Privacy Policy
Legitym handles sensitive legal data. Here is exactly how we collect, process, protect, and store your information.
Last Updated: March 25, 2026
Where Is Your Data?
Full transparency on where your data is processed and stored.
Uploaded Documents
Cloudflare R2, Europe region (EU). ISO 27001 certified.
Database
Neon PostgreSQL (EU migration planned Q2 2026).
AI Analysis — Google Cloud AI
- Google does NOT retain your data for training (Google Cloud Platform Terms of Service, Section 5.2).
- API requests are processed and deleted after response.
- EU data residency option available (Vertex AI) on Enterprise plan.
Payments
Stripe (PCI-DSS Level 1 certified). No card data touches our servers.
No data is sold, shared, or used for advertising purposes.
Professional Secrecy & Lawyer Confidentiality
Legitym is committed to respecting the professional secrecy of lawyers (Art. 66-5 of the Law of December 31, 1971).
Client case data is encrypted at rest (AES-256) and in transit (TLS 1.3).
No Legitym employee accesses your case files without your explicit authorization.
Right to complete deletion of your data at any time (GDPR Art. 17).
DPA (Data Processing Agreement) available on request for law firms.
Marketplace data (client-lawyer matching) is anonymized until mutual agreement.
Your Rights (GDPR)
You have full control over your personal data under European regulation.
Right of Access
Request a copy of all your personal data held by Legitym.
Right to Rectification
Correct any inaccurate personal data we hold about you.
Right to Erasure
Delete your account and all your data permanently.
Right to Portability
Export your data in a standard, machine-readable format.
Right to Object
Object to the processing of your personal data.
Contact our Data Protection Officer for any request:
privacy@legitym.comGeneral Policy
1. Information We Collect
We collect information you provide directly: name, email, professional details, payment information, and documents you upload to the platform. We also collect usage data (pages visited, features used) and device information (browser, IP address) to improve our services.
2. How We Use Information
We use your information to: provide AI-powered legal analysis, process case files, match clients with lawyers on the marketplace, process payments, send transactional notifications, improve our AI models (using anonymized aggregate data only), and ensure platform security.
3. Information Sharing
We do not sell your personal information. We share data only with: infrastructure providers (Vercel, Neon, Cloudflare) for hosting, Stripe for payment processing, Google for AI analysis (under strict API terms), and as required by law. Marketplace matching data is anonymized until both parties agree to connect.
4. Cookies and Tracking
We use essential cookies for authentication and session management. Optional analytics cookies help us improve the platform. You can manage your cookie preferences at any time. See our Cookie Policy for full details.
5. Data Retention
We retain your data as long as your account is active. Case files are retained for the duration you specify or until you delete them. Upon account deletion, all personal data is permanently erased within 30 days. Anonymized analytics data may be retained longer.
6. Children's Privacy
Our service is a professional legal platform not intended for children under 16. We do not knowingly collect data from minors.
7. International Transfers
Your data is primarily processed in Europe. Where transfers to third countries occur (e.g., AI processing), we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) and adequacy decisions.
8. Changes to Policy
We may update this policy periodically. Significant changes will be notified via email and in-app notification at least 30 days before taking effect.
Questions About Your Privacy?
Our Data Protection Officer is available to answer any question about how we handle your data.