Privacy Policy - Leegality.com

Introduction

This Privacy Notice is for the clients and users signing through ‘Leegality’- a digital documentation platform owned and operated by Grey Swift Private Limited. We have explained in simple language how we handle and protect your personal data collected, used and disclosed as part of your usage of the Leegality platform. 

Is this Notice applicable to you?

This Notice applies to you: 

  • If you are a Leegality Client or Signer,
  • If you are just visiting our product informational website,
  • If you have received a signing link for signing a document through Leegality from another entity, in such a case, you should also check the privacy policy of the Leegality Client who sent you the contract – you can read more about how we process your personal data as per their instructions in the “If you are a ‘Signer’” section below.
  • If you’re looking for a job at Leegality, check out the privacy notice on our careers page.

Our role in your Privacy

Please also note that the Privacy Notice will also apply to information of SIgners supplied by Leegality Clients. In case of information of Signers supplied by Leegality Client, the Leegality Client providing the information confirms and warrants the authority and consent to provide the necessary SIgner Information. 

  1. If you are a ‘Leegality Client’ (i.e. using Leegality to initiate signing of documents and are paying for our services):  We act as the ‘Data Fiduciary’ of personal data about you and your use of Leegality, but as the ‘Data Processor’ of personal data in the information you put into or share with Leegality (like information about the counterparties, signatories and information contained in your documents).
  2. If you are a ‘Signer’ (i.e. signing a document using Leegality):  We act as a ‘Data Processor’ processing your personal data on behalf and as per the instructions received from the Leegality Client who provided us with your personal data or as per applicable law. In these cases, the Leegality Client is the ‘Data Fiduciary’ and we rely on confirmation of the Leegality Client that they have the authority and your consent to share with us your personal data. This means we only process your personal data to help us provide our service to the Leegality Client in accordance with their instructions or as required by law. The Leegality Client is responsible for making sure that your personal data is treated in accordance with applicable data protection laws. That includes informing you how service providers (like us) collect and use data on their behalf.
  3. If you are visiting this website: We act as the ‘Data Fiduciary’ of personal data about your usage of the website and personal data that you provide us through the website.

What information do we collect?

Data Collected/Processed Purpose and how it is used
Name, Mobile number and/ or Email ID To facilitate e-Signing of documents and for Signer identification and verification. This is provided to us by the Leegality Client while initiating eSigning of a document.
GPS Location GPS coordinates of the location from where you used Leegality may be collected depending on the settings enabled by the Leegality Client for additional verification. This forms part of the audit trail generated for the eSigning transaction.
Photo/ Video capture We may capture your photo or conduct an AI liveliness for additional verification depending on the settings enabled by the Leegality Client. This forms part of the audit trail generated for the eSigning transaction.
We may use and store some sensitive information including OTPs, secret keys and access keys for document sharing etc. to enable the Signer to avail eSigning services.
Access credentials (Email ID/ Mobile Number and Password) To facilitate login and usage of the services, for communications pertaining to eSigning transactions and for Signer identification and verification.
Device information, IP address, Browser type, eSigning Activity related timestamps We collect data that identifies you such as details of the Signer’s mobile or computer device, IP address, Browser details, eSigning activity such as timestamp for login, opening of the document, OTP verification for identification and maintaining audit trails.
Digital signature details Digital signature certificate information including name, address, limited and permitted Aadhaar details as received after successful certificate generation from the Certifying Authority for facilitating eSigning and maintain audit trails.
Payment Information Payment and billing related information of Leegality Clients and Signers might be retained by Leegality and the payment service providers engaged by Leegality as required under applicable laws and for audit and record keeping purposes.
Fingerprint We might collect your fingerprint as proof of your consent in the eSigning process depending on the type of eSign chosen by the Leegality Client.
Stamp duty related information We might collect information regarding stamp paper orders and value, delivery address, organization and party details for procurement and delivery of stamp paper orders placed by Leegality Clients.
Documents uploaded We store the documents uploaded for eSigning or shared on the platform for the required time period depending on the settings enabled by the Leegality Client or as per applicable laws.
Cookies, Usage patterns and Demographic details We may collect personal data such as your URL clickstreams, products/services viewed, page response times, how long you stay on our pages, what you do on those pages- for analytics, improvement of the services and product offerings, marketing and promotional purposes, personalisation of Signer experience and for review purposes
Usage of integrated applications We may collect information about your use of linked applications or third-party sites integrated with our services (e.g., logging in through another platform). This helps us provide seamless services and enhance your experience.
Personal details provided on marketing form fills and interaction with advertisements We may collect your name, mobile number, email address, organization details, social media profile and other details that you may provide when you fill out marketing forms or interact with our advertisements. We may also collect your personal data that is publicly available or from third parties providing such data for marketing purposes. This information helps us respond to your inquiries, provide relevant information about our services, and improve our marketing efforts.

What about Aadhaar Data?

We clarify that we do not store any biometric information or OTPs used for Aadhaar eKYC or eSign transactions. Biometric data is collected directly by the Certifying Authority, encrypted immediately, and used only for the specific transaction. The Certifying Authority follows strict UIDAI guidelines for biometric authentication. Leegality is regularly audited by independent third-party information security auditors empanelled by CERT-IN for compliance with UIDAI and governmental guidelines with respect to usage of Aadhaar details and compliance with digital signature regulations.

What about Cardholder Data? (insert icon)

Leegality does not collect, process, or store any cardholder information (including card numbers, CVV, or expiry details). All payment transactions are securely handled by our PCI-DSS compliant payment gateway partner. This third party manages the end-to-end processing and storage of cardholder data in accordance with the highest industry security standards. Leegality receives only transaction status confirmations and never full payment details ensuring that all sensitive cardholder information remains entirely within the secure systems of the authorized payment processor.

What about Children’s data?

Leegality is a document execution and contracting service directed to and intended for use only by those who are 18 years of age or over. We do not target Leegality at children, and we do not knowingly collect any personal data from any person under 18 years of age.

If you are under 18 or not legally able to enter into a contract, you cannot use our services or share any information with us.

How do we store and protect your data?

  • Location: Leegality stores and processes all personal data on AISPL servers within India, in compliance with applicable laws including the Digital Personal Data Protection Act, 2023 and related rules.
  • Security measures: We implement comprehensive security controls to safeguard your data against loss, misuse, and unauthorized access. Data is protected through multiple layers of defense, including encryption in transit and at rest, network segmentation, and secure infrastructure configurations, with protection levels tailored to the sensitivity of the information.

Leegality’s information security framework is certified under ISO/IEC 27001:2022 (Information Security Management Systems), ISO/IEC 27017:2015 (Cloud Service Security Controls), ISO/IEC 27018:2019 (Protection of Personally Identifiable Information in Cloud Environments), and SOC 2 Type II Attestation (Security, Availability, and Confidentiality). These certifications are maintained through regular, independent third-party audits.

Access to systems and data is governed by strict access control policies aligned with the principle of least privilege. Access is granted only on a verified need-to-know basis through formal approval processes and is continuously monitored. All access, configurations, and activities are logged, reviewed, and periodically audited to ensure compliance and maintain the integrity of your data.

  • Limitations: While we take reasonable measures to protect your information, no system is completely immune to risks like data breaches or malicious attacks. We cannot guarantee absolute security, and shall not be liable for unintended breaches due to factors such as malicious attacks, errors, or unauthorized access that are not wilfully caused by Leegality. 

Good Security practices to follow:

  • We use secure servers to protect your data, however, using any online service carries some risks. We encourage you to follow good security practices like keeping your login details and passwords private. 
  • If you notice any suspicious activity, please reach out to our support team immediately on support@leegality.com.

Third parties who process your data

At Leegality, we use third-party service providers to help us deliver and enhance our services. These third parties assist with essential functions such as hosting our platform, communicating with clients and signers through SMS or email, processing payments, providing Aadhaar authentication and electronic signature services etc. For enabling these services, we may share personal data with these third-party service providers where necessary. We may also anonymize and aggregate data collected and share it with third parties as required. While sharing such data we ensure that they also process personal data in line with the safeguards outlined in this Privacy Notice and in compliance with applicable laws.

Additionally, we may be required to disclose information when legally obligated to do so by courts or other competent authorities under applicable law.

For more details of our third-party processors, read more…

Below is a list of third-party service providers (sub-processors) that Leegality uses to support the services offered on the Leegality platform. In case you are a Leegality Client or Signer, we share user information with these providers to ensure the smooth and secure operation of our services.

Name of Third-Party Processor Purpose for Sharing
Amazon Internet Services Pvt. Ltd. To host the platform and store user data securely.
E-Signature Service Providers (ESPs) E-sign Service Provider (ESP) or Certifying Authorities such as CDSL, Protean for authentication and issuance of electronic signatures.
SMS Gateway Services For sending transaction-related SMS alerts, OTPs, and notifications.
Payment Service Providers We have integrations with payment gateways and aggregators which enables us to process your payments on the platform.
Stamp Vendors We engage various stamp paper vendors across the country to procure stamp papers as per the orders placed by you for our digital stamping services.
SHCIL (Stock Holding Corporation of India Ltd.) For providing e-stamping services in the states where SHCIL has been appointed as Central Record Keeping Agency (CRA).
NeSL (National E-Governance Services Ltd.) For providing e-stamping and enabling digital documentation services where the Leegality Client has opted for the NeSL DDE services.
WhatsApp Business For sending WhatsApp alerts for transactions and updates where the Leegality Client has enabled Leegality Whatsapp Pings feature.
Email Service Providers For sending transaction-related emails, OTPs, and communications.
Other third party integrations Leegality offers low code APIs which can be integrated with other applications. Depending on Leegality Client requirements, configurations and instructions, we may share personal data with such third parties as well.
Marketing partners When you interact with our website or share details through forms (for product enquiries, webinars, or events), we process this information to manage your request and keep you informed. We also use third party tools for marketing and communication purposes.

Your privacy choices and rights

You have the right to access, update, or delete your personal data. We respect your rights over your personal data and strive to make it easy for you to exercise them.

You can reach out to us to access information about what personal data we hold about you; manage your consent; correct, update or delete your personal data with Leegality here. 

You can also nominate someone to manage your information in case of your death or if you are unable to do so yourself. 

We will make the changes promptly unless we are required to retain the personal data records and information as is under any applicable law or contractual obligations to Leegality Clients. We will also inform you and keep you updated about the action taken to process your request. 

If you wish to make any changes, withdraw your consent, or raise concerns about how we handle your data, feel free to reach out to us.

You can contact our Data Protection and Grievance Officer at:

  • Name: Prakhar Agrawal
  • Email: support@leegality.com
  • Address: First Floor, Plot No. 444, Phase III, Udyog Vihar III, Sector 18, Gurugram

We’re here to help and will do our best to address your concerns as quickly as possible.

Cookies

You can enable or block cookies by activating a setting on your browser allowing you to refuse cookies, or by using the cookie consent tool on our website. You can also delete cookies through your browser settings. If you turn off cookies, you can continue to use the website and Leegality, but certain services might not work effectively.

Marketing and Promotional activities

We will inform you (before collecting your personal data) if we intend to use your data for marketing. You can opt out from marketing by emailing us at support@leegality.com.

Legal requirements

Our company is based in India and follows Indian laws. This Privacy Notice is designed to meet the requirements of Indian law.

While you might be able to access our platform from other countries, we don’t actively promote or advertise our services outside India. If you decide to use Leegality from outside India, you’re doing so on your own and are responsible for following your local laws.

If you are accessing our platform from outside India, please note that we do not guarantee that this Privacy Notice complies with any other country’s laws. If your local laws don’t match what’s in this Notice or Indian laws, we recommend not using our services. 

How We Handle Disputes
If there’s a disagreement about this Privacy Notice, we will resolve it in accordance with Indian laws and through arbitration. The sole arbitrator shall be appointed by the mutual consent of the parties, the process will be in English, and it’ll take place in Gurgaon, Haryana.

Updates to the Privacy Notice

Thank you for reading through this Notice to understand how we use your data and your rights in relation to the data we use.

Please don’t make this the last time you read it as we may post make changes to this Notice and update it on this page - significant changes shall be notified to users by email.

This Notice was last updated on 21 September 2025.