Privacy Policy

The data controller responsible for your personal data is:

• Responsible: DocuLegal
• Email: privacy@doculegal.io
• Location: Madrid, Spain

We collect and process the following categories of personal data:

• Account data: name, email address, company name, professional role, phone number
• Billing data: billing address, VAT/CIF number, payment method details (processed by our payment provider)
• Usage data: login activity, features used, session duration, IP address, browser and device information
• Document data: legal documents you upload for analysis (processed securely and deleted according to our retention policy)
• Communication data: support requests, feedback, and correspondence with our team

We process your personal data for the following purposes:

• Service provision: to operate and deliver our AI legal analysis platform
• Account management: to create and manage your user account
• Billing and payments: to process subscriptions and invoices
• Service improvement: to analyze usage patterns and improve our AI models and features
• Communication: to send service updates, security alerts, and support responses
• Legal compliance: to meet our regulatory and legal obligations
• Security: to detect and prevent fraud, abuse, and security incidents

We process your personal data based on the following legal grounds under GDPR Article 6:

• Contract performance (Art. 6(1)(b)): processing necessary to provide our services
• Legitimate interest (Art. 6(1)(f)): service improvement, security, and fraud prevention
• Legal obligation (Art. 6(1)(c)): tax, accounting, and regulatory compliance
• Consent (Art. 6(1)(a)): marketing communications and optional analytics cookies

We retain your personal data only for as long as necessary to fulfill the purposes described in this policy:

• Account data: retained while your account is active and up to 30 days after deletion request
• Document data: processed documents are automatically deleted within 90 days of analysis unless you choose to retain them
• Billing data: retained for 5 years as required by Spanish tax law
• Usage data: anonymized after 24 months
• Communication data: retained for 3 years for quality assurance

Under the GDPR, you have the following rights regarding your personal data:

• Right of access (Art. 15): obtain a copy of your personal data
• Right to rectification (Art. 16): correct inaccurate personal data
• Right to erasure (Art. 17): request deletion of your personal data
• Right to restrict processing (Art. 18): limit how we use your data
• Right to data portability (Art. 20): receive your data in a structured, machine-readable format
• Right to object (Art. 21): object to processing based on legitimate interest
• Right to withdraw consent: withdraw consent at any time without affecting prior processing
• Right to lodge a complaint: file a complaint with the Spanish Data Protection Agency (AEPD) at www.aepd.es

We work with carefully selected third-party processors, all of whom are bound by GDPR-compliant data processing agreements:

• Cloud hosting: EU-based data centers with industry-standard security measures
• Payment processing: Stripe Payments Europe Ltd., PCI DSS Level 1 compliant
• Email services: EU-based email infrastructure for transactional and service communications
• Analytics: privacy-focused analytics with data processed exclusively within the EU
• Customer support: EU-based support platform with encrypted communications

Your personal data is stored and processed exclusively within the European Economic Area (EEA). We do not transfer personal data outside the EEA. In the exceptional event that a transfer outside the EEA becomes necessary, we will ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission and supplementary technical measures as required.

We use cookies and similar technologies on our platform. Essential cookies are required for the platform to function and cannot be disabled. Analytics and marketing cookies are only activated with your explicit consent. You can manage your cookie preferences at any time through the cookie settings panel accessible from any page on our platform. For detailed information about the cookies we use, please refer to our Cookie Settings.

For any data protection inquiries, you can reach us at:

• Email: privacy@doculegal.io
• We will respond to all data protection requests within 30 days

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by email and/or a prominent notice on our platform at least 30 days before the changes take effect. We encourage you to review this policy periodically. Continued use of our services after changes constitutes acceptance of the updated policy.