Privacy Policy

SUPERCORE PRIVATE LIMITED (“Superlaw “we”,”us”,”our”) respects your right to privacy, and we are dedicated to securing and protecting any information we have about you.

This Privacy Policy  governs the ways we collect, use, and share information that relates to an identifiable individual (“Personal Data”) and also how you can exercise your rights under applicable privacy and data protection laws.

If you have any questions or concerns about our use of your Personal Data, or if you wish to exercise any of your privacy rights, then please contact us using the contact details under ‘Contact us’ section below.

We recommend that you read this Privacy Policy in full to ensure you are completely informed about Superlaw’s collection and use of your Personal Data.

1. Introduction

This privacy policy (the “Privacy Policy”) applies to your use of our website, the web application known as Superlaw, and all related services (the “Services”). These are owned and offered by SUPERCORE PRIVATE LIMITED (CIN: U62013TN2025PTC182763), an Indian Private Limited Company with its registered office at No.8 4th Street, Venkateswara Nagar, Adyar, Chennai, Chennai City Corporation, Tamil Nadu, India, 600020 (“Company,” “We,” “us”). This Privacy Policy is applicable to all users of our Services (“You,” “Your,” “User,” “Subscriber”)

For users located in the European Economic Area (EEA), Switzerland, and the United Kingdom (UK), we act as Data Controller for the Personal Data processed under this policy.

By using our Services, you agree to our collection, use, and sharing of your personal data as described in this policy. Our Services may contain links to other sites not owned or controlled by us, i.e., third parties. We are not responsible for the privacy practices of those sites. We encourage you to be aware when you leave our Service and to read the privacy policy of the other sites that may collect and use your data.

2. Definitions

1. “Artificial Intelligence”, “AI”, “Models”, “Language Model”, “LLM” means any sequence, architecture, or algorithm for artificial intelligence that is developed or served by us. Such Models might be owned, operated, and controlled by us, or by Third Parties who have been engaged by us.

2. “Training,” “Train,” or “Finetuning” refers to the process of refining and teaching an Artificial Intelligence Model to learn by observing a specific set of data. This process is distinct from the model's ephemeral use of data for a single query. We explicitly commit that User Content from Paid Subscribers is not used as a Training Dataset to finetune, retrain, or otherwise improve any Model deployed by SuperLaw or our third-party partners.

3. “Core Services” refers to the subset of Services provided by us that are integral to the unique features and functionalities of SuperLaw, such as legal research tools, document review, and case management features.

4. “Personal Data” means any information that relates to an identified or identifiable individual. This includes data that can be used, either alone or in combination with other information, to identify an individual, such as name, postal address, email address, and mobile number.

5. “Payment Gateway Service Provider(s)” means a Third Party that provides payment gateway, payment processing, or other digital financial services for this platform.

6. “User Content” means any information, including personal data, that you provide in your input to our Services. This may include prompts, images, files, and audio, depending on the features you use.

7. “Processing” means any operation performed on personal data, such as collection, storage, use, or sharing.

8. “Third Party” means an entity other than us or our affiliates, typically referring to companies and organizations that are partners, vendors, or service providers engaged by us to provide Services to you.

9. “Data Fiduciary” means an entity, such as our Company, that determines the purpose and means of processing personal data.

10. “Data Principal” means an individual whose data is being processed.

3. Data we collect and process

In order to provide and improve our services, we collect various types of information, including personal data you have provided directly to us, as well as data collected automatically from your use of our services.

1. Information You Provide Directly

We collect Personal Data directly from you when you create an account with us, otherwise use the Services, or interact with us via some other means. The Personal Data we collect includes:

• Account Information: When you create and account with us, we collect certain information associated with your account, including your name, email address, and information about your profession and professional experience, language preference, account credentials, payment information, and transaction history (collectively, “Account Information”).

• Profile Information: Your firm name, professional title, domain area of expertise, and any other personal information you voluntarily supply.

• Communication Information: When you communicate with us, (for instance, when you contact us about our Services, when you interact with our website and help centre, or when you request support) we collect your name, email address, information about your profession, customer survey response, the way you interact with our Services, and the contents of any message you send (collectively “Communication Information”).

2. Information We Collect Automatically

We collect your personal data indirectly, through automated means from your computer or device. This information may include:

• Log Data: Information that your browser or device automatically sends when you use our Services or access our website. Log data includes your Internet Protocol Address (“IP Address”), browser information, the date and time of your request, and how you otherwise use certain features or interact with us (collectively “Log Data”). Log Data is retained for a maximum of 1 year, after which it is anonymized or deleted.

• Service Usage data: When you interact with the Services, metadata is generated that provides additional context about your use of the Services. This includes your email address, data about how often you visit the website, how you interact with the Services, the amount of time spent engaging with the Services, the volume of queries you submit, the type of queries you submit, and the features interacted with (collectively “Usage Data”).

• Cookies and Similar Technologies: We use cookies, scripts, or similar technologies (collectively “Cookies and Similar Technologies”) to manage the Services and to collect information about you and your use of the Services. A cookie is a small string of information that websites you visit transfer to your computer for identification purposes. These technologies help us to recognize you, customize or personalize your experience, market additional products or services to you, understand your preferences, improve your website experience, and analyze the use of our Services to make them safer and more useful to you. We use only essential cookies necessary for security and functionality. Specifically, we use an authentication cookie that expires in 15 minutes. We do not use cookies for marketing or advertising purposes.

• Device Information: We also collect certain device and connection-specific information when you install, access, or use our Services. This includes information such as the name of the device, operating system, device identifiers, and browser you are using (collectively “Device Information”). The specific Device Information collected will depend on the type of device you use and its settings.

3. Information that is publicly available

   We collect publicly available information about customers and prospects to help offer and provide our Services.

   We use publicly available information (for example, judgments, decisions, public filings, etc.,) collected from the Supreme Court of India, High Courts of India, and Indian government websites ,to develop, train, and improve our AI platform (“Publicly Available Information”).

4. How we use personal data

We will only collect and process your personal data where we have a lawful basis to do so. This lawful basis includes obtaining your explicit consent or processing based on our legitimate interests, where it is necessary for us to provide our Services. If you are using Superlaw's free service tier or "Free Plan," you explicitly agree and consent to our use of your User Content (including queries, inputs, prompts, and uploaded documents) and Usage Data to develop, train, fine-tune, and improve Superlaw's proprietary Artificial Intelligence Models and algorithms. This Model Training provision does not apply to our paid subscription tiers.

We may use Personal Data covered by this Privacy Policy for the following purposes:

• Verify your identity to help administer our Services; administer your subscriber account, and manage secure access to the Core Services

• Communicate with you about our Services, including notifications and updates;

• Detect and prevent fraud or prohibited activities;

• Process and respond to your queries and complaints;

• Notify you about changes to our Terms of Service;

• Provide and maintain our Services;

• To develop, improve, and update our Services and new functionality;

• To personalize your use of our Services, applications, or platform;

• To measure usage, analyze performance, fix bugs, and improve the general stability and non-AI-related functionality of the Services and new features.

• For users on the Free Plan, to develop, train, fine-tune, and improve Superlaw's proprietary Artificial Intelligence Models using anonymized and de-identified User Content and Usage Data.

• To comply with legal obligations and to protect the rights, privacy, safety, or property of our users, us, our affiliates, or any third party.

We are committed to protecting your privacy and, therefore, we do not sell, rent, or lease your Personal Information or User Data to any Third Party

5. Who we share your personal data with

We share your personal data with the following categories of recipients:

1. Our Affiliates: We will share Personal Data that we collect, such as Account Information with any corporate affiliates. The information shared may be used for the purposes described in this Privacy Policy and generally to operate our business, including, processing for fraud prevention, payment processing, customer support, business development, user account administration, and IT, technical, and engineering support.

2. Legal Compliance and Regulatory Requirements: We may process and disclose your Personal Data for certain other legitimate uses, if required, in compliance with the Digital Personal Data Protection Act, 2023 (DPDPA), the Information Technology Act, 2000, the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, and in compliance with any other applicable laws and their requirements.

   We may disclose Personal Data if required to do so by law, or if your actions violate the Terms of Service, or in the good-faith belief that such action is necessary to:

   • Comply with legal process served on Us or our owners.

   • Protect and defend the rights or property of SUPERCORE PRIVATE LIMITED, the Services, or the users.

   • Act under exigent circumstances to protect the personal safety of users or the public.

   • Share details with third parties (such as auditors or legal advisors) to obtain advice.

3. Trusted Partners and Service Providers: We may engage third-party companies or individuals as service providers to help us operate and support our business. These third parties may support Superlaw in respect of a variety of business purposes including website and data hosting, research, auditing, customer support, and data processing. These third parties have limited access to your information, may use your information only to perform agreed tasks, and are prohibited from disclosing or using your information for other purposes.

4. Third-Party Service Providers: We utilize OpenAI as the third-party service provider to power certain features of our Services. In this capacity, OpenAI acts as a Data Processor, handling personal data on our behalf and under our direct instructions. Our relationship is governed by formal Data Processing Addendum (DPA), which mandates that OpenAI complies with all applicable data protection laws.

   1. Data Sharing: We share a minimum amount of content with a select group of trusted service providers that help us provide our Services. These parties are subject to strict confidentiality and security obligations. We do not use our share User Content for marketing or advertising purposes.

   2. In our capacity as the Data Fiduciary, we utilize the API Services of our third-party provider, [OpenAI], to power our Core AI features. Our arrangement is governed by a formal Data Processing Addendum (DPA), which includes the following key privacy commitments directly applicable to your User Content (such as queries, prompts, and uploaded documents) when processed via their API:

      1. No Training on User Content: User Content submitted through the API is not used by [OpenAI] to train or improve their models.

      2. Strict Retention Policy: User Content sent through the API is retained by the provider for a maximum of thirty (30) days, after which it is deleted, except where retention is legally required. This short retention period ensures that the data is only held long enough to provide the requested service, including platform abuse, trust, and safety monitoring.

      3. Security and Confidentiality: The provider maintains reasonable and appropriate organizational and technical security measures to protect your data from loss, misuse, and unauthorized access. All personnel and subprocessors are bound by duties of confidentiality and must adhere to a comparable level of data protection and security.

      4. Breach Notification: The provider is contractually obligated to notify Superlaw without undue delay if it becomes aware of any Personal Data Breach involving your data.

We have configured our API access to uphold the highest level of privacy protection available under the DPA. We do not permit or instruct the provider to process your User Content for any purpose outside of providing the Superlaw services.

You can review the full OpenAI DPA, which governs the processing of your data by that processor, here: Open AI Data Processing Addendum

The following is a list of our current service providers who might store, serve, or otherwise be exposed to Personal Data and/or User Content:

6. Subscription, billing information and financial data

For our subscription-based Services, we collect payment information and transaction history to facilitate billing. We work with third-party payment gateway providers to process your payments and do not store your full financial information, such as complete credit card numbers, on our servers. Your financial data is securely handled by our payment partners in compliance with applicable laws and regulations.

7. Data retention and security protocols

We retain your personal data for only as long as we need it to provide our Services, for legitimate business purposes, or to comply with our legal obligations. The primary geographic location where all User Content and Account Information are hosted and processed is US Central If you no longer want us to use your personal information, you can request that we remove your personal information and close your account by sending us an email at support@superlaw.co. Please not that if you request for your personal information to be erased;

• We may retain some of your personal information which is required for our legitimate business interest, such as fraud detection, prevention and enhancing safety.

• We may retain some of your personal information to the extent required to comply with our legal obligations.

We maintain backups on a Daily frequency, with a retention period of 3 years, and they are stored in the GCP US Central zone.

We employ commercially reasonable technical, administrative, and organizational measures designed to protect personal data from loss, misuse, and unauthorized access, including encryption at rest  and encryption in transit. However, no security measures is 100% secure, and you should take care when deciding what information to provide. We use the HTTPS protocol for data transmission across the application and to all third-party APIs.

8. Your privacy rights

As a Data Principal, you have certain rights regarding your personal data, which we are committed to upholding. You have the right to:

1. Access and Correction: You can request access to your personal information and ask us to correct any inaccuracies. You are responsible for keeping your personal data up-to-date.

2. Deletion: You can request the deletion of your personal data when it is no longer necessary for the purposes for which it was collection, or if you withdraw your consent and there is no other legal basis for processing it.

3. Withdraw Consent: You may withdraw consent at any time. You may choose to do so by sending us an e-mail at support@superlaw.co. We shall review your request and, after verification, will withdraw the consent and stop any further processing of your personal data for that purpose. This may also lead to cancellation of your subscription.

4. Grievance Redressal: You have the right to complain about and follow up on potential violation of data protection laws through our grievance redressal mechanism.

5. Nominate: Under the India Digital Personal Data Protection Act (DPDPA), you may nominate another person to exercise your rights on your behalf in the event of your death or incapacity.

6. Opt-Out of Sale or Sharing: We do not sell or share your personal information with third parties for marketing purposes, and as such, we have already taken measures to ensure your data is protected as defined by the CCPA.

To exercise these rights, please contact us at support@superlaw.co. While we are the Data Fiduciary and hold the primary responsibility for your data, we have established internal protocols that work with our service provider's privacy tools to ensure your request is fulfilled in a timely manner.

9. Children’s policy

Our Services are not intentionally designed for or directed at persons younger than 18 years of age. We do not knowingly collect personal data from children. Should a parent or guardian have reasons to believe that a minor has provided Us with Personal Information without their prior consent, please write to Us at support@superlaw.co to ensure that the Personal Information is removed from the platform.

10. Limitations of AI

Please be aware that by using our Services, you are interacting with an AI system facilitated by third-party service providers. The output is for informational purposes only and is not a substitute for professional legal advice. You should not enter any confidential or sensitive information that you would not want a human reviewer to see.

11. Changes to this privacy policy

We may update our Privacy Policy from time to time. You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page with an updated revision date.

12. Contact us

If you have any questions or concerns about this Privacy Policy or our data practices, please contact our Privacy Officer at: