🔒 Privacy Policy

Last Updated: 26/09/2023

Welcome to DigiLog by Getnomik ("DigiLog", "we", "our", or "us"). This Privacy Policy explains how we collect, use, disclose, store, and protect your personal information when you use the DigiLog platform, website, mobile application, and all related services (collectively, the "Services").

This Privacy Policy is incorporated into and forms part of our Terms & Conditions. By accessing or using the Services, you consent to the collection and processing of your information as described in this Privacy Policy. If you do not agree, please discontinue use of our Services immediately.

This policy is published in compliance with the Information Technology Act, 2000 and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 ("SPDI Rules"), and other applicable Indian data protection laws.

1. Information We Collect

We collect personal information and data from you in the following categories:

1.1 Information You Provide Directly

• Registration Data: Full legal name, username, email address, phone number, and password (stored in encrypted form).
• Professional Data: Firm name, licence or registration number, bar council membership details, and professional designation.
• Client & Case Data: All records, documents, agreements, notes, and information you upload, create, or store through the platform in connection with your clients and matters ("User Data").
• Communications: Messages you send to our support team, feedback submissions, and responses to surveys.
• Payment Information: Billing name, billing address, and payment method details. Full card details are never stored by DigiLog and are processed exclusively by our PCI-DSS compliant third-party payment gateway.

1.2 Information We Collect Automatically

• Usage Data: Pages visited, features used, actions taken within the platform, timestamps, and session duration.
• Device & Technical Data: IP address, browser type and version, operating system, device identifiers, screen resolution, and referring URLs.
• Log Data: Server logs, error reports, and audit trails of account activity, including login events, document access, and signature events.
• Cookies & Tracking Technologies: We use cookies, web beacons, and similar technologies to maintain session state, remember preferences, and analyse usage. See Section 10 for details.

1.3 Information from Third Parties

• Google Sign-In: If you register or log in using Google OAuth, we receive your name, email address, and profile picture from Google, subject to your Google account privacy settings.
• Payment Processors: Our payment gateway may share transaction confirmation and billing status information with us.
• Identity Verification Providers: Where applicable, we may receive credential verification data from third-party professional verification services.

2. Sensitive Personal Data or Information (SPDI)

Under the SPDI Rules, 2011, certain categories of information are classified as "sensitive personal data or information" and are subject to heightened protections. In the context of DigiLog, SPDI may include:

• Financial information such as payment details.
• Biometric data if you use any biometric authentication feature.
• Any health, medical, or other sensitive information contained in the documents or client records you store on the platform.

We collect SPDI only with your explicit, informed consent and use it solely for the purpose for which it was collected. You may withdraw consent at any time by contacting us, subject to applicable legal requirements.

3. How We Use Your Information

We use the personal information and data we collect for the following purposes:

• Account Management: To create, maintain, and secure your DigiLog account and to verify your identity and professional credentials.
• Service Delivery: To provide, operate, maintain, and improve the Services, including document management, e-signature features, and client record management.
• Subscription & Billing: To process payments, manage your subscription, send invoices, and handle billing disputes.
• Customer Support: To respond to your queries, complaints, and support requests in a timely and effective manner.
• Communications: To send you transactional emails (e.g., account activation, password reset), service announcements, security alerts, and — where you have consented — product updates and promotional communications.
• Security & Fraud Prevention: To monitor for and prevent fraudulent activity, unauthorised access, and violations of our Terms & Conditions.
• Legal Compliance: To comply with our legal obligations, respond to lawful requests from public authorities, and enforce our rights under these Terms.
• Analytics & Improvement: To analyse aggregate, anonymised usage data to understand how users interact with the platform and to improve its features and performance.
• Audit Trails: To maintain tamper-evident logs of signature events and document access for evidentiary and compliance purposes.

We will not use your personal information for any purpose that is incompatible with the purposes described above without first seeking your explicit consent.

4. Legal Basis for Processing

We process your personal information on the following legal bases:

• Contractual Necessity: Processing is necessary to perform our contractual obligations to you under the Terms & Conditions and this Privacy Policy.
• Consent: Where we rely on your consent (e.g., for marketing communications or SPDI), you may withdraw that consent at any time.
• Legal Obligation: Processing is necessary for compliance with applicable laws, court orders, or government regulations.
• Legitimate Interests: Processing is necessary for our legitimate business interests (such as fraud prevention, platform security, and service improvement), provided such interests are not overridden by your rights and freedoms.

5. Disclosure & Sharing of Information

We do not sell, rent, trade, or otherwise disclose your personal information to third parties for their own marketing purposes. We may share your information in the following limited circumstances:

• Service Providers: We engage trusted third-party vendors to perform functions on our behalf, including cloud hosting, payment processing, email delivery, and analytics. These providers are contractually bound to process your data only on our instructions and in accordance with applicable law.
• Professional Verification: We may share your licence or registration details with bar councils or notarial bodies to verify your credentials.
• Legal Requirements: We may disclose your information where required by law, court order, subpoena, or government regulation, or where we believe disclosure is necessary to protect our legal rights, prevent fraud, or ensure the safety of any person.
• Business Transfers: In the event of a merger, acquisition, restructuring, or sale of all or part of our business assets, your personal information may be transferred to the acquiring entity, subject to equivalent privacy protections.
• With Your Consent: We may share your information with third parties where you have given your explicit consent to such sharing.

Where we share data with third parties, we take reasonable steps to ensure they maintain appropriate security and confidentiality standards.

6. Data Security

We implement industry-standard technical and organisational security measures to protect your personal information from unauthorised access, disclosure, alteration, loss, or destruction. These measures include:

• End-to-end encryption of data in transit using TLS/SSL protocols.
• Encryption of sensitive data at rest using AES-256 or equivalent standards.
• Role-based access controls ensuring that only authorised personnel can access your data.
• Multi-factor authentication (MFA) options for account access.
• Regular security audits, penetration testing, and vulnerability assessments.
• Tamper-evident audit logs for all critical actions, including document access and signature events.
• Secure data centres with physical access controls and redundancy measures.

Notwithstanding the above, no method of transmission over the internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal data, we cannot guarantee absolute security. In the event of a data breach that is likely to result in high risk to your rights and freedoms, we will notify you and relevant authorities as required by applicable law.

7. Data Retention

We retain your personal information and User Data only for as long as necessary to fulfil the purposes for which it was collected, or as required by applicable law:

• Active Account Data: Retained for the duration of your subscription and for a period of 90 days following account closure or termination.
• Audit Logs & Signature Records: Retained for a minimum of 7 years in accordance with applicable document retention requirements for legal and notarial records.
• Financial Records: Retained for a minimum of 7 years as required under Indian accounting and tax laws.
• Support Communications: Retained for a period of 2 years from the date of the communication.

After the applicable retention period, your data will be securely deleted or anonymised. You may request early deletion of your data subject to the limitations described in Section 9.

8. Cross-Border Data Transfers

DigiLog is operated primarily within India. However, some of our third-party service providers (such as cloud hosting or email delivery providers) may process or store your data outside India. Where such transfers occur, we ensure that appropriate safeguards are in place — including standard contractual clauses or equivalent mechanisms — to protect your personal information in accordance with applicable law.

By using the Services, you consent to the transfer of your information to countries outside India where our service providers operate, subject to the protections described in this policy.

9. Your Rights & Choices

Subject to applicable law and certain exceptions, you have the following rights in relation to your personal information:

• Right to Access: You may request a copy of the personal information we hold about you.
• Right to Correction: You may request that we correct any inaccurate or incomplete personal information.
• Right to Deletion: You may request the deletion of your personal information, subject to our legal obligations and legitimate interests (e.g., ongoing legal proceedings or mandatory retention periods).
• Right to Withdraw Consent: Where processing is based on your consent, you may withdraw consent at any time without affecting the lawfulness of prior processing.
• Right to Object: You may object to processing for direct marketing purposes at any time.
• Right to Data Portability: You may request a copy of your User Data in a structured, commonly used, machine-readable format.
• Right to Opt Out of Communications: You may unsubscribe from marketing communications at any time by clicking the "unsubscribe" link in any email or by contacting us.

To exercise any of the above rights, please contact us at support@getnomik.com. We will respond to verified requests within 30 days. We may ask you to verify your identity before processing any request.

10. Cookies & Tracking Technologies

DigiLog uses cookies and similar tracking technologies to improve your experience on the platform. These include:

• Essential Cookies: Required for core platform functionality such as session management, authentication, and security. These cannot be disabled.
• Preference Cookies: Used to remember your preferences and settings, such as language or display options.
• Analytics Cookies: Used to collect anonymised data on how users interact with the platform, helping us improve features and performance. We use tools such as Google Analytics for this purpose.
• Marketing Cookies: Where you have consented, used to deliver relevant communications and measure their effectiveness.

You may control cookies through your browser settings. Disabling certain cookies may affect the functionality of the platform. For more information on managing cookies, please refer to your browser's help documentation.

11. Children's Privacy

The Services are intended solely for use by legal professionals and are not directed at individuals under the age of 18. We do not knowingly collect personal information from children. If you believe that a child has provided us with personal information, please contact us immediately at support@getnomik.com and we will take prompt steps to delete such information.

12. Attorney-Client Privilege & Professional Secrecy

DigiLog acknowledges the critical importance of attorney-client privilege, professional secrecy, and notarial confidentiality obligations. Accordingly:

• DigiLog personnel do not access your client records, case files, or documents except where strictly necessary to provide technical support and only with your explicit authorisation.
• You are responsible for ensuring that your use of DigiLog does not compromise your professional confidentiality obligations under the Bar Council of India Rules, the Notaries Act, 1952, or other applicable professional conduct rules.
• We will not voluntarily disclose the contents of your client files to any third party. Where we receive a lawful request from a court or government authority, we will notify you to the extent permitted by law before making any disclosure.

13. Third-Party Links & Services

The Services may contain links to third-party websites or integrate with third-party applications. This Privacy Policy applies solely to information collected by DigiLog. We are not responsible for the privacy practices of third-party sites or services. We encourage you to review the privacy policies of any third-party services you access through DigiLog.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. Where changes are material, we will notify you by email or by posting a prominent notice on the platform at least 14 days before the changes take effect. The "Last Updated" date at the top of this policy indicates when the most recent changes were made.

Your continued use of the Services following the effective date of any changes constitutes your acceptance of the revised Privacy Policy. We encourage you to review this policy periodically.

15. Grievance Officer

In accordance with the Information Technology Act, 2000 and the SPDI Rules, 2011, we have designated a Grievance Officer to address any concerns or complaints regarding the processing of your personal data:

Grievance Officer
Getnomik Pvt. Ltd.
Email: support@getnomik.com
Address: Idar, Gujarat, India.
Response Time: We will acknowledge your grievance within 24 hours and endeavour to resolve it within 30 days of receipt.

16. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Getnomik Pvt. Ltd.
Email: support@getnomik.com
Website: https://getnomik.com
Address: Idar, Gujarat, India.

17. Acceptance

BY REGISTERING AN ACCOUNT OR USING DIGILOG, YOU CONFIRM THAT YOU HAVE READ AND UNDERSTOOD THIS PRIVACY POLICY AND CONSENT TO THE COLLECTION, USE, STORAGE, AND DISCLOSURE OF YOUR PERSONAL INFORMATION AS DESCRIBED HEREIN. IF YOU DO NOT AGREE, YOU MUST DISCONTINUE USE OF THE SERVICES IMMEDIATELY.