Privacy Notice

This Notice applies to you:

• If you are a Leegality Client or Signer,
• If you are just visiting our product informational website,
• If you have received a signing link for signing a document through Leegality from another entity, in such a case, you should also check the privacy policy of the Leegality Client who sent you the contract – you can read more about how we process your personal data as per their instructions in the “If you are a ‘Signer’” section below.
• If you’re looking for a job at Leegality, check out the privacy notice on our careers page.

Please also note that the Privacy Notice will also apply to information of Signers supplied by Leegality Clients. In case of information of Signers supplied by Leegality Client, the Leegality Client providing the information confirms and warrants the authority and consent to provide the necessary Signer Information.

• If you are a ‘Leegality Client’ (i.e. using Leegality to initiate signing of documents and are paying for our services):  We act as the 'Data Fiduciary' of personal data about you and your use of Leegality, but as the 'Data Processor' of personal data in the information you put into or share with Leegality (like information about the counterparties, signatories and information contained in your documents).
• If you are a ‘Signer’ (i.e. signing a document using Leegality): We act as a 'Data Processor' processing your personal data on behalf and as per the instructions received from the Leegality Client who provided us with your personal data or as per applicable law. In these cases, the Leegality Client is the 'Data Fiduciary' and we rely on confirmation of the Leegality Client that they have the authority and your consent to share with us your personal data.

This means we only process your personal data to help us provide our service to the Leegality Client in accordance with their instructions or as required by law. The Leegality Client is responsible for making sure that your personal data is treated in accordance with applicable data protection laws. That includes informing you how service providers (like us) collect and use data on their behalf.

• If you are visiting this website: We act as the 'Data Fiduciary' of personal data about your usage of the website and personal data that you provide us through the website.

We clarify that we do not store any biometric information or OTPs used for Aadhaar eKYC or eSign transactions. Biometric data is collected directly by the Certifying Authority, encrypted immediately, and used only for the specific transaction. The Certifying Authority follows strict UIDAI guidelines for biometric authentication. Leegality is regularly audited by independent third-party information security auditors empanelled by CERT-IN for compliance with UIDAI and governmental guidelines with respect to usage of Aadhaar details and compliance with digital signature regulations.

Leegality does not collect, process, or store any cardholder information (including card numbers, CVV, or expiry details). All payment transactions are securely handled by our PCI-DSS compliant payment gateway partner. This third party manages the end-to-end processing and storage of cardholder data in accordance with the highest industry security standards. Leegality receives only transaction status confirmations and never full payment details ensuring that all sensitive cardholder information remains entirely within the secure systems of the authorized payment processor.

Leegality is a document execution and contracting service directed to and intended for use only by those who are 18 years of age or over. We do not target Leegality at children, and we do not knowingly collect any personal data from any person under 18 years of age.

If you are under 18 or not legally able to enter into a contract, you cannot use our services or share any information with us.

• Location: Leegality stores and processes all personal data on AISPL servers within India, in compliance with applicable laws including the Digital Personal Data Protection Act, 2023 and related rules.
• Security measures: We implement comprehensive security controls to safeguard your data against loss, misuse, and unauthorized access. Data is protected through multiple layers of defense, including encryption in transit and at rest, network segmentation, and secure infrastructure configurations, with protection levels tailored to the sensitivity of the information.
  ‍
  

Leegality’s information security framework is certified under ISO/IEC 27001:2022 (Information Security Management Systems), ISO/IEC 27017:2015 (Cloud Service Security Controls), ISO/IEC 27018:2019 (Protection of Personally Identifiable Information in Cloud Environments), and SOC 2 Type II Attestation (Security, Availability, and Confidentiality). These certifications are maintained through regular, independent third-party audits.
‍

Access to systems and data is governed by strict access control policies aligned with the principle of least privilege. Access is granted only on a verified need-to-know basis through formal approval processes and is continuously monitored. All access, configurations, and activities are logged, reviewed, and periodically audited to ensure compliance and maintain the integrity of your data.

• Limitations: While we take reasonable measures to protect your information, no system is completely immune to risks like data breaches or malicious attacks. We cannot guarantee absolute security, and shall not be liable for unintended breaches due to factors such as malicious attacks, errors, or unauthorized access that are not wilfully caused by Leegality.

• We use secure servers to protect your data, however, using any online service carries some risks. We encourage you to follow good security practices like keeping your login details and passwords private.
• If you notice any suspicious activity, please reach out to our support team immediately on support@leegality.com.

At Leegality, we use third-party service providers to help us deliver and enhance our services. These third parties assist with essential functions such as hosting our platform, communicating with clients and signers through SMS or email, processing payments, providing Aadhaar authentication and electronic signature services etc. For enabling these services, we may share personal data with these third-party service providers where necessary. We may also anonymize and aggregate data collected and share it with third parties as required. While sharing such data we ensure that they also process personal data in line with the safeguards outlined in this Privacy Notice and in compliance with applicable laws. We do not target Leegality at children, and we do not knowingly collect any personal data from any person under 18 years of age.

Additionally, we may be required to disclose information when legally obligated to do so by courts or other competent authorities under applicable law.

We will make the changes promptly unless we are required to retain the personal data records and information as is under any applicable law or contractual obligations to Leegality Clients. We will also inform you and keep you updated about the action taken to process your request. 
‍

 If you wish to make any changes, withdraw your consent, or raise concerns about how we handle your data, feel free to reach out to us.

You can contact our Data Protection and Grievance Officer at:

• Name: Prakhar Agrawal
• Email: support@leegality.com
• Address: First Floor, Plot No. 444, Phase III, Udyog Vihar III, Sector 18, Gurugram

We’re here to help and will do our best to address your concerns as quickly as possible.

You can enable or block cookies by activating a setting on your browser allowing you to refuse cookies, or by using the cookie consent tool on our website. You can also delete cookies through your browser settings. If you turn off cookies, you can continue to use the website and Leegality, but certain services might not work effectively.

We will inform you (before collecting your personal data) if we intend to use your data for marketing. You can opt out from marketing by emailing us at support@leegality.com.

• Our company is based in India and follows Indian laws. This Privacy Notice is designed to meet the requirements of Indian law.
• While you might be able to access our platform from other countries, we don’t actively promote or advertise our services outside India. If you decide to use Leegality from outside India, you’re doing so on your own and are responsible for following your local laws.
  
• If you are accessing our platform from outside India, please note that we do not guarantee that this Privacy Notice complies with any other country’s laws. If your local laws don’t match what’s in this Notice or Indian laws, we recommend not using our services.

If there’s a disagreement about this Privacy Notice, we will resolve it in accordance with Indian laws and through arbitration. The sole arbitrator shall be appointed by the mutual consent of the parties, the process will be in English, and it’ll take place in Gurgaon, Haryana.