Trust & Compliance / Document Retention
Document Retention Policy
Version 1.0 · Effective 8 May 2026
1. What this policy is
This Document Retention Policy explains how long LegalInk AI ("LegalInk") retains the different categories of data we process on behalf of our customers and visitors, and the legal or operational basis for each retention period. It is published as part of LegalInk's Trust & Compliance package alongside the Subprocessor List and our forthcoming Data Processing Addendum.
The policy is aligned with the Digital Personal Data Protection Act, 2023 (the "DPDP Act") — in particular §8 (reasonable security safeguards), §10 (retention limited to purpose), and §11 (rights of Data Principals to correction and erasure). Where Indian statute mandates a longer retention period — most notably the Income Tax Act §44AA, the CGST Act §35, and the Companies Act §128 for billing and corporate records — the statutory minimum prevails over a customer's deletion request.
2. Retention principles
- Purpose-bound. Each category of data is retained only for as long as it is needed for the purpose for which it was collected, or for a statutory minimum, whichever is longer.
- Minimisation by default. Where an interaction can be served without persisting data — voice audio, transient uploads, ephemeral search queries — we do not persist it.
- Customer control. Customers can delete their drafts, chat threads, and account at any time through the app. Where statute prevents immediate deletion, we say so openly and explain when the data will expire.
- Honest disclosure. Where a retention boundary is imperfect — for example, encrypted backups that cannot be selectively purged — we disclose the limitation rather than hide it behind generic language.
3. Retention periods
3.1 Customer-generated content
| Data Category | Retention Period | Legal / Operational Basis |
|---|---|---|
| Drafts (saved documents in dashboard) | Until customer deletes, or 90 days after account closure. | Service delivery; customer control. |
| Chat history (Inka conversations) | Until customer deletes a thread, or 90 days after account closure. | Service delivery; conversational context. |
| Uploaded files (PDFs, DOCX, images for analysis) | Processed in-memory for AI generation. Persisted only if the customer attaches them to a saved draft; otherwise purged within 24 hours. | Service delivery; minimisation. |
| Draft version history | Manual saves (Save Version) and pre-restore snapshots are retained indefinitely alongside the draft. Autosave snapshots are retained for 30 days on a rolling basis; older autosaves are purged automatically. All version history is deleted when the parent draft is deleted by the customer, or 90 days after account closure. Restore capability is available for all retained versions. | Workflow recovery; version audit trail for legal review; DPDP §10 purpose-bound retention. |
| Voice audio recordings | Not retained. Streamed to Groq Whisper for transcription and discarded immediately after. | Minimisation; transcription is the product, not the audio. |
| Voice transcripts | Treated as chat input — same retention as Chat history above. | Service delivery. |
3.2 Account & identity
| Data Category | Retention Period | Legal / Operational Basis |
|---|---|---|
| Account profile (name, email, phone, firm, role) | Lifetime of the account, plus 90 days after closure for support and dispute window. | Service delivery; legitimate interest in dispute resolution. |
| Authentication metadata (login timestamps, IP, device fingerprint) | 12 months rolling. | Security monitoring; fraud and abuse detection. |
| Team membership records (org, role, invite history) | Lifetime of the team workspace, plus 90 days after a member is removed. | Audit trail for organisational access changes. |
3.3 Compliance, audit, and security
| Data Category | Retention Period | Legal / Operational Basis |
|---|---|---|
| Audit logs (payments, plan changes, team invites, draft deletions) | 24 months. | Security; dispute resolution; enterprise audit support. |
| Application error logs (PII redacted server-side) | 90 days. | Reliability and incident review. |
| Edge function execution logs | 30 days. | Reliability and incident review. |
| Internal search queries to legal databases (e.g. IndianKanoon) | 90 days. No customer document content is sent. | Service delivery; rate-limit attribution. |
3.4 Billing, payment, and statutory
| Data Category | Retention Period | Legal / Operational Basis |
|---|---|---|
| Invoices, GST records, payment metadata | 7 years from end of relevant financial year. | Statutory: Income Tax Act §44AA; CGST §35; Companies Act §128. Cannot be deleted on customer request before this period elapses. |
| Razorpay payment records (held by Razorpay) | Per Razorpay retention policy and RBI/PA-PG guidelines. | Statutory; payment-aggregator regulation. |
| Refund and chargeback records | 7 years. | Statutory; dispute defence. |
3.5 Communications
| Data Category | Retention Period | Legal / Operational Basis |
|---|---|---|
| Transactional email metadata (auth, receipts, notices) | 90 days. | Deliverability monitoring; dispute resolution. |
| Transactional email body content | 30 days. | Minimisation. |
| Marketing consent and preference records | Until withdrawn, plus 24 months proof of consent. | DPDP §6 consent recordkeeping. |
| Support correspondence (support@legalink.ai) | 24 months. | Service quality; dispute resolution. |
3.6 Aggregate analytics
| Data Category | Retention Period | Legal / Operational Basis |
|---|---|---|
| Google Analytics 4 (pseudonymous, page-level) | 26 months (GA4 default). | Product and marketing analytics. |
| Internal product analytics (feature usage, funnel events) | Aggregated and retained indefinitely; identifiers stripped after 13 months. | Product improvement; trend analysis. |
3.7 Backups
| Data Category | Retention Period | Legal / Operational Basis |
|---|---|---|
| Encrypted database backups | 30-day rolling window. | Disaster recovery. |
| Erasure impact | When a customer requests deletion, primary records are removed within the timelines below. Residual copies in encrypted backups expire on the rolling 30-day cycle and are not restored except in a verified disaster-recovery event. | Industry-standard limitation; disclosed openly. |
4. Deletion mechanisms
4.1 In-app self-service
Drafts and chat threads can be deleted at any time from the dashboard. Deletions take effect immediately on primary storage. Residual copies in encrypted backups expire on the 30-day rolling cycle.
4.2 Account closure
A customer may close their account by writing to support@legalink.ai. On closure, we retain the account profile, drafts, and chat history for 90 days to allow for restoration in case of accidental closure or dispute, after which all customer-generated content is purged from primary storage. Statutory billing records continue to be retained per §3.4.
4.3 DPDP §11 erasure requests
Customers may submit a written erasure request to support@legalink.ai with the subject line "DPDP Erasure Request". We will acknowledge within 7 working days and complete erasure (subject to statutory exceptions noted above) within 30 days, in line with DPDP §11 timelines.
4.4 Inactive account auto-deletion
Free-tier accounts with no login activity for 24 consecutive months are flagged for deletion. The account holder receives notice at the email on file 30 days before deletion. Paid accounts in good standing are not subject to inactivity deletion.
5. Legal hold override
In limited circumstances, retention periods above may be extended where required by:
- A binding order from a court or regulator of competent jurisdiction in India.
- An active investigation by law enforcement under valid statutory authority.
- An ongoing dispute or claim involving the customer where the data is reasonably necessary for our defence.
Where a legal hold affects a customer's data, we will notify the customer of the hold's existence and scope unless we are legally prohibited from doing so. The hold is lifted promptly when the legal basis ceases.
6. Customer rights
- Right to early deletion. Customers may request deletion of any non-statutory data at any time and we will action it within 30 days.
- Right to know what is stored. Customers may request a written summary of the categories of data we hold about them, and we will respond within 14 working days.
- Right to export. Drafts can be exported as PDF or Word at any time from the dashboard. Bulk export of chat history and account data is available on written request.
- Right to challenge a retention period. Where a customer believes a retention period above is excessive for their context, they may write to us and we will review the basis in good faith.
- Right to legal-hold notification. Where any legal hold is applied to a customer's data, the customer will be notified unless we are legally prohibited from doing so.
Important Disclosure
7. Honest disclosures
We prefer to state our limitations openly rather than hide them behind generic compliance language. As of Version 1.0 of this policy:
- Backup deletion is not selective. Encrypted database backups operate on a 30-day rolling window. When a customer deletes data from primary storage, residual copies persist in backups until they expire on the rolling cycle. Backups are not restored except in a verified disaster-recovery event.
- Audit log carve-out. Audit log entries (payments, plan changes, team invites, draft deletions) are retained for 24 months even after the underlying account is closed, because removing them would impair our ability to investigate disputes and security events. The entries are pseudonymised where possible.
- No CERT-In framework yet. We do not currently have a formal CERT-In incident-notification process. This is on our Q3 2026 compliance roadmap. In the interim, customers affected by a confirmed incident are notified directly within 72 hours, with a written post-mortem within 7 days.
8. Update history
| Date | Version | Change | Reason |
|---|---|---|---|
| 8 May 2026 | 1.0 | Initial publication of Document Retention Policy. | Trust & Compliance program launch. |
9. Contact
For any question or request relating to this policy, write to support@legalink.ai. To help us route your request, please use one of the following subject lines where applicable:
- "DPDP Erasure Request" — for §11 deletion requests.
- "Data Export Request" — for bulk export of chat or account data.
- "Retention Question" — for clarifications about a specific category above.
- "Account Closure" — to close an account.