AI Transparency Notice

1. Introduction

LegisGate™ uses artificial intelligence to assist with regulatory compliance analysis, risk assessment, and document processing. We are committed to transparency about how AI is used in our Service.

This notice explains which AI systems we use, what data is processed, how decisions are made, and your rights under the EU AI Act and the General Data Protection Regulation (GDPR). It supplements our Privacy Policy and Terms of Service.

2. AI Systems Used

• Provider: Anthropic (Claude). All AI processing is inference-only — your data is never used to train AI models.
• Purpose: Regulatory compliance analysis, risk assessment, document analysis, and regulatory intelligence summarization.
• EU AI Act classification: Limited Risk (Article 50). Transparency obligations apply, and this notice fulfills those requirements.

3. How AI is Used in LegisGate

Assessment Engine

AI analyzes vendor information, privacy policies, and regulatory context to generate risk assessments, findings, and recommendations. Risk scores (0–100) are AI-generated directional indicators. Human review is required before any decisions are made based on assessments.

Ask LegisGate Assistant

An AI-powered conversational assistant that answers regulatory compliance questions. Users are clearly informed they are interacting with an AI system. All responses are informational only and do not constitute legal advice.

Regulatory Intelligence Summaries

AI summarizes regulatory updates from official sources and generates impact analysis relevant to your organization. Summaries are clearly labeled as AI-generated content.

Privacy Policy Analyzer

AI extracts structured information from vendor privacy policies, including data collection practices, retention periods, and third-party sharing. Results feed into assessments and are subject to human review.

Document Processing

AI classifies and extracts information from uploaded documents such as Data Processing Agreements (DPAs), SOC 2 reports, and vendor security questionnaires.

EU AI Act Classification

AI classifies vendor AI systems under the EU AI Act risk framework (Prohibited, High, Limited, or Minimal risk) based on the vendor's stated use cases and data processing activities.

Breach Notification Drafting

AI generates draft breach notification letters based on incident details and applicable regulatory requirements. All drafts require human review and editing before use — they are starting points, not final documents.

4. Data Processing for AI

What data is sent to the AI provider

Assessment details, vendor information, privacy policy text, regulatory context, and user questions submitted through AI-powered features.

What is never sent

Passwords, authentication tokens, payment information, and raw personal data of data subjects are never transmitted to the AI provider.

Legal basis (GDPR)

• Legitimate interest (Article 6(1)(f)) — for B2B regulatory compliance analysis where AI processing is necessary to provide meaningful compliance insights.
• Contract performance (Article 6(1)(b)) — where AI-powered features are part of the contracted Service.

Data retention

AI inputs and outputs are stored in your organization's LegisGate account and subject to our standard data retention policies. Anthropic does not retain data beyond the API request per their data processing terms.

Sub-processor

Anthropic PBC, San Francisco, CA, USA. Standard Contractual Clauses (SCCs) are in place for transfers of personal data from the EEA/UK to the United States.

5. Human Oversight

• All AI-generated assessments require human review before decisions are made.
• Risk scores are directional indicators, not definitive determinations.
• Users can override, edit, or reject any AI-generated content at any stage.
• The assessment workflow includes mandatory human review stages before an assessment can be finalized.
• AI-generated content is clearly labeled throughout the Service.

6. Your Rights (GDPR Article 22)

Under the GDPR and the EU AI Act, you have the following rights in relation to AI-assisted processing:

• Human intervention: The right to obtain human intervention in decisions significantly affected by automated processing.
• Express your view: The right to express your point of view and to contest AI-assisted decisions.
• Explanation: The right to an explanation of the logic involved in automated processing that affects you.
• Opt out: The right to opt out of AI-powered features by contacting our support team.
• Access, rectification, and erasure: The right to access, rectify, and erase data that has been processed by AI systems.
• Supervisory authority: The right to lodge a complaint with your data protection supervisory authority.

To exercise any of these rights, contact us at privacy@legisgate.com.

7. AI Limitations

• AI outputs may contain errors, hallucinations, or outdated information.
• AI analysis is based on information available at the time of processing and may not reflect the most recent regulatory changes.
• Regulatory landscapes change frequently; AI analysis should always be verified against current law.
• AI cannot replace qualified legal, compliance, or privacy professionals. LegisGate is a tool to assist — not substitute — professional judgment.

8. Contact

For questions about AI processing or to exercise your rights:

• Data Protection Officer: dpo@legisgate.com
• Privacy inquiries: privacy@legisgate.com
• Request human review of an AI-assisted decision: Contact your account administrator or email support@legisgate.com.

9. Updates

This notice may be updated as our AI capabilities evolve or as regulatory requirements change. We will notify you of material changes via the Service or email. The "Last updated" date at the top indicates when this notice was last revised.