Privacy Policy

Last Updated: January 15, 2025

1. Introduction

Legistry AI ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered legal operations platform (the "Service").

By using our Service, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, do not use our Service.

2. Information We Collect

2.1 Information You Provide

  • Account Information: Name, email address, password, organization name
  • Contract Data: Contracts, documents, and legal content you upload or create
  • Vendor Information: Vendor names, contact details, and related data
  • Compliance Data: Regulatory information and compliance tracking data
  • Payment Information: Billing address, payment method (processed securely through Stripe)

2.2 Automatically Collected Information

  • Usage Data: How you interact with our Service, pages visited, features used
  • Device Information: IP address, browser type, device type, operating system
  • Log Data: Server logs, timestamps, error messages
  • Cookies: Session cookies, analytics cookies (see Cookie Policy)

3. How We Use Your Information

  • To provide, maintain, and improve our Service
  • To process your requests and transactions
  • To send you service-related notifications and updates
  • To provide customer support and respond to inquiries
  • To detect, prevent, and address technical issues and security threats
  • To analyze usage patterns and improve user experience
  • To comply with legal obligations and enforce our Terms of Service

4. AI Processing of Your Data

When you use our AI features (contract drafting, review, compliance monitoring), your data is processed by third-party AI providers:

  • OpenAI: Contract drafting and generation (see OpenAI Privacy Policy)
  • Anthropic: Contract review and risk analysis (see Anthropic Privacy Policy)
  • Perplexity AI: Regulatory research and compliance monitoring (see Perplexity Privacy Policy)

We do not share your data with AI providers for training their models. Data is processed for your specific request only and not retained by AI providers beyond the transaction.

5. Data Sharing and Disclosure

We do not sell your personal information. We may share your information only in these circumstances:

  • Service Providers: Trusted third parties who assist in operating our Service (hosting, payment processing, email delivery)
  • Legal Requirements: When required by law, court order, or government regulation
  • Business Transfers: In connection with a merger, acquisition, or sale of assets
  • With Your Consent: When you explicitly authorize us to share your information

6. Data Security

We implement industry-standard security measures to protect your data:

  • Encryption in transit (TLS/HTTPS) and at rest (database encryption)
  • Secure authentication with JWT tokens and password hashing (bcrypt)
  • Regular security audits and vulnerability assessments
  • Access controls and role-based permissions
  • Automated backups and disaster recovery procedures

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your data, we cannot guarantee absolute security.

7. Your Rights (GDPR/CCPA)

Depending on your location, you have the following rights regarding your personal data:

  • Access: Request a copy of your personal data
  • Correction: Request correction of inaccurate data
  • Deletion: Request deletion of your personal data
  • Portability: Request data export in machine-readable format
  • Objection: Object to processing of your data
  • Restriction: Request restriction of data processing
  • Opt-Out: Opt out of marketing communications (CCPA)

To exercise these rights, contact us at privacy@legistry.ai.

8. Data Retention

We retain your personal data for as long as necessary to provide our Service and comply with legal obligations. When you delete your account, we will delete or anonymize your personal data within 30 days, except where we are required to retain it for legal purposes.

9. International Data Transfers

Your data may be transferred to and processed in countries other than your country of residence. We ensure appropriate safeguards are in place for such transfers, including Standard Contractual Clauses (SCCs) for EU data transfers.

10. Children's Privacy

Our Service is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal information, please contact us.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. Material changes will be communicated via email or prominent notice on our Service.

12. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

Legistry AI

Email: privacy@legistry.ai

Address: [Your Company Address]