LegalCraftLegalCraft

Privacy Policy

Effective Date: May 2, 2026

This Privacy Policy describes how LegalCraft("we", "us", or "our") collects, uses, and shares information when you use our website and services.

Information We Collect

Account Information

When you create an account, we collect:

  • Full name
  • Email address
  • Password (hashed, never stored in plain text)

If you sign in with Google, we receive your name and email from Google. We do not access your Google contacts, calendar, or other data.

Business Information

When you create a business profile to generate legal documents, we collect the business details you provide (name, type, industry, location, website URL, compliance preferences). This data is used solely to generate your legal documents and is stored in your account.

Payment Information

Payments are processed by Stripe. We do not store credit card numbers on our servers. We retain your Stripe customer ID and subscription status to manage your plan.

Automatically Collected Information

We collect standard web analytics data including:

  • IP address
  • Browser type and version
  • Pages visited and time spent
  • Referring website

How We Use Your Information

  • Provide and maintain the service
  • Generate legal documents based on your business data
  • Process payments and manage subscriptions
  • Send transactional emails (account confirmation, password reset)
  • Improve the service based on usage patterns

Third-Party Services

We use the following third-party services:

  • Supabase — authentication and database hosting
  • Stripe — payment processing
  • Vercel — website hosting
  • Groq / Anthropic — AI document generation (your business data is sent to generate documents; not used for model training)

Data Retention

We retain your account and business data for as long as your account is active. Generated documents are stored indefinitely in your account. If you delete your account, all associated data is permanently removed within 30 days.

Your Rights

GDPR (EU Residents)

You have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Request deletion of your data
  • Restrict processing of your data
  • Data portability
  • Object to processing

CCPA (California Residents)

You have the right to:

  • Know what personal information we collect
  • Request deletion of your personal information
  • Opt out of the sale of personal information (we do not sell personal information)
  • Non-discrimination for exercising your rights

Cookies

We use essential cookies for authentication and session management. See our Cookie Policy for details.

Security

We use industry-standard security measures including encrypted connections (HTTPS), hashed passwords, and row-level security on our database. API keys are stored as environment variables and never exposed to the client.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or by posting a notice on the service.

Contact Us

If you have questions about this Privacy Policy or want to exercise your rights, contact us at: nikola.lalovic@samblagroup.com