Privacy Policy
Effective date: 1 March 2026 · Governing law: India · Jurisdiction: Delhi High Court
RepuLex Legal ORM Services (“RepuLex”, “we”, “us”, or “our”), registered in India, operates this website and the legal online reputation management services described herein. This Privacy Policy explains how we collect, use, store, share, and protect your personal data in compliance with the Digital Personal Data Protection Act, 2023 (DPDPA), the Information Technology Act, 2000 and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 (“SPDI Rules”), and all other applicable Indian law.
By accessing our website or engaging our services, you (“Data Principal” under the DPDPA) consent to the practices described in this Policy. If you do not agree, please do not use our website or services.
1. Data Fiduciary Identity
The Data Fiduciary (as defined under DPDPA 2023) for all personal data processed through this website is:
Company: RepuLex Legal ORM Services
Address: New Delhi, India
Email: hello@repulex.com
Phone: +91-XXXXXXXXXX
2. Personal Data We Collect
We collect only the data necessary for legitimate purposes:
- Contact & Inquiry Data: Name, email address, phone number, and details you voluntarily submit through the consultation form, contact form, or WhatsApp link.
- Sensitive Personal Data (SPDI): Legal matter details you share with us (treated as confidential and protected under the SPDI Rules, 2011).
- Usage Data: IP address, browser type, pages visited, and session duration — collected automatically by our hosting provider (Vercel) for security and analytics.
- Cookie Data: Limited functional cookies required for the website to operate. We do not use third-party advertising cookies.
We do not collect Aadhaar numbers, PAN numbers, financial account details, passwords, biometric data, or health data through this website.
3. Purpose of Processing & Legal Basis
Under DPDPA 2023, we process your personal data for the following purposes and on the following lawful bases:
| Purpose | Lawful Basis |
|---|---|
| Responding to consultation requests and inquiries | Consent (DPDPA s.6) / Performance of contract |
| Providing legal ORM services you have engaged | Performance of contract |
| Sending case updates and service communications | Legitimate interests / Consent |
| Compliance with legal obligations (court orders, regulatory requirements) | Legal obligation (IT Act 2000, DPDPA s.7(d)) |
| Website security and fraud prevention | Legitimate interests |
| Improving our website and services (anonymised analytics) | Legitimate interests |
4. Sharing & Disclosure of Personal Data
We do not sell your personal data. We share it only:
- With our legal team and empanelled advocates — on a strict need-to-know basis under NDA, for case handling.
- With Data Processors — third-party service providers such as our website host (Vercel Inc., USA; covered by Standard Contractual Clauses), email service providers, and encrypted cloud storage — all bound by data processing agreements.
- With courts, tribunals, or law enforcement — where required by a valid court order, summons, or statutory obligation under the IT Act 2000, Bharatiya Nagarik Suraksha Sanhita 2023, or other applicable law.
- In connection with a business transfer — in the event of a merger, acquisition, or sale of assets, with prior notice to you where required by law.
Any cross-border transfer of data (e.g., to Vercel servers outside India) is conducted in compliance with DPDPA 2023 Section 16 and applicable Government of India notifications on permitted geographies.
5. Data Retention
We retain personal data only as long as necessary for the stated purpose:
- Inquiry / consultation data — 12 months from last interaction (unless a service engagement follows).
- Client matter data — for the duration of engagement plus 7 years (limitation period for legal claims under the Limitation Act, 1963).
- Website logs and analytics — up to 90 days.
After the retention period, data is securely deleted or anonymised.
6. Your Rights as Data Principal
Under the DPDPA 2023, you have the following rights, which you may exercise by contacting us at hello@repulex.com:
- Right of Access (s.11): Request a summary of personal data we hold about you and the processing activities.
- Right of Correction & Erasure (s.12): Request correction of inaccurate data or erasure of data no longer needed for the purpose for which it was given.
- Right to Grievance Redressal (s.13): Lodge a complaint with our Data Protection Officer.
- Right to Nominate (s.14): Nominate another individual to exercise your rights in the event of your death or incapacity.
- Right to Withdraw Consent (s.6(4)): Withdraw consent at any time; withdrawal does not affect processing already done.
- Right to complain to the Data Protection Board of India: If your grievance is not resolved to your satisfaction, you may approach the Data Protection Board under s.27 of the DPDPA 2023.
We will respond to verified requests within 30 days as required by the DPDPA.
7. Cookies
Our website uses only strictly necessary cookies required for functionality (e.g., session management). We do not use tracking cookies, third-party advertising cookies, or fingerprinting technology. You may disable cookies in your browser settings; however, some website features may not function correctly.
8. Security Measures
We implement reasonable security practices as required under Rule 8 of the SPDI Rules, 2011 and DPDPA 2023 Section 8(5), including:
- HTTPS/TLS encryption for all data in transit.
- Encrypted storage for sensitive client data.
- Access controls limiting data to authorised personnel only.
- Periodic security reviews.
In the event of a personal data breach that is likely to cause harm to Data Principals, we will notify the Data Protection Board of India as required under DPDPA 2023 Section 8(6).
9. Children’s Privacy
Our services are not directed to individuals under 18 years of age. We do not knowingly collect personal data from minors. If we become aware that we have inadvertently collected such data, we will delete it promptly in accordance with DPDPA 2023 Section 9.
10. Links to Third-Party Websites
This website may contain links to external sites (e.g., court portals, government databases). We are not responsible for the privacy practices or content of those sites. We encourage you to review their privacy policies before sharing any personal data with them.
11. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in law, our services, or our data practices. Material changes will be notified by posting the updated policy on this page with a revised effective date. Continued use of our website after such changes constitutes acceptance of the updated policy.
12. Grievance Officer / Data Protection Contact
For any privacy-related queries, complaints, or requests to exercise your rights under DPDPA 2023, please contact our designated officer:
Grievance Officer: RepuLex Data Protection Team
Email: hello@repulex.com
Phone: +91-XXXXXXXXXX
Address: New Delhi, India
Response time: within 30 days of receipt of request.
13. Governing Law & Jurisdiction
This Privacy Policy is governed by and construed in accordance with the laws of India, including the DPDPA 2023, IT Act 2000, and all subordinate legislation thereunder. Any disputes arising under this Policy shall be subject to the exclusive jurisdiction of the courts at New Delhi, India.