Privacy & Data Protection

Privacy Policy

Your privacy matters to us. This policy explains what personal data we collect, how we use it, and the rights you have over it — in plain language, without legal jargon.

Effective date: 18 May 2026Governed by: IT Act 2000 & SPDI Rules 2011

1. Introduction

Welcome to Founding Legals, a product of Arvya Tech Pvt. Ltd.(“Company”, “we”, “us”, or “our”), a company incorporated under the Companies Act, 2013 and headquartered in Bengaluru, Karnataka, India.

This Privacy Policy (“Policy”) describes how we collect, use, store, disclose, and protect information about you when you access or use our website at www.foundinglegals.com and our web application at app.foundinglegals.com (collectively, the “Platform”).

This Policy is published in compliance with the Information Technology Act, 2000 (“IT Act”) and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 (“SPDI Rules”). By using the Platform, you consent to the practices described herein. If you do not agree, please discontinue use of the Platform.

2. Information We Collect

We collect the following categories of information:

2.1 Information You Provide Directly

  • Account Information: Name, email address, mobile number, password.
  • Business Information:Company name, PAN, CIN, GST number, registered address, directors' details.
  • Identity Documents: Aadhaar, PAN card, passport, or other government-issued IDs submitted for KYC or compliance services.
  • Financial Information: Bank account details, invoices, payment records required for compliance or fund-raising services.
  • Communications: Messages, queries, or feedback you send us via email, contact forms, or support channels.

2.2 Information Collected Automatically

  • Usage Data: Pages visited, features used, time spent, clicks, and navigation patterns.
  • Device & Technical Data: IP address, browser type and version, operating system, device identifiers.
  • Cookies & Tracking: Session cookies, analytics cookies, and preference cookies as described in our Cookie Policy.
  • Log Data: Server logs including access timestamps, error logs, and referral URLs.

2.3 Information from Third Parties

  • Authentication data from Google OAuth when you use “Continue with Google”.
  • Payment status and transaction identifiers from payment processors (e.g., Razorpay).
  • Business registry information from MCA, GSTN, or other government portals used to verify your entity.

3. How We Use Your Information

We use the information we collect for the following purposes:

PurposeLawful Basis
Create and manage your accountPerformance of contract
Deliver incorporation, compliance, and legal servicesPerformance of contract
Process payments and issue invoicesPerformance of contract / Legal obligation
Send service updates, reminders and deadline alertsLegitimate interest / Consent
Verify identity for KYC under applicable lawLegal obligation
Improve Platform features and user experienceLegitimate interest
Detect fraud, abuse, or security threatsLegitimate interest / Legal obligation
Respond to customer support queriesPerformance of contract
Send marketing communications (only with consent)Consent
Comply with court orders, regulations, or government requestsLegal obligation

4. Sensitive Personal Data or Information (SPDI)

Under the SPDI Rules, 2011, certain categories of data are treated as “Sensitive Personal Data or Information”. We may collect the following SPDI in the course of providing our services:

  • Financial information (bank account, payment card details)
  • Identity documents (Aadhaar, PAN, passport) — collected only where legally required for compliance filings
  • Passwords (stored in hashed form; never in plain text)

We collect SPDI only with your explicit consent, only to the extent necessary for the stated purpose, and we retain it only as long as legally required or as needed to provide the service.

You have the right to withdraw consent, review, correct, or delete your SPDI at any time by contacting us at privacy@foundinglegals.com. Please note that withdrawal of consent may affect our ability to deliver certain services.

5. How We Share Your Information

We do not sell your personal data. We may share it in the following limited circumstances:

5.1 Service Providers & Partners

We engage trusted third-party service providers to assist in operating our Platform. These include:

  • Cloud hosting: Amazon Web Services (AWS) / Google Cloud Platform
  • Payment processing: Razorpay Financial Solutions Pvt. Ltd.
  • Authentication: Google Identity Services
  • Analytics: Google Analytics
  • Customer support: Intercom, Inc.
  • Communication: Twilio / SendGrid for email and SMS

All service providers are contractually bound to process data only as instructed and to maintain appropriate security measures.

5.2 Professional Partners

To deliver legal and compliance services, we work with empanelled Chartered Accountants (CAs), Company Secretaries (CS), and legal professionals. We share only the minimum data necessary for them to perform the requested service, under strict confidentiality obligations.

5.3 Government and Regulatory Authorities

We may disclose your information to government bodies such as the MCA, GSTN, DPIIT, Income Tax Department, or any court of competent jurisdiction when required by law or pursuant to a valid legal order.

5.4 Business Transfers

In the event of a merger, acquisition, restructuring, or sale of assets, your information may be transferred to the successor entity, who will be bound by this Policy.

5.5 With Your Consent

We may share your information with other parties if you explicitly consent to such sharing.

6. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes described in this Policy, and in any case for the minimum period required by applicable Indian law:

  • Account data: For the duration of your account, and up to 3 years after closure (for dispute resolution).
  • Financial records & invoices: 8 years as required by the Income Tax Act, 1961 and GST law.
  • Company incorporation documents: 8 years or as mandated by the Companies Act, 2013.
  • KYC documents: As required by applicable KYC/AML regulations.
  • Log data: 180 days as per IT (Intermediary Guidelines) Rules.
  • Marketing consent records: Until consent is withdrawn, plus 1 year.

After the applicable retention period, data is securely deleted or anonymised.

7. Data Security

We implement industry-standard security measures in accordance with Rule 8 of the SPDI Rules, 2011, including:

  • Encryption in transit: All data transmitted over the internet is protected using TLS 1.2+ (HTTPS).
  • Encryption at rest: Sensitive data is encrypted using AES-256 at rest on our servers.
  • Access controls: Role-based access control (RBAC) ensures only authorised personnel can access your data.
  • Password hashing: Passwords are stored using bcrypt; we never store plain-text passwords.
  • Regular audits: We conduct periodic security audits and vulnerability assessments.
  • Incident response: We maintain a documented incident response plan and will notify affected users in the event of a data breach as required by law.

While we take all reasonable precautions, no system is completely secure. You are responsible for keeping your account credentials confidential.

8. Your Rights

Under the IT Act, SPDI Rules, and general principles of Indian privacy law, you have the following rights regarding your personal data:

Right to Access

Request a copy of the personal data we hold about you.

Right to Rectification

Request correction of inaccurate or incomplete data.

Right to Erasure

Request deletion of your data, subject to legal retention obligations.

Right to Withdraw Consent

Withdraw consent for SPDI or marketing at any time.

Right to Grievance Redressal

Lodge a complaint with our Grievance Officer (details below).

Right to Data Portability

Request your data in a structured, commonly used format.

To exercise any of these rights, please contact our Grievance Officer at privacy@foundinglegals.com. We will respond within 30 days of receiving a verifiable request.

9. Cookies

We use cookies and similar tracking technologies on our Platform. For detailed information on what cookies we use, why we use them, and how you can control them, please read our Cookie Policy.

11. Children's Privacy

Our Platform is not directed at individuals under 18 years of age. We do not knowingly collect personal data from minors. If you believe we have inadvertently collected data from a minor, please contact us immediately at privacy@foundinglegals.com and we will delete such data promptly.

12. Cross-Border Data Transfers

Some of our third-party service providers (such as cloud providers and analytics tools) may process data outside India. When data is transferred internationally, we ensure adequate safeguards are in place through contractual clauses or the provider's adherence to equivalent data protection standards. By using the Platform, you consent to such transfers to the extent they are necessary for service delivery.

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or applicable law. When we make material changes, we will notify you by email (using the address associated with your account) and/or by displaying a prominent notice on the Platform at least 7 days before the changes take effect. Your continued use of the Platform after the effective date of the updated Policy constitutes your acceptance of the changes.

14. Grievance Officer

In accordance with the IT Act, 2000 and SPDI Rules, 2011, the details of our Grievance Officer are provided below. You may raise any privacy or data-related complaints with our Grievance Officer:

Grievance Officer — Arvya Tech Pvt. Ltd.

Name: Designated Grievance Officer, Founding Legals

Email: privacy@foundinglegals.com

Address: Arvya Tech Pvt. Ltd., Bengaluru, Karnataka, India

Response Time: Within 30 days of receipt of complaint

If you are not satisfied with the resolution provided by our Grievance Officer, you may approach the appropriate regulatory authority or court of competent jurisdiction in India.

Disclaimer: The information on the Founding Legals Platform constitutes technology assistance for legal and compliance workflows and does not constitute legal advice. For complex legal matters, please consult a qualified legal professional.