Privacy Policy
Last updated: March 10, 2026
At Legal Expert ("the Platform"), operated by Legal Expert S.A.S. ("we", "us", "the Company"), we are committed to protecting the privacy and personal data of our users. This Privacy Policy describes how we collect, use, store, and protect your personal information in accordance with the General Data Protection Regulation (GDPR) of the European Union and Uruguay's Law No. 18,331 on Personal Data Protection.
1. Data Controller
Legal Expert S.A.S.
Montevideo, Uruguay
Email: privacy@legalexpert.app
2. Data We Collect
2.1. Data Provided Directly by the User
| Category | Data | Purpose |
|---|---|---|
| Registration data | Name, surname, email address, password (hashed), professional license number | Account creation and management |
| Profile data | Phone number, professional address, CJPPU number, profile photo | Service personalization |
| Studio data | Studio name, address, tax ID, members | Shared workspace management |
| Professional content | Cases, court records, clients, hearings, documents, calculations | Core service delivery |
| Payment data | Selected plan, billing history (card data is managed by the payment processor) | Subscription management |
2.2. Data Collected Automatically
| Category | Data | Purpose |
|---|---|---|
| Usage data | Features used, access frequency, actions performed | Service improvement and usage analytics |
| Technical data | IP address, device type, operating system, app version | Security, technical diagnostics |
| Activity logs | Login history, audit-relevant actions | Security and traceability |
2.3. Third-Party Data Entered by the User
Users enter data about their clients, counterparties, and other third parties (name, identity document, contact information, case details). For this data, the User acts as Data Controller and Legal Expert as Data Processor. The User is responsible for having an appropriate legal basis for processing this data.
3. Legal Basis for Processing
We process personal data based on the following legal bases (Art. 6 GDPR):
- Performance of a contract (Art. 6.1.b): Necessary to provide the service contracted by the User.
- Consent (Art. 6.1.a): For marketing communications and optional features. You may withdraw your consent at any time.
- Legitimate interest (Art. 6.1.f): To improve security, prevent fraud, and optimize the service.
- Legal obligation (Art. 6.1.c): When the law requires us to retain certain data.
4. How We Use Your Data
- Provide, maintain, and improve the Platform.
- Process subscriptions and payments.
- Send service-related notifications (hearings, deadlines, tasks).
- Provide technical support.
- Generate anonymous, aggregated usage statistics.
- Comply with legal and regulatory obligations.
- Prevent fraudulent or abusive activities.
We do not sell, rent, or share personal data with third parties for marketing purposes.
5. Data Sharing
We only share personal data in the following cases:
- Service providers: Payment processors, cloud infrastructure services, email services—exclusively for service delivery and under confidentiality and data protection agreements.
- Within a Studio: Case and client data is shared among authorized members of the same Studio, according to permissions configured by the administrator.
- Case sharing invitations: When a User shares a case with another user, necessary case data is shared as authorized by the User.
- Legal requirement: When required by law, court order, or competent authority.
6. International Data Transfers
6.1. Our servers and infrastructure may be located outside the User's country of residence. In case of international data transfers, we ensure an adequate level of protection through:
- Standard contractual clauses approved by the European Commission.
- Providers that comply with recognized data protection frameworks.
- Supplementary technical measures (encryption in transit and at rest).
6.2. Uruguay is recognized by the European Commission as a country with an adequate level of data protection (Decision 2012/484/EU).
7. Data Security
We implement appropriate technical and organizational measures to protect personal data, including:
- Data encryption in transit (TLS/HTTPS) and at rest.
- Passwords stored using secure hashing algorithms (bcrypt).
- Authentication via JWT tokens with temporal expiration.
- Role-based access control and per-Studio permissions.
- Audit logs of relevant actions.
- Periodic encrypted backups.
- Data isolation between Studios (application-level multi-tenancy).
8. Data Retention
8.1. Personal data is retained as long as the User's account is active and necessary to provide the service.
8.2. After account cancellation, data is retained for 30 days to allow recovery, then deleted or anonymized, except for data we must retain due to legal obligations (tax data: 5 years; audit logs: per applicable regulations).
8.3. Third-party data entered by the User (clients, counterparties) is deleted along with the User's account, or earlier if the User deletes it directly.
9. User Rights
In accordance with the GDPR and Law 18,331, you have the following rights:
| Right | Description |
|---|---|
| Access | Request a copy of the personal data we process about you. |
| Rectification | Correct inaccurate or incomplete data. |
| Erasure | Request deletion of your personal data ("right to be forgotten"). |
| Restriction | Request restriction of processing in certain circumstances. |
| Portability | Receive your data in a structured, commonly used, and machine-readable format. |
| Objection | Object to processing based on legitimate interest. |
| Withdraw consent | Withdraw your consent at any time, without affecting the lawfulness of prior processing. |
To exercise your rights, contact us at privacy@legalexpert.app. We will respond within a maximum of 30 days.
If you believe our data processing violates your rights, you may file a complaint with Uruguay's Personal Data Control and Regulatory Unit (URCDP) or the data protection authority in your country of residence.
10. Cookies and Similar Technologies
10.1. The web application may use cookies and similar technologies for:
- Essential cookies: Necessary for Platform functionality (authentication, session preferences).
- Analytics cookies: To understand how the Platform is used and improve the experience (only with your consent).
10.2. We do not use advertising or third-party tracking cookies.
10.3. You can manage your cookie preferences from your browser settings.
11. Minors
The Platform is intended for legal professionals and is not directed at individuals under 18 years of age. We do not intentionally collect personal data from minors. If we discover that we have collected data from a minor, we will promptly delete it.
12. Use of Artificial Intelligence
12.1. The Platform may use artificial intelligence tools for features such as case law search, document analysis, and suggestions. These tools process User data exclusively to enhance the service experience.
12.2. No automated decisions that produce legal effects on the User are made without human intervention.
12.3. Data processed by AI tools is not used to train third-party models.
13. Security Breach Notification
In the event of a security breach affecting personal data, we commit to:
- Notifying the competent supervisory authority within a maximum of 72 hours (per Art. 33 GDPR).
- Notifying affected Users without undue delay when the breach poses a high risk to their rights and freedoms.
- Documenting the circumstances, effects, and corrective measures taken.
14. Changes to This Policy
We reserve the right to update this Privacy Policy. Substantial changes will be notified at least 30 days in advance through the Platform and/or email. The last updated date is indicated at the top of this document.
15. Contact
For any privacy-related inquiries or questions about the processing of your personal data:
- Email: privacy@legalexpert.app
- Through the support channels available on the Platform.