LegalIntel
Login

Privacy Policy

Effective Date: 1 March 2025 Last Updated: 1 March 2025

1. Introduction

Pragma AI Ltd. ("we," "our," or "us") is committed to protecting your privacy and personal data. As a UK-based company, we fully comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

This Privacy Policy explains how we collect, use, share, and protect your data when you use our LegalIntel service, an AI-powered legal document analysis tool that processes documents in multiple languages, including English, Spanish, French, German, Swedish, Dutch, Portuguese, Italian, Russian, and approximately 40 other languages.

We may update this Privacy Policy from time to time to reflect changes in our practices or for legal, operational, or regulatory reasons. We will notify you of any material changes through the Service or via email.

2. Data Controller Information

Pragma AI Ltd. acts as the data controller for your personal information:

  • Company Registration Number: [Company Registration Number]
  • VAT Registration Number: [VAT Number]
  • Registered Address: [London Address], United Kingdom
  • Data Protection Officer: dpo@legalintel.io
3. Data We Collect

3.1 Account Information

  • Authentication details (we do not store passwords directly as we use Google, Microsoft, and LinkedIn authentication)
  • Name and business contact details
  • Billing information (processed securely via Stripe)
  • Communication and service preferences

3.2 Document Data

  • Uploaded legal documents (up to 15MB or 350 pages per document)
  • Document metadata (file name, size, upload date, language)
  • Analysis results including summaries, key points, risks, questions, dependencies, translations, and language-specific insights
  • Document processing and revision history

3.3 Usage Data

  • Analytics data (page views, feature usage, session information)
  • IP address and device information
  • Browser type, version, and language preferences
  • Service usage patterns and feature interactions
  • Performance and error data

3.4 Cookies and Tracking Technologies

We use various cookies and similar technologies to enhance your experience, provide service functionality, and analyze usage patterns.

Essential Cookies

These are necessary for the operation of the Service and enable core functionality, such as security, authentication, and session management.

Analytics Cookies

We use Posthog and Vercel Analytics to collect information about how visitors use our Service, including which pages they visit, how they interact with features, and technical information about their device and browser.

Preference Cookies

These allow us to remember your settings and preferences, such as language preference and display settings.

You can manage your cookie preferences at any time through your account settings page. You may also set your browser to refuse cookies, though this may limit your ability to use certain features of the Service.

3.5 Third-Party Services

  • Authentication Providers:When you sign in using Google, Microsoft, or LinkedIn, we receive basic profile information such as your name and email address from these providers.
  • Analytics Services:Posthog and Vercel Analytics collect anonymized usage data to help us improve the Service.
  • Payment Processor:Stripe processes all payment information. We do not store your complete payment details on our servers.
4. How We Use Your Data

4.1 Primary Purposes

  • Providing the LegalIntel document analysis service in your preferred language
  • Processing and analyzing your legal documents to generate insights, summaries, and translations
  • Managing your account and subscription
  • Communicating with you regarding service updates, support, and account information
  • Improving and optimizing the Service through usage analytics and feedback
  • Ensuring the security and integrity of the Service and your data

4.2 Legal Bases for Processing

  • Contract Performance: Processing necessary to provide the Service and fulfill our contractual obligations to you
  • Legal Obligations: Compliance with UK and EU laws and regulations, including tax and accounting requirements
  • Legitimate Interests: Service improvement, security, fraud prevention, and business operations where not overridden by your rights and freedoms
  • Consent: Processing based on your explicit consent, such as for marketing communications or optional features

4.3 AI Processing and Limitations

Our Service uses artificial intelligence to analyze legal documents. This AI processing includes document understanding, summarization, key point extraction, risk identification, and translation.

  • AI is used solely to analyze the documents you upload and provide insights to assist your understanding
  • While our AI systems are designed to provide high-quality analysis, they may not identify all relevant issues or risks in a document, and the analysis may contain inaccuracies or omissions
  • All AI processing is performed in secure, isolated environments with appropriate data protection measures
  • We recommend that all AI-generated analysis be reviewed by qualified legal professionals before making important decisions
5. Data Security

We implement comprehensive security measures to protect your data from unauthorized access, alteration, disclosure, or destruction.

5.1 Technical Measures

  • End-to-end encryption for document transmission and storage
  • Secure cloud infrastructure with data centers in the UK and EU regions
  • Regular security audits, vulnerability assessments, and penetration testing
  • Multi-factor authentication options for account security
  • Encrypted backups with strict access controls

5.2 Organizational Measures

  • Regular staff training on data protection and security practices
  • Strict access controls and least privilege principles
  • Comprehensive incident response procedures
  • Regular policy reviews and security assessments

5.3 Data Breach Procedures

In the event of a data breach that affects your personal data, we will notify you and the relevant supervisory authority (such as the ICO) in accordance with applicable law, typically within 72 hours of discovering the breach if it poses a risk to your rights and freedoms.

6. Data Retention

6.1 Active Account Data

  • We retain your account information and document data for as long as your account remains active
  • You can request deletion of specific documents or analyses at any time through your account settings
  • Billing records are kept for 7 years as required by UK tax law, even after account deletion

6.2 Account Deletion

When you delete your account, we will permanently delete all associated data including:

  • Uploaded documents, analysis results, and all derived data
  • Account information, preferences, and usage history
  • Anonymized analytics data may be retained in aggregate form

6.3 Document Retention

  • By default, documents are automatically deleted 30 days after upload unless you modify this period in your account settings
  • You can manually delete documents and their associated analyses at any time
7. Data Sharing

We limit the sharing of your personal data to specific circumstances and trusted partners.

7.1 Categories of Recipients

  • Service Providers: We share data with third-party service providers who help us deliver the Service, including cloud infrastructure providers, payment processors, and authentication services. All service providers are bound by contractual obligations to protect your data.
  • Legal Compliance: We may disclose data when required by law, regulation, legal process, or governmental request.
  • Business Transfers: In the event of a merger, acquisition, or asset sale, your data may be transferred to the acquiring entity. We will notify you of any such change and any choices you may have regarding your data.

7.2 Marketing Communications

We will never sell your data to third parties for marketing purposes. Any marketing communications from us will be clearly marked, and you can opt out at any time through your account settings or using the unsubscribe link in our emails.

8. International Data Transfers

We primarily process and store your data in the UK and European Union. However, due to the global nature of our services and infrastructure, your data may be transferred to, stored in, or accessed from countries outside the UK and European Economic Area (EEA).

8.1 Transfer Safeguards

  • Standard Contractual Clauses (SCCs) approved by the UK Government or European Commission
  • Transfers to countries with UK or EU adequacy decisions
  • Additional technical and organizational measures to ensure an equivalent level of data protection

8.2 Processing Regions

  • United Kingdom (primary location)
  • European Union
  • Other regions only where covered by adequacy decisions or appropriate safeguards
9. Your Rights

Under UK and EU data protection laws, you have several rights regarding your personal data.

9.1 Your Data Protection Rights

  • Right to Access: You can request a copy of the personal data we hold about you.
  • Right to Rectification: You can request correction of inaccurate or incomplete data.
  • Right to Erasure: You can request deletion of your personal data in certain circumstances.
  • Right to Restriction: You can request that we limit how we use your data.
  • Right to Data Portability: You can request a machine-readable copy of your data to transfer to another service.
  • Right to Object: You can object to certain types of processing, including direct marketing.
  • Rights related to Automated Decision-making: You have rights regarding automated decisions that significantly affect you.

9.2 How to Exercise Your Rights

You can exercise your rights in several ways:

  • Contact our Data Protection Officer at dpo@legalintel.io
  • Use the 'Download My Data' feature in your account settings to receive a complete export of your personal data
  • Manage many of your privacy preferences directly through your account settings
10. Children's Privacy

Our Service is not directed to individuals under the age of 18, and we do not knowingly collect personal information from children. If you become aware that a child has provided us with personal information without appropriate parental consent, please contact us at privacy@legalintel.io, and we will take steps to remove such information and terminate the child's account.

11. Changes to Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. The updated Privacy Policy will be effective as of the date stated at the top of the policy.

For material changes, we will provide notice through the Service or via email at least 30 days before the changes take effect. Your continued use of the Service after such modifications constitutes your acknowledgment of the modified Privacy Policy.

12. Complaints and Contact Information

If you have concerns about our data practices or wish to exercise your rights, please contact our Data Protection Officer at dpo@legalintel.io. We will respond to all requests within one month. You also have the right to complain to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues:

  • Website: www.ico.org.uk
  • Helpline: 0303 123 1113

Effective Date: 1 March 2025 Last Updated: 1 March 2025

We use cookies

We use cookies to ensure you get the best experience on our website. For more information on how we use cookies, please see our cookie policy.

Accept