QanoonAI
Sign Up Free
Back to QanoonAI
Legal

Privacy Policy

Last updated: March 2026

This Privacy Policy explains how QanoonAI ("we," "us," or "our") collects, uses, stores, and protects your personal data when you use our AI-powered legal intelligence platform at qanoonai.pk and its associated portals.

By using QanoonAI, you consent to the data practices described in this policy. If you do not agree, please discontinue use of our services.

1. Information We Collect

1.1 Account Information

When you register, we collect your full name, email address, phone number, role selection (Judge, Lawyer, or Citizen), bar council registration number (for lawyers), and court affiliation (for judges).

1.2 Usage Data

We automatically collect information about how you interact with our platform, including queries submitted, tools used, documents generated, session duration, IP address, browser type, and device information.

1.3 Legal Documents

Documents you upload for analysis, case briefs you generate, research queries, and AI conversation history are stored to provide and improve our services.

1.4 Payment Information

Subscription payments are processed through our payment partner. We store transaction records and subscription tier details but do not directly store credit card numbers or bank account details.

2. How We Use Your Data

We use collected information to:

  • Provide, maintain, and improve our AI legal intelligence services
  • Authenticate your identity and manage role-based access
  • Process subscription payments and manage billing in PKR
  • Enforce usage limits based on your subscription tier
  • Generate AI-powered legal research, drafting, and analysis outputs
  • Maintain audit trails for judicial users as required by legal standards
  • Send service-related communications and security alerts
  • Detect, prevent, and address fraud, abuse, or technical issues

3. Data Storage and Infrastructure

3.1 Primary Storage

Your data is stored in PostgreSQL 16 databases hosted on AWS infrastructure in the ap-south-1 (Mumbai) region. Each service maintains a separate database with strict access controls. Judicial data is stored in an isolated database with row-level security enforced by judge ID.

3.2 Vector Storage

Legal embeddings and document vectors are stored in Weaviate, our vector database, used exclusively for legal research retrieval. Judicial document chunks are multi-tenant isolated by judge ID.

3.3 Cache Layer

Redis is used for session management, temporary caching, and task queues. Cached data has defined time-to-live values and is not used for permanent storage.

3.4 Data Retention

Account data is retained for the duration of your account plus 30 days after deletion. Judicial audit logs are retained for 7 to 10 years in compliance with legal requirements. AI conversation history is retained for 12 months. Cached data expires automatically based on configured TTL values.

4. Third-Party Services

We share data with the following third-party services as necessary to operate our platform:

  • Anthropic— AI queries are processed through Claude (Anthropic's LLM) to generate legal analysis, drafting, and research outputs. Query content is sent to Anthropic's API but is not used to train their models.
  • Voyage AI— Legal text is sent to Voyage AI for embedding generation (voyage-law-2 model) to power our legal search and retrieval system.
  • Amazon Web Services (AWS)— Our infrastructure provider for compute, storage (S3, ECR), and database hosting. Data resides in the ap-south-1 region.
  • Vercel— Our frontend hosting provider. Vercel processes HTTP requests and may temporarily log request metadata.
  • Cloudflare— DNS and security services. Cloudflare processes network traffic for DDoS protection and DNS resolution.
  • Sentry— Error monitoring. Anonymized error reports may include request context but not document content.

We do not sell, rent, or trade your personal data to any third party. Third-party services are bound by their respective privacy policies and data processing agreements.

5. Data Security

We implement industry-standard security measures including HTTPS/TLS encryption in transit, JWT RS256 authentication with RSA-2048 keys, role-based access control (RBAC), mandatory two-factor authentication for judicial users, and immutable audit logging. For detailed information, see our Data Security page.

6. Your Rights

You have the right to:

  • Access your personal data held by QanoonAI
  • Correct inaccurate or incomplete personal information
  • Delete your account and associated personal data, subject to legal retention requirements
  • Export your data in a portable format
  • Withdraw consent for optional data processing at any time
  • Object to processing of your data for specific purposes

To exercise these rights, contact us at support@qanoonai.pk. We will respond within 30 days.

7. Cookies and Tracking

QanoonAI uses the following cookies:

  • Session cookies (qanoonai_token, qanoonai_refresh) — httpOnly cookies for authentication. Essential for platform functionality.
  • Preference cookies— Store your language and display preferences.

We do not use third-party advertising cookies or cross-site tracking. Analytics, if any, are first-party and anonymized.

8. Children's Privacy

QanoonAI is designed for legal professionals and adults. Our services are restricted to users aged 18 and above. We do not knowingly collect personal data from minors. If we become aware that a user under 18 has provided personal information, we will promptly delete the account and associated data.

9. Pakistani Legal Context

QanoonAI operates in compliance with the Prevention of Electronic Crimes Act (PECA) 2016, the Electronic Transactions Ordinance 2002, and other applicable Pakistani laws governing data protection and electronic commerce. We cooperate with lawful requests from Pakistani courts and law enforcement authorities in accordance with due process.

10. International Data Transfers

While our primary infrastructure is hosted on AWS in the ap-south-1 (Mumbai) region, some data processing occurs through third-party services that may operate servers outside Pakistan. We ensure all international transfers are subject to appropriate safeguards and data processing agreements.

11. Changes to This Policy

We may update this Privacy Policy periodically. Material changes will be communicated via email to registered users and posted on this page with an updated "Last updated" date. Continued use of QanoonAI after changes constitutes acceptance of the revised policy.

12. Contact Us

For privacy-related inquiries, data requests, or complaints, contact us at: