Privacy Policy

NyayaMitra AI is an AI-powered legal intelligence platform operated by NyayaMitra Technologies Pvt. Ltd. ("we", "us", "our"). We are committed to protecting the privacy and confidentiality of all information shared with our platform.

Contact: privacy@nyayamitra.ai

• Account information: Email address, name, password (bcrypt hashed — we never store plaintext), and profile details you provide.
• Legal queries and conversations: Messages you send to our AI agents and the responses generated. This is necessary to provide the service.
• Documents you upload: Files shared for OCR, contract review, or analysis. Stored encrypted in Supabase Storage (Mumbai region).
• Usage data: Pages visited, features used, session duration. Collected anonymously to improve the product.
• Device information: Browser type, IP address, operating system. Used for security and fraud prevention.
• Billing information: UPI transaction references. We do not store card numbers or full UPI IDs.

• Providing and improving our AI legal services
• Authenticating your account and maintaining session security
• Sending transactional communications (query confirmations, account alerts)
• Complying with legal obligations under Indian law and applicable regulations
• Preventing fraud, abuse, and unauthorised access
• Analysing aggregated, anonymised usage to improve our AI models

We do not sell your personal data to third parties. We do not use your legal queries to train general-purpose AI models without explicit consent.

Under the Digital Personal Data Protection Act, 2023 (DPDPA) and applicable privacy law, we process your data under:

• Contract performance: To provide the services you have subscribed to
• Legitimate interests: Security monitoring, fraud prevention, product improvement
• Legal obligation: Compliance with Indian laws, court orders, regulatory requirements
• Consent: For analytics cookies and marketing communications (you can withdraw at any time)

• All data is stored in Supabase (Mumbai, ap-south-1 region) — data residency in India
• Encryption in transit: TLS 1.3 on all connections
• Encryption at rest: AES-256 for all stored documents
• Access controls: Role-based, principle of least privilege
• Passwords: bcrypt with 12 rounds — we cannot see your password
• Security audits conducted quarterly

We share data only with:

• Anthropic: AI inference for legal analysis (data processed but not retained for training per our enterprise agreement)
• Supabase: Database and file storage infrastructure
• Railway: Application hosting
• Law enforcement: Only under valid court order or statutory obligation

• Right to access: Download all your data via Settings → Data & Privacy → Export my data
• Right to erasure: Delete your account and all associated data via Settings → Data & Privacy → Delete account
• Right to correction: Update your profile information in Settings at any time
• Right to portability: Your exported data is provided in machine-readable JSON format
• Right to object: Opt out of analytics via Cookie Preferences (accessible in the footer)
• Right to withdraw consent: Withdraw cookie consent at any time via the Cookie Preferences link

To exercise any right, email privacy@nyayamitra.ai. We respond within 30 days.

• Active account data: Retained for the lifetime of your account
• Chat history: 2 years from last message
• Uploaded documents: 1 year unless deleted by you
• Account deletion: All personal data deleted within 30 days. Audit logs retained for 7 years per compliance requirements.

We use cookies for authentication, preferences, and anonymised analytics. See our Cookie Policy for details. You can manage your preferences at any time via the cookie consent banner.

NyayaMitra AI is not intended for users under 18. We do not knowingly collect personal data from minors. If you believe a minor has registered, contact us immediately.

We will notify registered users by email at least 14 days before material changes take effect. The effective date at the top of this page reflects the current version.

As required under DPDPA 2023, our Data Protection Officer can be reached at:
dpo@nyayamitra.ai
Response time: Within 7 business days