At Nyaya Grah, we treat your information with the same confidentiality that defines our profession. This policy explains, in clear terms, what we collect, why, how we use it, and the rights you hold over it under Indian law — including the Digital Personal Data Protection Act, 2023.
1. Information We Collect
We collect only what is reasonably necessary to provide our services and respond to your inquiries. Information collected falls into three categories:
Information you provide directly:
- Name, phone number, email, and city when you submit our contact form, request a consultation, or engage our services.
- Documents and facts shared in connection with a professional engagement (governed by client confidentiality and attorney-client privilege where applicable).
- Payment information for service fees — processed through secure payment gateways; we do not store complete card numbers.
Information collected automatically:
- IP address, browser type, device type, operating system, and referring URL when you visit our website.
- Pages viewed, time spent, and navigation paths through standard analytics.
Information from third parties:
- Public databases (MCA, GST portal, IP India) accessed during the course of providing services to you.
2. How We Use Your Information
Personal information is used strictly for these purposes:
- To respond to your inquiry and arrange a consultation.
- To deliver the legal or compliance service you have engaged us for.
- To send transactional communications (engagement letters, fee notes, status updates, certificates, filings).
- To comply with applicable laws, court orders, and regulatory obligations.
- To improve our website, services, and communications.
- To prevent fraud, defend our legal interests, and protect the safety of any person.
We do not sell your personal information to anyone. We do not use your data for unrelated marketing or advertising without explicit consent.
3. Sharing With Third Parties
Your information is shared only in these limited circumstances:
- With your consent — when you specifically authorise disclosure.
- With government authorities — when we file applications, returns, or documents on your behalf with MCA, CBDT, CBIC, IP India, FSSAI, RBI, or other authorities as part of the engaged service.
- With service providers — limited to those who help us operate (e.g., cloud hosting, email, payment processing). All bound by confidentiality.
- With other professionals — where a matter requires referral to specialised counsel and only with your knowledge.
- When required by law — pursuant to a valid court order, summons, or legal process.
4. Data Retention
We retain personal information for as long as needed to provide services, comply with legal and tax obligations, and resolve any disputes. Specifically:
- Engagement files — retained for 7 years from completion (matches the limitation period for most commercial claims and statutory retention requirements).
- Tax and accounting records — 7 years as required under the Income Tax Act.
- Contact form submissions without engagement — deleted within 18 months unless you have requested ongoing communications.
- Website analytics — aggregated and retained for 26 months.
5. Your Rights Under the DPDP Act
The Digital Personal Data Protection Act, 2023, grants you specific rights over your personal information. You may exercise these at any time:
- Right to access — request a summary of personal data we hold about you.
- Right to correction and erasure — ask us to correct inaccurate data or erase data we no longer need.
- Right to grievance redressal — escalate to our Grievance Officer (details below).
- Right to nominate — designate another person to exercise these rights if you are unable to do so.
- Right to withdraw consent — withdraw any consent previously given for processing.
To exercise any right, write to privacy@nyayagrah.com with sufficient information for us to verify your identity. We will respond within 30 days.
6. Cookies and Tracking
Our website uses cookies for essential functionality and to understand how visitors use the site. Specifically:
- Essential cookies — required for navigation and basic functions. Cannot be disabled.
- Analytics cookies — anonymous statistics on traffic and usage to improve content. Examples include Google Analytics.
- No advertising cookies — we do not run paid retargeting or behavioral advertising.
Most browsers allow you to disable cookies through settings. Doing so may affect some site functionality but not access to the content.
7. Security Measures
We implement reasonable technical and organisational measures to protect your information:
- TLS/HTTPS encryption for all data in transit.
- Access controls limiting who within the firm can view client data.
- Confidentiality obligations on all personnel and service providers.
- Regular review of security practices.
No system is perfectly secure. While we apply industry-standard safeguards, please use discretion when sharing sensitive information over email or web forms.
8. Children's Privacy
Our services are directed to adults and businesses. We do not knowingly collect personal information from anyone under 18. If we become aware that we have collected information from a minor, we will delete it promptly.
9. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be noted at the top of this page with a revised effective date. For substantive changes affecting your rights, we will notify you via email where we have your address.
10. Grievance Officer
For any concern regarding your personal data or this policy, you may contact our Grievance Officer:
You may also refer concerns to the Data Protection Board of India once it is operationalised under the DPDP Act, 2023.