Legal

Privacy Policy

Effective Date: 2025-07-21

1. Introduction

("eksana," "we," "us," or "our") is committed to protecting the privacy and confidentiality of our users. This Privacy Policy outlines our practices concerning the collection, use, storage, and protection of your personal information when you use the eksana legal research platform (the "Service").

This policy is designed to be compliant with the laws of Nepal, including the Individual Privacy Act, 2018 (2075). Our goal is to be transparent about how we handle your data and to empower you to make informed decisions. By using the Service, you consent to the data practices described in this policy.

The entity responsible for your information (the "data controller") is, located at.

2. Data Processing Activities, Data Types, and Legal Basis

We believe in data minimization and only collect information that is necessary to provide and improve our Service. The following table details our data processing activities:

Processing Activity Types of Personal Data Purpose of Processing Legal Basis under Nepalese Law
Account Creation & Management Name, email address, professional title, password (hashed), payment information. To create and manage your user account, provide access to the Service, process payments, and communicate essential service-related information. Performance of a contract (our Terms of Use); Your explicit consent provided during sign-up.
Processing a "Case Research" Query The "Input" provided by the User, which may include Personal Information and Sensitive Information (as defined by the Individual Privacy Act, 2018) related to the User's legal case. To process the Input through our AI model and generate the requested "Output" for the specific query within the User's active session. Performance of a contract; Your explicit consent, given each time you submit a query to the "Case Research" feature.
Providing Customer Support Name, email address, and the content of your communications with us. To respond to your inquiries, troubleshoot technical issues, and provide assistance with using the Service. Our legitimate interest in providing quality customer service; Your consent when you initiate contact.
Service Improvement & Security Monitoring Technical Data, such as IP address, browser type, device information, and anonymized usage statistics. To monitor the performance and security of our Service, prevent fraud, and analyze usage trends to improve user experience. This data is aggregated and anonymized and is not linked to your personal or case data. Our legitimate interest in maintaining a secure and functional service.

3. Information We Collect

We collect the following categories of information:

  • a. Personal Data You Provide:
    • Account Information: When you register, we collect your name, email address, professional details, and password.
    • Payment Information: When you subscribe, we collect necessary billing information through our secure payment processor.
    • Case Research Data ("Input"): Any documents, facts, or queries you voluntarily submit to the "Case Research" feature. We treat this information as highly confidential.
    • Communications: If you contact us for support or feedback, we collect your contact information and the content of your message.
  • b. Technical Data Collected Automatically:
    • Log Data: Like most websites, our servers automatically record information when you use the Service, including your IP address, browser type, operating system, and the date and time of your access.
    • Cookies: We use essential cookies to maintain your login session and ensure the basic functionality of the Service. We do not use tracking or advertising cookies. You can control cookie settings through your browser.

4. How We Use Your Information

Your information is used for the following purposes:

  • To Provide and Maintain the Service: To operate the platform, authenticate users, process queries, and deliver Output.
  • To Improve and Secure the Service: To monitor for security threats, analyze performance, and fix bugs.
  • To Communicate With You: To send important service updates, respond to support requests, and inform you about changes to our policies. We will not send you marketing communications without your explicit opt-in consent.
  • To Comply with Legal Obligations: To adhere to applicable Nepalese laws and respond to lawful requests from government authorities.

5. Data Security

We take the security of your data extremely seriously and have implemented appropriate technical and organizational measures to protect it against unauthorized access, disclosure, alteration, or destruction, in line with our obligations under the Individual Privacy Act, 2018. These measures include:

  • Encryption: All data, including your Input and Output, is encrypted both in transit (using TLS/SSL) and at rest.
  • Access Controls: Access to personal and confidential user data is strictly limited to authorized personnel who require it to perform their job functions and are bound by confidentiality obligations.
  • Data Isolation: Your "Case Research" data is processed in an isolated environment and is never co-mingled with the data of other users.
  • Regular Audits: We conduct regular security assessments and vulnerability testing to ensure the robustness of our systems.

6. Data Retention

We retain your data only for as long as necessary to fulfill the purposes for which it was collected:

  • Account Data: We retain your account information for as long as your account is active and for a reasonable period thereafter to comply with legal and accounting obligations.
  • Case Research Data ("Input" and "Output"): To maximize your privacy and confidentiality, all Input and Output related to the "Case Research" feature are permanently deleted from our systems at the end of your user session or after a short, pre-defined period of inactivity. This data is not retained long-term.
  • Technical Data: Anonymized and aggregated technical data may be retained for longer periods for statistical analysis.

7. Your Rights under Nepalese Law

In accordance with the Individual Privacy Act, 2018, you have the following rights regarding your personal information:

  • a. The Right to be Informed: You have the right to be informed about the collection and use of your personal data, which is the purpose of this Privacy Policy.
  • b. The Right of Access: You have the right to request a copy of the personal information we hold about you.
  • c. The Right to Rectification: You have the right to request that we correct any inaccurate or incomplete personal information. You can update most of your account information directly in your account settings.
  • d. The Right to Erasure: You have the right to request the deletion of your personal information, subject to certain legal and contractual restrictions.
  • e. The Right to Object to Processing: You have the right to object to the processing of your personal data in certain circumstances.

To exercise any of these rights, please contact us at the email address provided below. We will respond to your request in accordance with Nepalese law.

8. Third-Party Service Providers

We may use trusted third-party service providers to help us operate our Service (e.g., cloud hosting providers, payment processors). These providers are contractually bound to maintain the confidentiality and security of your data and are prohibited from using it for any purpose other than to provide services to us. We will not sell, rent, or share your personal information with third parties for their marketing purposes.

9. International Data Transfers

Our servers may be located outside of Nepal. If we transfer your personal data internationally, we will ensure that the transfer is lawful and that your data is protected by appropriate safeguards, in compliance with applicable data protection laws.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. We will notify you of any material changes by posting the new policy on our website and, where feasible, by sending a notification to your registered email address.

11. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact our Data Protection Officer at:

Email: [email protected]

Address: