Juriven LLP
Get Started
Juriven LLP
Resolve Disputes Legal Services Protection Plans Legal Insights Careers Get Started

Data Security Policy

Juriven LLP

Last Updated: Feb 28, 2026

1. Executive Summary and Purpose

1.1 Introduction

This Data Security Policy ("Policy") establishes comprehensive data security standards, procedures, and controls for Juriven LLP ("Organization", "We", "Us"), a legal technology company providing online dispute resolution (ODR) and legal services through its digital platform.

1.2 Scope and Application

This Policy applies to:

  • (a) All personal data, confidential information, and sensitive data processed by Juriven
  • (b) All employees, contractors, temporary staff, and third-party service providers
  • (c) All systems, databases, servers, and infrastructure used to store or process data
  • (d) All data transmission channels and communication methods
  • (e) Handling of client confidential information, legal documents, dispute communications, and privileged data
1.3 Legal Framework and Compliance

This Policy ensures compliance with:

  • Digital Personal Data Protection Act, 2023 (DPDP Act)
  • Information Technology Act, 2000 (ITA 2000)
  • Indian Evidence Act, 1872 / Bharatiya Sakshya Adhiniyam, 2023
  • Arbitration and Conciliation Act, 1996
  • Mediation Act, 2023
  • Payment Card Industry Data Security Standard (PCI DSS)
  • Bar Council of India Rules & Advocates Act, 1961

2. Roles and Responsibilities

2.1 Data Protection Officer (DPO)

Juriven shall appoint a designated Data Protection Officer responsible for:

  • (a) Oversight of data protection compliance
  • (b) Monitoring DPDP Act implementation
  • (c) Managing data breaches and incidents
  • (d) Liaison with Data Protection Board of India (DPBI)
  • (e) Conducting Data Protection Impact Assessments (DPIAs)

Contact:
Email: jurivenindia@juriven.com
Telephone: +91 7822919856

3. Data Classification and Handling

3.1 Classification Framework

Public Data: General service information; basic protection.

Confidential Data (Internal): Employee and business records; role-based access.

Sensitive Personal Data (Client Data): Encrypted at rest and in transit; strict access control.

Highly Confidential Legal Data: Privileged communications; end-to-end encryption; maximum security.

4. Encryption and Cryptography

Type Standard
Encryption at Rest AES-256 bit
Encryption in Transit TLS 1.2 / TLS 1.3
Database Encryption Transparent Data Encryption (TDE)
API Security OAuth 2.0 / JWT

5. Access Control and Authentication

5.1 Multi-Factor Authentication (MFA)
  • Strong password (minimum 12 characters)
  • OTP / Biometric / Hardware security key
  • Account lockout after 5 failed attempts (30 minutes)
5.2 Password Policy
  • Minimum 12 characters with mixed case, numbers, special characters
  • Password expiration every 90 days
  • Last 5 passwords cannot be reused
  • No password sharing permitted

9. Incident Management and Data Breach Response

9.4 Data Breach Response Timeline

Immediate Response (Within 6 Hours)

  • Verify breach
  • Contain affected systems
  • Activate response team
  • Notify CERT-In

Investigation (24–72 Hours)

  • Forensic analysis
  • Root cause identification
  • Impact assessment

Notification (Without Undue Delay)

  • Notify DPBI
  • Notify affected individuals
  • Provide protective guidance

10. Attorney-Client Privilege Protection

Communications between clients and legal professionals are protected under Section 132 of Bharatiya Sakshya Adhiniyam, 2023.

  • Mark communications as “CONFIDENTIAL – SOLICITOR-CLIENT PRIVILEGE”
  • End-to-end encryption
  • Restricted access to authorized legal professionals
  • Separate secure storage

15. Compliance Monitoring and Auditing

Metric Target Frequency
System Uptime 99.5% Monthly
Incident Response < 1 hour (critical) Monthly
Vulnerability Remediation 24 hrs (critical) Monthly
Staff Training 100% annually Quarterly

20. Contact Information and Escalation

Data Protection Officer / CISO
Email: jurivenindia@juriven.com
Telephone: +91 7822919856
Website: www.juriven.com

Appendix: Data Security Checklist

Daily Tasks

  • ☐ Review access logs
  • ☐ Verify backup completion
  • ☐ Monitor system health

Weekly Tasks

  • ☐ Review access controls
  • ☐ Test backup restoration
  • ☐ Scan networks

Monthly Tasks

  • ☐ Conduct vulnerability scans
  • ☐ Review metrics
  • ☐ Audit access rights

Quarterly Tasks

  • ☐ Penetration testing
  • ☐ Disaster recovery drill
  • ☐ Policy review

21. Acknowledgment and Acceptance

All employees, contractors, and users acknowledge that they have read and agree to comply with this Data Security Policy. Non-compliance may result in disciplinary or legal action.

Juriven LLP
Registered under the Limited Liability Partnership Act, 2008