top of page

Data Protection Compliances 

In India's booming digital landscape, protecting your data is paramount. Navigating the complexities of the Digital Personal Data Protection Act (DPDP) can be daunting, but our comprehensive suite of data protection legal services empower you to comply confidently. From watertight Data Processing Agreements and secure Data Transfer Agreements to user-friendly Consent Forms and transparent Privacy Notices, we equip you with the tools and expertise to safeguard your data, build trust, and operate seamlessly in the digital age. Whether you're a growing startup or a seasoned enterprise, our legal solutions ensure compliance, minimise risks, and pave the way for worry-free data handling. Explore our tailored data protection legal documents and services and secure your digital future in India today.

Sign Up for Expert Consultation Now!

Thanks for your request. We will reach out to you shortly.

Anchor 1

Our Digital Data Protection Legal Services

Data Processing Agreement (DPA)

Secure your data partnerships with a bulletproof DPA. Clearly define how third parties handle your information, ensuring compliance, transparency, and control. Minimise legal risks, negotiate fair terms, and build trust with a custom DPA tailored to your unique needs

Consent Forms

Empower your users and build trust through effective Consent Forms. Obtain informed agreement for data processing, meeting legal requirements and exceeding user expectations. Grant transparency and user control with clear, accessible forms that strengthen relationships and protect sensitive information.

Data Transfer Agreement (DTA)

Conquer international data landscapes with confidence. A watertight DTA secures cross-border data transfers, meeting complex regulations, safeguarding sensitive information, and protecting your reputation. 

Privacy Notice

Communicate with candour and build trust with a transparent Privacy Notice. Openly disclose your data practices, informing users and protecting their privacy rights. Meet legal obligations, avoid penalties, and foster deeper engagement with a comprehensive and accessible notice.

Data Retention Policy

Declutter your digital world and boost compliance with a strategic Data Retention Policy. Define data lifespan for different categories, optimise storage, and minimise legal risks. Reduce costs, streamline data management, and demonstrate responsible data practices with a clear and well-defined policy.

Notice of Privacy Breach

Respond swiftly and professionally to data breaches with a pre-established Notice of Privacy Breach plan. Minimise damage, maintain user trust, and mitigate legal risks by swiftly notifying individuals and regulators about the breach and your swift response. Protect your reputation and demonstrate responsible data handling even in challenging situations.

Anchor 2

Affordable & Approachable

Expert Lawyers with 15+ Years of Experience

Customised Service as per Your Business Needs

Why Choose Us

  • Can a company respond to a legal notice without a lawyer?
    While not mandatory, it is strongly recommended to respond to legal notices with legal counsel to avoid self-incrimination, admissions, or legal risks. Aristo Legal helps draft precise, legally sound responses that protect your interests.
  • Can an internal investigation be initiated based on an employee complaint?
    Yes. We help companies conduct legally compliant internal investigations related to harassment, misconduct, or whistleblower allegations. This includes structuring the inquiry process and documenting findings for IC or board review.
  • How can Aristo Legal assist with ongoing legal and compliance matters beyond notices?
    We provide retainer-based corporate legal advisory, covering contract reviews, HR compliance, board advisory, shareholder alignment, due diligence, and legal risk mitigation—ensuring your business remains compliant and litigation-ready at all times.
  • What are common mistakes businesses make when sending legal notices?
    Common errors include vague language, missing facts, incorrect legal provisions, or failing to include a call to action. At Aristo Legal, we ensure that every notice is factually strong, legally sound, and strategically structured.
  • What should be included in a show cause notice to an employee?
    A valid show cause notice must mention the alleged misconduct, factual background, legal breach, and a deadline for response. We help HR teams draft such notices to meet labour law standards and reduce wrongful termination risk.
  • Can an MNC issue legal notices under Indian law?
    Yes, foreign companies operating in India or contracting with Indian parties can issue notices under Indian law, provided jurisdiction and governing law clauses support it. We advise MNCs on cross-border compliance and enforceability.
  • Is a legal notice mandatory before filing a case in India?
    In some cases—like cheque bounce (Section 138), contractual breaches, or specific civil suits—a legal notice is a mandatory prerequisite. Our team ensures notices are compliant and strategically worded to preserve your right to sue.
  • What are the consequences of ignoring a legal notice?
    Ignoring a legal notice can lead to court proceedings, reputational damage, and weaker legal defence. We help companies issue strong responses that buy time, propose settlement, or refute baseless claims.
  • How should a business handle defamatory or false allegations online?
    We help send cease-and-desist notices, defamation notices, and takedown requests to individuals or platforms. Where needed, we escalate the matter to civil or criminal court for reputation protection.
  • How can businesses prevent co-founder or shareholder disputes?
    Having clear founder agreements, shareholder agreements, and exit clauses in place is key. In case of conflict, we assist in sending notices, facilitating settlements, or initiating legal recourse if necessary.
  • Can foreign companies enforce contracts signed with Indian vendors or clients?
    Yes, foreign entities can enforce contracts in Indian courts, provided the contract includes a valid governing law and jurisdiction clause. We advise MNCs on risk allocation and enforceability in Indian commercial courts or arbitration forums.
  • Can a contract override provisions in Indian law?
    No. While contracts can structure commercial terms, they cannot override mandatory provisions of Indian law—like minimum wage, labour rules, or tax laws. We review all contracts for legal compliance.
  • What is the difference between an MSA and an SOW?
    A Master Services Agreement (MSA) sets the general terms of engagement, while the Statement of Work (SOW) defines project-specific details like timelines and deliverables. We help businesses structure both for recurring or milestone-based services.
  • What happens if a contract doesn’t include a dispute resolution clause?
    Without a dispute clause, jurisdiction defaults to civil courts, which may be slow and costly. We recommend including an arbitration clause with a preferred seat to ensure quicker and more predictable dispute resolution.
  • Why is it important to have written business contracts in India?
    Written contracts reduce ambiguity, protect your legal and commercial interests, and serve as key evidence in the event of disputes. In India, oral agreements are legally valid but far harder to enforce—making written contracts essential for risk management and compliance.
  • Can I limit my liability in a business contract in India?
    Yes. You can cap your liability through contract clauses—usually to the amount paid under the agreement or a specific limit. We ensure your limitation of liability and indemnity clauses are enforceable under Indian contract law.
  • How often should business contracts be reviewed or updated?
    It’s advisable to review key contracts annually or before a major business change, such as new regulations (like DPDP), funding rounds, mergers, or entering new markets. We offer ongoing retainer-based legal reviews to keep your documents up to date.
  • Are e-signatures valid and enforceable in India for commercial agreements?
    Yes. Under the Indian Information Technology Act, 2000, digitally signed agreements using Aadhaar eSign, DSC, or platforms like DocuSign are legally valid, with a few exceptions (e.g., real estate, powers of attorney).
  • What makes an NDA enforceable in India?
    An NDA must clearly define confidential information, duration of the obligation, and permitted disclosures. We draft mutual or one-sided NDAs that are enforceable and aligned with Indian judicial standards.
  • Do I need different contracts for vendors, consultants, and distributors?
    Yes. Each relationship type involves distinct legal rights, risks, and obligations. We draft role-specific agreements—such as vendor agreements, consulting contracts, and distribution deals—with appropriate clauses for termination, compliance, and deliverables.
  • Can I include a non-solicitation clause in employment contracts in India?
    Yes, non-solicitation clauses are enforceable in India if they’re reasonable and limited in scope. They can restrict ex-employees from poaching clients, vendors, or co-workers. We help draft enforceable versions that balance legal strength and fairness.
  • Can an employee be terminated during probation without notice?
    Yes, but only if your probation clause allows it. Best practice is to include a clear provision stating either party may terminate with or without notice. We help ensure your probation terms are legally enforceable and documented properly.
  • How can employers legally address moonlighting in India?
    Employers should clearly prohibit or regulate moonlighting through employment agreements or exclusive engagement clauses. Violations can be addressed through disciplinary action or termination. We help frame enforceable moonlighting clauses tailored to your industry.
  • Do I need different contracts for interns and apprentices?
    Yes. Interns and apprentices are governed by different laws and engagement models. Employers must define stipend, confidentiality, learning goals, and termination conditions. We draft compliant internship and apprenticeship agreements that protect your IP and brand.
  • Are HR policies legally binding in India?
    Yes—once communicated and accepted by employees, HR policies form part of the terms of employment. It’s essential to ensure they’re legally reviewed, up to date, and acknowledged (via email, or physical signature).
  • What documentation is required during Full & Final (F&F) settlement?
    You must issue a final settlement letter, relieving letter, and No Dues Certificate. The F&F must include unpaid salary, leave encashment, gratuity (if applicable), and PF/ESI updates. We offer legally reviewed templates for smooth off-boarding.
  • Is it mandatory to pay maternity benefits to women employees in India?
    Yes. Under the Maternity Benefit Act, eligible women are entitled to 26 weeks of paid maternity leave, and employers must pay the last 3 months' average salary during this period. Startups and SMEs must ensure compliance to avoid penalties.
  • What are the must-have clauses in an Indian Employment Agreement?
    Key clauses include: job description, compensation, confidentiality, IP assignment, termination, notice period, non-solicitation, and dispute resolution. We customise contracts for tech, remote, and leadership roles to ensure enforceability under Indian laws.
  • What are the legal essentials of a Work-from-Home (WFH) Policy?
    A WFH policy should define work hours, attendance, performance metrics, expense reimbursements, IT usage, and data protection duties. It should also include clauses on misconduct and disciplinary action. We help create India-compliant hybrid and remote work policies.
  • What's the legal difference between an employee and an independent contractor?
    Employees work under direct supervision and are entitled to statutory benefits (PF, ESI, gratuity), whereas independent contractors are self-governed and paid per project or deliverable. Misclassification can lead to compliance violations. We help draft clear employment vs. consultancy agreements.
  • What clauses must I include in commercial contracts to reduce DPDP-related risks?
    Key clauses to include: Compliance with Indian privacy laws (DPDP, IT Act, etc.) Indemnity for data breaches or non-compliance Data breach notification timelines (within 72 hours or less) Audit and inspection rights for clients or partners Retention and deletion obligations post-termination We tailor these to your vendor, client, or partner agreements for risk coverage.
  • What kind of consent must I collect under DPDP, and how should I document it?
    Consent must be free, specific, informed, and unambiguous. You should: Use granular opt-ins, not default “I agree” checkboxes Log timestamped records of consent Allow easy withdrawal of consent Update your Privacy Notice to reflect processing purposes We offer templated Consent Language + Privacy Notices for HR, websites, and platforms.
  • Do I need different Privacy Policies for employees, customers, and vendors?
    Yes. Each data subject category requires a tailored Privacy Notice: Employee Privacy Policy (for HR data) Customer-facing Privacy Policy (for platforms/websites) Vendor/partner data clauses in MSAs or NDAs We draft customised, DPDP-ready policies for each audience and review existing ones for compliance gaps.
  • As a global MNC with employees in India and abroad, what must I do to stay DPDP-compliant?
    You must: Execute a Data Protection Consent + Notice with all Indian employees Localise your Employee Data Policy for India Include a lawful purpose and retention clause Review global HR tech tools for Indian data compliance Update your internal training and SOPs to align with Indian law We provide a DPDP-compliant Employee Privacy Toolkit with everything ready to roll out.
  • Where should I specify the jurisdiction or governing law for data protection disputes?
    Include a clause specifying that Indian law governs and that disputes be resolved in Indian courts or arbitration centers (like Mumbai, Bangalore, or Delhi). For MNCs, this helps centralise data-related disputes and ensures the DPDP Act applies.
  • Can I transfer data collected in India to the US or EU under DPDP?
    Yes, but only to countries approved by the Indian government (a whitelist is expected). Until then, include in your contracts: Cross-border transfer clauses Data localisation fallback options Appropriate security representations from third parties
  • What are my responsibilities if I use third-party software or cloud tools to process personal data?
    You must ensure that these vendors: Sign a Data Processing Agreement (DPA) Host data in permitted geographies Have security certifications (ISO 27001, SOC2, etc.) Allow audits if requested We review third-party tools for legal risk and prepare SaaS onboarding templates to mitigate liability.
  • What internal measures should I implement to prepare for a data breach?
    You must: Draft a Data Breach Response Policy Appoint a Grievance Officer or internal breach response team Train your staff on breach escalation Set protocols for notifying the Data Protection Board and affected individuals We provide a ready-to-implement incident response SOP aligned with the DPDP Act.
  • What documents should I sign with clients to ensure DPDP compliance in B2B SaaS or IT services?
    You should enter into a Data Processing Agreement (DPA) or add a DPDP clause in your Master Services Agreement (MSA) if: You process data on behalf of the client You act as a data fiduciary using third-party processors The DPA must define responsibilities, cross-border data handling, breach notification, and deletion protocols. We draft watertight, India-ready DPAs.
  • What should a private limited or IT company do to start complying with the DPDP Act, 2023?
    Start by conducting a Data Audit to map all personal data you collect, store, and share (especially from customers, employees, vendors). Then: Draft a Privacy Policy tailored to Indian law Build a Consent Management System Update contracts with DPDP-compliant clauses Nominate a Grievance Officer and designate internal compliance roles We assist in executing this end-to-end through a DPDP Compliance Pack.
  • What is a Transfer Pricing Agreement and when is it needed?
    A Transfer Pricing Agreement governs transactions between related entities, like a foreign parent company and its Indian subsidiary. It ensures that goods, services, or IP are priced fairly under the arm’s length principle, as mandated by Indian Income Tax law and OECD guidelines.
  • What are the post-incorporation compliances for foreign subsidiaries in India?
    Once a subsidiary is set up, it must comply with: ROC filings (MCA) Tax registrations (PAN, TAN, GST) Foreign remittance reporting to RBI (FC-GPR via FIRMS portal) Board meetings, statutory audit, TDS, and payroll We provide ongoing legal and regulatory support to ensure 100% compliance.
  • What are the legal options for a foreign company to enter the Indian market?
    Foreign companies can enter India through: Wholly Owned Subsidiary (WOS) Joint Venture (JV) Branch Office, Liaison Office, or Project Office Limited Liability Partnership (LLP) (in some sectors) We advise on the optimal route based on your business model, FDI norms, and tax structure.
  • Is 100% Foreign Direct Investment (FDI) allowed in India?
    Yes, 100% FDI is allowed under the automatic route in many sectors such as IT services, e-commerce, manufacturing, and consulting. However, sectors like defense, telecom, media, and real estate may require prior government approval. We ensure full compliance with the FDI policy and FEMA regulations.
  • What are the legal requirements for remitting foreign capital into India?
    All foreign remittances into Indian companies must be reported to the RBI through Form FC-GPR, filed on the FIRMS portal, within 30 days of allotment of shares. We help with capital structuring, FIRC coordination, and RBI filings.
  • How can a foreign company register a wholly owned subsidiary in India?
    A foreign company can register a Private Limited Company as a wholly owned subsidiary by: Appointing at least one Indian resident director Having an Indian registered office address Submitting incorporation documents (MoA, AoA, ID proofs, board resolutions) We manage end-to-end incorporation, PAN, GST, RBI filings, and compliance.
  • Can foreign nationals be directors of Indian companies?
    Yes, foreign nationals can be appointed as directors in Indian companies, but at least one director must be an Indian resident. We help secure Director Identification Numbers (DIN), Digital Signatures (DSC), and draft board resolutions as required.
  • What is the difference between a shareholder and a director in an Indian company?
    A shareholder owns equity in the company and has financial rights (like dividends and voting). A director is responsible for managing the company’s day-to-day affairs and ensuring legal compliance. While shareholders own the company, directors run the company under the Companies Act, 2013.
  • What are the typical timelines to set up a foreign subsidiary in India?
    Incorporation of a foreign-owned private limited company generally takes 15–20 business days, including document notarisation, government approvals, and bank account opening. With our streamlined process, we ensure quicker, error-free registration.
  • Do foreign companies need a legal retainer in India for ongoing operations?
    Yes. Foreign companies benefit from a dedicated legal retainer for handling contracts, labour compliance, IP protection, vendor issues, and periodic legal filings. We act as your on-ground legal partner in India, offering cost-effective support with local insight and global standards.
  • What legal documents are needed when bringing in a strategic advisor or mentor?
    You should sign an Advisor Agreement that defines the scope, term, compensation (equity or honorarium), confidentiality, and non-compete terms. We prepare founder-friendly advisor contracts that avoid future ambiguity.
  • Do startups need NDAs even in early-stage discussions?
    Yes. A well-drafted Non-Disclosure Agreement (NDA) protects your ideas, product plans, code, or financials during discussions with investors, employees, or collaborators. We offer one-way and mutual NDAs depending on the context.
  • Do I need different documents for Indian vs foreign investors?
    Yes. Foreign Direct Investment (FDI) rules in India differ based on the investor’s country, investment amount, and sector. We draft SHA, SSA, and Board Resolutions tailored for both domestic and foreign investors, and assist with RBI/FEMA compliance.
  • How do I protect my startup’s intellectual property (IP)?
    Startups can protect their IP through IP Assignment Agreements, confidentiality clauses, non-compete terms, and, where applicable, trademark or patent filings. We ensure that all founders, employees, and contractors assign IP to the company to avoid future ownership issues.
  • What’s the difference between a Term Sheet and a Shareholders' Agreement (SHA)?
    A Term Sheet is a non-binding summary of the deal terms between the startup and investor. The Shareholders' Agreement (SHA) is the detailed, legally binding contract that governs investor rights, board control, exits, and more. We help startups from negotiation to final execution.
  • Why is a Co-Founder Agreement important, and when should it be signed?
    A Co-Founder Agreement defines roles, equity split, vesting, decision-making, exit clauses, and dispute resolution. It should ideally be signed before raising funds or building a product to prevent misunderstandings and protect founder relationships.
  • What legal documents are needed before launching a website or app?
    You must have a Terms of Use, Privacy Policy, and Cookie Policy that comply with India’s DPDP Act, especially if you're collecting user data. If you offer SaaS or platform services, a User Agreement or EULA may also be needed.
  • Can I raise angel funding without a company incorporation?
    No. To raise funding legally, your startup must be registered—typically as a Private Limited Company. Investors require shareholding, board rights, and due diligence, which can’t be done informally. We assist with company incorporation and investor documentation.
  • Can I issue equity to employees or advisors before my ESOP is set up?
    No. You must have a board-approved ESOP policy and grant letters in place before issuing options. Issuing equity informally or without legal documentation may raise red flags during due diligence or fundraising.
  • What legal steps should I take before pitching to investors or accelerators?
    Before sharing your pitch deck or prototype, have a Non-Disclosure Agreement (NDA) in place, make sure your company is incorporated, and ensure that IP rights are assigned to the company. We offer a legal readiness check before you pitch.
  • Can an employer unilaterally change the terms of employment in India?
    No, an employer cannot unilaterally change the terms of employment if those terms are part of a signed contract or implied by established company practice. Any change to salary, working hours, role, location, or benefits must be made with the employee’s consent. However, minor policy updates (like shift timings or reporting structures) may be permissible if the contract allows flexibility. We help employers legally implement workplace changes through proper contract amendments, employee communication, and risk review.
  • Are non-compete clauses enforceable in Indian employment contracts?
    Non-compete clauses during employment are valid, but post-employment non-competes are generally not enforceable under Section 27 of the Indian Contract Act. That said, non-solicit, confidentiality, and IP protection clauses can be enforced. We draft nuanced post-exit restrictions that hold up in court and deter unfair competition.
  • What are the employee data retention requirements under Indian law?
    Under the Digital Personal Data Protection (DPDP) Act, 2023, employers must retain employee data only for as long as necessary to fulfill legal or contractual obligations. Once an employee exits, sensitive personal data should be deleted or archived securely unless required by law. We help organisations draft employee data retention and privacy policies to stay compliant.
  • If employment agreement conflicts with the company's HR policy, which one applies?
    In most cases, the employment agreement will prevail. The employment agreement is a legally binding contract signed by both you and your employer. An HR policy, while important, is often a set of internal guidelines that can be amended by the employer. Unless your employment agreement explicitly states that you will be governed by the HR policy as amended from time to time, the specific terms of your signed contract will hold stronger legal weight in a dispute.
  • Can an employer terminate an employee without giving any reason in India?
    This is known as "termination simpliciter" (termination without cause). It is generally permissible only if your employment agreement contains a specific clause allowing for it. However, it is not absolute. The employer must: Provide the notice period as specified in your appointment letter (typically one to three months). Alternatively, they can pay you a salary in lieu of the notice period. The reason for termination cannot be malicious, discriminatory, or a guise for misconduct (which would require a formal inquiry). Courts can investigate the "real" reason if the termination is challenged.
  • What is the standard probation period in India and is it legally enforceable?
    Most companies in India use a probation period of 3 to 6 months, which must be clearly stated in the appointment letter. During probation, termination clauses can be more flexible. However, the probation period must still comply with Shops and Establishments Acts or Standing Orders (for factories). We ensure your probation and confirmation terms are fair and enforceable.
  • What documents are required during employee exit formalities in India?
    Employee exit documentation should include: Resignation acceptance letter Full and final settlement Relieving letter Experience certificate Exit checklist (assets, handover, NDAs) We help companies streamline exit formalities to avoid disputes or post-termination claims.
  • Are the new Labour Codes in India implemented?
    As of June 2025, the Four Labour Codes (Code on Wages, Industrial Relations Code, Social Security Code, and Occupational Safety Code) are expected to be implemented soon. Businesses should begin aligning contracts, payroll, and HR policies in anticipation of their enforcement across states.
  • What is the legal time limit for Full and Final (F&F) settlement after resignation?
    Under the Code on Wages, 2019, which is now in effect, an employer is legally required to pay the full and final settlement of all wages due to an employee within two working days of their last working day following resignation, termination, or retrenchment. This is a significant change from the previous, often longer, settlement periods.
  • How does an apprenticeship agreement differ from a regular employment contract?
    An apprenticeship is governed by the Apprentices Act, 1961 and is intended for training, not employment. Apprentices do not have the same rights as regular employees (e.g., PF, ESI, gratuity). A formal apprenticeship agreement must be signed and registered with relevant authorities. We ensure these contracts are compliant and distinguishable from fixed-term employment.
  • Is PoSH compliance mandatory for all private companies in India?
    Yes, under the PoSH Act, 2013, all companies in India with 10 or more employees must constitute an Internal Committee (IC) and implement measures to prevent and redress sexual harassment at the workplace. Non-compliance can attract penalties and reputational risks.
  • Is PoSH compliance linked with India’s DPDP Act (2023)?
    Yes, to some extent. As PoSH complaints often involve sensitive personal data, employers must ensure that employee data is processed lawfully and securely, in alignment with the Digital Personal Data Protection (DPDP) Act, 2023.
  • How often should the PoSH Internal Committee meet and report?
    The Internal Committee (IC) should meet at least once every quarter, even if there are no complaints, to review compliance, training, and awareness activities. With the newly launched SHe-BOX portal, quarterly reporting of IC activities and trainings is encouraged for stronger compliance, and the annual report must still be digitally uploaded by the Nodal Officer to the portal.
  • Can a lawyer represent the complainant or the respondent during the POSH inquiry?
    No. Section 11(1) of the POSH Rules, 2013, explicitly prohibits legal practitioners (lawyers) from representing either the complainant or the respondent during any stage of the inquiry proceedings before the Internal Committee.
  • Who can be appointed as the Nodal Officer for the SHe-BOX portal?
    The Nodal Officer must be an internal employee, such as an HR or Compliance Manager. They act as a liaison between the IC and the SHe-BOX portal, ensuring regular updates, complaint reporting, and annual submissions.
  • Can a witness refuse to testify or provide evidence to the Internal Committee (IC)?
    No, a witness generally cannot refuse. The POSH Act gives the Internal Committee the same powers as a Civil Court under the Code of Civil Procedure, 1908. This means for the purpose of an inquiry, the IC has the legal authority to summon and enforce the attendance of any person and examine them on oath and require the discovery and production of documents and other material evidence. If an employee who is summoned as a witness refuses to appear before the IC or provide requested evidence without a valid reason, it can be treated as misconduct under the company's service rules, potentially leading to disciplinary action.
  • What is the new requirement related to the SHe-BOX portal in 2025?
    Following a Supreme Court directive and Ministry of Women and Child Department circulars, it is now mandatory for all organisations with 10+ employees to appoint a Nodal Officer and register their organisation on the SHe-BOX portal. This officer ensures real-time compliance and complaint tracking on the platform.
  • Does the POSH Act cover harassment during remote work or on apps like Slack and WhatsApp?
    Absolutely. The definition of "workplace" under the POSH Act has been legally interpreted to include any place visited by the employee arising out of or during the course of employment.In 2025, this unequivocally includes an employee's home office, virtual meetings on Zoom or Teams, and all digital communication channels like Slack, Microsoft Teams, and WhatsApp groups used for official work. Any instance of sexual harassment on these platforms is fully covered.
  • Is training of Internal Committee (IC) members mandatory under the PoSH Act?
    Yes. IC members must undergo regular orientation and capacity-building programmes as per the PoSH Act and recent directives. The SHe-BOX portal now requires mandatory reporting of such IC trainings, including date, venue, resource person, and number of participants. Uploading this data is essential for compliance during inspections or audits.
  • What are the legal consequences of failing to comply with the POSH Act in 2025?
    The penalties for non-compliance are significant and strictly enforced.A first-time offence can result in a fine of up to INR 50,000/-. Repeated non-compliance can lead to double the fine and, more critically, the cancellation of your business license or registration.Beyond legal penalties, non-compliance poses a massive risk to your company's reputation and employee morale.
  • What happens at the "closing" of an investment round?
    "Closing" is the final step where all conditions precedent are met, the definitive agreements (SSA, SHA) are signed by all parties, and the investor wires the investment funds to the company's bank account. In return, the company officially allots the new shares to the investor.
  • Do I need to create an ESOP (Employee Stock Option Plan) pool before raising funds?
    Investors often require founders to create an ESOP pool before the investment. This is typically calculated on the "pre-money" valuation, meaning the founders' equity is diluted to create the pool, not the new investor's. It's a key negotiation point that impacts founder ownership.
  • What are the basic requirements for receiving Foreign Direct Investment (FDI) in India?
    The company must be eligible to receive FDI under the relevant sector's policy (most are under the "automatic route"). The investment must comply with RBI's pricing guidelines (shares cannot be issued to foreigners for less than their fair market value), and mandatory reporting must be done via the FIRMS portal (Form FCGPR) within 30 days of allotment.
  • What is the main difference between a Share Subscription Agreement (SSA) and a Shareholders' Agreement (SHA)?
    The SSA governs the one-time act of the investor "subscribing" to (or buying) new shares from the company. Its purpose is fulfilled once the investment is made. The SHA, on the other hand, is a long-term document that governs the ongoing relationship and mutual rights/obligations of all shareholders after the investment is complete.
  • What is legal due diligence and why is it important?
    Legal due diligence is an investigation conducted by investors into a company's legal affairs before an investment. They check corporate records, contracts, IP ownership, employment issues, and compliance. A clean due diligence report gives investors confidence and can speed up the funding process significantly.
  • What is a "cap table"?
    A capitalization table, or "cap table," is a spreadsheet that details the equity ownership of a company. It lists all the company's securities (common shares, preferred shares, options) and who owns them, showing ownership percentages on a fully diluted basis. It is a critical tool for managing equity.
  • What are the most important clauses to look for in a Shareholders' Agreement?
    Key clauses include liquidation preference (who gets paid first on an exit), anti-dilution provisions (protection from future down-rounds), board seats, veto rights (key decisions investors can block), and exit provisions like ROFR, Tag-Along, and Drag-Along rights.
  • Why can't I just use a standard investment agreement template from the internet?
    Templates are a risky one-size-fits-all solution for a situation that is unique to your company. They often lack crucial protections, may not be compliant with Indian law, and fail to capture the specific commercial understanding of your deal. A poorly drafted agreement can lead to costly disputes, loss of control, and problems in future funding rounds. Professional legal advice is an investment in your company's future.
  • What is equity dilution and how can I manage it?
    Equity dilution happens when a company issues new shares to investors, reducing the percentage of ownership of existing shareholders (including founders). While dilution is a natural part of fundraising, it can be managed by negotiating a fair valuation and understanding the impact of clauses like ESOP pools and anti-dilution provisions.
  • What is a Term Sheet and is it legally binding?
    A Term Sheet is a preliminary, non-binding document that outlines the basic terms and conditions of an investment. While most of its clauses (like valuation, investment amount) are not legally enforceable, certain clauses, such as 'Confidentiality' and 'Exclusivity' (or 'No-Shop'), are typically made legally binding.
  • What are the essential clauses in a SaaS Agreement?
    A well-drafted SaaS Agreement should include clauses on scope of service, user rights, data ownership, payment and billing, service levels (SLA), IP protection, termination, and liability limitation. These ensure clarity, reduce disputes, and support your business model.
  • Do I need a different legal agreement for enterprise clients versus individual users?
    Yes, absolutely. Individual users typically subscribe via a standardised "click-wrap" Terms of Service agreement. However, enterprise clients require a more detailed Master Service Agreement (MSA). An MSA is heavily negotiated and includes specifics on service levels (SLAs), data security warranties, indemnification, liability caps, and custom feature requirements. Offering a one-size-fits-all agreement can lose you major enterprise deals or expose you to unacceptable levels of risk.
  • What are the legal requirements for SaaS companies operating internationally from India?
    If you serve customers outside India, you must comply with their local laws. For example, if you have customers in Europe, you need to be GDPR compliant. If you serve California residents, the CCPA/CPRA applies. Your SaaS agreement and privacy policy must be drafted to accommodate these international regulations.
  • What is a Data Processing Addendum (DPA) and when is it required?
    A DPA is a legal document that outlines how customer data is collected, processed, stored, and shared. It’s mandatory for SaaS providers handling personal data, especially under GDPR, DPDP (India), and CCPA. We ensure your DPA aligns with global privacy laws.
  • What are the key legal risks for a SaaS startup during fundraising?
    Investors conduct rigorous legal due diligence. The biggest red flags for SaaS startups include: unclear IP ownership (e.g., code written by freelancers without proper contracts), non-compliance with data privacy laws like DPDPA or GDPR, poorly drafted customer agreements that create liability, and improper corporate structuring.
  • What legal documents are essential for a SaaS company in India in 2025?
    Every SaaS business in 2025 needs a core set of legally robust documents to operate securely and scale effectively. The absolute essentials include: a comprehensive SaaS Agreement (covering terms of service, subscription terms, and payment policies), a Privacy Policy that is fully compliant with India's Digital Personal Data Protection Act (DPDPA) 2023, Terms of Use and a Cookie Policy. Depending on your business model, you may also need a Service Level Agreement (SLA), a Data Processing Addendum (DPA), and watertight Vendor and Employee Contracts. Our legal services ensure these documents are tailored specifically to your product and jurisdiction.
  • What’s the difference between Terms of Service and a SaaS Agreement?
    Terms of Service (ToS) are general user-facing policies for your platform, while a SaaS Agreement is a negotiated contract—typically used for enterprise clients. We help you create both, depending on your customer base and business needs.
  • What is a SaaS Agreement and why do I need one?
    A SaaS Agreement is a legal contract between a software provider and its customers that governs access to cloud-based services. It protects your intellectual property, limits liability, defines payment terms, and ensures compliance with privacy laws. Every SaaS business—whether B2B or B2C—needs one to operate securely and professionally.
  • Do I need a separate SLA (Service Level Agreement)?
    Yes, especially if you're offering enterprise SaaS or business-critical services. An SLA defines performance metrics like uptime, support response times, and remedies for failure. We help you draft SLA terms that are commercially fair and legally enforceable.
  • How is a SaaS Agreement different from a traditional software license?
    Unlike traditional software licenses that permit downloading or installing software, SaaS Agreements allow users to access software via the cloud. These contracts focus on uptime, subscription models, support, and data protection—making them essential for modern software businesses.
  • Why do FAQs matter?
    FAQs are a great way to help site visitors find quick answers to common questions about your business and create a better navigation experience.
  • What is an FAQ section?
    An FAQ section can be used to quickly answer common questions about your business like "Where do you ship to?", "What are your opening hours?", or "How can I book a service?".
  • Where can I add my FAQs?
    FAQs can be added to any page on your site or to your Wix mobile app, giving access to members on the go.
  • How do I add a new question & answer?
    To add a new FAQ follow these steps: 1. Manage FAQs from your site dashboard or in the Editor 2. Add a new question & answer 3. Assign your FAQ to a category 4. Save and publish. You can always come back and edit your FAQs.
  • How do I edit or remove the 'Frequently Asked Questions' title?
    You can edit the title from the FAQ 'Settings' tab in the Editor. To remove the title from your mobile app go to the 'Site & App' tab in your Owner's app and customize.
  • Can I insert an image, video, or GIF in my FAQ?
    Yes. To add media follow these steps: 1. Manage FAQs from your site dashboard or in the Editor 2. Create a new FAQ or edit an existing one 3. From the answer text box click on the video, image or GIF icon 4. Add media from your library and save.

Subscribe to our newsletter.
Don’t miss out!

Thanks for subscribing!

Head Office

Reetika Gupta

21082, Prestige Falcon City, Kanakpura road,

Bangalore- 560062

Email: reetika@aristolegal.co.in

Explore PoSH Solutions

Posh expert solutions logo
  • LinkedIn

©2023 by aristolegal

Terms & Conditions

bottom of page