Privacy Policy

Effective date: 25 April 2026 · Last updated: 25 April 2026

This Privacy Policy describes how Advokacy ("we", "us", "our") collects, uses, stores and protects your personal data when you use our website and services. We are committed to compliance with the Digital Personal Data Protection Act, 2023 (DPDP Act) of India.

1. Who we are

Advokacy is a legal-technology product offering AI-assisted legal research, document intelligence, drafting, and All India Bar Examination (AIBE) preparation tools.

For DPDP purposes, Advokacy acts as the Data Fiduciary. For any questions, requests, or grievances, contact our Data Protection Officer at: pssr.legal@gmail.com.

2. What data we collect

2.1 Information you provide directly

• Account information: your full name and email address, provided when you sign up to access the AIBE Crash Course module.
• Documents you upload for analysis (FIRs, contracts, judgments, etc.) — see Section 5 below.
• Queries and conversations you have with our AI features.

2.2 Information collected automatically

• Page-view events (which pages you visit, when, in what sequence).
• Anonymous session identifiers stored locally in your browser.
• Browser type, operating system, approximate country (derived from IP address by our hosting provider).
• AI-feature usage events (which feature was invoked, token volume — for billing and capacity planning).

We do not collect government IDs, payment card details, biometric data, or sensitive personal data of children. If you are under 18, please do not use this service without the consent of a parent or guardian.

3. Why we collect it (purposes)

• To provide the service — authentication, session management, AI features.
• To improve the service — aggregated usage analytics, error monitoring, capacity planning.
• To send product updates and new-feature announcements — only if you have given separate, explicit consent at signup. You may withdraw at any time (see Section 8).
• To provide in-app personalised content — only if you have given separate, explicit consent at signup. You may withdraw at any time.
• To meet legal obligations — including responding to lawful requests from courts or regulatory authorities.

4. Lawful basis (DPDP Section 7)

We process your personal data on the basis of your consent, freely given at signup, with separate opt-ins for product updates and personalisation. We do not bundle these consents with the signup itself; refusal of marketing consent does not prevent you from using the service.

5. How long we keep your data

• Account data (name, email): until you request deletion or close your account.
• Uploaded documents: documents you upload to Document Intelligence are processed in memory by our AI service and are not stored on our servers. They are not added to any training dataset.
• AI conversations: not stored on our servers beyond the duration of your active session.
• Analytics events (page views, AI usage records): retained for up to 24 months for trend analysis, then aggregated and anonymised.
• Audit logs (security events): retained for up to 12 months.

6. Who we share data with (Data Processors)

We do not sell your personal data to anyone. We share strictly limited data with the following Data Processors who help us operate the service:

• Anthropic, PBC — provides the underlying Claude AI model that processes your queries. Your prompts are sent to Anthropic for inference. Anthropic's policy is to not train its models on data submitted via its API. Anthropic's privacy policy.
• Supabase Inc. — provides our user database and authentication. Supabase's privacy policy.
• Netlify, Inc. — hosts our website and serverless functions. Netlify's privacy policy.
• Indian Kanoon (when you use the Legal Research feature) — public legal database; we forward your query but do not share your identity.

Some of these providers may store data outside India. We rely on their respective contractual safeguards and standard practices for international data transfer.

7. How we secure your data

• All traffic between your browser and our servers is encrypted in transit (HTTPS/TLS).
• Our database access is restricted by Row-Level Security: you can only read your own data; admin staff can only access aggregated metrics and your account record (not your uploaded documents or AI conversations, which are not stored).
• API keys are stored in our hosting provider's encrypted environment-variable store, never exposed to browsers.
• We do not currently use cookies for tracking. Session IDs are stored in your browser's localStorage and are not transmitted to third parties.

8. Your rights under the DPDP Act

You have the right to:

• Access — get a copy of the personal data we hold about you.
• Correct — fix inaccurate or incomplete data.
• Erase — request deletion of your account and all associated personal data.
• Withdraw consent — for marketing or personalisation, at any time, without affecting your ability to use the service.
• Grievance redressal — raise a complaint about how we handle your data.
• Nominate — designate another person to exercise your rights in case of death or incapacity.

To exercise any of these rights, email pssr.legal@gmail.com. We will respond within 30 days.

If you are not satisfied with our response, you have the right to escalate to the Data Protection Board of India.

9. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be notified to registered users by email at least 14 days before they take effect. Continued use of the service after the effective date constitutes acceptance of the revised policy.

10. Contact

For privacy queries, data subject requests, or grievances:

• Email: pssr.legal@gmail.com
• Subject line: "DPDP Request — <your full name>"

This privacy policy is provided as a starting point and reflects current best understanding of the DPDP Act, 2023. It is recommended you have it reviewed by qualified counsel before relying on it for production traffic.