We are committed to privacy by design: collecting the minimum data required, storing it securely, limiting retention, and giving users meaningful control. This Policy explains what we collect, why, how long we keep it, and how you can exercise your rights.
Data Minimization
Only what we need to operate core features.
Security First
Encryption, access controls, monitoring.
User Control
Access, export, delete, and consent choices.
1. Overview
This Privacy Policy ("Policy") applies to Kanoon Portal operated by Synapse Technologies Pvt Ltd ("Company", "we"). It covers personal data and certain usage metadata collected when you access, browse, register for, or use the Platform and its AI features.
2. Core Privacy Principles
- Lawfulness & Transparency: Clear explanation of what we collect and why.
- Data Minimization: Limit collection to purpose‑relevant data.
- Integrity & Security: Protect against unauthorized or unlawful processing.
- Purpose Limitation: No incompatible secondary use without consent.
- Accountability: Internal governance & periodic audits.
3. Data We Collect
- Account Data: Name, email, role/profession, organization (optional), hashed authentication identifiers.
- Subscription & Billing: Plan type, status, payment reference tokens (processed via PCI-compliant providers).
- Usage Logs: Feature usage metrics, query counts, approximate timestamps, rate control signals.
- AI Interaction Data: Prompts, generated outputs (temporarily for quality, abuse detection, safety improvements unless you opt out where available).
- Support Communications: Messages, tickets, feedback forms.
- Device/Technical: Browser type, locale, anonymized IP (truncated), user-agent, performance diagnostics.
- Optional Profile Data: Avatar, saved preferences, saved searches, custom collections.
- Legal Research Artifacts: Saved precedent citations, template drafts, translation history (user-controlled retention).
4. Sources of Data
- Directly from you (forms, prompts, uploads).
- Automatically via cookies / client instrumentation.
- Through support or feedback channels.
- From payment processors (confirmation metadata only).
5. How We Use Data
- Provide core Platform functionality & personalize experience.
- Authenticate, secure, and prevent fraud/abuse.
- Optimize search relevance and AI quality (aggregate or pseudonymized forms).
- Enforce fair usage, investigate incidents.
- Respond to user requests, support, and communications.
- Comply with legal obligations and regulatory requests.
- Generate anonymized statistics and performance insights.
6. Lawful Basis
Depending on jurisdiction, processing bases may include: (a) performance of a contract (service delivery), (b) legitimate interests (security, improvement, fraud prevention), (c) consent (optional analytics, marketing), (d) legal obligation (compliance), or (e) protection of vital or public interests where applicable.
7. AI Processing & Safeguards
AI prompts & outputs may be transiently logged for abuse detection, safety refinement, and relevance tuning. We implement prompt hashing, access partitioning, and redaction heuristics. User data is not used to train generalized external foundation models without explicit opt-in. Sensitive legal inputs should be anonymized where feasible.
8. Cookies & Tracking
We use strictly necessary cookies (session, security), preference cookies (language, theme), and optional analytics cookies. Non-essential cookies are only set after explicit consent via the cookie banner. You can modify or withdraw consent at any time.
- Essential: Auth session, CSRF protection, rate-limit tokens.
- Functional: Preferences, last used tools.
- Analytics: Aggregated usage and performance metrics (IP truncated).
9. Metrics & Analytics
We collect aggregate metrics to understand feature adoption, latency, and error rates. Analytics are configured to avoid storing full IP addresses and to minimize persistent identifiers where feasible.
10. Data Sharing & Disclosure
We may share limited data with:
- Infrastructure & Security Vendors (hosting, DDoS protection).
- Payment Processors (billing tokenization, fraud checks).
- AI Providers (processing prompts under strict contractual terms).
- Professional Advisors (legal, compliance, accounting).
- Regulatory Authorities (where legally required).
We do not sell personal data.
11. International Transfer
Data may be processed across regional cloud zones with safeguards (encryption, access control, contractual clauses). We evaluate subprocessors for adherence to equivalent privacy and security standards.
12. Security Measures
- Encryption in transit (TLS 1.2+), encryption at rest (AES-256 where supported).
- Role-based access control, least privilege reviews.
- Secrets management & key rotation.
- Automated monitoring, anomaly & intrusion detection signals.
- Regular dependency & vulnerability scanning.
- Backup & disaster recovery strategy with tested restore drills.
13. Data Retention
We retain personal data only as long as necessary for the stated purpose or legal obligations. Typical retention examples:
- Session tokens: active session + short grace window.
- Billing records: statutory requirement (e.g., 5–7 years).
- Support tickets: 24 months (unless escalated).
- AI prompts/outputs (quality logs): 30–90 days (then aggregated or deleted).
- Backups: rolling cycles purged on schedule.
14. Your Rights
Subject to jurisdictional law you may have rights to:
- Access a copy of personal data.
- Request correction or update.
- Request deletion (subject to lawful retention exceptions).
- Restrict or object to certain processing.
- Data portability (machine-readable export).
- Withdraw consent where processing is based on consent.
We will verify identity before fulfilling rights requests.
15. Managing Preferences
- Cookie preferences: via banner or settings panel.
- Email settings: unsubscribe links in messages.
- AI data usage opt-outs (where available) in account settings.
16. Children & Minors
The Platform is not directed to children under 16. We do not knowingly collect their data. If you believe a minor has provided information, contact us for prompt deletion.
17. Third-Party Services
Linked third-party sites or embedded resources have independent privacy practices. We are not responsible for their policies. Review their notices before providing information.
18. Incident & Breach Response
We maintain an incident response process including triage, containment, forensic analysis, user / authority notification (where required), remediation, and post-incident review.
19. Changes to this Policy
We may update this Policy periodically. Material changes will be communicated via banner, email, or in-app notice. Continued use after the effective date constitutes acceptance.
20. Contact
For privacy inquiries or rights requests: 
Synapse Technologies Pvt Ltd
Kathmandu, Nepal 
Email: privacy@kanoonportal.ai
Last Updated: 19 October 2025