Privacy Policy

Legas.ai is a GDPR compliance document generation platform operated by a certified GDPR specialist. Our platform enables EU businesses to generate professional, legally compliant GDPR documentation using artificial intelligence.

For the purposes of EU data protection law, Legas.ai is the data controller in respect of any personal data you provide to us.

Contact: contact@legas.ai

When you use Legas.ai, we collect the following categories of personal data:

• Account data: your name and email address when you register
• Business data: information about your company that you provide to generate documents (company name, address, registration number, industry, etc.)
• Usage data: information about how you interact with our platform
• Payment data: billing information processed securely by Stripe — we do not store card details
• Technical data: IP address, browser type, and device information

We use your personal data to:

• Provide and maintain your Legas.ai account
• Generate GDPR compliance documents based on your inputs
• Process payments for our services
• Send you transactional emails (account confirmation, password reset)
• Send you service updates and summaries (with your consent)
• Improve our platform and AI document generation quality
• Comply with our legal obligations

We process your personal data on the following legal bases under Article 6 GDPR:

• Contract (Art. 6(1)(b)): to deliver our document generation service
• Legal obligation (Art. 6(1)(c)): to comply with applicable laws
• Legitimate interests (Art. 6(1)(f)): to improve our service and prevent fraud
• Consent (Art. 6(1)(a)): for marketing communications where required

We retain your personal data for as long as your account is active. If you close your account, we will delete your personal data within 90 days, except where we are required to retain it for legal or tax purposes (typically 7 years for financial records).

Documents you generate are stored in your account and deleted when you delete them or close your account.

We use the following third-party processors to deliver our service:

• Supabase — database and authentication (EU region)
• Anthropic — AI document generation (US, under SCCs)
• Stripe — payment processing (US, under SCCs)
• Vercel — platform hosting (US, under SCCs)
• Brevo — transactional email (EU)

All processors are bound by data processing agreements and appropriate transfer safeguards.

Under GDPR, you have the right to:

• Access the personal data we hold about you
• Rectify inaccurate personal data
• Erase your personal data ("right to be forgotten")
• Restrict processing in certain circumstances
• Data portability — receive your data in a machine-readable format
• Object to processing based on legitimate interests
• Withdraw consent at any time where processing is based on consent

To exercise any of these rights, contact us at contact@legas.ai. We will respond within 30 days.

You also have the right to lodge a complaint with your national supervisory authority.

We use essential cookies to keep you logged in and ensure the platform functions correctly. We do not use advertising or tracking cookies. For full details, see our Cookie Policy.

We may update this Privacy Policy from time to time. We will notify you of any significant changes by email or by posting a notice on our platform. The date at the top of this page indicates when it was last updated.

For any questions about this Privacy Policy or your personal data, please contact us at:

contact@legas.ai