Privacy

Privacy Policy

Last updated on June 12, 2026

This Privacy Policy describes how Bharat Technologies, Inc., a Delaware corporation, and its affiliates ("Bharat.Law", "we", "us") collect, use, share, and protect personal data when you visit bharat.law, use the app at app.bharat.law, the mobile applications, the NyaI™ system, the External Advocate network, and the related products and services (the "Services").

We follow the local laws that apply to you and to us, including data-protection, technology and consumer-protection rules. Where another data-protection regime applies to your use of the Services, we apply the additional safeguards required by that regime.

If you are using the Services as an employee or contractor of an organisation that has a Platform Agreement with us, your organisation is the controller of matter content under applicable local laws; this Privacy Policy explains our practices, and the Platform Agreement governs our processing on your organisation's behalf.

1. Personal data we collect

Account and billing data
name, work email, mobile number, role, organisation, password (hashed), multi-factor tokens, billing address, GSTIN where applicable, and payment-instrument metadata (we do not store full card numbers; payments are processed by our payment partners).
Matter content
documents, queries, prompts, drafts, notes, and other content you or your Authorised Users submit to the Services. Matter content may contain any category of personal data the user chooses to submit, including sensitive personal data.
Usage and device data
actions you take in the Services, in-product telemetry, error logs, browser type, operating system, device identifiers, IP address, approximate geolocation derived from IP, and timestamps.
Communications data
support tickets, chat transcripts, in-product messages, voice calls (where permitted and disclosed), and email correspondence with us.
Information from third parties
data we receive from identity providers when you sign in via SSO, from court or government sources where you request a research result, and from payment processors confirming a transaction.
Information from External Advocates
where you engage an External Advocate through the Services, we may receive information from the advocate relating to your matter for fulfilment and quality-assurance purposes.

2. Why we use personal data

  • To provide the Services you have requested, including hosting matter content, retrieving and generating Outputs, processing payments, and connecting you with External Advocates where you ask us to.
  • To operate, maintain, and secure the platform, including monitoring for fraud, abuse, and intrusion.
  • To improve the Services in a manner that does not re-identify individuals and that does not use matter content to train publicly available models (see the AI Policy).
  • To communicate with you about your account, billing, security, product changes, and (with consent or as otherwise lawful) marketing.
  • To meet legal obligations and respond to lawful requests from courts, regulators, and law-enforcement authorities.
  • To exercise or defend legal claims.

3. Lawful basis

We process personal data only on a lawful basis recognised by the local laws that apply to you, including:

  • your consent, where you have given it - for example, for marketing emails or for optional features that share data with a third party;
  • the performance of a contract with you, including fulfilling a service you have requested;
  • our legitimate interests in operating, securing and improving the Services;
  • compliance with our legal obligations.

4. Who we share personal data with

We share personal data only with the following categories of recipient:

  • Subprocessors who process data on our behalf to run the Services (cloud hosting, email delivery, payment processing, analytics, customer support, model providers under strict no-training and confidentiality terms). The current list is available on request.
  • External Advocates, where you ask us to facilitate a connection. The information shared is limited to what is necessary for the advocate to assess and act on your matter.
  • Your organisation, if you use the Services through a workspace controlled by your employer or firm.
  • Professional advisers (lawyers, auditors, insurers) and prospective acquirers, in connection with a merger, acquisition, financing, or sale, under appropriate confidentiality safeguards.
  • Courts, regulators, and law-enforcement authorities where we are legally required or permitted to disclose.

We do not sell personal data. We do not rent personal data.

5. Model training

We do not use Customer's matter content to train publicly available foundation models or to improve models for the benefit of other customers, except where Customer has given specific written opt-in consent. We use de-identified, aggregated usage information to operate, secure, and improve the platform in a way that does not re-identify any individual. See the AI Policy for further detail.

6. International transfers

We may transfer personal data to, and process it in, jurisdictions outside your country of residence, in accordance with the local laws that apply to you and to us. Where required, we apply additional safeguards (such as contractual protections) to keep the data subject to a level of protection comparable to its origin.

7. Retention

We retain personal data only for as long as we need it for the purposes for which it was collected, including any period required by law. The main retention periods are:

  • Account data: for the duration of your account and a reasonable period afterwards for record-keeping, taxation, and dispute resolution.
  • Matter content: for the duration of your Subscription Term, then available for export for at least 30 days, then deleted in the ordinary course (subject to backup retention as set out in the Data Processing Addendum).
  • Usage and device data: for security and analytics purposes, for the periods set out in our internal policy.
  • Communications data: for the duration of an active matter and a reasonable period thereafter.

Where law requires longer retention (for example, tax or anti-money-laundering rules), we will continue to apply this Policy's protections for as long as we hold the data.

8. Security

We maintain technical and organisational measures appropriate to the risk, including encryption in transit and at rest, access controls, monitoring, and incident response. No system is perfectly secure; if we become aware of a personal data breach affecting your personal data, we will respond in line with our Platform Agreement and applicable local laws.

9. Your rights

Subject to the local laws that apply to you, you have the right to:

  • access the personal data we hold about you;
  • request correction of inaccurate or incomplete data;
  • request erasure of personal data, where applicable;
  • withdraw consent at any time, where consent is the lawful basis (without affecting the lawfulness of processing carried out before the withdrawal);
  • nominate another person to exercise your rights in case of death or incapacity;
  • raise a grievance with us; and
  • approach the supervisory authority that has jurisdiction over you.

You can exercise these rights from your account settings or by writing to privacy@bharat.law. We will respond within the timelines set by applicable local laws and may need to verify your identity before acting on a request.

10. Children

The Services are not directed to individuals under 18 years of age. We do not knowingly collect personal data of a child as defined by applicable local laws. If you believe we have collected such data, please write to privacy@bharat.law and we will take appropriate steps.

11. Cookies and similar technologies

We use cookies and similar technologies as described in the Cookie Policy. You can manage your preferences through the cookie banner and the controls described in the Cookie Policy.

12. Automated processing and AI

We use machine-learning systems (including the NyaI™ system) to power features such as retrieval, drafting, and summarisation. The Services do not make decisions of legal or similarly significant effect about individuals on a solely automated basis. Outputs are intended for review by qualified human users. Where a Customer chooses to deploy a feature in a way that affects individuals' rights, the Customer is responsible for the human-in-the-loop arrangements required by applicable local laws and professional rules.

13. Links to third-party sites

The Services may link to third-party websites, court resources, and applications. Your interaction with those resources is governed by their own privacy notices. We do not control them and are not responsible for their practices.

14. Roles in the External Advocate network

When you use the Services without engaging an External Advocate, Bharat.Law is the controller of your personal data under applicable local laws. When you engage an External Advocate, that advocate is the controller of the personal data you provide to them; Bharat.Law acts as a processor for that data to the extent it passes through the Services. Where you use the Services through an organisation's workspace, the organisation is the controller of matter content within that workspace; Bharat.Law is the processor.

15. Changes to this Policy

We may update this Privacy Policy from time to time. If a change is material, we will notify you by email or in-product notice at least 15 days before it takes effect. Continued use of the Services after the effective date confirms acceptance of the updated Policy.

16. Contact and grievance redressal

For privacy questions or to raise a grievance, write to privacy@bharat.law. We will acknowledge your message and respond within the timelines required by applicable local laws.