Cookie Policy

"Zika Group" Ltd operates the Legas.ai platform at legas.ai and is responsible for the cookies set on this website.

Company: "Zika Group" Ltd
UIC: 200383579
VAT: BG200383579
Address: Plovdiv, Bulgaria
Email: contact@legas.ai
Website: legas.ai

Name: Commission for Personal Data Protection (CPDP)
Address: 2 Prof. Tsvetan Lazarov Blvd., Sofia 1592, Bulgaria
Telephone: +359 2 915 3519
Email: kzld@cpdp.bg
Website: www.cpdp.bg

Cookies are small text files placed on your device by a website when you visit it. They are stored by your browser and sent back to the originating website on each subsequent visit. Cookies allow the website to recognise your device and remember information about your session.

Cookies cannot execute code, access files on your device, or transmit viruses. They store only the specific information placed in them by the website. Some cookies are deleted when you close your browser (session cookies). Others remain on your device for a defined period (persistent cookies).

For a plain-language explanation of how cookies work, visit www.aboutcookies.org.

When users visit or use legas.ai, the following personal data may be collected through the website's technical infrastructure and analytics tools:

• Email address and full name: collected at account registration.
• IP address: collected automatically by the server infrastructure and, where applicable, by analytics tools. IP addresses may constitute personal data under Regulation (EU) 2016/679.
• Browser type, operating system, screen resolution, and device type: collected by analytics tools in aggregated or session-level form.
• Pages visited, features used, time spent on each page, and click behaviour: collected by PostHog where consent has been given.
• Session recordings: captured by PostHog where consent has been given. Recordings show mouse movement, scrolling, and clicks but do not capture password fields or payment data.

Legal basis for account and authentication data: Article 6, paragraph 1, letter (b) of Regulation (EU) 2016/679. Legal basis for PostHog analytical cookies: Article 6, paragraph 1, letter (a) — consent.

These cookies are required for the website to function and cannot be switched off. They do not store personally identifiable information and do not require consent under the ePrivacy Directive. Blocking them will prevent you from logging in or completing a payment.

• Supabase authentication cookies: maintain the user's login session. Set when the user logs in. Deleted on logout or when the session expires.
• Vercel infrastructure cookies: used for load balancing and platform routing. Set automatically. No personal data is stored.
• Stripe security cookies: set during the payment process to detect and prevent fraudulent transactions. Required for secure payment processing.

Functional cookies remember choices made by the user to improve the experience on return visits. They do not track users across other websites.

• legas_lang: remembers the language selected by the user and enables server-side language matching. Persists for 1 year. Set by Legas.ai.

Legas.ai uses two analytics tools. They work differently and have different privacy implications.

Plausible Analytics is cookieless. It does not set any cookies and does not collect personal data. It counts page views and records approximate geographic region (country level), browser type, and referral source in aggregated form only. No consent is required. Plausible Analytics UAB is incorporated in Lithuania and processes data within the European Union.

PostHog sets analytical cookies that track user behaviour within the platform at session and user level. These cookies are only activated after the user explicitly consents through the cookie consent banner on first visit. PostHog Inc. is incorporated in the United States. Data transfer is governed by Standard Contractual Clauses under Article 46 of Regulation (EU) 2016/679. Consent may be withdrawn at any time by adjusting cookie preferences.

The following third-party providers set or access cookies on legas.ai. Each provider's privacy and cookie policy is linked below for reference:

• Stripe, Inc. (USA): payment processing and fraud prevention cookies. stripe.com/privacy
• PostHog, Inc. (USA): analytical cookies, activated on consent only. posthog.com/privacy
• Supabase Inc. (USA): authentication cookies. supabase.com/privacy

Plausible Analytics does not set cookies and does not appear in this list. Vercel sets infrastructure-level cookies that are strictly necessary and not associated with any personal data.

You can accept or decline non-essential cookies through the cookie consent banner displayed on your first visit. You can change your cookie preferences at any time by clicking the cookie settings link in the website footer.

You can also manage cookies directly through your browser settings. Deleting or blocking certain cookies will affect website functionality. In particular, deleting authentication cookies will log you out of your account, and blocking strictly necessary cookies will prevent login and payment.

Instructions for managing cookies in the most commonly used browsers:

• Microsoft Edge: support.microsoft.com/en-us/microsoft-edge/delete-cookies-in-microsoft-edge
• Mozilla Firefox: support.mozilla.com/en-US/kb/Cookies
• Google Chrome: support.google.com/chrome/answer/95647
• Safari: support.apple.com/kb/PH5042
• Opera: opera.com/browser/tutorials/security/privacy/
• Brave: support.brave.com/hc/en-us/articles/360022806212

For browser-independent cookie management tools, visit www.aboutcookies.org or www.cookiecentral.com.

Cookie data is retained for the periods specified in Section VI. PostHog analytical data is retained for a maximum of 12 months, after which it is deleted from PostHog's servers. Plausible collects no personal data and retains no individual records.

Data will not be deleted where it is required for ongoing judicial, administrative, or regulatory proceedings.

In relation to personal data collected through cookies, you have the following rights under Regulation (EU) 2016/679:

• Right to access: to obtain a copy of personal data collected through cookies, together with information about how it is used.
• Right to rectification: to have inaccurate data corrected.
• Right to erasure: to request deletion of personal data collected through cookies, where the purpose has been achieved, consent has been withdrawn, or processing is unlawful.
• Right to restriction: to request that processing be suspended in the circumstances defined by Article 18 of Regulation (EU) 2016/679.
• Right to object: to object to processing based on legitimate interests.
• Right to data portability: to receive personal data in a structured, machine-readable format where processing is based on consent and carried out by automated means.
• Right to withdraw consent: to withdraw consent to analytical cookies at any time by adjusting your cookie preferences or browser settings. Withdrawal does not affect the lawfulness of processing carried out before the withdrawal.

To exercise any of these rights, or to ask questions about how cookies are used, contact contact@legas.ai.

This Cookie Policy is updated when the cookies or analytics tools used on the platform change, or when applicable law requires an update. The version number and effective date at the top of this document indicate the current version. Material changes will be communicated through the platform or by email.