Privacy Policy

Last updated: 5 May 2026

This Privacy Policy explains how Sharkify Technology Private Limited ("Sharkify", "we", "us", "our") collects, uses, shares, and protects your personal data when you use the Vaksy mobile app, advocate panel, admin console, and related services (collectively, the "Service").

We comply with the Digital Personal Data Protection Act, 2023 ("DPDP Act"), the Information Technology Act, 2000, and applicable Indian laws.

1. Who we are

Data Fiduciary: Sharkify Technology Private Limited, registered office at Hyderabad, Telangana, India.

Contact: privacy@vaksy.in

Grievance Officer: Rohan Kulkarni, grievance@vaksy.in

2. Important disclaimer

Vaksy is a technology platform. It is not a law firm. Legal services are provided by independent advocates who are empanelled on the platform. Each empanelled advocate is independently verified against the Bar Council of India register.

3. What data we collect

3.1 You provide directly

• Phone number (mandatory, for OTP login)
• Name (optional)
• Email address (optional)
• City and state
• Preferred language
• Content of legal questions you ask Kanoon AI
• Content of messages you exchange with advocates
• Documents you upload (rental agreements, ID proofs, court documents, etc.)
• Audio recordings if you use voice input or audio calls (with your consent)

3.2 We collect automatically

• Device type, operating system, app version
• IP address (for security and abuse prevention)
• App interactions and feature usage
• Crash logs and diagnostic data

3.3 From third parties

• Payment status from Razorpay (we do not store card details)

4. How we use your data

• To provide the Service (AI legal advice, advocate matching, document drafting)
• To authenticate you via phone OTP
• To process payments through Razorpay
• To improve the Service via aggregated analytics
• To send transactional notifications about your matters
• To comply with legal obligations (audit logs, tax records)
• To detect and prevent fraud or abuse

We do NOT use your data for advertising. We do NOT sell your data to third parties.

5. Who we share your data with

We share your data with these service providers, only as needed:

• Anthropic (Claude AI): Text of questions you ask Kanoon AI is sent to Anthropic to generate responses. Anthropic does not retain this data beyond the immediate request.
• Razorpay: Payment information for subscription billing. Razorpay is PCI-DSS compliant.
• Authkey.io: Your phone number, to deliver OTP SMS.
• Supabase (database hosting): All your stored data, encrypted at rest in Mumbai, India.
• Sentry (error monitoring): Crash logs and diagnostic data, with PII automatically redacted.
• Empanelled advocates: When you book a matter, the assigned advocate sees the matter details, your chat history with that advocate, and documents you've shared for that specific matter. They do NOT see your Kanoon AI history or other matters.
• Government authorities: When required by court order, summons, or law.

6. Where your data is stored

All Vaksy data is stored on Supabase servers in Mumbai (ap-south-1). Your data does not leave India.

7. How long we keep your data

• Active account data: as long as your account is active
• Matter and document data: 7 years after matter closure (required for advocate audit trails under BCI rules)
• Payment records: 8 years (required for Indian tax law)
• Crash logs and diagnostics: 90 days
• Audit logs: 7 years

After these periods, data is hard-deleted from production databases and backups.

8. Your rights under DPDP Act 2023

You have the right to:

• Right to access: Get a copy of all data we hold about you. Email privacy@vaksy.in.
• Right to correction: Update inaccurate data. Use the in-app Settings page.
• Right to erasure: Request deletion of your account and data. Use vaksy.in/delete-account or in-app Settings → Delete Account.
• Right to grievance redressal: Email grievance@vaksy.in. We will respond within 30 days.
• Right to nominate: You can nominate another person to exercise your rights in the event of your death or incapacity.
• Right to withdraw consent: You can withdraw consent at any time without affecting the lawfulness of processing already done.

9. Security

• All data is encrypted in transit using TLS 1.3.
• All data is encrypted at rest using AES-256.
• Documents in the vault use envelope encryption with per-user data encryption keys.
• Access to your data is enforced by row-level security in our Postgres database.
• We conduct security reviews and respond to vulnerability reports at security@vaksy.in.

10. Children's data

Vaksy is intended for users aged 18 and over. We do not knowingly collect data from children under 18. If you believe a minor has used the Service, email privacy@vaksy.in and we will delete the data.

11. Changes to this policy

We may update this policy from time to time. Material changes will be notified via in-app notification and email at least 30 days before they take effect.

12. Contact

Questions about this policy or your data: privacy@vaksy.in

Complaints about how we handle your data: grievance@vaksy.in

If you are not satisfied with our response, you may approach the Data Protection Board of India (once notified by the central government).

© 2026 Sharkify Technology Private Limited. All rights reserved.
Vaksy is a technology platform, not a law firm. Legal services provided by independent advocates.
Made in Hyderabad.