LegisGate™ — AI-Powered Data Protection Assessment

1. Who we are

LegisGate™ ("we," "us") provides data protection and AI tool assessment software. This policy describes how we collect, use, and protect personal data when you use our website and Service.

2. Data we collect

We collect: (a) account and profile data (name, email, organization); (b) data you submit in the Service (assessment details, vendor information, notes); (c) usage data (logs, feature usage); and (d) technical data (IP address, browser type). We do not sell your personal data.

3. How we use it

We use your data to provide and improve the Service, authenticate users, send transactional and product communications, comply with legal obligations, and protect our rights. We may use aggregated or de-identified data for analytics and product improvement.

4. Legal basis (EEA/UK)

For EEA and UK users: we process data on the basis of contract performance (providing the Service), legitimate interests (security, analytics, product improvement), and where required by law. Where we rely on legitimate interest, we have balanced our interests against your rights.

5. Sharing and subprocessors

We share data with service providers that help us operate the Service (e.g. hosting, email, analytics). We use subprocessors under contracts that require appropriate security and data protection. We may disclose data when required by law or to protect our rights.

6. International transfers

Your data may be processed in the United States or other countries. Where we transfer data from the EEA or UK, we use appropriate safeguards such as Standard Contractual Clauses or adequacy decisions.

7. Retention

We retain account and usage data for as long as your account is active and as needed to provide the Service. After account closure, we may retain data for a limited period for legal, security, or dispute resolution purposes.

8. Artificial Intelligence processing

We use AI (Anthropic Claude) to power regulatory compliance analysis features within the Service, including risk assessments, document analysis, and regulatory intelligence summaries. AI processing is inference-only — your data is never used to train AI models.

When you use AI-powered features, assessment details, vendor information, privacy policy text, regulatory context, and your questions may be sent to our AI sub-processor (Anthropic PBC, USA) under Standard Contractual Clauses. Passwords, authentication tokens, payment information, and raw personal data of data subjects are never sent.

The legal basis for AI processing is legitimate interest (Article 6(1)(f)) for B2B regulatory compliance analysis and contract performance (Article 6(1)(b)) where AI features are part of the Service. You have the right to obtain human intervention, contest AI-assisted decisions, and opt out of AI-powered features.

For full details on AI systems, data processing, human oversight, and your rights, see our AI Transparency Notice.

9. Your rights

Depending on your location, you may have the right to access, correct, delete, restrict, or port your data, or to object to certain processing. EEA/UK users may lodge a complaint with a supervisory authority. To exercise your rights, contact us at privacy@legisgate.com.

10. Security

We implement technical and organizational measures to protect your data, including encryption, access controls, and secure development practices. No method of transmission or storage is 100% secure; we encourage you to use strong credentials and protect your account.

11. Changes

We may update this policy from time to time. We will notify you of material changes via the Service or email. The "Last updated" date at the top indicates when the policy was last revised.

12. Contact

Data controller: LegisGate™. For privacy questions or to exercise your rights: privacy@legisgate.com.

Privacy Policy