Privacy Policy

---

Effective Date: July 7, 2025 

Last Updated: July 1, 2025

This Privacy Policy outlines how CoreTech Legal™ (“CoreTech,” “we,” “us,” or “our”) collects, uses, discloses, transfers, and safeguards personal data when individuals interact with our website, access or engage our services, or otherwise communicate with us in any capacity.

We are firmly committed to upholding the privacy, dignity, and data protection rights of all individuals whose personal information we process. As a legal service provider operating across multiple jurisdictions, we ensure our data practices are aligned with the highest global standards of privacy compliance.

Accordingly, this Policy is designed to comply with and reflect the requirements of major data protection laws, including but not limited to the European Union General Data Protection Regulation (EU GDPR), the United Kingdom General Data Protection Regulation (UK GDPR) and Data Protection Act 2018, the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), India’s Digital Personal Data Protection Act, 2023 (DPDP Act), Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA), the Privacy Act 1988 (Australia), the Singapore Personal Data Protection Act (PDPA), and other applicable regional, national, or sector-specific data privacy laws and regulations.

This Policy applies to all data subjects whose personal information is collected or processed by CoreTech Legal, regardless of the jurisdiction in which they reside, and it governs our data handling practices with respect to both online and offline interactions.

SCOPE OF THIS POLICY

This Privacy Policy governs the collection, use, disclosure, and protection of personal data by CoreTech Legal™ in accordance with applicable data protection laws.

It applies to personal data processed by CoreTech in the context of:

i. Visitors to our websites, platforms, or digital properties;

ii. Existing and prospective clients who engage or inquire about our legal services;

iii. Vendors, consultants, service providers, and business partners;

iv. Any individual who voluntarily communicates with us, submits inquiries, fills out forms, subscribes to newsletters, or otherwise shares personal information in any format (including electronically, orally, or in writing).

This Policy does not apply to personal data of employees, job applicants, interns, or independent contractors of CoreTech Legal. Such data is processed in accordance with a separate Internal HR & Recruitment Privacy Policy and applicable employment or contractor agreements.

PERSONAL DATA WE COLLECT

We collect and process personal data that is necessary to provide our legal services, operate our website, respond to inquiries, and comply with our legal and professional obligations. The categories of data we may collect include:

a.  Identifying and Contact Information

This includes information such as your full name, email address, phone number, company name, job title, and similar identifiers that you provide to us through our website forms, email correspondence, or other communications.

b. Business and Service-Related Information

We collect information you provide in connection with your legal or business inquiry, such as:

     i. Nature of the legal support requested

     ii. Company background and service preferences

     iii. Industry type and jurisdiction of operation

     iv. Information shared in consultation calls, discovery sessions, or document uploads

c. Technical and Usage Data

When you visit our website, we may automatically collect certain technical information using cookies and analytics tools, including:

     i. IP address and device identifiers

     ii. Browser type and operating system

     iii. Time zone settings and location (if enabled)

     iv. Website navigation patterns, referring pages, and session duration

This data is used to ensure website functionality, enhance user experience, and analyze usage trends for performance and security.

d. Sensitive Personal Data

We do not intentionally collect or process sensitive personal data (such as information revealing racial or ethnic origin, political opinions, religious beliefs, health, biometric or genetic data, or data concerning a person’s sex life or sexual orientation) through our website or services.

If you voluntarily provide any such data, we will treat it with strict confidentiality and limit its use in accordance with applicable data protection laws and professional obligations.

LAWFUL BASIS FOR PROCESSING (GDPR / GLOBAL COMPLIANCE)

a.  Transparency Requirement

Laws like the GDPR (EU & UK), CCPA/CPRA (California), and India’s DPDP Act require that data subjects are clearly informed about:

     i. The categories of personal data you collect, and

     ii. Whether or not you process special (sensitive) categories of data.

Even stating that you do not collect sensitive data fulfills this mandatory transparency obligation under Article 13/14 of the GDPR.

b. Consent Clarity

Sensitive personal data often requires explicit consent under global laws. By stating that you do not collect such data, you:

     i. Avoid any implication of consent,

     ii. Set clear boundaries for your data practices, and

     iii. Protect yourself against liability.

c.  Professional Services Exception Handling

Since you're a legal-tech company, clients might inadvertently share sensitive information (e.g., via consultation forms or uploaded documents). Even if you don’t seek it, your policy should clarify:

     i. You do not intentionally collect or process such data, and

    ii. Any such data is treated in accordance with professional confidentiality obligations.

d. Risk Mitigation

This disclosure:

     i. Shields you from allegations of collecting sensitive data without proper safeguards,

     ii. Helps auditors, regulators, or enterprise clients evaluate your compliance posture.

PURPOSE OF DATA COLLECTION

CoreTech Legal collects and processes personal data only for specified, explicit, and legitimate purposes, in accordance with applicable data protection laws. We do not process personal data in a manner that is incompatible with these purposes.

We collect and use personal data for the following lawful and limited purposes:

a. To respond to inquiries and schedule consultations: Including any initial contact, form submissions, or communications through our website, social media, or other channels.

b. To provide, manage, and deliver our legal services: This includes onboarding clients, drafting and reviewing legal documents, advising on compliance, and providing other professional services requested by clients.

c. To manage ongoing client relationships and fulfill contractual obligations: Such as maintaining service records, issuing invoices, processing payments, and providing updates relevant to the scope of engagement.

d. To comply with applicable legal, regulatory, and professional obligations: Including obligations arising under anti-money laundering (AML) laws, conflict checks, accounting standards, and professional conduct rules.

e. To send legal updates, thought leadership, newsletters, or promotional content: Only where you have provided your explicit or implied consent, and in accordance with marketing laws such as the ePrivacy Directive, CAN-SPAM, and relevant opt-in/opt-out frameworks.

     i. To analyze website traffic and user behavior: For the purpose of improving the performance, content, functionality, and security of our website and related digital services.

     ii. To detect, prevent, or mitigate fraud, misuse, cyber threats, or unauthorized access: This includes the use of logs, monitoring tools, and other safeguards to ensure data integrity and protect our platforms and stakeholders.

We ensure that all personal data collected is limited to what is necessary in relation to the stated purposes and is processed in a fair, lawful, and transparent manner.

INTERNATIONAL DATA TRANSFERS

As a remote-first, globally operated legal service provider, CoreTech Legal™may process personal data in countries other than the one in which you reside, including jurisdictions that may not offer the same level of data protection as your home country.

Where such cross-border transfers occur, we ensure that appropriate legal safeguards are in place to protect your personal data in accordance with applicable data protection laws.

Specifically, we may:

a. Rely on Standard Contractual Clauses (SCCs) approved by the European Commission, and the UK Addendum issued under the UK GDPR;

b. Transfer data to countries recognized by the European Commission or the UK Government as providing an adequate level of data protection;

c. Implement supplementary technical and organizational safeguards, including but not limited to end-to-end encryption, strict access controls, data      minimization, and secure storage protocols;

d. Comply with jurisdiction-specific cross-border transfer mechanisms, such as those required under India’s Digital Personal Data Protection Act,      2023 (DPDP), Canada’s PIPEDA, and Singapore’s PDPA, where applicable.

By engaging with our services, you acknowledge and consent to such international transfers in accordance with this policy and applicable law.

DATA SHARING & DISCLOSURE

We respect your privacy and are committed to protecting your personal data. We do not sell, rent, or lease personal data to any third parties.

However, we may share your information under the following limited circumstances, and only when legally justified and necessary:

a. Authorized Third-Party Service Providers

We may disclose personal data to vetted service providers who assist us in operating our business and delivering our services. These may include cloud infrastructure providers, email marketing platforms, customer relationship management (CRM) tools, analytics services, and IT support vendors. All such providers are bound by appropriate Data Processing Agreements (DPAs) or confidentiality obligations (NDAs) and are contractually required to handle personal data securely and in compliance with applicable laws.

b. Professional Consultants and Legal Partners

In the course of delivering client services, we may share relevant information with external legal consultants, co-counsels, or affiliated professionals, subject to professional privilege and strict confidentiality safeguards.

c. Regulatory Authorities and Law Enforcement

We may disclose personal data where required to do so by applicable law, regulation, court order, or in response to valid legal requests from governmental authorities, including to meet national security or law enforcement requirements.

d. Corporate Transactions

In the event of a merger, acquisition, restructuring, or sale of all or a portion of CoreTech Legal’s business or assets, personal data may be transferred to the acquiring entity, subject to the same level of privacy protection and this Policy.

All third-party recipients are carefully vetted and required to implement appropriate technical and organizational measures to ensure data security, confidentiality, and lawful processing in accordance with applicable data protection regulations.

DATA RETENTION

We retain personal data only for as long as is necessary to fulfill the purposes for which it was collected, including:

a. Providing legal or professional services;

b. Complying with legal, regulatory, tax, accounting, or professional obligations;

c. Maintaining records for dispute resolution, enforcement of agreements, or fraud prevention;

d. Ensuring continuity in ongoing or future client engagements (e.g., repeat or returning clients).

Retention periods may vary depending on the nature of the data, the purpose of processing, and the legal requirements in the jurisdiction where the data is held.

We conduct regular reviews of the data we hold to ensure it is accurate, up to date, and no longer retained than necessary. When personal data is no longer required, we will securely delete, de-identify, or anonymize it, unless we are legally obligated to retain it for a longer duration.

DATA SUBJECT RIGHTS

Depending on your jurisdiction and applicable data protection laws, you may have one or more of the following rights regarding your personal data:

a. Right of Access: To request confirmation of whether we process your personal data and, if so, to access a copy of that data.

b. Right to Rectification: To request correction of inaccurate or incomplete personal data.

c. Right to Erasure ("Right to be Forgotten"): To request deletion of your personal data where there is no legal basis for continued processing.

d. Right to Restrict Processing: To request that we limit the processing of your personal data under certain circumstances.

e. Right to Object: To object to our processing of your data based on legitimate interests, including direct marketing.

f. Right to Data Portability: To receive a copy of your personal data in a structured, commonly used, machine-readable format and request transmission to another controller, where applicable.

g. Right to Withdraw Consent: If we rely on your consent for any processing activity, you may withdraw that consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.

h. Right to Lodge a Complaint: To file a complaint with a relevant supervisory authority, such as:

     i. The Information Commissioner’s Office (ICO) in the UK;

     ii. Your local EU/EEA supervisory authority under the GDPR;

     iii. The California Privacy Protection Agency (CPPA) under CCPA/CPRA;

     iv. The Data Protection Board in India under the DPDP Act;

     v. Or any equivalent regulator in your jurisdiction.

To exercise any of these rights, please contact us at support@coretechlegal.com
We may require reasonable proof of identity to verify the request before taking any action. We will respond within the timeframes prescribed by applicable law.

SECURITY MEASURES

CoreTech Legal™ implements appropriate technical and organizational measures (TOMs)to ensure a level of security appropriate to the risk associated with the processing of personal data. These safeguards are designed to protect against unauthorized access, unlawful processing, accidental loss, destruction, or damage.

Our security measures include, but are not limited to:

a. Encryption of personal data both in transit and at rest

b. Access controls and role-based permissions to limit data access to authorized personnel only

c. Data minimization practices to ensure only necessary data is collected and retained

d. Purpose limitation to restrict processing to clearly defined, lawful objectives

e. Vendor and third-party due diligence to ensure security alignment with processors and service providers

f. Incident response protocols to detect, assess, and respond to data breaches or security threats

While no information system can be guaranteed to be 100% secure, we are committed to maintaining robust protections and continually improving our security posture in line with evolving legal and industry standards.

COOKIES AND TRACKING TECHNOLOGIES

We use cookies and similar technologies (e.g., pixel tags, web beacons, and device identifiers) to enhance user experience, analyze traffic, and improve our services.

You will be presented with a cookie banner or consent management tool upon visiting our website, through which you can accept or manage your preferences.

Categories of Cookies We Use:

     i. Essential Cookies: Required for basic website functionality, security, and accessibility. These cannot be disabled.

     ii. Analytics Cookies: Help us understand how visitors interact with our website (e.g., Google Analytics), enabling performance optimization.

     iii. Functional Cookies: Enable enhanced features and personalization based on user preferences or interactions.

You may opt out of non-essential cookies at any time by adjusting your preferences through the cookie settings banner or your browser.

CHILDREN’S PRIVACY

Our services are intended exclusively for use by professionals, founders, and business entities. We do not knowingly collect, solicit, or process personal data from individuals under the age of 18.

If we become aware that personal data of a minor has been collected inadvertently, we will take prompt steps to delete the information from our systems and records in compliance with applicable data protection laws.

If you believe we have collected data from a minor, please contact us at support@coretechlegal.com

UPDATES TO THIS POLICY

We reserve the right to update or amend this Privacy Policy at any time to reflect changes in legal obligations, technological developments, or our business operations.

When we update the policy, the “Last Updated” date will be revised accordingly. We encourage you to review this Privacy Policy periodically to remain informed about how we handle your personal data.

Your continued use of our services after any changes to this Privacy Policy constitutes your acceptance of the updated terms.

Last Updated: July 1, 2025

CONTACT US

If you have questions, concerns, or requests regarding this Privacy Policy or the personal data we process, you may contact us at:

support@coretechlegal.com
CoreTech Legal – Remote-First | Serving Clients Globally

We will respond to all legitimate data protection inquiries within the time limits set by applicable laws.