LegalOpsBack to Home

Privacy Policy

Last updated: May 2026

1. Introduction

LegalOps ("we", "our", "the Platform") is committed to protecting the privacy and security of your personal data. This policy explains how we collect, use, store, and protect your information in compliance with applicable data protection regulations including GDPR.

2. Data We Collect

Account Information

Name, email address, phone number, and professional role when you create an account.

Firm Data

Matter details, client information, billing records, financial transactions, HR records, and documents uploaded by your firm. This data belongs to your firm and is fully isolated from other tenants.

Usage Data

Login timestamps, feature usage patterns, and session information for security and service improvement.

3. How We Use Your Data

  • Providing and maintaining the Platform services
  • Authenticating users and managing access control
  • Sending service-related communications (password resets, invitations, notifications)
  • Enforcing subscription limits and billing
  • Improving Platform performance and features

4. Data Isolation

All firm data is strictly isolated by firm ID. No firm can access another firm's data. The platform administrator (super admin) can view metadata (file names, sizes, usage statistics) for storage management but cannot access file contents — ensuring GDPR-compliant data separation.

5. Data Storage and Security

  • Data is stored in encrypted PostgreSQL databases
  • Files are stored via secure cloud storage (Vercel Blob) with firm-scoped paths
  • All communications are encrypted via TLS/HTTPS
  • Passwords are hashed using industry-standard algorithms
  • Two-factor authentication (2FA) is available for enhanced security

6. Data Sharing

We do not sell, trade, or share your personal data with third parties except:

  • Service providers necessary for Platform operation (hosting, email delivery)
  • When required by law or legal process
  • With your explicit consent

7. Your Rights

Under applicable data protection laws, you have the right to:

  • Access your personal data
  • Rectify inaccurate data
  • Delete your account and data (right to be forgotten)
  • Export your data in a portable format
  • Restrict processing of your data
  • Object to certain processing activities

8. Data Retention

Active account data is retained for the duration of your subscription. Upon account deletion or firm termination, data is retained for 30 days before permanent deletion. Backup copies may persist for up to 90 days.

9. Cookies

We use essential cookies for authentication and session management. No third-party tracking cookies are used.

10. Children's Privacy

The Platform is not intended for individuals under 18 years of age. We do not knowingly collect data from minors.

11. Changes to This Policy

We may update this policy periodically. Material changes will be communicated via email or Platform notification.

12. Contact

For privacy-related inquiries or to exercise your rights, contact our Data Protection Officer at privacy@legalops.company.