Privacy Policy

• Mobile number. We collect your 10-digit Indian mobile number when you register or log in. This is used to identify your account.
• Name. Optionally provided in your profile. Used to personalise generated documents and your account experience.
• Document data. Text you enter into document forms (party names, addresses, amounts, dates, etc.) to generate legal documents.
• Usage and audit logs. We record actions such as logins, document generations, and downloads along with your IP address and device user-agent for security and fraud prevention.
• Cookies and session tokens. We set a single HttpOnly JWT cookie to maintain your session. No third-party tracking cookies are used.

• To authenticate you and maintain a secure session.
• To generate, store, and deliver your legal documents.
• To send OTP verification messages (via SMS) when you log in.
• To detect and prevent fraud, abuse, or unauthorised access.
• To improve the Platform through aggregated, anonymised analytics.
• To comply with applicable Indian laws and legal obligations.

We do not sell your personal data. We share information only:

• Service providers. Cloud infrastructure (Vercel, Neon PostgreSQL, Upstash Redis, Vercel Blob) that process data on our behalf under confidentiality obligations.
• SMS gateway. Your mobile number is passed to an authorised Indian SMS provider solely to deliver OTP messages.
• Legal requirement. When required by law, court order, or government authority under Indian law (including the IT Act, 2000).

• OTP records are purged daily (within 24 hours of expiry).
• Session cookies expire after 7 days of inactivity.
• Account data and generated documents are retained while your account is active. You may request deletion at any time by contacting us (see Section 8).
• Audit logs are retained for up to 12 months for security purposes.

All data is transmitted over HTTPS/TLS. Session tokens are stored in HttpOnly, Secure cookies inaccessible to JavaScript. Database access is restricted via role-based credentials and encrypted at rest. We apply rate limiting on authentication endpoints to prevent brute-force attacks.

No security measure is 100% foolproof. In the unlikely event of a breach affecting your data we will notify you as required by applicable law.

The Platform is intended for adults (18 years and above). We do not knowingly collect information from persons under 18. If you believe a minor has provided us personal data, please contact us and we will delete it promptly.

Under applicable law you have the right to:

• Access the personal data we hold about you.
• Correct inaccurate or incomplete data.
• Request deletion of your account and associated data.
• Withdraw consent to processing (which may require account closure).

To exercise any of these rights, email us at customersupport.kaagazaat@gmail.com. We will respond within 30 days.

Questions about this Privacy Policy? Write to us at customersupport.kaagazaat@gmail.com.

We may update this policy periodically. Material changes will be announced on the Platform with a revised effective date. Continued use after the update constitutes acceptance.