Privacy Policy

1. Who We Are

KanoonPilot is an informational technology platform that uses AI to help people understand legal documents and safer next steps. The platform is intended for users in India and is operated subject to applicable Indian law.

Important: KanoonPilot is NOT a law firm, does NOT provide legal advice, and does NOT create any attorney-client relationship. See our Terms of Service.

2. What We Collect

Uploaded Documents

The legal document you voluntarily upload for analysis. It may remain associated with your case or request until you delete it through available controls or submit a tracked deletion request.

Usage Analytics

Minimal operational signals such as page views, browser events, error states, or abuse-prevention events may be reviewed to run and improve the platform. We try to minimize direct personal identifiers where reasonably possible.

Contact Information (if provided)

Only when you voluntarily contact us or create an account/session tied to your workspace: name, email address, and your message or account content.

Preferences

Language and theme preferences stored in your browser's localStorage — not on our servers.

3. What We Do Not Ask You To Type as Separate Fields

This section means the main upload flow does not intentionally require these values as separate form fields. They may still appear inside documents you upload, which is why you should avoid sharing unnecessary identifiers.

Aadhaar numbers as a required upload field

PAN, Voter ID, Passport, or driving license numbers as required upload fields

Biometric data as a product feature

Precise GPS location data

Phone numbers unless you voluntarily provide one in a contact or messaging flow

4. How We Use Your Data

Document analysis: Your uploaded document is processed by our AI to generate a simplified explanation, identify relevant laws, and suggest next steps.

Service improvement: Operational diagnostics and product review may be used to improve OCR quality, reliability, and user experience. Where reasonably possible, we prefer aggregated or de-identified signals.

Communication: If you contact us, we use your email solely to respond to your query.

Legal compliance: Where required by Indian law (e.g., valid court order).

We Never: Sell your data, use your documents for advertising, or share personal data with third parties for marketing. We also do not intentionally use personal documents to train models without additional notice and consent.

5. Legal Basis (DPDP Act)

Under the Digital Personal Data Protection Act, 2023, we process your data on the following lawful bases:

Consent (Section 6): You provide explicit consent before uploading a document through our consent flow. You can withdraw consent at any time.

Legitimate Uses (Section 7): Limited technical logs, abuse prevention, and service diagnostics may be processed where reasonably necessary to run, secure, and improve the platform.

6. Data Retention & Deletion

Uploaded Documents

May remain associated with your case or request until you delete it through available controls or submit a tracked deletion request. Do not assume automatic 24-hour deletion in every environment.

Analysis Results

Saved analyses, OCR output, and workspace data may remain attached to your case history until you remove them or request deletion.

Account Data

Account and authentication records may be retained while your account remains active and for a reasonable period afterwards for security, fraud prevention, or legal obligations.

Contact Messages

Retained only as long as reasonably needed to respond, follow up, or document the interaction.

7. Security Measures

Encryption in transit: Public connections use HTTPS/TLS.

Stored data protections: Stored data relies on provider-managed storage protections and restricted application access.

Regional processing posture: We are moving sensitive OCR and AI processing toward India-region infrastructure where available. Do not treat every environment as fully India-only unless we state that explicitly for that environment.

Access controls: Case ownership checks and audit events are used for sensitive actions. Administrative and partner controls are being strengthened over time.

Security reviews: We conduct internal reviews and plan formal external security assessments before broad public launch.

8. Third-Party Services

We currently rely on infrastructure, anti-abuse, and OCR/AI providers. Exact providers may vary by environment and rollout stage.

Service	Purpose	Data Shared
AI Processing	Document analysis & simplification	Uploaded files or extracted text needed for OCR/analysis
Cloudflare	CDN & DDoS protection	IP addresses (standard web)
Anti-abuse checks	Spam and bot prevention	Browser interaction signals, IP address, and request metadata

We do not embed social media trackers, advertising pixels, or cross-site tracking technologies.

9. Your Rights Under DPDP Act

As a Data Principal under the DPDP Act, 2023, you have the following rights:

Right to Access (Section 11)

Request a summary of the personal data we hold about you and how it is being processed.

Right to Erasure (Section 12)

Request deletion of personal data we control, subject to technical limits, case history design, and applicable legal obligations.

Right to Correction (Section 11)

Request correction or updating of inaccurate personal data.

Right to Withdraw Consent (Section 6)

Withdraw your consent at any time. This will stop all processing of your personal data going forward.

Right to Grievance Redressal (Section 13)

Use our tracked grievance or data-rights flow first, and pursue any escalation route available under applicable law if the issue is not resolved.

To exercise any right: Use the Data Rights & Grievance Center for a tracked request reference, or use our contact page if you cannot access the form.

10. Children's Data

KanoonPilot does not knowingly collect personal data from children under the age of 18 without verifiable parental consent, as required by Section 9 of the DPDP Act. If you believe a child's data has been submitted, please use the Data Rights & Grievance Center or our contact page for priority review.

11. Cookies & Local Storage

KanoonPilot uses minimal browser storage:

Key	Purpose	Duration
theme	Light/dark mode preference	Persistent
language	Language preference (EN/HI)	Persistent
emergency_dismissed	Emergency banner dismissed state	Session only

We do not use tracking cookies, advertising cookies, or any third-party cookies.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be highlighted on our website with a notification banner for at least 30 days. The "Last Updated" date at the top always reflects the most recent version. Continued use of KanoonPilot after changes constitutes acceptance of the revised policy.

13. Contact & Grievance Channels

Data Rights & Grievance Center

For deletion, export, correction, consent withdrawal, and grievance requests with a tracking reference.

Open tracked request center

General Contact

For general questions about this policy or the product.

Open contact page

Escalation: If you are not satisfied with our response, you may pursue any escalation route available to you under applicable law.

Contents

1. Who We Are

2. What We Collect

Uploaded Documents

Usage Analytics

Contact Information (if provided)

Preferences

3. What We Do Not Ask You To Type as Separate Fields

4. How We Use Your Data

5. Legal Basis (DPDP Act)

6. Data Retention & Deletion

Uploaded Documents

Analysis Results

Account Data

Contact Messages

7. Security Measures

8. Third-Party Services

9. Your Rights Under DPDP Act

10. Children's Data

11. Cookies & Local Storage

12. Changes to This Policy

13. Contact & Grievance Channels

Data Rights & Grievance Center

General Contact