Legal

Privacy Policy

Last updated: February 6, 2026

On this page

This Privacy Policy explains how Legistra collects, uses, and protects personal data.

We process data in accordance with applicable privacy laws, including the GDPR and local EU/EEA requirements where they apply.

Who We Are

Legistra is the controller for personal data processed through Legistra.

Registered address: Add your legal address here. Company number: Add company number.

For privacy questions, contact privacy@Legistra.example.

Information We Collect

  • Account data: name, email, password hash, authentication tokens, language and preferences.
  • Client portal data: client contact details, authentication settings, communications you send.
  • Case and workflow data: case titles, matter descriptions, status, task details, notes.
  • Files and documents: uploads and metadata you provide to run the Service.
  • Billing data: invoices, payments, plan selection, and tax information.
  • Usage and device data: log files, IP address, device identifiers, and feature usage for security and product improvement.

Why We Use Your Information

  • Provide and operate the Service, including authentication and case management.
  • Process payments, billing, and tax obligations.
  • Secure accounts, prevent fraud, and monitor misuse.
  • Provide customer support and respond to requests.
  • Improve features, performance, and user experience.

Legal Bases for Processing (GDPR)

  • Contractual necessity to provide the Service.
  • Legitimate interests (security, fraud prevention, and improvement).
  • Legal obligations (billing and tax requirements).
  • Consent where required (e.g., optional marketing communications).

Sharing and Disclosure

We do not sell your personal data.

We share data with vetted processors (e.g., hosting, payment, analytics) only to provide the Service.

We may disclose information if required by law or to protect legal rights.

International Transfers

If data is transferred outside the EEA/UK, we use appropriate safeguards such as Standard Contractual Clauses or an adequacy decision.

Security

We use encryption, access controls, and audit logging to protect data.

Access is restricted to authorized personnel and monitored for misuse.

No method of transmission or storage is 100% secure. We continually improve our safeguards.

Data Retention

We retain data while your account is active and as needed for legal, accounting, or operational purposes.

You may request deletion of your account and associated data, subject to legal retention requirements.

Your Rights

  • Access and obtain a copy of your data.
  • Correct inaccurate data.
  • Request deletion (subject to legal limits).
  • Object to or restrict certain processing.
  • Withdraw consent where applicable.
  • Lodge a complaint with your local supervisory authority.

Processor Role and Client Data

For client data you upload, you control what is processed and who can access it.

We act as a processor on your instructions and do not use client data for marketing.

Cookies and Similar Technologies

We use cookies and similar technologies for authentication, session management, and security.

You can manage cookies through your browser settings.

Children

The Service is not intended for children. If local law sets a digital age of consent, that age applies.

Changes to This Policy

We may update this Privacy Policy from time to time.

Material changes will be communicated through the Service or by email.

Contact

If you have questions about this Privacy Policy, contact us at privacy@Legistra.example.