Privacy Policy

Last updated: 3 March 2026

Aapka Munshi ("we", "us", or "our") operates a court case tracking platform accessible via a web dashboard and WhatsApp AI assistant. This Privacy Policy describes how we collect, use, share, store, and protect your personal information when you use our services.

1. Information We Collect

We collect the following categories of information when you use our services:

a) Information You Provide

  • Google Account Information -When you sign in with Google, we receive your name, email address, and profile picture.
  • WhatsApp Phone Number -You provide your WhatsApp phone number during account setup. We verify ownership by sending a one-time password (OTP) via WhatsApp, and store your verified number to deliver case updates and enable AI assistant access.

b) Information from Google APIs

If you grant additional permissions, we receive OAuth access and refresh tokens that allow us to interact with your Google account on your behalf. Specifically:

  • Google Calendar -We create, update, and delete calendar events to sync your upcoming hearing dates. This data lives in your own Google Calendar account.
  • Google Drive -We create folders and files to store case-related documents. We can only access files and folders that our application has created. This data lives in your own Google Drive account.

c) Information Collected Automatically

  • Court Case Data -When you search for or track cases, we retrieve publicly available case information from the eCourts platform maintained by the Government of India. This includes CNR numbers, party names, hearing dates, case status, orders, and judgments.
  • Conversation History -Messages exchanged with our WhatsApp AI assistant are stored to maintain conversation context. We retain a rolling window of approximately the last 10 messages per user; older messages are automatically purged.
  • Usage Data -We collect basic usage information such as pages visited, features used, and interaction timestamps to maintain and improve our services.

2. How We Use Your Information

We use the information we collect for the following purposes:

  • Authenticate your identity -via Google OAuth, to create and manage your account
  • Deliver case updates and hearing reminders -via WhatsApp messages to your verified phone number
  • Sync hearing dates -by creating and managing events in your Google Calendar
  • Store case documents -by creating folders and files in your Google Drive
  • Power the AI assistant -by processing your conversation messages through Google Gemini AI to generate helpful responses
  • Provide case search and tracking -by retrieving and displaying publicly available data from the eCourts platform
  • Improve our services -by analysing usage patterns to enhance reliability and features

3. How We Share Your Information

We do not sell, rent, or trade your personal data. We do not share your information with advertising networks or data brokers.

We share your information only with the following service providers, and only to the extent necessary to operate our platform:

Google APIs (Calendar & Drive)

We use your OAuth tokens to create hearing events in your Google Calendar and case folders in your Google Drive. This data lives in your own Google account -we do not store copies of your calendar events or Drive files on our servers. When performing these operations, we send case details (such as CNR number, case title, hearing date, and court name) to Google's servers via their APIs.

Supabase (hosted on AWS)

Supabase acts as our database and authentication provider. It stores your email address, name, phone number, tracked case data, conversation history, and encrypted OAuth tokens.

Cloudflare

Cloudflare hosts our web application and API on its global edge network. Your data passes through Cloudflare's infrastructure in transit. Cloudflare does not store your personal data beyond what is necessary for request processing.

Trigger.dev

Trigger.dev processes background tasks such as hearing reminders and case data refreshes. It uses your OAuth tokens to perform Calendar and Drive operations on your behalf. Trigger.dev does not retain your personal data beyond the duration of task execution.

Google Cloud (Gemini AI)

Google Cloud processes your WhatsApp conversation messages through the Gemini AI model to generate responses. The AI model does not receive your OAuth tokens, Google profile information, or any Calendar or Drive data.

WhatsApp Business API (Meta)

Meta's WhatsApp Business API delivers messages to your phone. It receives message content only -it does not receive your Google account data, OAuth tokens, or any data stored in your Calendar or Drive.

Legal Disclosure

We may disclose your information if required to do so by law, in response to valid legal process, to protect the safety of any person, to address fraud or security issues, or to protect our legal rights. In the event of a merger, acquisition, or sale of assets, your data may be transferred to the successor entity, and we will notify you before your data becomes subject to a different privacy policy.

4. Google API Services User Data Policy Compliance

Aapka Munshi's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Specifically:

  1. We only use Google data to provide and improve the Calendar sync and Drive storage features described in this policy. We do not use Google data for any other purpose.
  2. We do not transfer Google data to third parties except as necessary to provide or improve our service, to comply with applicable law, or as part of a merger or acquisition where the successor entity is bound by the same data protection commitments.
  3. We do not use Google data for serving advertisements, retargeting, building advertising profiles, or making credit or lending decisions.
  4. We do not allow humans to read your Google data unless you have given affirmative consent, it is necessary for security purposes (such as investigating abuse), it is required by law, or the data has been aggregated and anonymised for internal operations.

5. Data Storage and Security

Your data is stored and processed using the following infrastructure providers:

  • Supabase (AWS, United States) -Database, authentication, and serverless functions
  • Cloudflare (global edge network) -Web application hosting and API edge processing
  • Google Cloud -AI model inference (Gemini) for the WhatsApp assistant
  • Trigger.dev -Background task processing for hearing reminders and case data refreshes

Security Measures

We implement the following technical measures to protect your data:

  • All data transmitted between your device and our servers is encrypted using TLS (Transport Layer Security)
  • Data stored at rest is encrypted by our infrastructure providers
  • OAuth tokens are stored in encrypted form and are never logged, exposed in error messages, or included in diagnostic reports
  • All external API calls enforce strict timeouts to prevent data exposure during connection failures

6. International Data Transfers

Your data may be processed and stored in locations outside of India, including the United States (Supabase on AWS), Cloudflare's global edge network, and Google Cloud's infrastructure. We rely on each service provider's contractual commitments, industry-standard security certifications, and data protection safeguards to ensure your information is protected in accordance with this policy.

7. Cookies and Sessions

We use essential cookies and session tokens solely to maintain your authentication state and ensure the service functions correctly. These cookies are strictly necessary and cannot be disabled without breaking core functionality. We do not use advertising cookies, tracking cookies, or any third-party analytics cookies.

8. Data Retention and Deletion

We retain your data according to the following schedule:

  • Account data (name, email, phone number) -Retained for as long as your account is active
  • Conversation history -Rolling window of approximately the last 10 messages per user; older messages are automatically purged
  • OAuth tokens -Cleared immediately when you disconnect your Google account or request account deletion
  • Tracked case data -Retained while your account is active; deleted upon account deletion
  • Calendar events and Drive folders -These reside in your own Google account and are not controlled by us. They will persist in your Google account even after you delete your Aapka Munshi account.

You may request deletion of your account and all associated data at any time. Account deletion is completed within 30 days of your request, except where retention is required by law.

You can independently revoke Aapka Munshi's access to your Google account at any time by visiting myaccount.google.com/permissions.

9. Your Rights

Under applicable Indian data protection laws, including the Information Technology Act, 2000 and the Digital Personal Data Protection Act, 2023, you have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate or incomplete data
  • Request deletion of your personal data
  • Withdraw consent for data processing at any time (for example, by disconnecting your Google account or unlinking your WhatsApp number)
  • Revoke Google permissions independently via Google Account Settings
  • Request portability of your personal data
  • Lodge a complaint with the Data Protection Board of India if you believe your data rights have been violated

To exercise any of these rights, contact us at hello@lexolegal.com. We will respond to your request within 30 days.

10. Children's Privacy

Our services are not intended for individuals under the age of 18. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us at hello@lexolegal.com and we will promptly delete such data.

11. Third-Party Links and Services

Our service integrates with and links to third-party platforms including Google (Calendar, Drive, OAuth), Meta (WhatsApp Business API), and eCourts (Government of India). Each of these services is governed by its own privacy policy and terms of service.

We encourage you to review the privacy policies of these third-party services. We are not responsible for the data practices of any third-party platform.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. Material changes will be communicated via WhatsApp notification or a notice on our website at least 15 days before they take effect. Your continued use of the service after the effective date constitutes acceptance of the updated policy.

13. Governing Law

This Privacy Policy is governed by and construed in accordance with the laws of India, including the Information Technology Act, 2000 and the Digital Personal Data Protection Act, 2023, as applicable.

14. Grievance Officer

In accordance with the Digital Personal Data Protection Act, 2023, we have appointed a Grievance Officer to address your concerns regarding data processing:

Grievance Officer

Aapka Munshi

Email: hello@lexolegal.com

The Grievance Officer will acknowledge your complaint within 48 hours and resolve it within 30 days of receipt.

15. Contact Us

If you have any questions about this Privacy Policy or our data practices, contact us at: hello@lexolegal.com