CTCase Trail
  • Product
  • Notebook
  • Solutions
  • Pricing
  • FAQ
Design systemSign inOpen workspace
Trust

Compliance

Where Case Trail stands against the regulations our customers operate under — Indian data protection law, BFSI guidance, and the security frameworks BFSI procurement teams ask about.

Effective 01 May 2026

On this page
  1. 01DPDP Act 2023
  2. 02RBI, IRDAI & sectoral guidance
  3. 03ISO 27001 & SOC 2
  4. 04Bar Council / advocate ethics
  5. 05AI governance
  6. 06Vendor due-diligence packet

01DPDP Act 2023

Case Trail is a Data Fiduciary for customer accounts and a Data Processor for matter files our customers upload. We obtain consent at signup, surface a clear privacy notice, and provide the rights granted by Sections 11–14 (correction, erasure, grievance).

For institutes processing material volumes of personal data (Significant Data Fiduciaries), we support DPIA-friendly configurations and provide the audit logs required to evidence Section 17 obligations.

Grievance officer contact and the full notice live in the Privacy Policy.

02RBI, IRDAI & sectoral guidance

For regulated BFSI customers (banks, NBFCs, insurers), Court Code can be deployed under your existing third-party-risk framework:

  • RBI Outsourcing Guidelines (2023): we provide the documentation packet (security controls, BCP, exit plan, audit rights) procurement teams need for the vendor file.
  • IRDAI Information & Cybersecurity Framework: our control set maps to the framework — we’ll walk through the mapping in a security review.
  • Data localisation: single-region (India) deployment is the default for BFSI customers.

03ISO 27001 & SOC 2

We operate to ISO/IEC 27001:2022 control alignment today. Formal certification is on the roadmap (2027). SOC 2 Type II observation begins in 2026. In the interim we share our control matrix and most-recent independent assessment under NDA during procurement.

04Bar Council / advocate ethics

Case Trail is a tool for advocates and legal teams. It does not provide legal advice and is not a substitute for professional judgement. The AI Court Notebook is a research assistant — citations are surfaced so the advocate can verify before relying on any output.

Confidentiality of client matter is preserved by the tenant-isolation model — see Security.

05AI governance

India does not yet have a binding AI act, but the IndiaAI Mission and the MeitY draft principles inform our defaults: transparency (every AI claim is cited), human-in-the-loop (advocate verifies before filing), and refusal-by-default (the Notebook says “I don’t know” rather than hallucinate). Customers can opt their tenant out of model improvements entirely.

06Vendor due-diligence packet

Available under NDA — request from [email protected]:

  • Security control matrix (ISO 27001 mapping)
  • Data flow diagram and processor list
  • Business continuity / disaster recovery plan
  • Penetration-test summary (annual)
  • Sample audit-log export
  • DPDP gap assessment

We’re happy to talk to your security, compliance, or procurement team directly. Reach out at [email protected] and we will set up a working session.

CTCase Trail

Legal operations for Indian enterprises — case ledger, cause-list, workflows, and a Notebook on every file.

Region · Mumbai
Product
  • Litigation & Case Mgmt
  • Legal Collections
  • Enterprise Legal Mgmt
  • Contract Lifecycle (CLM)
  • Practice Mgmt
  • AI Court Notebook
Solutions
  • For lawyers
  • For firms
  • For banks & NBFCs
  • For corporate GCs
  • Modules map
Company
  • About
  • Open workspace
  • Design system
  • Careers
  • Press
  • Talk to sales
Legal
  • Privacy
  • DPDP notice
  • Terms
  • Security
  • Trust centre
  • Status
© 2026 Case Trail — a product of LawyerDesk Advocacy Pvt Ltd · Made in Mumbai · IST · DD MMM YYYY
MumbaiSingapore