Privacy Policy

1. Who We Are

Nomiq Technologies Pvt. Ltd. ("Nomiq", "we", "us") is the data controller for personal data collected through the Nomiq platform (www.nomiq.in and our mobile applications). We are registered under the Companies Act, 2013, with our registered office at Level 8, One BKC, Bandra Kurla Complex, Mumbai, Maharashtra 400 051.

Our Data Protection Officer can be contacted at: privacy@nomiq.in

This Privacy Policy explains how we collect, use, store, share, and protect your personal data in accordance with the Information Technology Act, 2000 ("IT Act"), the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 ("SPDI Rules"), and the Digital Personal Data Protection Act, 2023 ("DPDP Act").

2. Data We Collect

We collect the following categories of personal data:

Account Information: Name, email address, phone number, date of birth, and login credentials when you register on the Platform.

Profile Data (Lawyers): Bar Council enrolment number and certificate, professional photograph, practice areas, education and qualifications, work history, and bank account details for payouts.

Legal Requests (Clients): Description of your legal matter, preferred location, budget, and category of legal help required.

Usage Data: Pages visited, features used, search queries, device information, IP address, browser type, and operating system — collected via cookies and server logs.

Communications: Messages exchanged between Clients and Lawyers through the Platform, and correspondence with our support team.

Payment Data: Transaction records (card details are processed by our payment partners and not stored by Nomiq).

Sensitive Personal Data: In the course of describing your legal matter, you may provide information regarding health, financial circumstances, or personal relationships. We treat all such information as sensitive personal data under the SPDI Rules.

3. How We Use Your Data

We use your personal data for the following purposes:

Providing the Service: To create and manage your account, match you with suitable Lawyers or Clients, facilitate consultations, process payments, and deliver Platform features.

Safety & Verification: To verify Lawyer credentials against Bar Council records, detect fraud, and ensure Platform integrity.

Communications: To send transactional notifications (booking confirmations, payment receipts), product updates, and — where you have consented — marketing communications.

Analytics & Improvement: To understand how the Platform is used, identify bugs, and improve features. Analytics data is aggregated and anonymised where possible.

Legal Compliance: To comply with applicable laws, court orders, or requests from regulatory authorities.

We process your data on the following lawful bases under the DPDP Act: consent, performance of a contract with you, our legitimate interests (such as Platform safety and fraud prevention), and compliance with legal obligations.

4. Data Sharing

We share your personal data only in the following circumstances:

With Other Users: When you post a legal request, relevant details (but not your full contact details) are shared with matched Lawyers. Once you select a Lawyer, your contact information is shared to facilitate the engagement.

With Service Providers: We share data with trusted vendors who assist us in operating the Platform, including cloud hosting (AWS India), payment processing (Razorpay), SMS services, and email delivery. All vendors are bound by data processing agreements and may not use your data for any other purpose.

With Legal & Regulatory Authorities: We may disclose data in response to valid legal process, including court orders, government requests, or where we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

Business Transfers: If Nomiq is involved in a merger, acquisition, or asset sale, user data may be transferred as part of that transaction. We will notify users of any such transfer.

We never sell, rent, or trade your personal data to third parties for marketing purposes.

5. Data Retention

We retain your personal data for as long as your account is active and for a reasonable period thereafter to comply with legal obligations, resolve disputes, and enforce our agreements.

Specifically: - Account data: Retained for the duration of your account plus 3 years after closure. - Legal request data: Retained for 5 years from the date of the request to comply with professional and regulatory obligations. - Payment records: Retained for 8 years as required by tax and financial regulations. - Usage logs: Retained for 12 months, then anonymised or deleted.

You may request deletion of your account and associated data at any time (see Your Rights below). We will action deletion requests within 30 days, subject to our legal retention obligations.

6. Your Rights

Under the DPDP Act 2023 and the IT Act, you have the following rights regarding your personal data:

Right to Access: Request a copy of the personal data we hold about you.

Right to Correction: Ask us to correct inaccurate or incomplete personal data.

Right to Erasure: Request deletion of your personal data, subject to our legal retention obligations.

Right to Withdraw Consent: Where we rely on consent to process your data, you may withdraw it at any time without affecting the lawfulness of prior processing.

Right to Grievance Redressal: Lodge a complaint with our Grievance Officer (grievance@nomiq.in) if you believe your data rights have been violated.

To exercise any of these rights, email us at privacy@nomiq.in with the subject "Data Rights Request". We will respond within 30 days. We may need to verify your identity before fulfilling your request.

7. Cookies

We use cookies and similar tracking technologies to operate the Platform, analyse usage, and deliver personalised experiences. See our Cookie Policy for full details.

You can control cookies through your browser settings or our cookie preference centre. Disabling certain cookies may affect Platform functionality.

8. Security

We implement industry-standard technical and organisational measures to protect your personal data, including:

- Transport Layer Security (TLS 1.3) for all data in transit; - AES-256 encryption for data at rest; - Regular penetration testing and vulnerability assessments; - Role-based access controls limiting employee access to personal data; - ISO 27001-certified data centre infrastructure.

Despite these measures, no system is completely secure. If you believe your account has been compromised, contact us immediately at security@nomiq.in.

If we become aware of a data breach affecting your rights and freedoms, we will notify you and the relevant regulatory authority within 72 hours as required by the DPDP Act.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or prominent notice on the Platform at least 30 days before they take effect.

The date of the most recent revision is shown at the top of this page. Your continued use of the Platform after changes take effect constitutes acceptance of the revised Policy.

10. Contact & Grievances

For any privacy-related queries or to exercise your data rights:

Data Protection Officer: privacy.nomiq@getnomik.in Grievance Officer: Adv. Rahul Singhania — grievance.nomiq@getnomik.in Response time: Within 30 days of receipt

Getnomik Pvt. Ltd. Ahmedabad, Gujarat, India

You also have the right to lodge a complaint with the Data Protection Board of India once it is constituted under the DPDP Act, 2023.

This Privacy Policy was last updated on 4 June 2026.