Your clients' data is sacred to us.
Legal data is among the most sensitive information that exists. We treat it accordingly — with enterprise-grade security, India data residency, and complete transparency about our practices.
Security by design.
Security is not a feature we added — it was the first design decision we made.
AES-256 Encryption at Rest
All data stored on NyayX servers is encrypted using AES-256 — the same standard used by banks and defence organisations. Encryption keys are rotated quarterly and stored separately from the data they protect.
TLS 1.3 in Transit
All data transmitted between your device and NyayX servers is encrypted using TLS 1.3. We do not support older, weaker protocols (SSL, TLS 1.0, TLS 1.1). Certificate pinning is enforced on our mobile apps.
India Data Residency
All your data is stored on AWS Mumbai (ap-south-1) servers. We do not transfer data outside India. Sub-processors are contractually bound to keep data within Indian jurisdictions. Compliant with DPDP Act 2023.
Access Controls
NyayX staff access to customer data is restricted on a strict need-to-know basis, authenticated via hardware security keys, and logged with full audit trails. No engineer can access your data without a documented reason.
Regular Security Testing
We conduct quarterly penetration testing by independent security firms. Vulnerability scans run continuously on our infrastructure. All critical findings are remediated within 24 hours; high severity within 7 days.
Incident Response
In the event of a data breach, we will notify affected users within 72 hours as required by DPDP Act 2023. We maintain a 24/7 security incident response team and have documented runbooks for all known threat scenarios.
Your data rights — built into the product.
India's Digital Personal Data Protection Act 2023 gives you specific rights over your data. NyayX has shipped the controls that let you exercise them — directly from your account settings.
Consent management
NyayX records your consent for each data processing purpose at sign-up and whenever purposes change. You can review and update your consent choices at any time from Settings → Privacy.
Right to access — one-click data export
Download a full export of all your NyayX data — case records, diary entries, documents, billing history — in a portable format. Available from Settings → Privacy → Export My Data.
Right to erasure — account deletion with 30-day grace
Request account deletion from Settings → Privacy. Your data is queued for permanent deletion after a 30-day grace period, giving you time to reverse the decision if needed. After 30 days, deletion is irreversible.
India data residency
All personal data processed by NyayX is stored exclusively on AWS Mumbai (ap-south-1) servers. We do not transfer personal data outside India. Sub-processors are contractually bound to the same constraint.
Processor disclosure — NyayX acts as a Data Processor for the personal data of your clients that you store in the platform. You are the Data Fiduciary. We process that data solely on your instructions and do not use it for any independent purpose. A list of our sub-processors (AWS, Razorpay, Twilio) is available on request at privacy@nyayx.com.
Compliance
DPDP Act 2023 — NyayX is designed to comply with India's Digital Personal Data Protection Act 2023. You have rights to access, correct, and erase your data.
Bar Council Rules — We do not share, sell, or use your client data for any purpose other than providing the NyayX service. Client confidentiality is paramount.
GST Compliance — All billing is GST-compliant. We are registered under GST and issue compliant tax invoices.
Responsible Disclosure
If you discover a security vulnerability in NyayX, please report it responsibly to security@nyayx.com. We will acknowledge all reports within 24 hours and keep you informed as we investigate.
We do not take legal action against security researchers who disclose vulnerabilities in good faith and follow our responsible disclosure guidelines. Please do not publicly disclose vulnerabilities before we have had a chance to fix them.