Legalica Privacy Policy & Data Protection

Last UpdatedJune 23, 2026
Effective DateUpon company registration
Data Controller[...] OÜ, Estonia
Supervisory AuthorityAndmekaitse Inspektsioon

Table of Contents

PART I — PRIVACY POLICY
  • Introduction and Legal Framework
  • Data Controller Information
  • Categories of Personal Data Collected
  • Collection Methods
  • Legal Basis for Processing
  • Purposes of Processing
  • Role: Controller vs. Processor
  • Google Cloud Infrastructure and Data Processing
  • International Data Transfers
PART II — DATA PROCESSING AGREEMENT
  • Processing Details (Art. 28 GDPR)
  • Processor Obligations
  • AI Act Processor Obligations
  • Data Breach Notification
  • No-Training Covenant
  • Subprocessors and Infrastructure Chain
  • Standard Contractual Clauses
PART III — COOKIE POLICY
  • Cookie Types and Purposes
  • Consent Management
  • First-Party vs. Third-Party Cookies
PART IV — DATA RETENTION
  • Retention Schedule
  • Deletion Procedures
  • User Rights
PART V — COOKIE CONSENT BANNER
  • Banner Texts and Settings Panel

PART I — PRIVACY POLICY

1. INTRODUCTION AND LEGAL FRAMEWORK

[...] OÜ ("Legalica," "we," "us," or "our") processes personal data in accordance with this Master Privacy & Data Governance Policy ("Policy").

1.1 Applicable Legal Framework

This Policy complies with the following regulations and frameworks:

RegulationReferenceScope
GDPRRegulation (EU) 2016/679All EU data subjects
Estonian IKSIsikuandmete kaitse seadusEstonian-specific requirements
EU AI ActRegulation (EU) 2024/1689AI-related data processing
UK GDPRUK Data Protection Act 2018UK data subjects
CCPA/CPRACal. Civ. Code § 1798.100 et seq.California residents
LGPDLei 13.709/2018Brazilian data subjects
PIPEDAS.C. 2000, c. 5Canadian data subjects
PDPAAct 26 of 2012Singapore residents
POPIAAct 4 of 2013South African data subjects
APPIAct 57 of 2003Japanese data subjects
PIPLOrder No. 84 of the President of the PRCChinese data subjects
ePrivacy DirectiveDirective 2002/58/ECElectronic communications
Rome IRegulation (EC) 593/2008Conflict of laws

1.2 Scope Across 324 Jurisdictions

Legalica operates across 324 jurisdictions and 187+ languages. While this Policy is designed for global compliance, the GDPR serves as the baseline standard for all processing activities. Where local laws provide stronger protections, those stronger protections apply. Users in all Supported Jurisdictions retain the rights granted by their local data protection laws, even if such rights exceed those described herein.

2. DATA CONTROLLER INFORMATION

2.1 Controller Identity

Name[...] OÜ
Legal formPrivate limited company (osaühing)
Registration number[...]
VAT number[...]
Address[...], Tallinn, [...], Estonia

2.2 Data Protection Officer

Name[...]
Emaildpo@legalica.app
Address[...] OÜ, Attn: DPO, [...], Tallinn, Estonia

2.3 Lead Supervisory Authority

AuthorityAndmekaitse Inspektsioon
AddressTatari 39, Tallinn 10134, Estonia
Emailinfo@aki.ee
Websiteaki.ee

Rationale for Estonian Lead Authority: Legalica's main establishment is in Estonia. Under GDPR Article 56, the supervisory authority of the main establishment serves as the lead authority for cross-border processing. Data subjects in all EU Member States may lodge complaints with the Estonian DPA or their local supervisory authority.

2.4 Representative in the EU

For non-EU data subjects requiring an EU point of contact: [...] OÜ serves as the EU representative per GDPR Article 27.

3. CATEGORIES OF PERSONAL DATA COLLECTED

3.1 Account Information: Full name, email address, professional title, organization, phone number, country of residence, IP address, device information.

3.2 Payment Information: Billing address, payment method details (processed by Stripe — full card numbers NOT stored by Legalica), VAT ID, transaction history.

3.3 User Input Data: Queries, uploaded documents, corporate entity names, case descriptions, legal scenarios — any content voluntarily submitted to the Platform.

3.4 Usage Data: Log files, device information, IP address, approximate geolocation, session duration, activity patterns, error reports.

3.5 Google Workspace Data (if connected): File names and metadata from selected Google Drive folders, calendar event titles and dates, task lists. We do NOT access email content, contacts, or files outside selected folders.

3.6 Authentication Data: Processed by Firebase Authentication (Google LLC): email/password hashes, MFA tokens, session identifiers, OAuth tokens for Google sign-in.

3.7 Special Categories: Legalica does not intentionally collect special category data (Art. 9 GDPR) or criminal conviction data (Art. 10 GDPR). Such data may only appear if included in User Input. Users are responsible for ensuring lawful basis for processing such data.

4. COLLECTION METHODS

MethodDescription
DirectRegistration forms, Platform usage, support contacts, surveys
AutomatedServer logs, cookies, analytics (privacy-respecting), error monitoring
Third-partyStripe (payment confirmation), Google (OAuth profile), corporate registries (public data)

5. LEGAL BASIS FOR PROCESSING

PurposeLegal Basis (GDPR Art. 6)
Account registration and management(b) Contractual necessity
Payment processing(b) Contractual necessity
AI processing and response generation(b) Contractual necessity
Authentication (Firebase)(b) Contractual necessity
Security and fraud prevention(f) Legitimate interest
Platform improvement (anonymized only)(f) Legitimate interest
Marketing communications(a) Consent (explicit opt-in)
Legal compliance (tax, accounting)(c) Legal obligation
AI system validation (anonymized)(f) Legitimate interest
Cookie placement (non-essential)(a) Consent

Legitimate Interests Assessment (LIA): Available upon request at dpo@legalica.app. We have conducted balancing tests ensuring our legitimate interests do not override your fundamental rights.

6. PURPOSES OF PROCESSING

6.1 Primary Purposes

  • Platform Services: Authentication, query processing, AI response generation, document drafting, KYC/UBO tools, Google Workspace sync;
  • Payment: Subscription fee processing, billing, invoicing, dispute handling;
  • Security: Unauthorized access monitoring, fraud detection, integrity maintenance;
  • Support: Inquiry response, troubleshooting, onboarding;
  • Communication: Essential service notifications, marketing (with consent only);
  • Legal Compliance: Tax/accounting records, legal request response, Terms enforcement;
  • Platform Improvement: Anonymized usage pattern analysis only.

6.2 What We Do NOT Do

  • ❌ Use your data to train any AI models (contractually prohibited);
  • ❌ Sell your data to any third party;
  • ❌ Use your data for advertising profiling;
  • ❌ Share data with third parties for their marketing;
  • ❌ Automated decision-making with legal effects.

7. ROLE: CONTROLLER VS. PROCESSOR

7.1 Legalica as Controller: For: account management, payment, usage analytics, communication, security, marketing.

7.2 Legalica as Processor (Art. 28): When processing User Input and AI Output on behalf of Workspace Owners. Legalica:

  • Processes only on documented instructions;
  • Ensures confidentiality obligations;
  • Implements technical and organizational measures;
  • Does not engage subprocessors without authorization;
  • Deletes/returns data upon service termination.

7.3 Customer as Controller: Workspace Owners are Data Controllers for: User Input, AI Output, uploaded documents, corporate entity data, client Personal Data.

Workspace Owners are solely responsible for: obtaining consents, ensuring compliance, implementing policies, responding to client data subject requests.

8. GOOGLE CLOUD INFRASTRUCTURE AND DATA PROCESSING

8.1 Infrastructure Provider as Key Subprocessor: Google LLC is Legalica's primary Infrastructure Provider and subprocessor. All Customer Data is stored, processed, and transmitted through Google Cloud Platform services. The following Google services process Customer Data:

Google ServiceProcessing ActivityData LocationLegal Basis
Cloud FirestorePrimary database — all structured dataEU (europe-west3)Art. 28 GDPR
Firebase AuthenticationUser authentication, MFA, sessionsEU (europe-west3)Art. 28 GDPR
Cloud Storage for FirebaseDocument file storageEU (europe-west3)Art. 28 GDPR
Cloud FunctionsBackground processing, triggersEU (europe-west3)Art. 28 GDPR
Cloud CDNContent delivery (cached, encrypted)Global edgeArt. 28 GDPR
Cloud MonitoringPerformance and error loggingEU (europe-west3)Art. 28 GDPR
Vertex AIAI model inference (where applicable)EU (europe-west3)Art. 28 GDPR

8.2 Google's Role and Obligations: Google LLC processes Customer Data under the Google Cloud Data Processing Addendum (google.com/.../data-processing-addendum), which incorporates:

  • EU Standard Contractual Clauses (2021/914), Modules Two and Three;
  • GDPR Article 28 processor obligations;
  • EU-US Data Privacy Framework certification;
  • Subprocessor governance with 30-day notice for new subprocessors.

8.3 Data Flow Architecture

User → Legalica Platform (application layer)
         ↓
    Google Cloud Platform (infrastructure layer)
         ↓
    ├─ Cloud Firestore (database)
    ├─ Firebase Auth (authentication)
    ├─ Cloud Storage (files)
    ├─ Cloud Functions (processing)
    └─ Vertex AI / Third-Party LLMs (AI inference)

8.4 Data Location and Residency:

  • Primary data center: Google Cloud europe-west3 (Frankfurt, Germany)
  • Backup/DR location: Google Cloud europe-west2 (London, UK)
  • AI inference: Processed via a multi-provider AI Cascade (Google Gemini → Moonshot AI/Kimi → Groq/Meta Llama → Ollama). EU-based providers are preferred; US-based providers operate under SCC 2021/914 and zero-data retention agreements. Ollama runs locally within the application layer with no external data transfer.
  • Users may request Swiss or US data residency for Enterprise accounts.

8.5 Google's Limitations: Per the Google Cloud Terms of Service: (a) Google has no obligation to assess Customer Data for legal compliance; (b) Google's notification of a Data Incident is not an acknowledgment of fault; (c) Google disclaims warranties and limits liability per its own terms; (d) Google may process data in any country where it maintains facilities unless a data location commitment is in place.

Legalica has configured all primary data storage and processing within the EU (europe-west3). However, certain Third-Party LLM API calls may route to US-based endpoints. Such transfers are protected by SCC 2021/914 and the EU-US Data Privacy Framework.

9. INTERNATIONAL DATA TRANSFERS

9.1 EU Transfers: All intra-EU transfers are permitted under GDPR Chapter V without additional safeguards.

9.2 Transfers to Third Countries (Non-EU): Transfers to the United States and other third countries are conducted via:

MechanismApplicationStatus
EU-US Data Privacy FrameworkGoogle LLC✅ Certified
SCC 2021/914 Module TwoController → Processor transfers✅ Executed
SCC 2021/914 Module ThreeProcessor → Subprocessor transfers✅ Executed
UK Addendum to SCCsUK data transfers✅ Applied
Supplementary measuresEncryption (TLS 1.3, AES-256)✅ Implemented

9.3 Transfer Impact Assessment (TIA): Legalica has conducted a TIA for all third-country transfers. A summary is available upon request at dpo@legalica.app.

9.4 Government Access: If Legalica or Google receives a government access request: (a) we will notify you unless prohibited by law; (b) we will challenge the request if grounds exist; (c) we will disclose only the minimum required by law.

PART II — DATA PROCESSING AGREEMENT

10. PROCESSING DETAILS (GDPR ARTICLE 28)

10.1 Subject Matter: Processing of Personal Data submitted by Controller and Authorized Users through the Platform.

10.2 Duration: Duration of Controller's Platform use plus applicable retention periods.

10.3 Nature and Purpose:

NatureCollection, storage, organization, use, disclosure by transmission, erasure
PurposeProviding Platform services: AI legal research, document drafting, corporate intelligence
Data SubjectsController's clients, employees, counterparties, and other individuals in User Input
CategoriesNames, contact info, professional titles, corporate affiliations, legal case details, financial information
Special CategoriesNot intended; may occur if included in User Input by Authorized Users

10.4 Controller Warranties: Controller warrants: (a) all necessary consents obtained; (b) appropriate notices provided to Data Subjects; (c) no violation of Applicable Law; (d) no submission of Personal Data in violation of data protection obligations.

11. PROCESSOR OBLIGATIONS

11.1 Documented Instructions: Legalica processes Personal Data only on documented instructions from the Controller, unless required by Union or Member State law.

11.2 Confidentiality: All persons authorized to process Personal Data are bound by confidentiality obligations.

11.3 Security Measures:

CategoryImplementation
Encryption in transitTLS 1.3 with Perfect Forward Secrecy
Encryption at restAES-256 (Google Cloud default encryption)
Key managementGoogle Cloud KMS; HSM-backed
Access controlsRBAC, MFA, least-privilege principles
Network securityGoogle Cloud VPC, Firewall Rules, Cloud Armor
Audit loggingGoogle Cloud Audit Logs, Cloud Monitoring
AuthenticationFirebase Authentication with MFA support

11.4 Subprocessor Engagement: Legalica may engage subprocessors per Section 15. At least 14 days' notice for new subprocessors. Remains fully liable for subprocessor performance.

11.5 Data Subject Rights Assistance: Legalica assists Controller in responding to Data Subject rights requests under GDPR Chapter III.

11.6 Compliance Assistance: Legalica assists Controller with: Art. 32 (security), Art. 33 (breach notification), Art. 34 (communication), Art. 35 (DPIA), Art. 36 (prior consultation).

11.7 Return or Deletion: Upon termination, Legalica will delete or return all Personal Data per Controller's choice, unless storage is required by law.

11.8 Audit Rights: (a) Once per calendar year upon 30 days' notice; (b) additional audits after a breach, material non-compliance, or supervisory authority order; (c) audit scope limited to systems relevant to Controller's data; (d) Legalica cooperates and provides access.

11.9 Documentation: Legalica makes available all information necessary to demonstrate compliance with Art. 28 GDPR.

12. AI ACT PROCESSOR OBLIGATIONS

Legalica ensures AI processing activities comply with:

  • (a) Art. 50 (Transparency): Necessary documentation regarding AI system transparency provided;
  • (b) Art. 52 (GPAI obligations): Compliance with applicable obligations for general-purpose AI models;
  • (c) Art. 10 (Data governance): Appropriate data governance where high-risk AI systems are applicable;
  • (d) Art. 14 (Human oversight): Meaningful human oversight maintained;
  • (e) DPIA support: Documentation and assistance for DPIAs involving AI processing, including assessments of automated decision-making risks, algorithmic bias, and data subject rights.

13. DATA BREACH NOTIFICATION

13.1 Timeline: Legalica notifies the Controller within 36 hours of becoming aware of a Personal Data Breach.

13.2 Notification Content: (a) Nature of breach; (b) categories and approximate number of Data Subjects affected; (c) likely consequences; (d) measures taken or proposed; (e) contact point.

13.3 Documentation: All breaches are documented with facts, effects, and remedial actions.

13.4 Infrastructure Provider Breaches: If a Data Breach originates from Google Cloud infrastructure, Firebase Authentication, or any other Infrastructure Provider: (a) Legalica will notify Controller within 36 hours of learning of the breach from the provider; (b) Legalica will pass through all information provided by the Infrastructure Provider; (c) Legalica's liability is subject to Section 9.3 of the Master Terms of Service; (d) Controller may also contact Google directly via support.google.com/cloud/contact/dpo.

14. NO-TRAINING COVENANT

14.1 Absolute Prohibition: Personal Data processed under this DPA shall NOT be used to train, fine-tune, or improve any machine learning models, AI systems, or algorithms. Personal Data shall not be included in training datasets for any purpose.

14.2 LLM Subprocessor Obligations: All LLM subprocessors are contractually bound to: (a) process solely for generating responses; (b) not retain beyond response generation; (c) not use for model training; (d) implement technical zero-retention measures.

14.3 Google-Specific AI Terms: Google Cloud's AI terms state: "Google will not use Customer Data to train or fine-tune any AI/ML models without Customer's prior permission or instruction." This applies to all Google Cloud AI services used by Legalica.

15. SUBPROCESSORS AND INFRASTRUCTURE CHAIN

15.1 Current Subprocessors:

SubprocessorServiceLocationRoleTransfer Mechanism
Google LLCCloud infrastructure, auth, storage, AI (Gemini)EU / USKey Infrastructure Provider & Primary LLMSCC 2021/914, EU-US DPF, zero-retention
Moonshot AI (Beijing Moonshot AI Technology Co., Ltd.)AI language model — Kimi (cascade fallback #2)China / GlobalLLM provider (fallback)SCC 2021/914, zero-retention contractual obligation
Groq, Inc. / Meta Platforms (Llama)AI language model — Llama 3 via Groq API (cascade fallback #3)USLLM provider (fallback)SCC 2021/914, zero-retention
Ollama (self-hosted / local)AI language model — Qwen local inference (cascade fallback #4)Local (no external transfer)Local LLM runtime (fallback)No transfer — processed within application layer
Stripe, Inc.Payment processingUSPayment processorSCC 2021/914
Postmark / SendGridEmail deliveryUSCommunicationSCC 2021/914
GLEIFLEI dataInternationalRegistryPublic data
OpenCorporatesCorporate registryInternationalRegistryPublic data

15.2 Infrastructure Chain Disclosure

Full processing chain for a typical user query:

1. User submits query → Legalica application (Firebase Cloud Functions, us-central1)
2. Authentication check → Firebase Authentication (Google, EU)
3. Data retrieval → Cloud Firestore (Google, EU)
4. AI processing → AI Cascade: Gemini → Kimi/Moonshot → Groq/Llama → Ollama (local)
   Each provider queried sequentially; fallback on failure. Zero-data retention enforced.
5. Response storage → Cloud Firestore (Google, EU)
6. Document attachment → Cloud Storage (Google, EU)
7. Email notification → Postmark / SendGrid (US, if enabled)

15.3 Subprocessor Changes: At least 14 days' advance notice for new subprocessors (30 days for Infrastructure Provider changes). Objections may be raised to dpo@legalica.app. If unresolved, Controller may terminate with pro-rata refund.

16. STANDARD CONTRACTUAL CLAUSES

16.1 Incorporation: EU SCC 2021/914 are incorporated by reference:

  • Module Two: Controller to Processor
  • Module Three: Processor to Subprocessor

16.2 SCC Specifications:

ClauseSelection
Clause 7 (Docking)Included
Clause 9 (Subprocessors)Option 2 — general written authorization
Clause 11 (Redress)DPO as contact point
Clause 13 (Supervisory authority)Andmekaitse Inspektsioon (Estonia)
Clause 17 (Governing law)Law of Estonia
Clause 18 (Forum)Courts of Estonia

16.3 Annexes:

  • Annex I.A (Parties): Data Exporter: [Customer]; Data Importer: [...] OÜ
  • Annex I.B (Processing): As described in Section 10
  • Annex I.C (Supervisory authority): Andmekaitse Inspektsioon
  • Annex II (Security measures): As described in Section 11.3
  • Annex III (Subprocessors): As described in Section 15

PART III — COOKIE POLICY

17. COOKIE TYPES AND PURPOSES

17.1 Strictly Necessary (Essential): Cannot be disabled. No consent required.

CookieProviderPurposeDuration
legalica_sessionLegalicaSession stateSession
legalica_csrfLegalicaCSRF protectionSession
legalica_authLegalicaAuthentication30 days
legalica_consentLegalicaConsent preferences180 days

17.2 Performance & Analytics: Consent required. Disabled by default.

CookieProviderPurposeDuration
_gaGoogle AnalyticsUser distinction2 years
ga*Google AnalyticsSession state2 years
_gidGoogle AnalyticsUser distinction24 hours
legalica_perfLegalicaPerformance metrics30 days

Note: Google Analytics runs with IP anonymization.

17.3 Functionality: Consent required. Disabled by default.

CookiePurposeDuration
legalica_langLanguage preference1 year
legalica_themeTheme preference1 year
legalica_tzTimezone1 year
legalica_layoutDashboard layout90 days

17.4 Targeting & Marketing: Consent required. Disabled by default.

CookieProviderPurposeDuration
_fbpMetaAd delivery90 days
_gcl_auGoogle AdsConversion linker90 days
legalica_utmLegalicaAttribution30 days

18. CONSENT MANAGEMENT

18.1 Consent Banner: Upon first visit, a banner presents: (a) "Accept All" — all cookie categories enabled; (b) "Customize" — granular selection per category; (c) "Essential Only" — only necessary cookies.

18.2 Granular Control: The Cookie Settings panel allows independent toggling of: Performance & Analytics, Functionality, Targeting & Marketing. Essential cookies remain always active.

18.3 Consent Record: Consent preferences stored in legalica_consent cookie and linked to account (if logged in). May be modified at any time via Cookie Settings panel or by contacting dpo@legalica.app.

18.4 Withdrawal: Consent may be withdrawn at any time without affecting the lawfulness of processing before withdrawal. Non-essential cookies are immediately disabled upon withdrawal.

18.5 Browser Controls: Users may also control cookies via browser settings. Disabling cookies may affect Platform functionality.

19. FIRST-PARTY VS. THIRD-PARTY COOKIES

First-party: Set by Legalica — session management, security, consent, preferences;

Third-party: Set by partners — Google Analytics, Meta Pixel, Google Ads. Subject to respective privacy policies.

No behavioral profiling of sensitive categories (health, political opinions, religious beliefs, etc.).

PART IV — DATA RETENTION

20. RETENTION SCHEDULE

20.1 Account Information

DataRetentionBasis
Name, email, profileAccount duration + 2 yearsContract + legal obligation
CredentialsAccount durationContract
Login history12 monthsSecurity (legitimate interest)

20.2 User Input and AI Output

DataRetentionBasis
Queries/search termsSession onlyNo-training covenant
Uploaded documentsAccount duration or user deletionContract
AI OutputAccount duration or user deletionContract
Chat historyAccount duration or user deletionContract

20.3 Corporate Intelligence

DataRetentionBasis
KYC/UBO queriesSession onlyPrivacy-by-design
KYC reportsAccount duration or user deletionContract
Risk assessmentsAccount + 3 years (if regulatory)Legal obligation
Registry cache30 daysTechnical necessity

20.4 Google Workspace Data

All synced data retained only during active sync period. Deleted upon Google Workspace disconnect or account deletion.

20.5 Payment and Billing

DataRetentionBasis
Invoice records7 yearsEstonian Accounting Act § 12
Transaction history7 yearsEstonian Accounting Act § 12
Payment detailsActive subscription + 1 yearContract
VAT records7 yearsVAT Directive

20.6 Logs and Analytics

DataRetentionBasis
Server access logs12 monthsSecurity
Error logs6 monthsStability
Security event logs24 monthsLegal obligation
Aggregated analyticsIndefinite (anonymized)Improvement

21. DELETION PROCEDURES

21.1 User-Initiated Deletion: Individual documents and conversations deleted immediately upon user action.

21.2 Account Deletion:

PhaseTimeline
Request verificationWithin 7 days
Active data deletionWithin 30 days
Backup purgeWithin 90 days
Deletion certificateUpon request

21.3 Automated Deletion: Session data: immediately after session ends; Cached data: per TTL (typically 30 days); Expired tokens: upon expiration; Orphaned files: 30 days after parent deletion.

21.4 Legal Holds: Data may be retained beyond standard periods for: litigation hold, court order, legal claims, regulatory audit.

22. USER RIGHTS

22.1 GDPR Rights:

RightArticleHow to Exercise
AccessArt. 15Email dpo@legalica.app
RectificationArt. 16Account settings or DPO email
ErasureArt. 17DPO email or account deletion
RestrictionArt. 18DPO email
PortabilityArt. 20DPO email
ObjectionArt. 21DPO email
Withdraw consentArt. 7(3)Cookie Settings or DPO email
Lodge complaintArt. 77Andmekaitse Inspektsioon or local DPA

Response time: 30 days (extendable to 60 for complex requests). Identity verification required before processing.

22.2 Rights Under Other Jurisdictions:

JurisdictionKey Additional Rights
California (CCPA/CPRA)Right to know, delete, correct, opt-out, non-discrimination
Brazil (LGPD)Right to explanation of automated decisions
Canada (PIPEDA)Right to access, challenge accuracy
Singapore (PDPA)Right to access, correction
South Africa (POPIA)Right to access, correction, objection
Japan (APPI)Right to disclosure, correction, cessation
China (PIPL)Right to know, decide, limit, access, copy, correct, delete

PART V — COOKIE CONSENT BANNER

23. BANNER TEXTS AND SETTINGS PANEL

23.1 Primary Banner (Default):

  • Title: We Use Cookies
  • Body: We use cookies to provide and improve our services, analyze usage, and enhance your experience. Essential cookies are always active. You can customize your preferences or accept all cookies.
  • CTAs: [Accept All] [Customize] [Essential Only]
  • Footer: [Cookie Policy] [Privacy Policy]

23.2 Detailed Banner (Alternative):

  • Title: Your Privacy Matters
  • Body: Legalica uses cookies for essential functions, analytics, preferences, and (with consent) marketing. You choose which categories you accept. Read our Cookie Policy for details.
  • CTAs: [Accept All] [Customize Preferences] [Reject Non-Essential]

23.3 Settings Panel Title: Cookie Preferences — Manage your cookie consent preferences

23.4 Category Descriptions for Panel:

  • Essential: "These cookies are necessary for the website to function and cannot be switched off. They are set in response to actions you take, such as logging in or setting privacy preferences." [Toggle: ON, disabled]
  • Performance & Analytics: "These cookies help us understand how visitors interact with our website by collecting and reporting information anonymously. All information is aggregated." [Toggle: OFF by default]
  • Functionality: "These cookies enable enhanced functionality and personalization, such as remembering your language preference and theme." [Toggle: OFF by default]
  • Targeting & Marketing: "These cookies may be set by our advertising partners to build a profile of your interests and show you relevant ads on other sites." [Toggle: OFF by default]

23.5 Consent Confirmation Messages:

  • Accept All: "Thank you! All cookies have been accepted. You can change your preferences at any time through Cookie Settings."
  • Essential Only: "Your preferences have been saved. Only essential cookies are active. You can change this at any time."
  • Custom Saved: "Your cookie preferences have been saved successfully."

23.6 DNT Response: "We have detected that your browser has 'Do Not Track' enabled. We respect this preference and have automatically disabled non-essential cookies. You can manually adjust below."

CHANGES TO THIS POLICY

We may update this Policy. Material changes: 30 days' notice via email and Platform notice. Continued use constitutes acceptance.

CONTACT

Supervisory Authority: Andmekaitse Inspektsioon, Tatari 39, Tallinn 10134, Estonia
Terms of Service: View our Terms of Service.
BY USING THE LEGALICA PLATFORM, YOU CONSENT TO THE COLLECTION, USE, AND PROCESSING OF YOUR PERSONAL DATA AS DESCRIBED IN THIS MASTER PRIVACY & DATA GOVERNANCE POLICY.