How LITT collects, uses, discloses, and protects your personal data.
This Privacy Policy explains how LITT Technologies Pvt. Ltd. ("LITT", "we", "us") collects, uses, discloses, and protects personal data when you use our platform and services (the "Platform"). It applies to: (a) general users ("Users/Clients"); (b) verified professionals (lawyers, company secretaries, chartered accountants, etc., "Professionals"); and (c) visitors to our websites and apps.
LITT is the "data controller" under GDPR for most activities described here and a "data fiduciary" under India's Digital Personal Data Protection Act, 2023 (DPDPA). For encrypted chat content between Users and Professionals, LITT operates a zero-access relay service (see Section 6): LITT does not have access to message content and is not the controller of that content; the relevant Professional is the controller for the professional-client relationship.
"Personal data"/"Personal information": any information that relates to an identified or identifiable individual.
"Processing": any operation performed on personal data (collection, storage, use, sharing, etc.).
"Controller"/"Data Fiduciary": the entity that determines the purposes and means of processing personal data.
"Processor"/"Data Processor": an entity that processes personal data on behalf of the controller.
"Sensitive personal data": categories that may attract additional safeguards under applicable laws (e.g., health data).
"Child": under DPDPA, an individual below 18 years of age.
We practice data minimization and collect only what is necessary.
Account Data: name, email, mobile number; authentication/verification information.
Query Intake (non-confidential): high-level, non-sensitive description of your matter to enable matching with a Professional. Please avoid including sensitive personal information at intake.
Device/Telemetry: IP address, device type, app version, and security logs for fraud prevention and service integrity.
Identity & Credentials: name, contact details, government ID (for verification), bar/ICAI/ICSI or other professional membership numbers, and credential documents.
Practice Profile: specialization, jurisdictions, languages, rates, availability.
Compliance & Screening: information required to perform verification and legal checks.
User–Professional Chats/Calls: end-to-end encrypted (E2EE). Message content is not accessible to LITT (see Section 6). Metadata (e.g., timestamps, delivery status) is minimized and retained only as necessary for security, abuse prevention, billing, and legal compliance.
Essential cookies support secure sign-in and core features. Non-essential analytics or marketing cookies are used only with consent (see Section 12).
Our Platform is not intended for use by children without appropriate consent. Under DPDPA, we do not knowingly process personal data of individuals under 18 without verifiable parental/guardian consent. Professionals are responsible for complying with any age-related obligations in their jurisdictions.
We use data for the purposes below under DPDPA and GDPR legal bases.
Account creation, authentication, and Platform security.
Professional verification and onboarding.
Matching Users and Professionals and facilitating secure communications.
Customer support and grievance redressal.
Compliance with law, prevention of fraud, security incidents, and enforcement of terms.
Service improvement, analytics (with consent where required), and product development.
Consent (DPDPA/GDPR Art. 6(1)(a)): for optional features (e.g., non-essential cookies; specific AI review initiated by you).
Contract (GDPR Art. 6(1)(b)): to provide requested services (account, verification, matching, support).
Legal Obligation (GDPR Art. 6(1)(c)): to comply with applicable laws (e.g., tax, regulatory, cybersecurity).
Legitimate Interests (GDPR Art. 6(1)(f)): to protect the Platform, prevent fraud/abuse, ensure service quality — balanced against your rights.
DPDPA "Legitimate Uses" (Sec. 7): e.g., for compliance with law; medical emergencies; disaster/public order; employment-related uses as applicable.
End-to-End Encryption (E2EE): Conversations between Users and Professionals are E2EE. Only the parties to the chat can decrypt content. LITT cannot read or access message content.
No PII to LLMs: We do not send personally identifiable information (PII) to third-party Large Language Models (LLMs).
User-Initiated AI Review: If you explicitly request an AI feature (e.g., "Verify Professional's Advice"), we first auto-redact PII and process only the anonymized text. Anonymized text is not logged or stored beyond providing the requested result.
No Automated Decision-Making With Legal Effects: We do not take decisions producing legal or similarly significant effects solely through automated processing.
We do not sell personal data. We share limited data only with:
Service providers/Processors under contract who provide hosting, security, anti-fraud, communications, and support services, bound by confidentiality and data protection obligations.
Professionals: When you choose to connect, we share only what is needed to facilitate engagement.
Legal/Regulatory: Where required by applicable law, court order, or lawful requests by authorities.
Corporate transactions: In reorganization/merger, your data will continue to be protected and you will be notified of material changes.
Where data is transferred cross-border, we implement safeguards: (a) under GDPR — adequacy decisions, Standard Contractual Clauses (SCCs), and transfer impact assessments as needed; (b) under DPDPA — transfers are permitted except to countries restricted by the Central Government, and we apply contractual and technical safeguards.
We retain personal data only as long as necessary for the purposes described or as required by law. Examples:
Account data: retained for your active account and deleted or anonymized within 90 days of closure (subject to legal holds).
Professional verification: retained only for the verification lifecycle and statutory retention obligations, then securely deleted.
Security logs: retained for limited periods consistent with legal requirements (e.g., CERT-In directions) and operational needs.
We use administrative, technical, and organizational measures including encryption in transit and at rest, E2EE for chats, access controls/least privilege, audit logging, secure SDLC, vulnerability management, and periodic assessments. We notify relevant authorities and affected individuals of personal-data breaches as required by law (e.g., GDPR within 72 hours; CERT-In timelines, where applicable).
Access a summary of your personal data processed.
Correction, completion, and erasure (when no longer necessary or consent is withdrawn).
Withdraw consent.
Grievance redressal and right to nominate (per DPDPA rules when in force).
Access, rectification, erasure, restriction, portability, and objection.
Right not to be subject to solely automated decisions with legal/similar effects.
Right to lodge a complaint with your supervisory authority.
Submit requests to privacy@litt.law. We may need to verify your identity. If your data is controlled by a Professional (e.g., E2EE chat content), we will direct you to the Professional's controller obligations while assisting to the extent feasible.
We may update this Policy to reflect operational or legal changes. We will notify you of material updates through the Platform or by email and indicate the effective date.
Grievance Officer (India): grievance@litt.law
Privacy Requests (global): privacy@litt.law
Postal Address: WASSERSTOFF RJ INNOVATIONS PRIVATE LIMITED, 802, Ansal Bhawan, 16, Kasturba Gandhi Marg, Connaught Place, New Delhi, Central Delhi — 110001, Delhi
EU/UK: If and where required, we will appoint an EU representative/UK representative and publish their contact details here.
Consent: clear, specific, informed, and freely given; you may withdraw consent anytime using in-product controls or by contacting us.
Legitimate Uses: processing without consent where permitted by law (e.g., compliance with legal obligation; medical emergencies; disaster/public order; employment-related purposes), subject to necessity and proportionality.
Children: we obtain verifiable parental consent for processing data of children (under 18).
Significant Data Fiduciary: If designated, LITT will comply with additional requirements (DPIA, DPO, audits, etc.).
Controller: LITT Technologies Pvt. Ltd. (for activities described in Section 1). In E2EE chats, the Professional is the controller of content.
Transfers: When transferring data outside the EEA/UK, we rely on adequacy, SCCs, and appropriate safeguards.
Supervisory Authority: You may lodge a complaint with your local data protection authority.
Confidentiality of Communications: Your communications with Professionals are end-to-end encrypted. LITT cannot access chat content. We do not send personal identifying information to LLMs or save such information with AI systems. Only anonymized briefs with broad legal issues may be shown to prospective lawyers if, and only if, you choose to seek a lawyer on our Platform.
AI as Assistive Technology: AI may occasionally generate incorrect, incomplete, or outdated information ("hallucinations"). All outputs should be independently verified by you or a certified professional. Nothing on the Platform constitutes legal advice from LITT; the Professional you engage is solely responsible for any legal advice provided.