I built LexGuard AI because most AI legal tools are just standard API wrappers that hallucinate or struggle with specific legislation. With India's DPDP Act 2023 introducing massive penalty risks, companies need deterministic compliance auditing, not guesswork.

Here is how the system actually works under the hood:

Grounding LLMs in the DPDP Act (RAG Setup)

Instead of relying on the LLM's pre-trained knowledge, I built a hybrid RAG pipeline using FAISS and SentenceTransformers (all-MiniLM-L6-v2) in the backend.

- Uploaded policies are split into paragraph-sized chunks.

- A custom scoring algorithm combines vector similarity, lexical overlap, and rule-based topic boosters (boosting terms like 'consent withdrawal' or 'grievance officer' to retrieve exact sections of the DPDP Act).

- This guarantees that the context passed to the LLM is anchored directly to the actual legal provisions.

Two-Tier Pipeline & Fail-safes

- For quick landing page widget runs, the app uses gemini-2.0-flash for high-speed triage.

- For deep dashboard audits, it flags complex clauses and processes them using higher-parameter models.

- If Gemini hits quota limits, the backend automatically fails over to Llama-3.3-70b via Groq using a Tenacity-based exponential retry wrapper.

Core Auditing Features

- Differential Policy Auditing: You can upload old vs. new versions of a privacy policy to track exactly which compliance issues were fixed, which were introduced, and which remain unchanged.

- Privacy UX Scorecard: Calculates a readability grade, translates dense legal jargon into plain language, and audits "multilingual readiness" since the DPDP Act mandates regional language notices.

- Data Retention & Privacy: The database uses MongoDB TTL indexes to auto-purge uploaded policy files and audit reports once a session expires, aligning with data minimization rules.

Tech Stack

- Frontend: Next.js 14, Tailwind, shadcn/ui.

- Backend: FastAPI, Docker, Docker Compose, FAISS, SentenceTransformers.

- Database & Auth: MongoDB Atlas + Supabase.

- Payments: Razorpay (with webhook verification).

- Deployment: Vercel Edge Serverless Proxies (to handle CORS/routing) and AWS EC2.

Feel free to play around with the app or browse the codebase!

GitHub: https://github.com/sujalmeena7/lexguard-ai