NyayaOS Ultra
AI Legal Platform

Privacy Policy

Last updated: 23 April 2026 ·  Effective immediately

NyayaOS Ultra (“we”, “our”, “the Platform”) is operated by Mukut Mishra / NyayaOS and is governed by the laws of India. This Policy explains what personal information we collect when you use blackboxai.co.in and our AI legal services, how we use it, and the choices you have. By using NyayaOS you agree to this Policy.

1. Information We Collect

a. Information you provide directly

  • Account registration: name, email address, mobile number, Bar Council enrolment number.
  • Profile details you optionally add: law firm name, practice areas, court locations.
  • Documents you upload for analysis, drafting, translation, or research.
  • Messages you send to the AI assistant.
  • Payment information (processed by Razorpay — we never store card numbers).

b. Information collected automatically

  • Log data: IP address, browser type, pages visited, timestamp.
  • Session tokens stored in your browser's localStorage.
  • Usage analytics: which features you use and how frequently (no third-party trackers).

c. Information from third parties

  • Google Sign-In: if you log in with Google we receive your name, email address, and profile picture via Google OAuth.
  • Google Drive (if you connect it): we access only files your NyayaOS workspace creates inside a dedicated folder. We never read, modify, or delete any other file in your Drive.

2. How We Use Your Information

  • To provide, operate, and improve the NyayaOS AI platform.
  • To process your AI queries and return results via our language model infrastructure.
  • To generate, store, and retrieve documents created using the drafting and filing tools.
  • To process payments and maintain billing records as required by Indian tax law.
  • To send transactional emails: account alerts, case reminders, subscription notices.
  • To detect and prevent fraud, abuse, and security incidents.
  • To comply with legal obligations under the IT Act 2000, DPDP Act 2023, and applicable court rules.

We do not use your uploaded case documents or client information to train shared AI models. Your documents are used solely to answer your own queries.

3. Google Drive Integration

When you choose to connect Google Drive, NyayaOS requests only the drive.file permission scope. This strictly limits our access to:

  • Files and folders that NyayaOS itself creates — inside a dedicated "NyayaOS Documents" folder.
  • Nothing else in your Drive is visible to us at any time.

You can revoke Drive access at any time from myaccount.google.com/permissions. Revoking access does not delete documents already saved in your Drive folder.

4. Data Storage and Security

  • All communications use TLS 1.2 or higher (encryption in transit).
  • Database volumes and file storage are encrypted at rest.
  • Only authorised personnel can access production systems.
  • The PostgreSQL database is not publicly reachable — accessible only inside the private Docker network.
  • Regular security reviews and dependency audits are conducted.
Attorney-client privilege notice: NyayaOS implements strong security, but it is not a substitute for secure client-communication infrastructure required by Bar Council rules. Do not use this platform for communications that professional obligations require to be absolutely confidential without additional safeguards.

5. Data Retention

  • Account data is retained for the duration of your subscription plus 3 years for legal compliance.
  • Documents you delete from your workspace are permanently removed within 30 days.
  • If you delete your account, all personal data and documents are purged within 60 days except where retention is required by law.
  • Billing records are retained for 7 years as required by the Income Tax Act 1961.

6. Sharing and Disclosure

We do not sell your personal information. We share data only in these limited circumstances:

  • Service providers: Razorpay (payments), Google (OAuth/Drive), Hetzner (hosting). Each is bound by their own privacy commitments.
  • Legal requirements: if required by a court order, government authority, or applicable law.
  • Business transfers: in the event of a merger or acquisition, user data may transfer with advance notice to you.

7. Your Rights (DPDP Act 2023)

Under India’s Digital Personal Data Protection Act 2023 you have the right to:

  • Access: request a copy of the personal data we hold about you.
  • Correction: request correction of inaccurate personal data.
  • Erasure: request deletion of your data (subject to legal retention obligations).
  • Grievance: file a complaint with our Grievance Officer.

To exercise any right, email privacy@blackboxai.co.in. We will respond within 30 days.

8. Cookies and Tracking

We use only functional cookies essential to operating the platform: session tokens and CSRF protection. We do not use advertising cookies or embed third-party trackers such as Facebook Pixel or Google Analytics.

9. Children's Privacy

NyayaOS is intended for legal professionals and is not directed at persons under 18 years of age. We do not knowingly collect personal data from minors.

10. Changes to This Policy

We may update this Policy from time to time. Material changes will be notified by email or by a prominent notice on the platform at least 7 days before they take effect. Continued use after the effective date constitutes acceptance of the updated Policy.

11. Contact and Grievance Officer

NyayaOS Ultra
Grievance Officer: Mukut Mishra
Email: privacy@blackboxai.co.in
Website: blackboxai.co.in