Legalyatra
Sign InGet Started

Privacy Policy

Last updated: 22 March 2026

1. Introduction

Legalyatra (“we”, “us”, “our”) operates the website legalyatra.com and related services. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data in compliance with the Information Technology Act, 2000 and the Digital Personal Data Protection Act, 2023 (DPDP Act).

2. Data We Collect

  • Identity data: Name, phone number, email address, Aadhaar number, PAN number (collected during document intake).
  • Document data: Information you provide during the AI intake process for generating legal documents.
  • Payment data: Transaction IDs, UPI references, payment amounts (processed by Razorpay — we do not store card numbers).
  • Usage data: Pages visited, features used, session duration, device info (collected via privacy-first analytics).
  • Communication data: WhatsApp messages, emails, and support conversations.

3. Sensitive Data & Encryption

Aadhaar numbers, PAN numbers, and other sensitive identity data are encrypted using AES-256 (pgcrypto) before storage. These are never stored in plain text and are only decrypted when required for document generation by authorized systems.

4. Data Residency

All personal data is stored on servers located in Mumbai, India (AWS ap-south-1 via Supabase). Your data never leaves Indian territory, in compliance with Indian data residency norms.

5. How We Use Your Data

  • To generate legal documents as requested by you.
  • To facilitate lawyer review and certification of your documents.
  • To process payments and send receipts.
  • To send order status updates via WhatsApp, email, or SMS.
  • To improve our AI and services (using anonymized, aggregated data only).
  • To comply with legal obligations and government requests.

6. Data Sharing

We share your data only with:

  • Licensed advocates: Who review and certify your documents.
  • Payment processors: Razorpay, for processing your payments.
  • Communication providers: Twilio (WhatsApp/SMS) and Resend (email) for order notifications.
  • AI providers: Anthropic (Claude API) for document drafting — only the intake data necessary for the specific document is shared, and Anthropic does not retain your data for training.

We never sell your personal data to third parties.

7. Data Retention

  • Document data: Retained for 7 years (Indian legal record-keeping requirements).
  • Payment records: Retained for 8 years (GST/tax compliance).
  • Account data: Retained until you request deletion.
  • Analytics data: Anonymized and aggregated — retained indefinitely.

8. Your Rights (DPDP Act 2023)

  • Right to access: Request a copy of your personal data.
  • Right to correction: Request correction of inaccurate data.
  • Right to erasure: Request deletion of your data (subject to legal retention requirements).
  • Right to grievance redressal: File a complaint with our Grievance Officer.
  • Right to nominate: Nominate someone to exercise your rights on your behalf.

9. Grievance Officer

In accordance with the IT Act 2000 and DPDP Act 2023, our Grievance Officer can be contacted at:

Email: grievance@legalyatra.com
Response time: Within 72 hours of receiving your complaint.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or an in-app notification. Continued use of our services after changes constitutes acceptance.