Legati AI LogoLegati AI
FeaturesAboutPricingContactSign InGet Started

Privacy Policy

Last Updated: October 1, 2025Effective Date: October 1, 2025

Complete Privacy Policy

1. Data Controller and Contact Information

1.1. Data Controller: AI Legal Support LLC d/b/a LegatiAI

1.2. Business Address: 2228 Cottondale Ln # 220, Little Rock, AR 72202

1.3. Email: info@legatiai.com

1.4. Governing Law: This Privacy Policy is governed by the laws of the State of Arkansas and applicable United States federal privacy laws.

2. Information We Collect

2.1. Account and Billing Information

  • 2.1.1. Name, email address, and organizational affiliation.
  • 2.1.2. Billing address and payment method information, which is processed securely by our third-party payment processor, Stripe, Inc.
  • 2.1.3. Organization details for legal entity verification.

2.2. Document and Case Information

  • 2.2.1. Legal documents and related files you upload for processing, which may include privileged communications ("Client Data").
  • 2.2.2. Case metadata, such as case numbers, dates, and participant names as contained within Client Data.
  • 2.2.3. User-generated annotations, notes, and organizational structures you create within the Service.
  • 2.2.4. Processing preferences and workflow configurations.

2.3. Usage and Technical Information

  • 2.3.1. System access logs and audit trails for security and compliance purposes.
  • 2.3.2. Aggregated and anonymized feature usage analytics to improve our Service.
  • 2.3.3. Error logs and performance metrics.
  • 2.3.4. IP addresses and browser information, retained for a maximum of 90 days for security and troubleshooting purposes.

2.4. Information We Do NOT Collect

We do not knowingly collect:

  • 2.4.1. Advertising or tracking data for marketing purposes.
  • 2.4.2. Personal communications that occur outside of our platform.
  • 2.4.3. Information from other websites or services.
  • 2.4.4. Social media or other third-party account information.

3. How We Use Your Information

3.1. Primary Service Provision

  • 3.1.1. Document Processing: To provide AI-powered analysis, organization, and search functionality as requested by you.
  • 3.1.2. Case Management: To organize documents, maintain case structure, and facilitate your legal workflows.
  • 3.1.3. User Authentication: To manage secure account access and authorization controls.
  • 3.1.4. Billing and Payment: To process subscription fees and usage-based charges.

3.2. Security and Compliance

  • 3.2.1. Access Control: To ensure only authorized users can access specific documents and cases.
  • 3.2.2. Audit and Monitoring: To maintain comprehensive audit logs for legal and security compliance.
  • 3.2.3. Threat Detection: To identify and prevent unauthorized access or data breaches.
  • 3.2.4. Backup and Recovery: To ensure data availability and disaster recovery capabilities.

3.3. Service Improvement (Anonymized Data Only)

  • 3.3.1. Performance Optimization: To improve system speed and reliability using anonymized and aggregated metrics.
  • 3.3.2. Feature Development: To understand usage patterns to develop new features. We never analyze the content of your documents for this purpose.
  • 3.3.3. Error Resolution: To identify and fix technical issues affecting service quality.

4. AI Processing and Data Protection

4.1. Cloud Infrastructure

We use enterprise-grade cloud infrastructure (including Google Cloud Platform and Amazon Web Services) to securely host our Service and process your data. All processing occurs within United States data centers, and we utilize data residency controls to ensure your data remains within U.S. borders.

4.2. Zero Training Guarantee

Your documents and Client Data are NEVER used to train AI models. This is a core commitment of our Service. The AI only analyzes your documents when you specifically request it to perform a function within the Service.

4.3. Zero-Knowledge Architecture Principles

  • 4.3.1. Automated Processing: AI analysis occurs via automated processes without human review of document content.
  • 4.3.2. Encrypted Processing: Documents remain encrypted during AI analysis.
  • 4.3.3. Temporary Processing: AI models process data to generate results without permanently retaining the source content within the AI systems themselves.
  • 4.3.4. Access Controls: LegatiAI personnel are prohibited from accessing your document content without your explicit authorization for support purposes.

5. Information Sharing and Disclosure

5.1. No Sharing of Document Content

We never share, sell, rent, or otherwise disclose the content of your legal documents to any third party, except as directed by you or as required by law. This includes prohibitions on sharing for:

  • 5.1.1. Marketing or advertising purposes.
  • 5.1.2. Data aggregation or analytics for third parties.
  • 5.1.3. Training third-party AI models.
  • 5.1.4. Research or academic purposes.

5.2. Service Providers

We use a limited number of trusted third-party providers to help us operate our Service. These providers are contractually obligated to protect your data and are prohibited from using it for any other purpose.

  • 5.2.1. Cloud Providers: Google Cloud Platform and Amazon Web Services for document storage and AI processing.
  • 5.2.2. Payment Processor: Stripe, Inc. for secure payment processing. Stripe does not have access to your document content.

5.3. Legal Requirements

We may disclose information when required by law, such as in response to valid subpoenas, court orders, or other lawful requests from public authorities. We will notify you of any such request unless legally prohibited from doing so.

6. Data Security

6.1. Encryption

We use industry-standard encryption protocols (such as AES-256) for all stored data to protect its confidentiality and integrity.

6.2. Infrastructure Security

Our cloud providers maintain leading industry security certifications, such as SOC 2 Type 2 and ISO 27001, and employ robust network, physical, and incident response security measures.

7. Data Retention and Deletion

7.1. Active Subscription Data

We retain your data for the duration of your active subscription to provide the Service to you.

7.2. Account Termination

Upon termination or cancellation of your account, your data will be scheduled for permanent deletion from our systems. You are solely responsible for exporting any data you wish to retain before you terminate your account. We do not provide a grace period for data export after an account is terminated.

7.3. Legal Hold Requirements

Data will be preserved when subject to a valid legal order or as otherwise required to comply with applicable legal retention requirements.

7.4. Audit and Security Logs

  • 7.4.1. Billing Records: Retained for up to 7 years to comply with financial regulations.
  • 7.4.2. Anonymized Analytics: Aggregated usage data that contains no personal information may be retained indefinitely.

8. Your Rights and Controls

8.1. Data Access and Portability

During your active subscription, you have the right to access and download your data.

8.2. Data Modification and Deletion

You have full control to add, modify, or delete your documents and case data. You may also request complete account and data deletion at any time, which will result in the termination of your service.

8.3. Privacy Controls

We provide you with controls to manage your processing preferences, optional data sharing, and communication preferences.

8.4. Response Timeframes

  • 8.4.1. Data Requests: Fulfilled within 14 business days.
  • 8.4.2. Account Deletion: Completed within 48 hours of your request.
  • 8.4.3. Privacy Inquiries: Responded to within 2 business days.
  • 8.4.4. Technical Issues: Assistance for privacy-related concerns is available during business hours.

9. International Transfers and Data Residency

All data processing and storage occurs within United States data centers. We utilize enterprise data residency controls to ensure your data remains within U.S. borders.

10. Children's Privacy

Our Service is designed exclusively for legal professionals and is not intended for use by individuals under 18 years of age. We do not knowingly collect personal information from children. If you believe your child has provided us with personal information, please contact us at info@legatiai.com, and we will take steps to remove such information.

11. State-Specific Privacy Rights

11.1. Arkansas Residents

Arkansas residents have specific rights under Arkansas law, including the right to request disclosure or deletion of personal information and to receive notification of data breaches.

11.2. California Residents (CCPA/CPRA)

California residents have additional rights under the CCPA/CPRA, including the Right to Know, Delete, and Correct personal information. We do not sell or share personal information, so the Right to Opt-Out is not applicable. We will not discriminate against you for exercising your privacy rights.

12. Data Breach Notification

12.1. Incident Response

In the event of a potential security incident, we will take appropriate steps to assess, contain, and investigate the matter.

12.2. Notification Procedures

In the event of a data breach, we will provide direct notification to affected users within 72 hours of discovery and will comply with all applicable regulatory notification requirements.

13. Changes to This Privacy Policy

We may update this Privacy Policy to reflect changes in our practices or applicable laws. We will notify you of any material changes via email and an in-app notification at least 30 days in advance.

14. Dispute Resolution

14.1. Informal Resolution

Before initiating formal proceedings, the parties agree to attempt to resolve any dispute arising from this Privacy Policy through direct negotiation for at least 30 days. The initiating party shall provide written notice to the other party.

14.2. Binding Arbitration

If informal resolution fails, any dispute arising out of or relating to this Privacy Policy shall be resolved by binding arbitration administered by the American Arbitration Association (AAA) in accordance with its Commercial Arbitration Rules. The arbitration shall take place in Pulaski County, Arkansas. The arbitrator's decision shall be final and binding, and judgment may be entered in any court of competent jurisdiction.

14.3. Class Action Waiver

The parties agree that any dispute resolution proceedings will be conducted only on an individual basis and not in a class, consolidated, or representative action.

15. Contact Information

For any privacy-related questions, concerns, or requests, please contact us. We will respond to inquiries within two business days.

Email: info@legatiai.com

Mail: AI Legal Support LLC d/b/a LegatiAI, 2228 Cottondale Ln # 220, Little Rock, AR 72202

Legati Legal Assistant