Your Data Is Safe. Period.

Built for lawyers who cannot afford a data breach. Every feature is designed with confidentiality first.

99.9%

Uptime SLA

AES-256

Encryption at Rest

India

Only Data Residency

Data Breaches

Uptime Service Level Agreement (SLA)

We understand that a lawyer's morning starts with checking hearings. We commit to keeping the platform available when you need it most.

Metric	Commitment
Monthly Uptime	≥ 99.9% (≤ 43 min downtime/month)
Planned Maintenance	Weekends 2 AM – 4 AM IST only, 48h advance notice
Incident Response	Within 30 minutes of detection
Hearing-Day Priority	Zero maintenance on days with 50+ hearings scheduled
Status Page	Real-time at status.vakalat.in
SLA Breach Credit	1 month free subscription if we breach SLA

Last 90 Days

Uptime99.97%

Incidents0 major

Avg response< 180ms

Maintenance windows2

Technical Security Measures

TLS 1.3 Encryption

All data in transit is encrypted with TLS 1.3. No HTTP connections accepted. HSTS enforced.

AES-256 at Rest

Database and file storage encrypted at rest using AES-256. Keys rotated every 90 days.

bcrypt Passwords

Passwords hashed with bcrypt (cost factor 12). Plaintext passwords never stored or logged.

Rate Limiting

Login attempts are rate-limited (20 per 5 min). Registration limited (15 per hour). Brute force attacks blocked automatically.

India-Only Data Residency

All servers are physically located in India. Your data never leaves Indian jurisdiction. No US CLOUD Act exposure.

Session Security

Sessions expire after 24h inactivity. Secure, HttpOnly, SameSite cookies. CSRF protection on all forms.

Zero Employee Access

No Vakalat Diary employee can read your case data or client details. Access is architecturally prevented, not just policy.

Daily Backups

Automated daily backups with 30-day retention. Point-in-time recovery available. Backups also encrypted.

Security Headers

CSP, X-Frame-Options, X-Content-Type-Options, Referrer-Policy, Permissions-Policy all enforced on every response.

Your Data Never Leaves India

Our servers are hosted in Indian data centres. Case data, client information, documents, and all personal data is stored and processed exclusively within the Republic of India under Indian law.

Mumbai Data Centre

Indian Jurisdiction Only

IT Act 2000 Compliant

Attorney-Client Privilege Protection

We understand that communications between an advocate and their client are protected by attorney-client privilege under Section 126 of the Indian Evidence Act, 1872 (and Section 134 of the Bharatiya Sakshya Adhiniyam, 2023). Our platform is specifically designed to honour this protection:

Case notes and strategies are encrypted and inaccessible to platform operators

We will not voluntarily disclose case data to any party without a valid court order

Client portal access is controlled exclusively by the advocate

Documents generated on the platform carry appropriate confidentiality footers

No analytics tools process the content of legal documents

In-app messages between advocate and client are end-to-end stored securely

Responsible Disclosure

Found a security vulnerability? We appreciate responsible disclosure. Email security@vakalat.in with details. We commit to acknowledge within 24 hours and fix critical issues within 72 hours. Responsible disclosures receive recognition in our Security Hall of Fame.