Privacy Policy

Last updated: July 10, 2025

At LegalLayr, your privacy is important to us. This Privacy Policy explains how we collect, use, and protect your information when you use our website, services, or communicate with us.

1. INTRODUCTION

LegalLayr(“LegalLayr,” “we,” “our,” or “us”) operates the site https://legallayr.com/ (“Site”) and the LegalLayr automated PDF-summary, template-generation, and AI-powered services (“Service”). This Privacy Policy explains what information we collect, how we use it, when we share it, and the choices you have.

2. SCOPE

This Policy applies whenever you:

Visit or interact with the Site;
Create an account or contact us;
Upload PDFs, fill in templates, or generate AI summaries;
Ask us to deliver summaries, templates, or other files by e-mail or SMS; or
Use any related products, browser extensions, or integrations we offer.

It does not cover data handled by third-party sites or services you access on your own.

3. DEFINITIONS

Personal Information – Data that identifies, relates to, or could reasonably be linked to an individual.
Sensitive Content – Confidential, regulated, or special-category data you upload or enter (e.g., PII, PHI, trade secrets).
Template Data – The information you type into our fillable templates.
Automated Decision-Making – Decisions with legal or similarly significant effects made solely by algorithms.
Controller – For GDPR/UK GDPR, LegalLayr decides why and how Personal Information is processed.
AI Products – Features that rely on machine-learning models (including those supplied by OpenAI).

4. INFORMATION WE COLLECT

Account and contact details (name, e-mail, password hash, organization, phone).
Uploaded content and template data (PDFs you upload, data you enter, resulting exports).
Delivery and communication data (e-mail address, mobile number, opt-in timestamps, message logs).
Usage data (IP address, device and browser details, page views, feature use).
Payment data (card last four digits, billing address, transaction IDs processed by Stripe).
Customer communications (support tickets, chat logs, survey responses).

Note: You are responsible for having a lawful basis to supply any Sensitive Content or Template Data. Do not submit information you are prohibited from sharing.

5. COOKIES AND SIMILAR TECHNOLOGIES

We place cookies and similar tools for four purposes:

Strictly necessary – Keep you logged in and protect your session (always active).
Preferences – Remember settings such as language or theme (can be turned off).
Analytics – Gather aggregated usage metrics (disabled in the EU/UK until you opt in).
Advertising / cross-context – Google Ads or Meta Pixel (off by default; you must opt in and may opt out at any time through the “Do Not Sell/Share” link).

Most browsers allow you to control cookies. Blocking some cookies may cause parts of the Service to stop working.

6. HOW WE USE YOUR INFORMATION

Legal bases under GDPR/UK GDPR and examples:

Contract – Authenticate you; generate summaries and templates; deliver files by e-mail or SMS; process payments.
Legitimate interests – Detect abuse, improve algorithms, measure usage, ensure message delivery.
Consent – Marketing messages, non-essential cookies, optional AI model training (only if you expressly agree).
Legal obligation – Meet tax, accounting, and regulatory duties.

Automated Decision-Making: LegalLayr does not currently make legal or similarly significant decisions solely by automated means. If that changes, you may request human review.

7. SMS AND E-MAIL COMMUNICATIONS

Transactional messages (e.g., “Your summary is ready”) require verified contact details and explicit opt-in. Standard carrier rates apply.
Marketing messages are sent only after separate consent. Reply STOP (SMS) or click Unsubscribe (e-mail) to withdraw.
Opt-in records are kept for four years to satisfy laws such as TCPA and CAN-SPAM.

8. DISCLOSURE OF INFORMATION

Service providers (all bound by confidentiality and data-processing agreements):

Hosting and storage – Amazon Web Services
AI processing – OpenAI
Workflow automation – Zapier and GoHighLevel (CRM)
Website CMS and forms – WordPress and Gravity Forms
PDF conversion – PDF.co
Payments – Stripe (PCI-DSS Level 1)
E-mail and SMS delivery – Postmark and Twilio
Analytics – Plausible and Matomo

Legal and regulatory: We disclose data when required by law, subpoena, or court order, or to defend our rights.

Business transfers: Your data may transfer in a merger, acquisition, or asset sale, subject to this Policy and advance notice.

With your direction: If you connect third-party tools (e.g., a Zapier workflow), data flows under that party’s privacy terms.

9. INTERNATIONAL TRANSFERS AND THIRD-PARTY LINKS

Cross-border transfers: Data may be stored or processed in the United States or other countries. We rely on Standard Contractual Clauses, adequacy decisions, or GDPR Article 49 derogations; you may request copies (see Section 13).

Third-party links: Our Site may link to external sites or widgets (e.g., YouTube). We do not control their privacy practices. Review their policies before providing Personal Information.

10. DATA RETENTION

LegalLayr uses end-to-end encryption and will never sell, share, or reuse your documents. We do not train our AI on your private data.
Uploaded PDFs, template data, and exports – deleted after 30 days (or sooner if you delete them yourself).
Opt-in and delivery logs – kept four years for compliance.
Account data – stored while your account is active plus six years for tax and audit reasons.
Web logs and analytics – stored 12 months, then aggregated.

You may request earlier deletion (see Section 11).

11. YOUR RIGHTS

Worldwide rights: Access, rectification, erasure, restriction, portability, objection.

EU/UK rights: Lodge a complaint with a supervisory authority and request human review of automated decisions.

California rights (CCPA/CPRA): Know, delete, correct, opt out of “sale” or “sharing,” limit use of sensitive data, and non-discrimination.

Other U.S. states: Virginia, Colorado, Connecticut, Utah – similar consumer rights.

Authorized agents: You may appoint an agent or attorney to submit a request. We will verify both your identity and the agent’s authority.

Verification: We may ask for two data points (e.g., last login IP and a recent file name).

Response time: We answer within 30 days (45 days under CCPA).

12. CHILDREN’S PRIVACY

The Service is not targeted at children under 13 (or under 16 in the EEA). We do not knowingly collect their data. If you believe a child has provided information, contact us and we will delete it.

13. CONTACT DETAILS

General privacy questions: info@email.legallayr.com
Data Protection Officer (DPO): privacy@legallayr.com
EU representative (GDPR Art 27): EU-Rep GDPR Services Ltd., Rue du Data 28, 1000 Brussels, Belgium
UK representative (UK GDPR): UK GDPR Rep Ltd., 27 Old Gloucester St, London WC1N 3AX, United Kingdom
Postal mail: LegalLayr, 548 Market St #, San Francisco, CA 94104 USA (Attn: Privacy)

14. AI-SPECIFIC TERMS

Model providers: AI outputs come from OpenAI models hosted in the United States under strict processing agreements.
Input confidentiality: Your prompts and outputs are not used to train OpenAI’s public models. They are deleted from OpenAI logs within 30 days unless law requires a longer period.
Output responsibility: AI summaries can contain errors; verify them before relying on them.
No legal advice: AI outputs are for information only and do not constitute legal advice. Consult an attorney for legal matters.
Prohibited inputs: Do not submit unlawful or infringing content or anything you lack permission to process. We may suspend violating accounts.

15. CHANGES TO THIS POLICY

We may revise this Policy periodically. Material changes will appear on the Site and, where appropriate, be announced by e-mail or SMS. Continued use of the Service after the effective date means you accept the updated Policy.

Contact Us

If you have any questions about this Privacy Policy, you can contact us at:

Email: contact@legallayr.com

Need help or have a question? We're here for you.