Encryption at Every Layer
AES-256 encryption protects your data at rest. TLS 1.3 secures every byte in transit. No one — not even our own engineers — can read your client files.
Vakil Sarthi is built around a single principle: a lawyer's client data is sacred and must be treated with the highest level of protection.
AES-256 encryption protects your data at rest. TLS 1.3 secures every byte in transit. No one — not even our own engineers — can read your client files.
Daily automated backups are stored in geo-redundant cloud regions across India. Recovery point objective is under 24 hours.
Full GDPR compliance with data export and erasure on demand. We follow India's Information Technology Act and are preparing for DPDP alignment.
We do not sell, share, or use your data for advertising, analytics products, or any form of third-party monetisation — ever.
Role-based access, two-factor authentication support, and device-session management prevent unauthorised access to your account.
Every login, file access, and data change is logged with a timestamp and device fingerprint — giving you a full audit trail at all times.
Every interaction with Vakil Sarthi passes through multiple layers of protection.
Data is encrypted locally before leaving your phone or computer using device-level keys.
All network traffic uses TLS 1.3 with perfect forward secrecy — every session has a unique key.
Our API gateway validates tokens, enforces rate limits, and logs every request with tamper-proof audit entries.
Stored data is encrypted with AES-256. Encryption keys are held in an isolated Hardware Security Module.
Vakil Sarthi fully supports the data rights granted by GDPR and India's evolving privacy framework. You are always in control.
Request a full export of all data associated with your account at any time, in a machine-readable format.
Delete your account and all associated data permanently within the app. Erasure is processed within 72 hours.
Download all your case data in JSON or PDF format. Take your data anywhere, anytime.
Correct any inaccurate personal data within your account profile directly from the settings panel.
These are not just legal obligations — they are promises we make to every advocate on our platform.
Used by governments and militaries worldwide for protecting classified information.
The latest transport encryption standard with mandatory perfect forward secrecy.
Full compliance with EU General Data Protection Regulation for user data rights.
Payment Card Industry Data Security Standard for all VSPay transactions.
In the unlikely event of a security incident, we follow a strict, time-bound response protocol.
Automated monitoring detects anomalous activity. Affected systems are immediately isolated to contain the incident.
The security team assesses scope, affected accounts, and data categories involved. Senior leadership is briefed.
Affected users receive a direct, plain-language email describing what happened and what data may be involved.
Relevant data protection authorities are notified within 72 hours as required under GDPR and applicable Indian law.
A full post-mortem report is published on our website describing root cause, remediation, and preventive measures taken.
Security is not a feature — it is the foundation of everything we build.