Privacy Policy

We collect only the information necessary to provide the Service:

• Account information — name, email address, role, and hashed password provided at registration; admin flag where applicable.
• Session data — a secure session token stored in an HTTP-only cookie when you log in, plus server-side session records in our database linked to your account.
• Guest identifier — if you use the Service without an account, we may store a random device identifier in your browser's local storage so we can apply guest credit limits consistently. This is not used for cross-site tracking.
• Uploaded documents — PDFs, images, Word files, and plain text you submit for translation, comparison, bias or stress analysis, timeline extraction, CrossExamine, DocReply, and similar tools. Content is processed to deliver the feature you requested.
• Feature-specific records (logged-in users) — where a tool saves progress for your account (for example credit transactions, CrossExamine chat history and session reports, and similar session data), we store that information in our database tied to your user ID so you can resume work.
• Feedback — if you use the feedback form, we store your name, email, subject, message, category, and (if you are logged in) your account identifiers so we can respond and improve the Service.
• Technical data — IP address may be stored with certain actions (for example feedback or security logs). API request logs may be retained for up to 30 days for security and performance monitoring.

• To authenticate you and maintain your session securely.
• To process documents you upload using AI for translation, summarisation, bias analysis, stress detection, comparison, CrossExamine, DocReply, watermark-related tools, and other features you choose. All AI outputs are assistive only and must be verified by a qualified professional before acting on them.
• To operate our credit-based billing — recording grants, purchases, and usage of credits linked to your account or guest identifier.
• To allow you to update your profile (name, role, password).
• To review and act on feedback you submit.
• To monitor platform health, diagnose errors, and prevent abuse.
• We do not sell, rent, or share your personal data with third parties for marketing purposes.

Documents and text you provide are:

• Transmitted over HTTPS (TLS) when you use the website.
• Processed by our AI inference provider(s) to fulfil your request. Retention by those providers is governed by their policies; we configure processing for service delivery.
• Generally not kept as a permanent "document archive" after a single tool run unless a feature explicitly saves state to your account (for example saved CrossExamine session content or reports). Some optional chat attachments may be processed only for that message and not stored as files by us — see in-product notices where applicable.
• Not used by us to train proprietary models beyond what is stated in our agreements with providers.

⚠️ Do not upload documents containing highly sensitive personal data (e.g., Aadhaar numbers, financial account details) unless necessary for the task. Redact such information before uploading where possible.

Cookies

• When you sign in, we set one strictly necessary first-party cookie: legal_helper_session. It holds a random session token (not your password), is HTTP-only (not readable by page scripts), uses SameSite=Lax, is sent only over HTTPS in production, and expires after approximately 7 days or when you log out.
• We do not use third-party advertising cookies, behavioural tracking cookies, or analytics pixels as described in this Policy.

Legal basis & your choice

• The session cookie is necessary to provide the authenticated Service you request. By creating an account and logging in, you acknowledge that this cookie will be stored on your device for that purpose. If you do not want this cookie, you may use only guest features where available, or you can log out and clear cookies in your browser settings.
• Depending on your jurisdiction, you may have additional rights regarding personal data; see Section 7.

Local storage (guests)

• For users who are not logged in, we may store a device identifier in localStorage to recognise your browser for guest credit limits. You can remove it by clearing site data for our domain in your browser.

• Passwords are stored as SHA-256 hashes and never in plain text.
• All data in transit is encrypted with TLS 1.2+.
• Database access is restricted to server-side code only; credentials are never exposed to the client.
• Session tokens are cryptographically random 256-bit values.

• Account data is retained for as long as your account exists.
• Credit transaction records may be retained for accounting, support, and dispute resolution as long as your account exists or as required by law.
• Saved feature data (for example CrossExamine sessions you have stored) is retained until you delete it or delete your account, unless we must retain minimal records for legal obligations.
• Feedback submissions may be retained to operate support and improve the Service unless you ask for deletion where feasible.
• You may request deletion of your account and associated data by contacting us.
• Session tokens in cookies expire as described in Section 4; server-side session records are invalidated on logout or expiry.
• API usage logs are retained for up to 30 days.

Depending on your jurisdiction you may have the right to:

• Access the personal data we hold about you.
• Correct inaccurate information via your Profile page.
• Delete your account and associated data by contacting us.
• Object to certain uses of your data.

To exercise these rights, contact us at the address in Section 9.

• AI processing — document and text content you submit may be processed by AI providers (for example Google Gemini) to generate results. Their terms and privacy notices apply to that processing.
• Cloud database — we use MongoDB (for example MongoDB Atlas) to store accounts, sessions, credits, feedback, and other application data you generate.
• Firebase — used for parts of our authentication stack as configured in the product.
• Email delivery — transactional email (for example OTP messages) may be sent via SMTP or related infrastructure you configure.
• We select providers to support the Service; your data is shared only as needed for those purposes.

If you have questions, concerns, or requests regarding this Privacy Policy or your data, please contact:

🚫 Docgyan Legal AI is a software application. All outputs produced by this Service — including document translations, summaries, comparisons, bias analyses, and any other AI-generated content — are provided strictly for informational and assistive purposes. They are not legal advice and must not be treated as a final or authoritative result.

Before taking any action based on an output from this Service — especially in matters relating to property, legal rights, court proceedings, or financial decisions — you must independently verify the result and consult a qualified lawyer, legal professional, or relevant expert.

Docgyan Legal AI, its developers, and operators accept no liability whatsoever for any damages, losses, legal consequences, or adverse outcomes of any kind arising from use of or reliance on AI-generated outputs.

We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date at the top. Continued use of the Service after changes constitutes acceptance of the revised policy. We recommend reviewing this page periodically.