Privacy Policy - Legal Advice Now

1. Introduction

Welcome to Legal Advice Now ("Service"), operated by Arcade Data Ltd ("we," "us," "our"). Arcade Data Ltd is a company registered in England and Wales, located in London, UK.

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website https://legaladvicenow.ai and use our Service, which provides AI-powered analysis of legal documents for educational purposes only.

Please read this Privacy Policy carefully. By using the Service, you agree to the terms of this Privacy Policy. If you do not agree with the terms, please do not access or use the Service.

Key Definitions:

• Personal Data: Any information relating to an identified or identifiable natural person.
• Processing: Any operation performed on Personal Data (collection, recording, use, disclosure, etc.).
• Data Controller: Arcade Data Ltd is the controller for the Personal Data processed via the Service.
• Guest User: A user accessing the Service without creating an account.
• Registered User: A user who has created an account with the Service.

2. Information We Collect

We collect different types of information depending on how you use our Service:

Guest Users:

• Uploaded Document Content: The content of the document(s) you upload for analysis. This data is processed transiently and deleted immediately after being sent for analysis (see Section 7).
• Usage Data: Your IP address, browser type, device type, operating system, date/time stamps of access, and error logs. This helps us operate and secure the service.
• Payment Information: We use Stripe for payment processing. While you provide payment details directly to Stripe, we receive confirmation of payment but do not store your full credit card details. Stripe's privacy policy governs their data processing.
• Case Metadata: Information about the analysis case (e.g., analysis results, case identifier), excluding the original document content.

Registered Users:

• All information collected from Guest Users (except Case Metadata retention period differs).
• Account Information: Your email address (mandatory), and optionally your first name, last name, state, and country.
• Credentials: Your password (stored securely using hashing and salting).
• Session Information: We use necessary cookies to maintain your logged-in session.

All Users:

• Aggregated/Anonymized Data: We use Google Analytics to collect anonymized information about website traffic and usage patterns to improve our Service. Google's privacy policy applies to their data processing.

3. Legal Basis for Processing (UK GDPR)

We process your Personal Data based on the following legal grounds under the UK General Data Protection Regulation (UK GDPR):

• Performance of a Contract: To provide the core Service you request (document analysis, account management for Registered Users). This includes processing your uploaded document (transiently) and payment information (via Stripe).
• Consent:
  • You provide consent by agreeing to this Privacy Policy and the Terms of Service via the mandatory checkbox before uploading a document.
  • For Registered Users, we may send marketing communications based on your decision to sign up, with a clear option to opt-out (unsubscribe) at any time via your profile panel or email links.
• Legitimate Interests:
  • To operate, maintain, and improve the Service (using Usage Data and anonymized analytics).
  • To ensure the security of our Service and prevent fraud (using Usage Data).
  • To communicate important service-related notices (for Registered Users).
• Compliance with Legal Obligations: To comply with applicable laws and respond to lawful requests from authorities.

4. How We Use Your Information

We use the information we collect for the following purposes:

• To provide, operate, and maintain the Service.
• To process your document uploads and facilitate AI analysis.
• To process payments via Stripe.
• To create and manage accounts for Registered Users.
• To communicate with you (service updates for Registered Users; responses to inquiries; marketing emails for Registered Users who haven't opted out).
• To improve the Service using aggregated and anonymized Usage Data and feedback.
• To monitor and ensure the security and integrity of the Service.
• To comply with legal obligations and enforce our Terms of Service.

Crucially: We do not use the content of your uploaded documents to train our own or third-party AI models.

5. How We Share Your Information

We do not sell your Personal Data. We may share your information with the following third parties only under limited circumstances:

Third-Party Service Providers:

• AI Providers: We send the full content of your uploaded document to third-party AI service providers solely for the purpose of performing the analysis you requested. We select providers who contractually commit not to use the submitted data for training their models. Also, we transmit the document under a secure connection.
• Hosting Provider: Our servers are hosted by Hetzner Online GmbH in Europe.
• Payment Processor: Stripe processes your payments.
• Analytics Provider: Google Analytics processes anonymized usage data.
• Security Provider: Cloudflare provides security services, including encrypted tunnels.

Legal Requirements:

We may disclose your information if required by law, subpoena, or other legal process, or if we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request.

Business Transfers:

If Arcade Data Ltd is involved in a merger, acquisition, or sale of all or a portion of its assets, your Personal Data may be transferred as part of that transaction. We will notify Registered Users via email and/or a prominent notice on our Service 30 days in advance of any change in ownership or uses of your Personal Data, as well as any choices you may have regarding your Personal Data.

6. International Data Transfers

Your information, including Personal Data, may be processed by our third-party service providers (like AI providers or Google Analytics) located outside the UK or European Economic Area (EEA). Our primary hosting is within the EU (Hetzner). When we transfer Personal Data outside the UK/EEA, we rely on appropriate safeguards, such as adequacy decisions or Standard Contractual Clauses (SCCs) approved by the relevant authorities, including the UK Addendum where applicable.

7. Data Retention

We retain your information only for as long as necessary for the purposes set out in this Privacy Policy:

• Uploaded Document Content: Deleted immediately after being sent for analysis. It is not stored on our servers.
• Guest User Case Metadata: Retained for 15 days after case creation and then automatically deleted.
• Registered User Case Metadata: Retained until the Registered User chooses to delete the case via their account panel.
• Registered User Account Information: Retained while the account is active and for 7 days after account closure.
• Usage Logs & Analytics Data: Retained for 7 days.

8. Data Security

We implement technical and organizational measures designed to protect your information from unauthorized access, use, alteration, or disclosure. These include:

• HTTPS and TLS 1.3 encryption for data in transit (via Cloudflare).
• Cloudflare encrypted tunnels, limiting direct server exposure.
• Hashing and salting of passwords for Registered Users.
• Restricted access controls to servers and data.

However, no electronic transmission or storage is 100% secure. While we strive to use commercially acceptable means to protect your Personal Data, we cannot guarantee its absolute security.

9. Cookies and Tracking Technologies

• Guest Users: We do not use cookies necessary for the core functionality for Guest Users.
• Registered Users: We use essential cookies to manage your login session and maintain account security.
• Google Analytics: We use Google Analytics, which may use cookies to collect anonymized data about website usage. You can learn more about Google's practices at google.com/policies/privacy/partners/ and opt-out via tools.google.com/dlpage/gaoptout.

You can typically set your browser to refuse cookies, but this may prevent Registered Users from logging in or using certain features.

10. Your Data Protection Rights (UK GDPR)

Under UK GDPR, you have rights regarding your Personal Data:

• Right to Access: Request copies of your Personal Data.
• Right to Rectification: Request correction of inaccurate or incomplete Personal Data.
• Right to Erasure ('Right to be Forgotten'): Request deletion of your Personal Data under certain conditions.
• Right to Restrict Processing: Request restriction of processing under certain conditions.
• Right to Data Portability: Request transfer of your Personal Data to another organization, or directly to you, under certain conditions.
• Right to Object: Object to processing based on legitimate interests.
• Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent (e.g., for marketing emails).

To exercise these rights, please contact us at [email protected]. We will respond to your request within one month.

You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk).

11. Children's Privacy

Our Service is not intended for individuals under the age of 18. We do not knowingly collect Personal Data from children under 18. If we become aware that we have collected Personal Data from a child under 18, we will take steps to delete such information.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. For Registered Users, we will provide notice within the application. You are advised to review this Privacy Policy periodically for any changes.

13. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

• By email: [email protected]
• By post: Arcade Data Ltd, 34 St. James's Street, 1st Floor, London, England, SW1A 1HD, United Kingdom