Effective Date: April 1, 2026 · Last Updated: April 1, 2026
Courtasy (“Company,” “we,” “us,” or “our”) operates the platform available at https://courtasy.com (the “Platform”). This Privacy Policy explains how we collect, use, store, disclose, and protect personal data when you or your organization (“Customer,” “you,” or “your”) access or use our services.
We are committed to protecting personal data in accordance with the Information Technology Act, 2000 and IT (SPDI) Rules, 2011, the Digital Personal Data Protection Act, 2023 (DPDP Act), the General Data Protection Regulation (GDPR) where applicable, and the California Consumer Privacy Act (CCPA) where applicable.
By accessing or using the Platform, you agree to the practices described in this Privacy Policy.
| Term | Meaning |
|---|---|
| Personal Data | Any information that identifies or can identify a natural person, directly or indirectly |
| Sensitive Personal Data (SPDI) | Financial information, passwords, and similar data as defined under IT (SPDI) Rules, 2011 |
| Data Fiduciary | Courtasy, as the entity that determines the purpose and means of processing personal data |
| Data Principal | The individual whose personal data is being processed |
| Processing | Any operation performed on personal data, including collection, storage, use, or deletion |
| Sub-processor | A third-party service provider engaged by Courtasy to process data on our behalf |
| Business Account | An account registered by a legal entity on the Platform |
This Platform is a Business-to-Business (B2B) service. We contract with legal entities and business users, not individual consumers. Personal data we process primarily relates to authorized representatives, employees, and contacts of our business Customers, and end-users who access the Platform under a Customer's account.
Any data your organization uploads, imports, or creates while using the Platform (“Customer Data”). Courtasy processes this data as a Data Processor acting under your instructions.
We use personal data only for lawful, specified purposes:
| Purpose | Legal Basis |
|---|---|
| Provide, operate, and maintain the Platform | Contract performance |
| Process payments and manage billing | Contract performance / Legal obligation |
| Create and manage your account | Contract performance |
| Send transactional and account-related emails | Contract performance |
| Provide customer support | Legitimate interest |
| Detect fraud, abuse, and security threats | Legitimate interest / Legal obligation |
| Analyze usage and improve the Platform | Legitimate interest |
| Comply with legal obligations | Legal obligation |
| Send product updates or marketing (with consent) | Consent |
We do not sell personal data to third parties.
We share personal data only where necessary and with appropriate safeguards.
| Sub-processor | Purpose | Data Shared | Region |
|---|---|---|---|
| Stripe | Payment processing | Billing name, email, payment method | USA |
| Clerk | Authentication & identity | Name, email, phone, auth tokens | USA |
| Resend | Transactional email delivery | Name, email address | USA |
| Analytics & workspace integrations | Usage data, identifiers | USA / Global | |
| AWS | Cloud infrastructure & data hosting | All platform data | USA (US clients) / India |
We maintain Data Processing Agreements (DPAs) with all sub-processors.
We may disclose personal data if required by law, court order, or government authority, or to protect the rights, property, or safety of Courtasy, our Customers, or others.
In the event of a merger, acquisition, or sale of assets, personal data may be transferred as part of that transaction. We will notify affected parties as required by applicable law.
| Data Type | Retention Period |
|---|---|
| Account data | Duration of contract + 3 years after termination |
| Financial records | 7 years (tax and accounting law compliance) |
| Usage logs | Up to 12 months |
| Customer Data | Deleted or returned within 30 days of contract termination, on written request |
You may request earlier deletion subject to our legal retention obligations.
| Right | Description |
|---|---|
| Access | Request a copy of the personal data we hold about you |
| Correction | Request correction of inaccurate or incomplete data |
| Erasure | Request deletion of your personal data (subject to legal exceptions) |
| Portability | Receive your data in a structured, machine-readable format |
| Objection | Object to processing based on legitimate interest |
| Withdraw Consent | Withdraw consent at any time where processing is consent-based |
| Grievance Redressal | Lodge a complaint with our Grievance Officer (see Section 13) |
To exercise any right, email legal@courtasy.com with the subject line “Privacy Request.” We will respond within 30 days.
Indian residents may file a complaint with the Data Protection Board of India once constituted under the DPDP Act, 2023. GDPR / EEA users may lodge a complaint with their local supervisory authority.
We implement industry-standard technical and organizational measures to protect personal data. See our Security Policy for full details. In the event of a personal data breach likely to result in risk to data subjects, we will notify affected parties and relevant authorities as required by applicable law.
We use cookies and similar tracking technologies. For full details, see our Cookie Policy.
Our Platform is designed exclusively for business use. We do not knowingly collect personal data from individuals under the age of 18. If we become aware that we have inadvertently collected such data, we will delete it promptly.
In accordance with the IT Act, 2000 and DPDP Act, 2023, we have appointed a Grievance Officer:
We may update this Privacy Policy from time to time. Material changes will be communicated via email or a prominent notice on the Platform at least 14 days before taking effect. Continued use after that date constitutes acceptance of the updated policy.