This Privacy Policy explains how LegAI Assistant, Inc. (“LegAI”, “Company”, “we”, or “us”) collects, uses, and protects personal information in connection with the LegAI Assistant service (“Service”). We process personal information in accordance with the Personal Information Protection Act of the Republic of Korea and other applicable laws.
1. Information We Collect
- Account information such as email address, name, organisation, profile photo, authentication tokens, and contact preferences.
- Workspace content you upload or generate inside the service, including documents, evidence, comments, chat history, and associated metadata.
- Usage information including device identifiers, IP address, browser type, operating system, access timestamps, pages viewed, feature usage, diagnostic logs, and cookies or similar technologies.
- Billing details such as invoicing contact, company name, tax ID, and payment method. Payment cards are processed by our provider and not stored in full by LegAI.
2. How We Use Information
- Operate, maintain, and improve the LegAI Assistant, including authentication, storage, collaboration, and AI-driven features.
- Analyse aggregated or anonymised usage patterns to enhance product performance and security.
- Communicate with you about updates, service announcements, and customer support.
- Enforce our Terms of Service, prevent misuse, comply with legal obligations, and protect the rights and safety of users and third parties.
- Authorised personnel at LegAI Assistant, Inc. may access personal information strictly on a need-to-know basis to operate the service, troubleshoot incidents, and provide support. Access is restricted by role-based permissions and protected by multi‑factor authentication and audit logging.
- Provide adaptive experiences such as automatically regenerating AI plans or summaries when you switch languages or trigger refresh actions. This can involve temporarily processing stored case content to ensure the regenerated output matches your workspace settings.
2A. AI Providers and Model Inference
- To provide AI functionality (e.g., summaries, timelines, scenario simulation), we may transmit prompts and relevant document excerpts to model providers (e.g., Google Vertex AI) for processing within our configured project/region.
- We do not allow AI providers to use your prompts or outputs to train their public models. Processing is limited to delivering the requested features and is governed by provider data protection terms.
3. Lawful Bases for Processing
- Performance of our contract with you when providing the service.
- Your consent where required, which you may withdraw at any time without affecting prior processing.
- Compliance with legal obligations.
- Legitimate interests, such as securing and improving the service. We balance these interests against your rights.
4. Sharing and Disclosure
- Service providers (including Google Cloud/Vertex AI, Firebase, analytics, customer support, and payment vendors such as Stripe) bound by confidentiality agreements and data processing terms.
- Regulators, courts, or law enforcement if legally required or to protect the rights, property, or safety of LegAI, our users, or others.
- Successors in the event of a merger, acquisition, or asset sale, subject to confidentiality safeguards.
- We do not sell personal information.
5. International Transfers
- Data may be stored or processed in the Republic of Korea, the European Union, the United States, or other jurisdictions (e.g., Google Cloud regions including nam5/us‑central1).
- When transferring personal information internationally we rely on safeguards such as standard contractual clauses and require recipients to maintain adequate protections.
5A. Cookies and Similar Technologies
- We use cookies and similar technologies to maintain sessions, remember preferences, and measure product usage. You can control cookies through your browser settings.
6. Retention
- Personal information is kept for as long as necessary to provide the service and fulfil the purposes described in this policy.
- When an account is closed we delete or anonymise workspace content within 90 days unless retention is required for legal, accounting, fraud prevention, or dispute‑resolution purposes.
- Plan usage and billing records (e.g., subscription status, usage counters) may be retained as business records as required by law.
7. Your Rights
- Subject to applicable law you may request access, correction, deletion, restriction, or portability of your personal information, or object to certain processing.
- Submit requests to privacy@leg-ai.com or +82-10-2178-9598. We may verify your identity and will respond within the timelines required by law.
8. Security Measures
- LegAI applies administrative, technical, and physical safeguards including encryption at rest and in transit, role-based access controls, security monitoring, and regular audits.
- Administrative access is logged via cloud audit logs and reviewed periodically. Data access by personnel is limited to authorised purposes and recorded for accountability.
- No security programme is infallible, so please review information before sharing it with collaborators.
9. Children's Privacy
- The service is not intended for individuals under the age of 18, and we do not knowingly collect personal data from children.
- If you believe a child has provided personal information, contact us so we can delete it promptly.
10. Updates to This Policy
- We may revise this policy from time to time. Material changes will be communicated via email or in-product notice at least 14 days before they take effect.
- Continued use of the service after the effective date constitutes acceptance of the revised policy.
11. Contact Information
- Privacy Officer, LegAI Assistant, Inc.
- Email: privacy@leg-ai.com
- Phone: +82-10-2178-9598
- Address: 올림픽로 4길 15, Seoul, Republic of Korea
- You may also contact the Personal Information Infringement Report Center (privacy.kisa.or.kr / 118) or other supervisory authorities if you believe your rights have been infringed.
한국어 안내 (요약)
- 업무 수행에 필요한 최소한의 개인정보와 워크스페이스 콘텐츠를 처리하며, 판매하지 않습니다.
- AI 기능 제공을 위해 필요한 범위에서 프롬프트/문서 일부가 Google Vertex AI 등으로 전송될 수 있으나, 공개 모델 학습에는 사용되지 않도록 설정합니다.
- 쿠키/유사 기술은 세션 유지·환경 설정·사용성 측정에 활용되며, 브라우저 설정에서 제어할 수 있습니다.
- 계정 해지 후 통상 90일 내 데이터가 삭제/익명화되며, 법적 의무·사기 방지·분쟁 해결을 위해 일부 기록이 보관될 수 있습니다.