Trust & Security

Nolvai handles sensitive legal conversations. Here is how we protect them — concretely, not aspirationally.

Consultation protection

Dispute protection on every paid consultation. If your attorney doesn't show up, leaves early without reason, behaves unprofessionally, or fails to deliver what they promised, we review your case and refund your payment — fully or partially — based on what happened. We can't promise legal outcomes, but we can guarantee service quality on our platform.
24-hour cooling-off. Cancel any booked consultation within 24 hours for any reason, with a full refund.
Attorneys are accountable. Attorneys must respond to disputes within 7 days — silence counts as concession. Substantiated misconduct leads to suspension or removal.

Minimal collection. We collect only what the matched attorney needs to advise you.
Export anytime. Download everything we hold about you as a single file — no support ticket needed.
Delete anytime. Self-serve deletion scrubs your personal information and conversation content from our systems. (Material already delivered to your attorney is governed by their professional retention obligations — we're honest about that limit.)
Sensitive answers get extra care. Immigration status, criminal history, and asylum-related answers are never written to application logs and never sent to third-party error-tracking tools.
Recording is consent-based. Calls are recorded only after both parties consent; you can decline upfront. Your attorney can pause recording during sensitive moments — both sides see when that happens.

Cards never touch our servers. All payments run through Stripe; Nolvai stores payment tokens only.
Clear pricing, no tokens. Everything is priced in dollars. Refunds return to your original payment method.

Data encrypted in transit (TLS) and at rest; database access is isolated per user with row-level security.
OAuth tokens and similarly sensitive secrets are field-level encrypted (AES-256-GCM) on top of disk encryption.
Hosted on SOC 2-certified infrastructure providers (Supabase, Stripe).

Formal compliance statements (privacy-regulation posture, certification timeline) are being finalized with counsel and will be published here.