Privacy Policy

We collect information in two broad categories: information you provide directly to us, and information we collect automatically when you use the Service.

1.1 Account & Professional Information

• Name — your full name as registered on the platform.
• Email address — used for account login, notifications, and communications.
• Mobile number — used for account verification, OTP login, and optional WhatsApp notifications.
• Bar Council Enrolment Number — to verify your professional credentials (where provided).
• Practice / Firm information — chamber name, office address, city, state, GSTIN, and PAN (optional, for invoicing purposes).
• Profile photograph — optional, used for your account avatar.

1.2 Client and Case Data

As a legal practice management tool, you may upload or enter data about your clients and legal matters. This may include:

• Client names, contact details (mobile, email, address), and client type (individual, company, family, organisation).
• Case/matter details: case numbers, CNR numbers, court names, hearing dates, case stages, opposite party information.
• Fee agreements, payment records, and expense entries related to matters.
• Documents uploaded by you (affidavits, notices, petitions, court orders, etc.).
• Notes, tasks, and reminders associated with matters.

You are the data controller of this client and case information. We process it solely on your behalf as a data processor, in accordance with your instructions and these terms.

1.3 Usage and Technical Data

• Log data: IP address, browser type, device information, pages visited, timestamps.
• Feature usage patterns: which sections of the app you use, actions performed (anonymised where possible).
• Error and performance data to diagnose issues and improve the Service.

1.4 Payment Information

We do not store your full credit/debit card details on our servers. Payment processing is handled by our third-party payment gateway provider (see Section 6). We retain a record of transaction amounts, dates, and payment references for billing and accounting purposes.

We use the information we collect for the following purposes:

• To provide the Service: Creating and managing your account, displaying your matters, hearings, clients, fees, and documents within the application.
• To process payments: Handling subscription billing, generating receipts, and managing account renewals.
• To send notifications: Hearing reminders, payment due alerts, trial expiry notices, and important Service updates via email, SMS, or WhatsApp (where you have opted in).
• To improve the Service: Analysing aggregated, anonymised usage data to understand how the platform is used and where we can make improvements.
• To provide customer support: Responding to your queries and resolving technical issues.
• To comply with legal obligations: Maintaining records as required by Indian law, including GST regulations and applicable tax laws.
• To protect our rights: Detecting, investigating, and preventing fraudulent activity, abuse, and security threats.

3.1 Location: We prefer to store all data on servers located within India. Where we use third-party cloud infrastructure (see Section 6), we endeavour to select providers that offer India-based data residency options. Where data is processed or stored outside India, we ensure appropriate contractual safeguards are in place.

3.2 Encryption: Data is encrypted in transit using TLS (Transport Layer Security). Sensitive data at rest is encrypted using industry-standard AES-256 encryption. Passwords are hashed using a secure, salted hashing algorithm (e.g., bcrypt) and are never stored in plain text.

3.3 Access Controls: Access to your data within our systems is restricted to authorised personnel on a need-to-know basis, subject to confidentiality agreements. We maintain audit logs of administrative access to production systems.

3.4 Security Practices: We follow industry best practices including regular security assessments, vulnerability scanning, and responsible disclosure procedures. However, no electronic storage or transmission method is 100% secure, and we cannot guarantee absolute security.

3.5 Breach Notification: In the event of a data breach that poses a risk to your rights and freedoms, we will notify you and relevant authorities as required by applicable Indian law (including the Digital Personal Data Protection Act, 2023 when in full force), without undue delay.

We retain your data for as long as necessary to:

• Provide the Service to you while your account is active.
• Comply with our legal obligations (e.g., GST records).
• Resolve disputes and enforce our agreements.

Active Accounts: All data is retained for the duration of your active subscription.

After Cancellation: Upon cancellation of your subscription, your account data (matters, clients, documents, etc.) will be retained for 30 days from the effective cancellation date. During this period, you may log in, export your data, or reactivate your subscription. After 30 days, your data will be permanently and irreversibly deleted from our active systems. Anonymised, aggregated data may be retained for analytical purposes.

Billing Records: Transaction records and invoices may be retained for up to 8 years as required under Indian tax laws.

Data Export: You can export your data in CSV or PDF format at any time from within the application. We strongly recommend exporting your data before cancelling your account.

We use cookies and similar tracking technologies to operate and improve the Service. Cookies are small text files placed on your device when you visit our website.

5.1 Essential Cookies: Required for the Service to function. These include session cookies that keep you logged in and security tokens that protect against CSRF attacks. You cannot opt out of essential cookies without disabling the Service.

5.2 Analytics Cookies: We use analytics tools (see Section 6) to understand how users interact with our platform. These cookies collect information about pages visited, time spent, and navigation paths. This data is aggregated and anonymised where possible.

5.3 Preference Cookies: Used to remember your settings and preferences, such as sidebar state and display preferences.

5.4 Managing Cookies: Most browsers allow you to control cookies through their settings. Disabling non-essential cookies will not prevent you from using the Service, but some features may not function optimally.

We rely on carefully selected third-party service providers to operate NyayVakil. These providers access only the minimum data necessary to perform their services and are contractually bound to protect your data.

We do not use advertising networks or sell data to data brokers. Links within the Service to external websites are provided for convenience; we are not responsible for the privacy practices of those external sites.

Subject to applicable Indian law (including the Digital Personal Data Protection Act, 2023), you have the following rights regarding your personal data:

• Right of Access: You can request a copy of the personal data we hold about you.
• Right to Correction: You can update your account information directly within the application or request correction of inaccurate data.
• Right to Deletion: You can request that we delete your personal data. This is fulfilled by deleting your account. Note that we may retain certain data as required by law (e.g., billing records).
• Right to Data Portability: You can export your data (matters, clients, fees, documents) in machine-readable format at any time from the application.
• Right to Withdraw Consent: Where we process your data based on consent (e.g., marketing emails), you can withdraw consent at any time via the unsubscribe link or account settings.
• Right to Raise a Grievance: You have the right to raise a grievance with our designated Grievance Officer (see Section 10) or with the relevant data protection authority in India.

To exercise any of these rights, please contact us at privacy@nyayvakil.in. We will respond within 30 days of receiving a verifiable request.

NyayVakil is a professional platform intended solely for use by legal professionals and their authorised staff who are at least 18 years of age. The Service is not directed at children under the age of 18, and we do not knowingly collect personal data from minors.

If we become aware that we have inadvertently collected personal information from a person under 18, we will take prompt steps to delete that information. If you believe we may have collected data from a minor, please contact us immediately at privacy@nyayvakil.in.

We may update this Privacy Policy from time to time to reflect changes in our data practices, the Service, or applicable laws. When we make material changes, we will:

• Update the effective date at the top of this page.
• Notify you via email to your registered email address at least 14 days before the changes take effect (for significant changes).
• Display a notification within the application for a reasonable period.

We encourage you to review this Privacy Policy periodically. Your continued use of the Service after the effective date of any changes constitutes your acceptance of the updated policy.

If you have any questions, concerns, or complaints regarding this Privacy Policy or the handling of your personal data, please reach out to us:

If you are not satisfied with our response, you may escalate your concern to the appropriate data protection authority in India once the relevant provisions of the Digital Personal Data Protection Act, 2023 come into force.