominate another individual to exercise your rights in the event of your death or incapacity.
  • Withdraw any consent you previously gave (which will not affect lawful processing carried out before withdrawal).
  • File a grievance with our Grievance Officer (see below). If the grievance is not resolved, you may approach the Data Protection Board of India.

You can exercise most of these rights directly from within the Service. For other requests, write to privacy@evaqil.com. We may need to verify your identity before acting on a request.

11. Children

The Service is intended for adults who are practising legal professionals, students, or related users. We do not knowingly collect personal data of children. If we learn that we have processed a child's personal data without verifiable parental consent, we will delete it.

12. Security

We use technical and organisational measures designed to protect personal data, including:

  • Transport-layer encryption (HTTPS) for client–server communication.
  • Row-level security and scoped backend functions on our database layer.
  • Time-limited session tokens and OTP-based authentication.
  • Access controls, principle-of-least-privilege for engineering staff, and audit logging on sensitive operations.
  • Regular review of dependencies and infrastructure for security advisories.

No system is perfectly secure. You should use a strong device passcode, keep your OS and the app up to date, and avoid using untrusted networks for sensitive work.

13. Personal data breach

In the event of a personal data breach that meets the threshold under applicable law, we will notify the Data Protection Board of India and affected Data Principals in the manner and within the timelines prescribed by the DPDPA and its rules.

14. Grievance Officer and contact

For privacy questions, requests to exercise your rights, or complaints, contact us at:

  • Privacy team: privacy@evaqil.com
  • Grievance Officer (IT Rules 2021): grievance@evaqil.com
  • Postal correspondence: Grievance Officer, eVaqil, New Delhi, India (full address available on request).

We acknowledge complaints within 24 hours and aim to resolve them within 15 days. Unresolved grievances may be escalated to the Data Protection Board of India under the DPDPA.

15. Changes to this Privacy Policy

We may update this Policy from time to time. When we do, we will revise the "Last updated" date at the top of this page and, where the changes are material, take reasonable steps to bring them to your attention. Continued use of the Service after the changes take effect means you accept the updated Policy.

← Back to eVaqil.com

This Privacy Policy works alongside the Terms of Service. Read the Terms of Service →