Privacy Policy

1. Data We Collect

We collect the following types of information:

• Personal Information: Name, email address, password (encrypted), and account details when you sign up or contact us.
• Uploaded Documents: Contracts and files you upload for analysis (encrypted in transit and at rest).
• Usage Data: Device data, browser type, IP address, timestamps, referring URLs, usage activity, and cookies.
• Billing Information: Collected and processed securely via Stripe or other PCI DSS-compliant payment processors. We do not store your full credit card details.

2. How We Use Your Data

• To operate, maintain, and improve our services and website.
• To analyze contracts and generate AI-powered legal outputs.
• To process payments and manage subscriptions.
• To communicate with you (including support and service updates).
• For research, analytics, product improvement, and ensuring platform security.
• To comply with legal requirements and enforce our Terms of Use.

Your uploaded documents and data are used solely to provide contract analysis and related features. We do not use your data to train public AI models.

3. AI & Third-Party Providers

We leverage third-party AI services (such as OpenAI GPT API) to process contract text and generate analysis. Your data may be transmitted securely to these providers only for the purpose of providing requested features, and is not used for any other purpose.

• OpenAI, LLMs, and Legal AI: Contract text is sent securely via API and processed in-memory; it is not used by OpenAI to train or improve their models.
• Supabase: Used for authentication, database, and secure document storage (encrypted at rest and in transit).
• Stripe: For payment and billing information, fully PCI DSS-compliant.
• Analytics: Used for website usage and improvement, but never sold or shared for advertising.

We require all third parties to maintain strict confidentiality and use your data only as necessary to provide their services.

4. Data Security & Compliance

• All data is encrypted in transit (HTTPS/SSL) and at rest.
• Document files are encrypted and stored securely on cloud servers (Supabase/GCP/AWS).
• We follow best practices in software security, regular audits, and vulnerability assessments.
• Our platform is designed to comply with GDPR (EU), CCPA (California), and SOC2 data protection standards.
• Data is stored only as long as necessary for your use of our services, or as required by law.

If a data breach occurs, affected users will be notified as required by law.

5. Data Retention & User Rights

• You may request to access, correct, export, or delete your data at any time by contacting info@leucistic.com.
• You may opt out of marketing emails at any time (we do not send spam).
• We honor all rights granted by GDPR, CCPA, and other applicable privacy laws, including the right to be forgotten and to restrict processing.
• Upon request, your data will be deleted from our active systems within 30 days, unless required to retain it by law or for security/compliance purposes.

6. Children's Privacy

Our services are not intended for children under 18. We do not knowingly collect or store personal information from children. If you believe a child has provided us data, please contact us to request deletion.

7. International Transfers

Data may be stored and processed in the United States, Canada, and other countries where we or our service providers operate. By using our platform, you consent to the transfer of your information as described in this policy.

8. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Changes will be posted here with a revised “Effective Date.” Material changes will be communicated to you directly if required by law.

9. Contact & Complaints

If you have questions or concerns about this policy or your data, contact us at info@leucistic.com.

You have the right to lodge a complaint with your local data protection authority.