RERALex← Back to site

Privacy Policy

Last updated: April 30, 2026
📑 Table of contents (36 sections)
  1. 1. Introduction
  2. 2. Data Fiduciary
  3. 3. Data We Collect
  4. 3.1 Account & Identity Data
  5. 3.2 Subscription & Billing Data
  6. 3.3 Usage Data
  7. 3.4 Communication Data
  8. 3.5 AI Interaction Data
  9. 3.6 Cookies and Similar Technologies
  10. 3.7 Data We Do NOT Collect
  11. 4. How We Use Your Data
  12. 5. Data Sharing
  13. 5.1 Service Providers (Data Processors)
  14. 5.2 Legal Disclosures
  15. 5.3 Business Transfers
  16. 5.4 No Sale of Data
  17. 6. Data Retention
  18. 7. Your Rights Under DPDP Act 2023
  19. 7.1 Right to Access
  20. 7.2 Right to Correction
  21. 7.3 Right to Erasure
  22. 7.4 Right to Grievance Redressal
  23. 7.5 Right to Nominate
  24. 7.6 Right to Withdraw Consent
  25. 7.7 How to Exercise Rights
  26. 8. Data Security
  27. 8.1 Data Breach Notification
  28. 9. Data Localization
  29. 10. Cookies
  30. 11. Children's Privacy
  31. 12. Third-Party Links
  32. 13. AI and Automated Processing
  33. 14. Marketing Communications
  34. 15. International Users
  35. 16. Changes to This Policy
  36. 17. Contact

Privacy Policy

Effective Date: April 30, 2026

Last Updated: April 30, 2026

1. Introduction

This Privacy Policy explains how RERALex Technologies ("RERALex", "we", "us") collects, uses, stores, and protects your personal data when you use our Platform.

We comply with the Digital Personal Data Protection Act, 2023 ("DPDP Act"), the Information Technology Act, 2000, and applicable rules.

2. Data Fiduciary

Under the DPDP Act, RERALex acts as the Data Fiduciary for your personal data:

  • Legal Name: RERALex Technologies
  • Registered Office: Mumbai, Maharashtra 400001, India
  • CIN: (application pending)
  • Data Protection Officer: Surendra Bhilwal
  • DPO Contact: privacy@reralex.com

3. Data We Collect

3.1 Account & Identity Data

  • Full name, profession (Advocate/Judge/CA/Student/Public), mobile number, email
  • Organization name (if applicable), state, city
  • Password (stored in hashed form using industry-standard algorithms)

3.2 Subscription & Billing Data

  • Plan selection, payment status, transaction IDs
  • GSTIN (if provided), billing address
  • Payment instrument details are processed by Razorpay — we do not store full card or bank details on our servers.

3.3 Usage Data

  • Search queries, viewed judgments, bookmarks, notes, alerts
  • Reading time, pages visited, features used
  • Device type, browser, operating system, IP address (for security)
  • Session timestamps and login history

3.4 Communication Data

  • Support tickets, feedback, emails, in-app messages

3.5 AI Interaction Data

  • AI prompts you submit and AI responses generated
  • Used to improve AI quality and detect misuse

3.6 Cookies and Similar Technologies

  • Session cookies (essential for login)
  • Analytics cookies (with consent)
  • See our Cookie Policy for full details

3.7 Data We Do NOT Collect

  • Sensitive personal data (health, biometrics, financial details beyond payment) — unless explicitly required and consented to
  • Children's data — we do not knowingly collect data of users below 18

4. How We Use Your Data

We process your data for the following specified purposes under the DPDP Act:

Purpose Legal Basis
Account creation and authentication Consent + Contract
Providing search, AI, and research features Contract
Processing payments and generating GST invoices Contract + Legal Obligation
Sending transactional emails (login alerts, payment receipts, alerts you set) Contract
Sending marketing emails (only with explicit opt-in) Consent
Detecting fraud, abuse, scraping Legitimate Use
Improving Platform features and AI quality Consent
Compliance with court orders, legal requests Legal Obligation
Customer support Contract

We do NOT sell your personal data.

We do NOT share your search history with third parties for advertising.

5. Data Sharing

5.1 Service Providers (Data Processors)

We share data with carefully selected processors under written data processing agreements:

Processor Purpose Data Shared
AWS (Mumbai region) Hosting, storage All Platform data
Razorpay Payment processing Name, email, payment details
Resend / SMTP Transactional emails Name, email
Sentry Error monitoring Technical logs (PII redacted)
Anthropic / OpenAI AI features Anonymized prompt content

5.2 Legal Disclosures

We may disclose data when legally required:

  • Court orders, summons, subpoenas
  • Government investigations (with legal review)
  • To enforce our Terms or protect our rights
  • To prevent imminent harm or fraud

5.3 Business Transfers

In a merger, acquisition, or asset sale, your data may transfer to the new entity, subject to this Privacy Policy.

5.4 No Sale of Data

We do not sell, rent, or trade personal data to third parties for marketing.

6. Data Retention

Data Type Retention Period
Account data Duration of account + 90 days post-deletion
Subscription/billing records 8 years (Income Tax Act requirement)
Search history, usage logs 12 months (rolling)
AI conversation logs 6 months (rolling)
Audit and security logs 7 years (legal records standard)
Marketing preferences Until you withdraw consent
Support tickets 3 years post-resolution

After retention periods, data is securely deleted or anonymized.

7. Your Rights Under DPDP Act 2023

7.1 Right to Access

Request a copy of personal data we hold about you. We respond within 30 days.

7.2 Right to Correction

Request correction of inaccurate or incomplete data.

7.3 Right to Erasure

Request deletion of your data, subject to:

  • Legal retention requirements (e.g., tax records)
  • Active subscription obligations
  • Pending legal claims

7.4 Right to Grievance Redressal

File a complaint with our Data Protection Officer at privacy@reralex.com.

7.5 Right to Nominate

Nominate a person to exercise these rights on your behalf in case of death or incapacity (DPDP Act Section 14).

7.6 Right to Withdraw Consent

Withdraw consent for non-essential processing (e.g., marketing emails) anytime.

7.7 How to Exercise Rights

  • Email: privacy@reralex.com
  • Subject: "DPDP Rights Request"
  • Include: full name, registered email, specific right(s) being exercised

We will respond within 30 days. If unsatisfied, you may approach the Data Protection Board of India.

8. Data Security

We implement reasonable security practices per ISO/IEC 27001 principles and the IT (Reasonable Security Practices) Rules, 2011:

  • Encryption in transit: TLS 1.3
  • Encryption at rest: AES-256
  • Password hashing: bcrypt/argon2
  • Access controls: role-based, audit-logged
  • Network security: Cloudflare WAF, rate limiting
  • Regular backups: encrypted, retained 30 days
  • Incident response plan: documented
  • Employee access: limited, on need-to-know basis

8.1 Data Breach Notification

In the event of a data breach affecting your personal data, we will notify:

  • The Data Protection Board within the timeframe required under DPDP Act rules
  • Affected users as soon as practicable
  • Provide details of the breach, data affected, and remediation steps

9. Data Localization

Your data is stored on servers located in India (Mumbai, AWS ap-south-1).

If we transfer data outside India for service providers, such transfers comply with Section 16 of the DPDP Act and are subject to government notifications.

10. Cookies

We use cookies for:

  • Strictly necessary (login sessions): Always active
  • Analytics (internal): With consent
  • Preferences (UI settings): With consent

You can manage cookie preferences in your browser or our cookie banner. See Cookie Policy for full details.

11. Children's Privacy

RERALex is not intended for users under 18 years of age. We do not knowingly collect data from minors. If we learn we have collected data from a minor without verifiable parental consent, we will delete it.

12. Third-Party Links

The Platform may link to external sites (court websites, etc.). We are not responsible for their privacy practices.

13. AI and Automated Processing

When you use AI features:

  • Prompts are processed by AI models (Anthropic Claude / OpenAI / similar)
  • Inputs and outputs are logged for quality improvement (with PII redaction where possible)
  • AI does not make decisions with legal effect on you
  • You may opt out of AI quality improvements by contacting privacy@reralex.com

14. Marketing Communications

You will receive:

  • Always: Account, billing, security, and service-critical emails
  • Only with consent: Marketing emails, newsletters, product updates

You can unsubscribe from marketing emails anytime via the link in each email or in account settings.

15. International Users

If you access the Platform from outside India, your data is transferred to and processed in India. By using the Platform, you consent to such transfer.

16. Changes to This Policy

Material changes will be notified via:

  • Email to your registered address (15 days advance notice)
  • In-app notification on next login
  • Notice on this page

The "Last Updated" date will reflect the latest revision.

17. Contact

Data Protection Officer / Privacy Concerns: privacy@reralex.com

Grievance Officer: grievance@reralex.com

Postal: Mumbai, Maharashtra 400001, India

Response Time: Within 15 working days

By using RERALex, you acknowledge you have read and understood this Privacy Policy.