These Data Processing Terms govern how Caseline — Chamber Management System handles, stores, and protects your data. This document supplements the EULA and Subscription Agreement.

Data Controller & Processor: Shubham Sakarwal S/o Gyaneshwar Sakarwal, Date of Birth: 14 January 1991, Advocate, Dehradun, Uttarakhand, India. Operating under the trade name: Advoverse Technologies.

Caseline is designed with an offline-first architecture. The vast majority of your data resides locally on your device and is never transmitted to our servers unless you explicitly enable cloud features.

Account Data (Mandatory)

• Email address — account identification, communication
• Full name — identification, invoicing
• Phone number (if provided) — support, recovery
• Password — stored as bcrypt hash only, never in plain text

Licence & Activation Data (Mandatory)

• Machine ID (hardware fingerprint) — device binding, piracy prevention
• Activation Key — licence validation
• IP address at activation — security, fraud detection
• Activation/deactivation timestamps — audit trail
• Device name, OS version — compatibility support

Payment Data

• Transaction ID, amount, date, invoice number — tax compliance
• Payment method type (UPI/Card/Net Banking) — records
• We do NOT store card numbers, CVVs, or full UPI IDs — payments are handled by Razorpay/Stripe

Usage Analytics (Anonymised)

• Feature usage frequency — product improvement
• Session duration — performance analysis
• Error logs, crash reports — bug fixing

Encryption

• Data at rest: AES-256 encryption of sensitive fields
• Data in transit: TLS 1.2 / HTTPS for all server communications
• Cloud backups: AES-256 encrypted before upload
• Passwords: bcrypt with salt (cost factor 12)

Authentication & Access Control

• JWT tokens with expiry (24-hour access, 7-day refresh)
• Admin access requires separate credentials + PIN
• Machine binding via hardware fingerprint verification
• API rate limiting against brute-force attacks

Infrastructure

• Hosted on Supabase (AWS infrastructure, SOC 2 compliant)
• PostgreSQL with Row-Level Security (RLS)
• Parameterised queries (SQL injection prevention)
• Daily automated server backups (30-day rolling)

In the event of a data breach affecting our servers:

Note: We cannot detect breaches of locally stored data on your device. Local security is your responsibility.

We do NOT share data with advertising networks, data brokers, or marketing platforms.

You have the right to:

• Access — Request a copy of personal data we hold
• Correction — Request correction of inaccurate data
• Deletion — Request deletion (subject to legal retention requirements)
• Withdraw consent — Disable optional features (cloud backup, analytics)
• Grievance — Lodge a complaint regarding data handling

To exercise these rights, email: support@advoverse.com with subject "DATA PRIVACY REQUEST". Response within 30 days.

As the Data Controller for all Case Data, you are responsible for:

• Obtaining consent from clients before entering their data
• Complying with Advocates Act, 1961 and Bar Council confidentiality rules
• Maintaining device security (passwords, encryption, physical access)
• Regularly backing up local data
• Informing clients about use of digital practice management tools
• Deleting client data when no longer needed

Name: Shubham Sakarwal

Designation: Proprietor & Grievance Officer

Email: support@advoverse.com

Address: Dehradun, Uttarakhand, India

Response Time: Within 30 days of receipt

These terms are governed by Indian law, including the Information Technology Act, 2000 and the IT (Reasonable Security Practices) Rules, 2011. Disputes subject to exclusive jurisdiction of courts at Dehradun, Uttarakhand.