Privacy Policy

Last updated: 09 Oct 2025

i-Legal ("we", "our", "us") provides a workflow app for lawyers at https://i-legal.in. This policy explains what we collect, how we use it, and the choices you have — including for Google Calendar data if you connect your account.

1) What we collect

  • Account & usage: name, email (from sign-up), basic app events (e.g., button clicks, page views) to operate and improve the service.
  • App content you add: matters/cases, notes, comments, documents (if you upload them).
  • Google Calendar (optional, read-only): if you connect Google Calendar, we request the minimal read scope https://www.googleapis.com/auth/calendar.readonly. We read only what is needed to display your events next to your case calendar:
    • Event ID, title (summary), start/end time or all-day date.
    • We do not write to your Google Calendar.
    • We do not use event descriptions, attendees, attachments, or reminders for any other purpose.

2) How we use your data

  • To provide core features (e.g., show upcoming hearings and your Google events together).
  • To maintain the service (security, debugging, preventing abuse).
  • To improve UX (aggregate, de-identified analytics).

3) Google API Services User Data Policy & Limited Use

i-Legal’s use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. In particular:

  • We only use Google data to provide user-facing features you request (showing your events in i-Legal).
  • We do not sell Google data. We do not serve or facilitate advertising using Google data.
  • We do not transfer Google data except to service providers acting on our behalf (see Section 5).
  • We do not combine Google data with non-Google data for targeted advertising.
  • No human reading by default: Humans do not read your Google data unless required for security, debugging, or to comply with law, and only to the minimum necessary.
  • No AI/ML training: We do not use Google user data to train or improve AI or machine-learning models.

4) Storage & retention

  • Google tokens: We store your Google refresh token in our database table private_google_tokens(user_id, refresh_token, created_at) so the app can fetch read-only events while you’re signed in. Access tokens are short-lived and not stored long-term.
  • Event data: Events fetched from Google are used in-session to render your calendar. We don’t persist Google event payloads to our database.
  • Retention: Your Google refresh token is kept until you disconnect (see Section 6) or your account is deleted. Other app data is retained as long as your account remains active or as required by law.
  • Deletion SLA: When you disconnect Google or delete your account, we delete your Google refresh token within 30 days.

5) Sharing & processors

We do not sell your personal data. We share data only with service providers that help us run i-Legal (e.g., cloud hosting, database/auth, error monitoring). These providers may process limited data strictly under our instructions and contracts. Examples include our hosting provider and our database/auth provider (Supabase).

6) Your choices & controls

  • Disconnect Google Calendar: In the app, click Disconnect Google Calendar (this calls /api/google/disconnect) to revoke your refresh token and stop further access.
  • Revoke in Google: You can also remove i-Legal’s access from your Google Account at myaccount.google.com/permissions.
  • Access, correction, deletion: Email us at [email protected] to access your data, correct inaccuracies, or request deletion.

7) Security

Data is transmitted over TLS. Google refresh tokens are stored server-side behind row-level security and access controls. No system can be 100% secure; we work to protect your information and notify you of material incidents as required by law.

8) Children

i-Legal is not directed to children under the age of 18. If you believe a child has provided us data, contact us for removal.

9) International & India DPDP

We operate in India and aim to align with the Digital Personal Data Protection Act, 2023 (DPDP). Where applicable, we will honor local rights and obligations.

10) Changes to this policy

We may update this policy to reflect changes in our practices. If changes are material, we will provide notice (e.g., in-app banner or email) and update the "Last updated" date above.

11) Contact

Questions? Email [email protected].

🔒 Google Calendar is read-only. We never modify your calendar. Disconnect anytime from the app.

⚖️ Not for legal evidence — data is for convenience only; verify with official records.