Privacy Policy

Last Updated: March 9, 2026  |  Effective Date: March 9, 2026

Compliance with DPDPA, 2023

This Privacy Policy is drafted in compliance with the Digital Personal Data Protection Act, 2023 (DPDPA) enacted by the Parliament of India. FinLawExperts acts as a Data Fiduciary under the DPDPA. You, the user, are a Data Principal. We process your personal data only with your explicit, free, informed, and unambiguous consent, and only for the purposes specified below.

1. Information We Collect

a) Information You Provide

• Expert Registration: Name, email address, phone number, city, address, professional credentials (ICAI Membership / Bar Council ID), qualification, experience, bio, practice areas, UPI ID (for receiving payments), and Aadhaar-based identity verification (via DigiLocker / UIDAI).
• Client Registration: Name and email address (via Google Sign-In).
• Booking Information: Selected expert, date, time slot, consultation mode (video/in-person), and service brief.
• Payment Information: Payment transaction IDs processed through Razorpay. We do NOT store your credit/debit card details.
• Reviews: Star ratings and text comments left after consultations.

b) Information Collected Automatically

• Google Account Data: When you sign in with Google, we receive your name, email address, and profile photo.
• Usage Data: Pages visited, search queries, time spent on pages.
• Device Information: Browser type, device type, and operating system.

2. How We Use Your Information

We use the information collected to:

• Create and manage your account (expert or client).
• Match clients with relevant experts based on their needs.
• Process consultation bookings and payments.
• Display expert profiles, ratings, and reviews to clients.
• Send booking confirmations and reminders.
• Improve our platform, search algorithm, and user experience.
• Prevent fraud and ensure platform security.
• Comply with legal obligations.

3. Information Sharing

We do NOT sell your personal information. We share data only in these limited cases:

• Between Expert and Client: After a confirmed booking, the client receives the expert's contact details (name, phone, address) for the consultation. Expert details are NOT visible before payment.
• Payment Processor: Razorpay processes all payments. Their privacy policy governs payment data handling. Visit razorpay.com/privacy.
• Firebase/Google Cloud: We use Firebase for authentication, database, and hosting. Data is stored on Google Cloud infrastructure. Visit Firebase Privacy.
• Legal Requirements: If required by law, court order, or government authority.

4. Data Storage & Security

• All data is stored on Google Firebase/Cloud servers with encryption at rest (AES-256) and in transit (TLS/SSL).
• We use Firebase Authentication with Google OAuth for secure sign-in.
• Firebase App Check (reCAPTCHA v3) is enabled to prevent unauthorized API access.
• Firestore Security Rules restrict data access based on user roles.
• Payment card details are never stored on our servers — Razorpay handles all payment processing securely (PCI-DSS compliant).

5. Cookies

We use the following cookies:

• Firebase Authentication Cookies: Essential for keeping you logged in. These are necessary cookies and cannot be disabled.
• Google reCAPTCHA Cookies: Used by Firebase App Check to verify legitimate traffic.

We do NOT use advertising or tracking cookies.

6. Your Rights (Under DPDPA, 2023)

As a Data Principal under the DPDPA, you have the following rights:

• Right to Access: You can request a summary of your personal data being processed and the processing activities undertaken, by contacting our Grievance Officer.
• Right to Correction: Update or correct your profile information at any time through your dashboard, or request correction by contacting us.
• Right to Erasure: Request complete deletion of your account and all associated personal data. You can do this directly from your dashboard ("Delete My Account & Data") or by emailing our Grievance Officer. Deletion will be completed within 30 days, except where retention is required by law.
• Right to Withdraw Consent: You may withdraw your consent at any time by deleting your account. Withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal.
• Right to Grievance Redressal: You can raise a complaint with our Grievance Officer. If not resolved within 30 days, you may approach the Data Protection Board of India.
• Right to Nominate: You may nominate another individual to exercise your rights in the event of your death or incapacity.

7. Data Retention

• Expert Profiles: Retained as long as the account is active. Deleted within 30 days of account deletion request.
• Booking Records: Retained for 3 years for legal and tax compliance purposes.
• Payment Records: Retained for 7 years as required by Indian tax law.
• Reviews: Retained permanently as part of the platform's trust system, unless removal is requested and approved.

8. Children's Privacy

FinLawExperts is not intended for use by individuals under 18 years of age. We do not knowingly collect personal information from minors.

9. Third-Party Links

Our platform may contain links to third-party websites (Razorpay, Google). We are not responsible for the privacy practices of these external sites.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with a revised "Last Updated" date. Continued use of the platform after changes constitutes acceptance of the updated policy.

11. Consent

By signing up on FinLawExperts (as an Expert or Client), you provide explicit consent to the collection and processing of your personal data for the purposes described in this policy. Your consent is recorded with a timestamp in our systems. You may withdraw consent at any time by deleting your account from the dashboard or by contacting our Grievance Officer.

12. Data Breach Notification

In the event of a personal data breach, FinLawExperts will:

• Notify the Data Protection Board of India within 72 hours of becoming aware of the breach.
• Notify affected Data Principals (users) without unreasonable delay.
• Take immediate steps to mitigate the impact of the breach and prevent future occurrences.

13. Governing Law

This Privacy Policy is governed by the laws of India, including the Digital Personal Data Protection Act, 2023 and rules made thereunder. Any disputes shall be subject to the exclusive jurisdiction of the courts in Mohali, Punjab, India.

14. Grievance Officer

In accordance with the DPDPA, 2023, FinLawExperts has appointed a Grievance Officer to address your concerns regarding data processing:

If you are not satisfied with the resolution provided by the Grievance Officer, you may file a complaint with the Data Protection Board of India as established under the DPDPA, 2023.

15. Contact Us

For general queries about this Privacy Policy or your data: