Privacy policy

1. Who We Are

This Privacy Policy explains how Battery Bhaiya Green Solutions Private Limited (“Company”, “we”, “us”) collects, uses, stores, shares, and protects your personal data when you use the following services:

• Clauseo at clauseo.chat (the “Main App”), an AI legal research platform for Indian-law lawyers; and
• CompetitionSearch at competition.clauseo.chat (the “CCI Search Engine”), a specialised search platform for Competition Commission of India cases.

These services are collectively referred to as the “Services”.

This Privacy Policy should be read together with our Terms of Use, which govern your access to and use of the Services.

Grievance Officer: Rohan Shiralkar
Email: help@clauseo.chat
Address: 113/141, Swaroop Nagar, Kanpur, Uttar Pradesh, India 208002

—

2. Scope

This Policy covers personal data that we process about: (a) registered users and account holders; (b) visitors to our websites and applications; (c) billing contacts; and (d) individuals who contact us for support or enquiries.

This Policy also applies to personal data contained in materials that you upload to the Services, such as legal documents, case files, or other files, to the extent that such materials contain personal data and we process or store that data in order to provide the Services.

This Policy does not apply to: (a) publicly available legal information such as court judgments, CCI orders, or statutes accessed through the Services; or (b) third-party services that may be linked from the Services. Those services operate under their own privacy policies.

—

3. Data We Collect

3.1 Account & Identity Data

3.2 Content Data

Main App:

• Chat messages and research queries you type
• AI-generated research output (case analysis, citations, summaries, generated documents)
• Files you upload (PDFs, images, text documents) — stored as part of conversation history
• Conversation branches (when you edit a prior message to explore alternative research paths)
• Tool call details and per-message cost breakdowns

CCI Search Engine:

• Search queries and applied filters
• Saved list names, descriptions, and case selections
• Notes you add to saved cases
• Search history records (query, filters, result count, timestamp)

3.3 Billing & Transaction Data

• Credit purchase amounts and timestamps
• Razorpay payment and order identifiers
• Credit balance and consumption records
• GST details (if provided)

We do not store your payment card details, bank account numbers, or UPI IDs. These are processed directly by Razorpay and never reach our servers.

3.4 Usage & Device Data

• IP address and approximate geolocation
• Browser type, operating system, device information
• Pages visited, features used, and interaction patterns
• Session duration and navigation paths
• Error logs and performance diagnostics
• Analytics identifiers (Vercel Analytics, PostHog)

3.5 Support & Communications Data

• Support emails, feedback, and feature requests
• Session metadata shared for troubleshooting

—

4. How We Collect Data

• Directly from you: When you create an account, use the chat, upload files, make purchases, submit support requests, or adjust settings.
• From authentication providers: Clerk provides us with your user identifier, email, name, and authentication metadata when you sign in (including via Google OAuth).
• From payment processors: Razorpay provides transaction confirmations, order IDs, and payment status. We do not receive your payment instrument details.
• Automatically: Our servers, analytics tools, and infrastructure providers collect usage and device data when you access the Services.

—

5. Why We Process Your Data

—

6. Consent & Your Choices

6.1 What You Can Control

From your account settings, you may adjust:

6.2 Withdrawing Consent

• You may withdraw consent for analytics or marketing at any time from account settings. Withdrawal takes effect promptly.
• If you withdraw consent for core data processing (by requesting account deletion), we will deactivate your account, as we cannot provide the Services without processing your data. You bear the consequences of withdrawal (Digital Personal Data Protection Act, 2023, Section 6(5)).
• Withdrawal does not affect the lawfulness of processing that occurred before withdrawal.
• We maintain auditable records of all consent actions — including grants, withdrawals, and modifications — with timestamps and the Policy version in effect at the time. These records are retained for as long as required to demonstrate compliance with applicable law.

—

7. No Model Training

We do not use your personal data, chat messages, uploaded files, research queries, or AI-generated output to train, fine-tune, or improve any AI foundation models (whether ours or third-party), unless you provide explicit, separate written consent.

What we may use: Anonymised, aggregated, de-identified usage data that cannot identify any individual — such as aggregate query volume, feature usage rates, and error frequency — may be used to improve the Services. This data does not contain your personal data or User Content.

—

8. Sharing & Sub-Processors

We share personal data only with the sub-processors necessary to operate the Services, and only under appropriate contractual and security safeguards. We do not sell your personal data.

8.1 Main App Sub-Processors

8.2 CCI Search Engine Sub-Processors

8.3 Other Disclosures

We may disclose personal data:

• To comply with applicable law, regulation, court order, or government directive;
• To enforce our Terms of Use or protect our rights, property, or safety;
• In connection with a merger, acquisition, or sale of assets (with notice to you);
• To professional advisers (lawyers, auditors) under confidentiality obligations.

8.4 Third-Party Privacy Policies

• Anthropic: https://www.anthropic.com/privacy
• Google Cloud: https://cloud.google.com/privacy
• Clerk: https://clerk.com/privacy
• Razorpay: https://razorpay.com/privacy/
• Vercel: https://vercel.com/legal/privacy-policy
• PostHog: https://posthog.com/privacy
• Cloudflare: https://www.cloudflare.com/privacypolicy/

—

9. Cross-Border Data Transfers

Your data is processed across multiple jurisdictions. The following table shows where each category of data is stored and processed:

Legal framework for cross-border transfers:

• The Digital Personal Data Protection Act, 2023 permits cross-border data transfers unless the Central Government restricts transfers to specific countries by notification (Section 16). As of the date of this Policy, no country restrictions have been notified.
• Until the DPDP Act’s cross-border provisions become enforceable (May 13, 2027), the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 apply to transfers of sensitive personal data.
• We maintain Data Processing Agreements with sub-processors that include appropriate security, confidentiality, and data protection obligations.
• We monitor government notifications under Section 16 of the DPDP Act and will adjust data processing arrangements if any jurisdiction relevant to our operations is restricted.

—

10. Data Retention & Deletion

On account deletion:

• Your conversations, uploaded files, saved lists, search history, and account data are deleted from the production database within 30 days.
• Automated backups containing your data are purged within 30 days of the backup cycle.
• Billing records are retained as required by tax law.
• Anonymised, aggregated data that cannot identify you may be retained indefinitely.

—

11. Your Rights

Under applicable Indian law (including the Digital Personal Data Protection Act, 2023 and the DPDP Rules, 2025, as and when enforceable), you have the following rights:

How we respond:

• We will acknowledge your request within 24 hours.
• We will act on your request within the timelines prescribed by applicable law (currently 15 days for grievances under the IT Rules; specific timelines under the DPDP Rules will be followed once enforceable).
• We may ask you to verify your identity before processing a request.
• If we cannot fulfil a request (e.g., due to legal retention obligations), we will explain why.

Before approaching the Data Protection Board of India, you must first exhaust the grievance mechanism provided here (Digital Personal Data Protection Act, 2023, Section 13(3)).

—

12. Data Security

We implement reasonable security safeguards appropriate to the nature, scope, and sensitivity of the personal data we process, including:

• Encryption in transit (TLS) for all data communications
• Encryption at rest for database storage
• Database-level access isolation — each user can only access their own data
• Access controls with authentication required for all user data operations
• Secure authentication via Clerk (passwords are never stored on our servers)
• Regular security reviews of infrastructure and access policies
• Incident response procedures for data breaches

No system is perfectly secure. While we take reasonable precautions, we cannot guarantee absolute security against all threats.

—

13. Children’s Data

The Services are designed for legal professionals and are not intended for use by individuals under 18 years of age. We do not knowingly collect personal data from children.

If you believe a child has provided personal data to us, please contact our Grievance Officer immediately at help@clauseo.chat. We will take steps to delete the data promptly.

—

14. Breach Notification

In the event of a personal data breach:

• We will notify the Data Protection Board of India and each affected Data Principal without unreasonable delay, in the form and manner prescribed by applicable law.
• Under current CERT-In requirements, specified cyber incidents are reported within 6 hours.
• Under the Digital Personal Data Protection Act, 2023 and DPDP Rules 2025, breach notification to the Board will be provided with an initial intimation without delay and a detailed report within 72 hours, once these provisions are enforceable.
• Notifications to affected users will be in plain language and will explain: what happened, what data was affected, the likely impact, and the steps we have taken and recommend you take.

—

15. Grievance Redressal

Grievance Officer: Rohan Shiralkar
Email: help@clauseo.chat
Address: 113/141, Swaroop Nagar, Kanpur, Uttar Pradesh, India 208002

• We will acknowledge your grievance within 24 hours of receipt.
• We will endeavour to resolve your grievance within 15 days, in accordance with the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 (as amended).
• If you are unsatisfied with our resolution, you may appeal to the Grievance Appellate Committee constituted under Rule 3A of the IT Rules, or approach the Data Protection Board of India (after exhausting the grievance mechanism here).

—

16. Changes to This Policy

We may update this Policy from time to time. When we make changes:

• Material changes (changes to data collection, processing purposes, sub-processors, cross-border transfers, or your rights) will be notified at least 15 days before the effective date, via email and/or in-product notification.
• Non-material changes (clarifications, formatting, correcting errors) take effect upon posting.
• The “Last updated” date and version number at the top of this Policy will always reflect the current version.
• Your continued use of the Services after the effective date of changes constitutes acceptance of the updated Policy.
• Prior versions are available upon request at help@clauseo.chat.

—

17. Additional Information

Applicable law. This Policy is governed by the laws of India, including the Information Technology Act, 2000, the Digital Personal Data Protection Act, 2023, and the Digital Personal Data Protection Rules, 2025.

Third-party services. If you connect third-party services or access third-party content through the Services, those third parties’ own privacy policies govern their processing of your data. We are not responsible for their practices.

Contact us. For any questions about this Policy or our data practices, email help@clauseo.chat.