Privacy Policy
Last updated: 10/26/2025
Introduction
LegalSelfHelp.AI ("we", "our", or "us") is committed to protecting your privacy. We collect only the minimum data necessary to operate our legal self-help service. We do not sell personal data. Non-essential cookies and third-party vendors are disabled until you provide explicit consent.
Data Controller
Legal Entity: LegalSelfHelp.AI
Contact: help@legalselfhelp.ai
Privacy Officer: aaron@legalselfhelp.ai
What We Collect
Account Information (Required)
- Email address (for authentication and password reset)
- Name (for personalizing legal documents)
- Case information you voluntarily provide
- Uploaded legal documents (encrypted and stored securely)
Operational Data (Automatic)
- Server logs for security and fraud prevention (IP addresses, timestamps)
- Cookie-less web analytics for aggregate usage (no cross-site tracking)
- Error logs for debugging (PII scrubbed before storage)
Payment Information
- Processed securely through Stripe (we do not store card details)
- Billing history and subscription status
Legal Bases (GDPR)
- Contract Necessity: Account data required to provide the service
- Legitimate Interests: Security logs, debugging, preventing abuse
- Consent: Non-essential cookies, marketing communications
How We Use Your Data
- Provide legal document preparation and case management services
- Send transactional emails (password resets, case updates, document notifications)
- Improve our AI systems (only with anonymized, aggregated data)
- Prevent fraud and maintain security
- Comply with legal obligations
Data Storage & Security
- Location: EU data residency where supported (Supabase EU, AWS EU)
- Encryption: AES-256 for sensitive case data at rest, TLS 1.3 in transit
- Access Control: Role-based access, audit logging
- Backups: Encrypted daily backups, 30-day retention
Data Transfers Outside EU
Some services may process data outside the EU (e.g., OpenAI for AI features, AWS regions). We use appropriate safeguards:
- Standard Contractual Clauses (SCCs)
- Minimized data transfer (only necessary for service operation)
- Anonymization where possible
Your Rights (GDPR)
You have the right to:
- Access: Request a copy of your personal data
- Rectification: Correct inaccurate data
- Erasure: Request deletion ("right to be forgotten")
- Restriction: Limit how we process your data
- Portability: Receive your data in machine-readable format
- Object: Object to processing based on legitimate interests
- Withdraw Consent: Withdraw consent for cookies/marketing at any time
Exercise Your Rights: Email help@legalselfhelp.ai with subject "Data Rights Request"
Response Time: We will respond within 30 days
Data Retention
- Active Accounts: Data retained while account is active
- Deleted Accounts: Data erased within 90 days (except legal obligations)
- Transaction Records: 7 years (tax/legal requirements)
- Logs: 90 days maximum
Cookies & Tracking
We use strictly necessary cookies for core functionality. All other categories (preferences, statistics, marketing) require your explicit consent via the cookie banner. See our Cookie Policy for details.
Third-Party Services
- Supabase: Authentication and database (EU region)
- Stripe: Payment processing (GDPR compliant)
- OpenAI: AI document generation (data minimization, no training on your data)
- AWS SES: Transactional emails (EU region where possible)
- Vercel: Hosting and analytics (cookie-less)
- Sentry: Error monitoring (EU region, PII scrubbing)
Children's Privacy
Our service is not intended for users under 18. We do not knowingly collect data from minors. If you believe we have collected data from a minor, contact us immediately.
Changes to This Policy
We may update this policy occasionally. Material changes will be communicated via email or prominent notice on the site. Continued use after changes constitutes acceptance.
Contact & Complaints
Privacy Questions: help@legalselfhelp.ai
Data Protection Officer: aaron@legalselfhelp.ai
Supervisory Authority: You have the right to lodge a complaint with your local data protection authority if you believe we have violated your rights.
California Privacy Rights (CCPA)
California residents have additional rights under the California Consumer Privacy Act (CCPA):
- Right to know what personal information is collected
- Right to know if personal information is sold or disclosed
- Right to opt-out of the sale of personal information (we don't sell data)
- Right to deletion
- Right to non-discrimination for exercising CCPA rights
To exercise these rights, contact help@legalselfhelp.ai