Short version: We collect only what we need to run this website. We do not sell your personal data. We use Google AdSense for advertising and Google / GitHub OAuth for sign-in. You can delete your account at any time by contacting us.
Contents
1. Who we are
IndianLaw360 ("we," "us," "our") is an Indian law–focused community platform and tools website operated at indianlaw360.com. The website provides legal-education tools, a community discussion forum, and long-form articles related to Indian law. We are not a law firm and nothing on this website constitutes legal advice.
For privacy-related enquiries, please contact us at the address listed in Section 13.
2. Data we collect
2.1 CUET PG Score Calculator
When you use the CUET PG COQP11 Score Calculator, you voluntarily submit a response-sheet URL issued to you by the National Testing Agency (NTA) via the DigiLocker / DigiAlm platform. We handle this URL as follows:
- The URL is sent to our server, which fetches your publicly accessible response sheet to compute your score.
- We store a cryptographic hash (SHA-256 HMAC) of your URL — not the URL itself — along with your calculated score in a local file. This is used solely to power the relative-rank feature (so you can see how your score compares to other users of this tool).
- We do not store your name, roll number, NTA registration number, or any other personally identifying information from the response sheet.
- Your response-sheet URL is never logged, stored in plain text, or shared with any third party beyond the NTA server from which it is fetched.
2.2 Community accounts (registered members)
If you sign in via Google or GitHub OAuth, we receive and store:
| Data point | Source | Why we collect it |
|---|---|---|
| Email address | OAuth provider | Account identity, one-account-per-email policy |
| Display name | OAuth provider (editable) | Shown on your posts and profile |
| Profile avatar URL | OAuth provider (optional) | Displayed next to your content |
| OAuth provider & provider user ID | OAuth provider | Linking your sign-in to your account |
| Username (handle) | Auto-generated from email | Public profile URL (/u/username) |
| Bio | You (optional) | Shown on your public profile |
We do not receive or store your OAuth provider password. We store only the access token long enough to retrieve your profile, after which it is not retained for re-use.
2.3 User-generated content
When you create posts, comments, articles, or likes, that content is stored in our database and associated with your account.
2.4 Usage & log data
Our web server (Hostinger / LiteSpeed) may automatically record standard server logs, including IP address, browser user-agent, referring URL, and page requested. These logs are used for security monitoring and are retained for a limited period per Hostinger's hosting infrastructure policies. We do not use server logs to build individual user profiles.
2.5 Data you do not need to provide
You can browse all public posts, articles, and bare-act content without creating an account or providing any personal data.
3. How we use your data
- To operate the service: authenticate you, display your profile, store and show your posts and comments, send in-app notifications.
- To improve the service: understand aggregate usage patterns (via Google Analytics if enabled) and fix errors.
- CUET tool rank feature: your hashed URL and score are used solely to compute relative rank among tool users. No individual is identifiable from this data.
- Advertising: Google AdSense displays ads on this website. AdSense may use cookies and device identifiers to show relevant ads (see Section 5).
- We do not use your data for automated decision-making that produces legal or similarly significant effects.
4. Data sharing & third parties
We do not sell, rent, or trade your personal data. We share data only in these limited circumstances:
4.1 Service providers
| Provider | Purpose | Privacy policy |
|---|---|---|
| Hostinger | Web hosting & database | hostinger.com/privacy-policy |
| Google AdSense | Advertising | policies.google.com/privacy |
| Google OAuth | Sign-in | policies.google.com/privacy |
| GitHub OAuth | Sign-in | GitHub Privacy Statement |
| ui-avatars.com | Default profile avatar generation | ui-avatars.com |
4.2 Legal disclosure
We may disclose your information if required by applicable law, court order, or government authority, or if we believe disclosure is necessary to protect the rights, property, or safety of IndianLaw360, our users, or others.
4.3 Business transfer
In the event of a merger, acquisition, or sale of assets, user data may be transferred. We will notify users via a prominent notice on the website before any such transfer occurs.
5. Cookies & tracking
5.1 Session cookies (essential)
When you sign in to the community, we set a secure, HttpOnly session cookie (il360_sess) to keep you logged in. This cookie is strictly necessary and expires after 14 days of inactivity. No session cookie is set for visitors who are not signed in.
5.2 Google AdSense cookies (advertising)
Google AdSense sets cookies and uses similar technologies (including device fingerprinting) to serve personalised or contextual advertisements. You can opt out of personalised ads via Google Ad Settings or by visiting Your Online Choices (EU) / NAI opt-out (US).
5.3 Local storage (autosave)
The article editor uses browser localStorage to autosave drafts locally on your device. This data never leaves your browser and is cleared when you submit the form.
5.4 No cross-site tracking by us
IndianLaw360 itself does not set tracking cookies, analytics pixels, or fingerprinting scripts beyond those described above.
6. OAuth & sign-in
We use the OAuth 2.0 protocol for sign-in with Google and GitHub. When you choose to sign in:
- You are redirected to the provider's own login page — we never see your password.
- A cryptographically random state parameter is verified to prevent CSRF attacks during the callback.
- We request only the minimum scopes needed: your public profile (name, avatar) and email address.
- We use the access token only once to retrieve your profile at sign-in. We do not store access tokens for ongoing use or to access your provider account in any other way.
7. User-generated content
Posts, comments, and articles you create are publicly visible to all visitors (including unauthenticated ones) unless you delete them. Please do not include sensitive personal information in public posts.
Deleted content is soft-deleted (body replaced with "[deleted]") and retained in our database for a limited period to maintain comment-thread integrity, before being permanently purged. If you need content removed urgently, contact us.
Content moderation: IndianLaw360 is not a law firm and cannot verify the accuracy of user-submitted legal content. Community content is not legal advice. Users are responsible for the accuracy of their submissions.
8. Data retention
| Data type | Retention period |
|---|---|
| Account data (email, name, username) | Until you delete your account |
| Posts, articles, comments | Until deleted by you (soft-delete), permanent purge within 90 days |
| Notifications | 90 days |
| Session cookies | 14 days sliding (cleared on logout) |
| CUET score entries (hashed URL + score) | Duration of the relevant exam cycle; cleared periodically |
| Server access logs | Per Hostinger's infrastructure policy (typically 30–90 days) |
9. Your rights
Depending on your jurisdiction, you may have the following rights regarding your personal data:
- Access: request a copy of the personal data we hold about you.
- Correction: update your display name and bio via the Settings page; your email is managed by your OAuth provider.
- Deletion: request deletion of your account and associated data by contacting us. We will process requests within 30 days.
- Portability: request your data in a machine-readable format.
- Objection / restriction: object to processing or request restriction where applicable.
- Opt-out of ads: use the Google and NAI opt-out links in Section 5.2.
To exercise these rights, contact us at the address in Section 13. We may need to verify your identity before fulfilling requests.
Indian law note: India's Digital Personal Data Protection Act, 2023 (DPDPA) provides rights to data principals including the right to information, correction, erasure, and grievance redressal. We are committed to honouring these rights as the DPDPA's rules come into effect.
10. Children's privacy
IndianLaw360 is intended for users aged 13 and above. We do not knowingly collect personal data from children under 13. If you believe a child under 13 has provided us with personal data, please contact us immediately and we will delete it.
11. Security
We implement reasonable technical and organisational measures to protect your data, including:
- HTTPS / TLS encryption for all data in transit.
- Secure, HttpOnly, SameSite session cookies.
- CSRF token protection on all state-changing requests.
- Passwords are never stored (OAuth-only authentication).
- Database credentials stored outside the web root in environment configuration files.
No method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.
12. Changes to this policy
We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date at the top of this page and, where appropriate, notify registered members via an in-app notification or prominent site notice.
Continued use of IndianLaw360 after changes are posted constitutes your acceptance of the updated policy.
13. Contact us
For privacy-related questions, data requests, or concerns, please reach out:
IndianLaw360
Website: indianlaw360.com
Community: indianlaw360.com/community/
Email: Use the contact link in the community settings or reach us via the website.
We aim to respond to all privacy enquiries within 30 days.