Trust · Confidentiality
The same standard
outside counsel
are held to.
Data security stops attackers. Confidentiality is the legal commitment we make to you: that your work product, your strategy, your documents, your counterparties, your deal economics — all of it — are treated with the same rigour your outside counsel would apply.
Your documents are neverused to train any model. Not ours. Not a vendor's. Not in any form.
01 · Commitment
Privilege preserved
We operate under the same lawyer-client privilege obligations as outside counsel. Privilege flows through us; it does not break at the platform layer.
How we honour this
- Every NIRNYA lawyer reviewing your work is subject to professional confidentiality duties
- Reviewers operate under engagement-specific NDAs in addition to professional obligations
- Privileged communications are tagged and audit-logged separately
- Sub-processors are bound by back-to-back privilege and confidentiality terms
02 · Commitment
Your documents stay yours. Period.
Documents you send NIRNYA are never used to train any model. Not ours. Not a vendor's. Not as anonymised data, not as embeddings, not in any form.
How we honour this
- No document content ever enters a training pipeline
- AI inference happens on isolated runtime; no provider trains on inference data
- Embeddings are computed in-engagement and discarded at engagement end
- Purge-on-request: documents and derived data deleted within 7 days of written request
03 · Commitment
Engagement-scoped tenancy
Every engagement is its own tenant at the data layer. Your team sees your data. Another client, ever, by design, cannot.
How we honour this
- Row-Level Security on every table; engagement boundary enforced at the database
- Document storage paths scoped per engagement; cross-tenant access is impossible at the SDK layer
- Reviewer access is matter-specific; a reviewer assigned to one matter cannot see another
- Logs are partitioned per engagement; auditable independently
04 · Commitment
Reviewer access, controlled
Senior NIRNYA reviewers see only what they need to. Their access is scoped to the matter, recorded in the audit log, and revoked when the engagement ends.
How we honour this
- Need-to-know access: matter assignment grants access; reassignment revokes it
- All reviewer actions logged with diff capture
- Reviewers cannot bulk-export client documents; the architecture prevents it
- Quarterly review of who has access to what, per active engagement
05 · Commitment
Conflict of interest, screened
We run a conflict check at the start of every engagement. If we cannot serve you cleanly, we say so on the first call — not after we have already seen your work.
How we honour this
- Parties and counterparties screened against our active engagement register
- Cooling-off period for reviewers who have worked with related entities
- Adversarial-party conflict: NIRNYA will not represent both sides of a dispute
- Conflict review re-run at every new matter, not just engagement onboarding
06 · Commitment
No surprise retention
Your engagement ends. Your data ends with it — unless you explicitly extend the retention window.
How we honour this
- Default retention: engagement duration plus 90 days for handover
- Extended retention available for litigation hold or audit purposes
- Hard delete on request with a verifiable purge certificate
- Backups follow the same retention windows; nothing lingers in cold storage
Related · Trust
Data security →
The technical layer of trust — encryption, India-default residency, DPDP / GDPR / UAE PDPL alignment, and audit trails.
Related · Platform
Inside the platform →
How the platform itself works — intake, research, analysis, senior review, delivery — and what the architecture looks like.