The Legora Agent is live

Read now

Security

Customers

Book a demo

Menu

Log in

Back to overview

Privacy Policy

Back to overview

Privacy Policy

Back to overview

Privacy Policy

Back to overview

Privacy Policy

Last updated 04 June 2026

Legora AB and its subsidiaries and group affiliates (“Legora”, “we” or “us”) respect your privacy and are committed to securing and protecting any information we have about you. This policy (the “Privacy Policy”) provides information on the collection, use, sharing and processing of  personal data in connection with your use of Legora’s website (the “Site”), platform, mobile applications, products, features, technologies and plug-ins exchanging information with Legora (“Services”) and/or any other digital service that links to this Privacy Policy. The Privacy Policy also covers interactions you have with Legora during in-person meetings or at events, and in the context of other offline sales and marketing activities, and describes your rights and how you can exercise them with regards to these processing activities.  For information about how we use cookies and similar tracking technologies on our Site, please see our Cookie Policy. 

Terms “personal information” or “personal data” mean any and all information that relates to an identified individual or to an identifiable individual. For example, this could include inter alia your name, address, email address, business contact details, title or information gathered through your interactions with us via our websites, services, competitions, surveys and/or at events. 

Legora AB and its subsidiaries and group affiliates (“Legora”, “we” or “us”) respect your privacy and are committed to securing and protecting any information we have about you. This policy (the “Privacy Policy”) provides information on the collection, use, sharing and processing of  personal data in connection with your use of Legora’s website (the “Site”), platform, mobile applications, products, features, technologies and plug-ins exchanging information with Legora (“Services”) and/or any other digital service that links to this Privacy Policy. The Privacy Policy also covers interactions you have with Legora during in-person meetings or at events, and in the context of other offline sales and marketing activities, and describes your rights and how you can exercise them with regards to these processing activities.  For information about how we use cookies and similar tracking technologies on our Site, please see our Cookie Policy. 

Terms “personal information” or “personal data” mean any and all information that relates to an identified individual or to an identifiable individual. For example, this could include inter alia your name, address, email address, business contact details, title or information gathered through your interactions with us via our websites, services, competitions, surveys and/or at events. 

Legora AB and its subsidiaries and group affiliates (“Legora”, “we” or “us”) respect your privacy and are committed to securing and protecting any information we have about you. This policy (the “Privacy Policy”) provides information on the collection, use, sharing and processing of  personal data in connection with your use of Legora’s website (the “Site”), platform, mobile applications, products, features, technologies and plug-ins exchanging information with Legora (“Services”) and/or any other digital service that links to this Privacy Policy. The Privacy Policy also covers interactions you have with Legora during in-person meetings or at events, and in the context of other offline sales and marketing activities, and describes your rights and how you can exercise them with regards to these processing activities.  For information about how we use cookies and similar tracking technologies on our Site, please see our Cookie Policy. 

Terms “personal information” or “personal data” mean any and all information that relates to an identified individual or to an identifiable individual. For example, this could include inter alia your name, address, email address, business contact details, title or information gathered through your interactions with us via our websites, services, competitions, surveys and/or at events. 

Legora AB and its subsidiaries and group affiliates (“Legora”, “we” or “us”) respect your privacy and are committed to securing and protecting any information we have about you. This policy (the “Privacy Policy”) provides information on the collection, use, sharing and processing of  personal data in connection with your use of Legora’s website (the “Site”), platform, mobile applications, products, features, technologies and plug-ins exchanging information with Legora (“Services”) and/or any other digital service that links to this Privacy Policy. The Privacy Policy also covers interactions you have with Legora during in-person meetings or at events, and in the context of other offline sales and marketing activities, and describes your rights and how you can exercise them with regards to these processing activities.  For information about how we use cookies and similar tracking technologies on our Site, please see our Cookie Policy. 

Terms “personal information” or “personal data” mean any and all information that relates to an identified individual or to an identifiable individual. For example, this could include inter alia your name, address, email address, business contact details, title or information gathered through your interactions with us via our websites, services, competitions, surveys and/or at events. 

1

Scope of this Privacy Policy

1

Scope of this Privacy Policy

his Privacy Policy applies when Legora is the data controller responsible for processing personal data of: 

  • visitors and users of the Legora Site and Services, including any other digital service that links to this Privacy Policy; 

  • Attendees of Legora events, webinars and surveys; 

  • Customers and prospective customers and their representatives; 

  • subscribers to Legora newsletters and updates; and 

  • suppliers, service providers, business partners and any third-party (including prospects) and their representatives

This Privacy Policy does not apply to any input submitted to, output generated by, or documents uploaded to our Services (“Subscriber Content”). We process Subscriber Content as a data processor on behalf of our Subscribers (the data controllers), and our processing of Subscriber Content is governed by the relevant Subscriber Agreement. Any queries related to data that can be used to identify you (“personal data”) included in Subscriber Content should be directed to our Subscribers. If we receive any rights requests concerning instances where we act as data processor, we will forward them to the relevant Subscriber.

his Privacy Policy applies when Legora is the data controller responsible for processing personal data of: 

  • visitors and users of the Legora Site and Services, including any other digital service that links to this Privacy Policy; 

  • Attendees of Legora events, webinars and surveys; 

  • Customers and prospective customers and their representatives; 

  • subscribers to Legora newsletters and updates; and 

  • suppliers, service providers, business partners and any third-party (including prospects) and their representatives

This Privacy Policy does not apply to any input submitted to, output generated by, or documents uploaded to our Services (“Subscriber Content”). We process Subscriber Content as a data processor on behalf of our Subscribers (the data controllers), and our processing of Subscriber Content is governed by the relevant Subscriber Agreement. Any queries related to data that can be used to identify you (“personal data”) included in Subscriber Content should be directed to our Subscribers. If we receive any rights requests concerning instances where we act as data processor, we will forward them to the relevant Subscriber.

2

What information does Legora collect

2

What information does Legora collect

Legora may process your personal data in several ways, for various purposes. This information may originate directly from you or indirectly shared with us by data aggregators who may or may not have a business relationship with you, such as our business partners, customers, employers and employees. 

Legora may process your personal data in several ways, for various purposes. This information may originate directly from you or indirectly shared with us by data aggregators who may or may not have a business relationship with you, such as our business partners, customers, employers and employees. 

2.1

Information you provide to us

We collect personal data provided to us if you create an account to use our Services or communicate with us as follows:

User account information: We require everyone with access to our Services to have an account with us. When you or your employer create a Legora account, we collect personal data including your name, email address, role, language preferences and account credentials.

Communication information: When you contact us with questions or other inquiries or contact our sales or customer support services, provide feedback, or make inquiries, we collect your name, email address, phone number, and any other information you provide us with to assist you or resolve your issue. Legora may monitor and record phone conversations or email communications between you and Legora employees for training and quality assurance purposes. We may receive confirmation when you open or click on content in an email from us, which helps us make our communications to you more useful and interesting.

Social media information: We maintain social media presence on different social media platforms such as LinkedIn, YouTube,  X, Instagram and TikTok (“Social Media”). If you interact with us on Social Media, we may also receive information such as your username and profile information. When communicating with us via social media platforms, we process data provided by you such as reposts, likes, direct messages, comments, inquiries etc.Third parties that host our Social Media accounts may provide us with aggregate information and analytics regarding your use and interaction with our Social Media. 

Survey and contest informationWe may provide you the opportunity to participate in surveys for example, to measure customer satisfaction, or specific contests. If you participate, we may request certain personally identifiable information from you. Participation in these surveys or contests are completely voluntary, and you therefore have a choice whether or not to disclose this information. The requested information typically includes name, email address, and mailing address.

Testimonial and review information: We may display personal testimonials or reviews if you have consented to it. If you wish to update or delete your testimonial or review, you can contact us.

Marketing information: When you sign up for marketing communications, advertisements, event invitations or any other information or update about our services and products, we may collect your personal information to facilitate this. 

2.1

Information you provide to us

We collect personal data provided to us if you create an account to use our Services or communicate with us as follows:

User account information: We require everyone with access to our Services to have an account with us. When you or your employer create a Legora account, we collect personal data including your name, email address, role, language preferences and account credentials.

Communication information: When you contact us with questions or other inquiries or contact our sales or customer support services, provide feedback, or make inquiries, we collect your name, email address, phone number, and any other information you provide us with to assist you or resolve your issue. Legora may monitor and record phone conversations or email communications between you and Legora employees for training and quality assurance purposes. We may receive confirmation when you open or click on content in an email from us, which helps us make our communications to you more useful and interesting.

Social media information: We maintain social media presence on different social media platforms such as LinkedIn, YouTube,  X, Instagram and TikTok (“Social Media”). If you interact with us on Social Media, we may also receive information such as your username and profile information. When communicating with us via social media platforms, we process data provided by you such as reposts, likes, direct messages, comments, inquiries etc.Third parties that host our Social Media accounts may provide us with aggregate information and analytics regarding your use and interaction with our Social Media. 

Survey and contest informationWe may provide you the opportunity to participate in surveys for example, to measure customer satisfaction, or specific contests. If you participate, we may request certain personally identifiable information from you. Participation in these surveys or contests are completely voluntary, and you therefore have a choice whether or not to disclose this information. The requested information typically includes name, email address, and mailing address.

Testimonial and review information: We may display personal testimonials or reviews if you have consented to it. If you wish to update or delete your testimonial or review, you can contact us.

Marketing information: When you sign up for marketing communications, advertisements, event invitations or any other information or update about our services and products, we may collect your personal information to facilitate this. 

2.2

Information we automatically collect

When you visit, use, and interact with our Services, we will collect certain information about your visit, use, or interactions (“Technical Information”) indirectly, including through automated means from your computer or device, including the following:

Log data: Whenever you visit the Site or interact with our Services, your browser will automatically send us your IP address, browser type and settings, the date and time of your request, and how you interacted with the Site or Services.

Device information: We will automatically collect information about the device you are using to access the Site or the Services, including name of the device, operating system, browser, referring/exit pages, operating systems, date/time stamps, and clickstream data. The information collected may depend on the type of device you use and its settings.

Usage data: We will automatically collect information about your use of our Services, including, name, email address, the features you use, actions you take, your time zone, location, the dates and times of access, amount of time spent within the Services and types and volumes of queries you submit. We will however never collect or store any data directly related to your Subscriber Content other than in accordance with the applicable Subscriber Agreement.

Cookies: We also collect Technical Information through the use of cookies and similar tracking technologies when you visit our Site. Some of this Technical Information, such as your IP address or device identifiers, may constitute personal data. For full details of the cookies and similar technologies we use, their purposes, the third parties involved, applicable retention periods and how to manage or withdraw your consent, please see our Cookie Policy.

2.2

Information we automatically collect

When you visit, use, and interact with our Services, we will collect certain information about your visit, use, or interactions (“Technical Information”) indirectly, including through automated means from your computer or device, including the following:

Log data: Whenever you visit the Site or interact with our Services, your browser will automatically send us your IP address, browser type and settings, the date and time of your request, and how you interacted with the Site or Services.

Device information: We will automatically collect information about the device you are using to access the Site or the Services, including name of the device, operating system, browser, referring/exit pages, operating systems, date/time stamps, and clickstream data. The information collected may depend on the type of device you use and its settings.

Usage data: We will automatically collect information about your use of our Services, including, name, email address, the features you use, actions you take, your time zone, location, the dates and times of access, amount of time spent within the Services and types and volumes of queries you submit. We will however never collect or store any data directly related to your Subscriber Content other than in accordance with the applicable Subscriber Agreement.

Cookies: We also collect Technical Information through the use of cookies and similar tracking technologies when you visit our Site. Some of this Technical Information, such as your IP address or device identifiers, may constitute personal data. For full details of the cookies and similar technologies we use, their purposes, the third parties involved, applicable retention periods and how to manage or withdraw your consent, please see our Cookie Policy.

2.3

Information collected from third parties

We may collect information about you from third parties, such as security partners, marketing vendors and event organizers. Our Subscribers may give us information about you, such as your contact details, in order to facilitate us providing our Services. We may combine this information with information we collect from you and use it as described in this Privacy Policy. 

2.3

Information collected from third parties

We may collect information about you from third parties, such as security partners, marketing vendors and event organizers. Our Subscribers may give us information about you, such as your contact details, in order to facilitate us providing our Services. We may combine this information with information we collect from you and use it as described in this Privacy Policy. 

2.4

Publicly available information

We provide access to publicly available information (for example, judgments and decisions) within our Services. Some of this information may relate to individuals and can, in some jurisdictions, be considered personal data. Personal data included in publicly available information is only processed so that our Services can provide more accurate and relevant responses. It is not provided to intentionally identify individuals. 

Legora also collects publicly available information about Subscribers and prospects, including name, email address, phone number and other contact details.

2.4

Publicly available information

We provide access to publicly available information (for example, judgments and decisions) within our Services. Some of this information may relate to individuals and can, in some jurisdictions, be considered personal data. Personal data included in publicly available information is only processed so that our Services can provide more accurate and relevant responses. It is not provided to intentionally identify individuals. 

Legora also collects publicly available information about Subscribers and prospects, including name, email address, phone number and other contact details.

2.5

Aggregated information

Legora may aggregate personal data and use the aggregated information to analyze the effectiveness of our Services, improve and add features to our Services. In addition, from time to time, we may analyze the general behavior and characteristics of users of our Services and share aggregated information like general user statistics with third parties, publish such aggregated information or make such aggregated information generally available. We may collect aggregated information through the Services, through cookies, and through other means described in this Privacy Policy.

2.5

Aggregated information

Legora may aggregate personal data and use the aggregated information to analyze the effectiveness of our Services, improve and add features to our Services. In addition, from time to time, we may analyze the general behavior and characteristics of users of our Services and share aggregated information like general user statistics with third parties, publish such aggregated information or make such aggregated information generally available. We may collect aggregated information through the Services, through cookies, and through other means described in this Privacy Policy.

3

How we use your personal data

3

How we use your personal data

Legora may use your personal data for the following purposes:

  • to provide, administer, maintain, and/or improve our Services;

  • to provide you with support services, resolve issues or reply to your queries; 

  • to manage and remember your preferences and customize the Services;

  • to communicate with you, including to send you information or marketing about our Services and events;

  • to analyze and study the effectiveness of our Services and to develop new features and services;

  • to verify your identity, prevent fraud, criminal activity and to ensure the security of our IT systems, architecture, and networks; 

  • to prevent misuse of the Services and enforce our legal terms; 

  • to comply with legal obligations and legal processes, and;

  • to protect Legora’s rights, privacy, safety, or property, and/or that of our affiliates, you, or other third parties.

The following disclosures are intended to provide additional information about the categories of Personal Information we collect (as defined above), the type of data, how we use each category of Personal Information. These disclosures do not limit our ability to use or disclose information as described above.

Purpose – what we do and why

Types of personal data (see Section 2)

Legal basis

Data retention (see Section 8)

Customer Relationship Management – To manage our customer relationship with you and/or your employer in accordance with our agreements, for each service you use. This includes creating and sending information to you in electronic format.

From you or your employer:

  • User account information

  • Communication information

From other sources:

  • User account information

  • Log data,

  • Device information,

  • Usage data.

The processing is necessary for Legora to perform a contract with you and/or your employer (Article 6(1)(b) GDPR).

When the relevant contracts terminate.

Surveys & Research – To be able to perform end user satisfaction surveys, conduct market research as well as ask for reviews from you, through email, text messages, or via other communication channels.

From you:

  • Survey and contest information

  • Testimonial and review information

From other sources:

  • Technical Information.

The processing is based on a balancing of interests (Article 6(1)(f) GDPR). When balancing interests, Legora has determined that we have a legitimate interest in being able to perform the personal data processing, that the processing is necessary to achieve that purpose, and that our interest outweighs your right not to have your data processed for this purpose.  

When the contract between us terminates.

Network & Information Security – To ensure network and information security in Legora’s Services.

From you:

  • User account information

From other sources:

  • Technical Information.

The processing is based on a balancing of interests (Article 6(1)(f) GDPR). When balancing interests, Legora has determined that we have a legitimate interest in being able to ensure network and information security, that the processing is necessary to realize that purpose, and that our interest outweighs your right not to have your data processed for this purpose. It is also in your interest as a user and our Subscriber’s interests that we ensure good information security.

For as long as you are using the Services.

Product Development – To perform data analysis for development and improving our Services

From you:

  • User account information

From other sources:

  • Technical Information.

The processing is based on a balancing of interests (Article 6(1)(f) GDPR). When balancing interests, Legora has determined that we have a legitimate interest in using your personal data for product development purposes and in analysing customer behaviour in order to improve the service and customer experience. We ensure that the particular processing this entails is necessary to achieve the purpose in question, and that our interest outweighs your right not to have your data processed for this purpose.

For as long as you are using the Services.

Billing & Usage Costs – To calculate usage costs in relation to suppliers and Subscribers (if possible, we first anonymize the data).

From other sources:

  • Usage data.

The processing is necessary for Legora to perform a contract with you and your employer (Article 6(1)(b) GDPR) and based on a balancing of interests (Article 6(1)(f) GDPR). When balancing interests, Legora has determined that we have a legitimate interest in calculating costs resulting from your usage of our Services.

This processing takes place for up to 6 months after using a Service or longer if required under applicable law or to safeguard Legora’s legal rights.

Identity Verification – To check and verify your identity.

From you:

  • User account information

From other sources:

  • Technical Information

The processing is necessary for Legora to perform a contract with you and your employer (Article 6(1)(b) GDPR).

As long as you use the Services.

Data Sharing – To share your personal data with the categories of recipients described in Section 4 (suppliers and subcontractors and companies within the Legora Group)

All types mentioned in section 2.

Varies depending on the recipient (see Section 4).

For the entire period during which Legora must retain the data in its systems, for example, to fulfil the agreement with your employer or to comply with applicable law.

Marketing Segmentation – To decide what kind of marketing or marketing surveys we will provide to you. If you do not want us to perform this processing of your personal data, please contact us. We will then cease to use your data for this purpose.. The processing may constitute profiling.

From you:

  • Communication information

  • Social media information

  • Marketing information

From other sources:

  • Technical Information

The processing is based on a balancing of interests (Article 6(1)(f) GDPR). When balancing interests, Legora has determined that we have a legitimate interest in identifying which type of marketing we should provide to you. We ensure that the processing this entails is necessary to pursue that interest, and that our interest outweighs your right not to have your information processed for this purpose. 

If you notify us that you are not interested in this processing.

Newsletters & Direct Marketing – To send you our consent-based newsletters and other direct marketing communications containing updates on Legora's products, services, events and other related content, as well as marketing surveys about offers from Legora and our affiliates. You may subscribe to our newsletter(s) by providing your explicit, informed consent (e.g. via a sign-up form on our Site or during account registration). Each newsletter will contain an unsubscribe link enabling you to opt out at any time. 

From you:

  • Communication information

  • Social media information

  • Marketing information

From other sources:

  • Technical Information

The processing is based on your freely given, specific, informed and unambiguous consent (Article 6(1)(a) and Article 7 GDPR; Article 13 of the ePrivacy Directive as implemented in applicable national law). Consent is obtained prior to sending any marketing communications and may be withdrawn at any time without affecting the lawfulness of processing based on consent before its withdrawal.

Until you withdraw your consent or unsubscribe from our marketing communications. Upon withdrawal of consent or opt-out, we will cease sending marketing communications to you without undue delay. We may retain a record of your consent and its withdrawal for a reasonable period thereafter to demonstrate compliance with applicable laws.

Legal Protection – To protect Legora from legal claims and safeguard Legora’s legal rights.

All types mentioned in Section 2. In the event of a dispute, we may also collect other types of personal data concerning you if we need them to exercise our rights.

The processing is based on a balancing of interests (Article 6(1)(f) GDPR). When balancing interests, Legora has determined that we have a legitimate interest in being able to protect ourselves from legal claims. We ensure that the processing this entails is necessary to achieve the purpose of the processing, and that our interest outweighs your right not to have your data processed for this purpose.

This processing takes place for the entire period during which Legora must retain the information in its systems, for example to perform the contract with you and your employer or to comply with applicable law.

Cookies & Tracking Technologies – Cookie-based data collection for analytics, marketing, preference tracking and other purposes on the Legora Site, as further described in our Cookie Policy.

Technical Information, including IP addresses, browser type and settings, device identifiers, cookie identifiers, browsing behaviour, referral URLs and interaction data.

The processing of data collected through strictly necessary cookies is based on legitimate interest (Article 6(1)(f) GDPR), as such cookies are essential for the operation of the Site. The processing of data collected through analytics, marketing and other non-essential cookies is based on your consent (Article 6(1)(a) GDPR), obtained in accordance with Article 5(3) of the ePrivacy Directive (Directive 2002/58/EC) as implemented in applicable national law. See our Cookie Policy for further details.

As set out in the Cookie Policy. Retention periods vary depending on the category and purpose of each cookie or similar technology.

4

With whom we share your personal data?

4

With whom we share your personal data?

In certain circumstances, we may share your personal information with third parties without further notice to you, unless legally required, including without limitation in the situations below:

Affiliates: Legora may share your personal data with other entities within the Legora corporate group (our “affiliates”), of which includes our parent company. Legora’s affiliates will only use the personal data we share with them in a manner consistent with this Privacy Policy.

Vendors and Service Providers: To assist us in meeting business operations needs and to perform certain services and functions, we may share your personal data with vendors and service providers, including providers of hosting services, cloud service providers, and other information technology services providers, event management services, email communication software and email newsletter services, advertising and marketing services, and web analytics services. The specific third-party cookie vendors and similar technology providers we use on our Site are identified in our Cookie Policy. Pursuant to our instructions, these parties will access, process, or store personal data in the course of performing their duties to us.

Third-party Websites and Services. Our Services may contain links to other websites not operated or controlled by Legora, including social media services (“third-party sites”). The information that you share with third-party sites will be governed by the specific privacy policies and terms of service of the third-party sites and not by this Privacy Policy. By providing these links we do not imply that we endorse or have reviewed these sites. Please contact the third-party sites directly for information on their privacy practices and policies.

Other users: When you are using the collaboration features within Legora, certain actions you take may be visible to other users of our services.

Plug-Ins. When you are using third party applications and choose to connect your Legora account with such external third-party applications (for example to use our Microsoft Word plug-in) the providers of those services or products may receive information about you from Legora or others. Please be aware that when you use third-party sites or services, their own terms and privacy policies will govern your use of those sites or services. Please contact the supplier of such applications directly for information on their privacy practices and policies.

Business changes: If we are involved in strategic transactions, (such as sale, merger, reorganizations, liquidation, or transition of service to another provider), your personal data and other information may be shared in the diligence process with counterparties and others assisting with the transaction and transferred to a successor or affiliate as part of that transaction along with other assets.

Legal Requirements: Legora may also share your personal data if required to do so by law or in the good faith belief that such action is necessary to (i) comply with a legal obligation, including to meet national security or law enforcement requirements, (ii) protect and defend our rights or property, (iii) prevent fraud, (iv) act in urgent circumstances to protect the personal safety of users of the Services, or the public, or (v) protect against legal liability.

5

International transfers

5

International transfers

Legora always strives to process your personal data as close to you as possible. By using our Site and Services however, you understand and acknowledge that your personal information will be transferred from your location to our facilities and servers in the EU/EEA.

In certain situations, such as when we share your information within the Legora corporate group or with a supplier or subcontractor, your personal data may be transferred outside the EU/EEA. Legora always ensures that the same high level of protection applies to your personal data according to the relevant data protection laws, even when the data is internationally transferred. Your rights in respect to your personal data (described in detail in section 6), are not affected when data is internationally transferred. You will find more information about the recipients Legora shares your data with in section 4.

Safety measures Legora uses when conducting international transfers

Countries outside of the EU/EEA or your country of residence may have laws that allow public authorities to request access to personal data stored in the country for the purpose of combating crime or safeguarding national security. Regardless of whether we or any of our providers process your personal data, we will ensure that a high level of protection is guaranteed when transferring that data and that appropriate protection measures have been taken, in accordance with applicable data protection requirements (such as the GDPR). 

Such appropriate safeguards include, but are not limited to:

  • Adequacy decisions. If the relevant authority (e.g. the EU Commission) has decided that the country to which your personal data are transferred has an adequate level of protection, which corresponds to the level of protection afforded by the relevant data protection laws. This means for example that the personal data is still protected from unauthorized disclosure, and that you may still exercise your rights with regard to your personal data,

  • Standard Contractual Clauses. The relevant authority’s standard clauses have been entered into between Legora and the recipient of the personal data. This means that the recipient guarantees that the level of protection for your personal data afforded by the relevant data protection laws still applies, and that your rights are still protected. In these cases, we also assess whether there are laws in the recipient country that affects the protection of your personal data. Where necessary, we take technical and organizational measures so that your data remain protected during the transfer to the relevant country.

  • Derogation. In limited circumstances, we may rely on an exception, or ‘derogation’ under the applicable data protection laws, to transfer your personal data to such country despite the absence of an adequacy decision or standard contractual clauses, such as relying on your explicit consent to that transfer or because it is necessary for the establishment, exercise or defence of legal claims (including regulatory, administrative or any out-of-court procedure, and seeking advice).

  • Data Privacy Framework. If the transfer is covered by a relevant data privacy framework, such as the EU-US Data Privacy Framework, which is an opt-in certification scheme for US companies, administered by the US Department of Commerce. Data privacy framework include sets of enforceable principles and requirements that must be certified to company, ensuring that your data is still being sufficiently protected.

6

What are your rights

6

What are your rights

You have several rights under the applicable data protection laws (including the GDPR) related to your control over your personal data and to receive information directly from us on how we process personal data about you. In the following you can read about your rights.

Right to information and access. You have the right to be informed of how we process your personal data. We do this through this Privacy Policy and by answering your questions. You can request information regarding whether we are processing your personal data and ask to receive a copy of your personal data (“data extract”), so called data subject access. Through the data extract you will receive information about what personal data Legora holds about you and how we process it.

Right to rectification. If you believe that your personal data is inaccurate or incomplete, you have the right to ask for it to be corrected or completed.

Right to restriction. If you believe that your personal data is inaccurate, that our processing is unlawful or that we do not need the information for a specific purpose, you have the right to request that we restrict the processing of such personal data. You also have the possibility to request that we stop processing your personal data while we assess your request. If you object to our processing per your right described directly below, you may also request us to restrict processing of that personal data while we make our assessment.

Right to object. You have the right to object to the processing of your personal data which is based on our legitimate interest (Article 6(1)(f) GDPR), by referencing your personal circumstances. If we cannot demonstrate compelling and legitimate grounds to continue processing the personal data, we must cease the processing. You can also always object to our processing of your personal data for direct marketing purposes. If you do so, we will turn off marketing for you, and stop sending it to you.

Right to be forgotten. In some cases, you have the right to have us delete personal data about you. For example, you can request us to delete personal data that we (i) no longer need for the purpose it was collected for, or (ii) process based on your consent and you revoke your consent. There are situations where Legora is unable to delete your data, for example, when the data is still necessary to process for the purpose for which the data was collected, Legora’s interest to process the data overrides your interest in having them deleted, or because we have a legal obligation to keep it.

Right to transfer your personal data (data portability). If we process your personal data to fulfill a contract or on the basis of your consent, you may, in certain cases, be able to obtain the personal data for use elsewhere, e.g. by obtaining a copy of it in a machine-readable format and transmitting it to another data controller.

Right to withdraw consent. In those cases where we process your personal data based on your consent, you have the right to withdraw your consent at any time. When you withdraw your consent, we will stop any processing of personal data which is based on your consent. Where your consent relates to the use of cookies and similar tracking technologies on our Site, you may withdraw your consent at any time via our consent management platform accessible via the cookie banner on our Site. For further information please see our Cookie Policy.

Right to lodge a complaint. If you have objections or concerns about how we process your personal data, you have the right to contact, or lodge a complaint with, the relevant authority for privacy protection, which is the supervisory authority for our personal data processing.

To exercise your rights, please contact us at any time. We reserve the right to limit our facilitating such requests to that which is required by applicable law. 

In order to protect your personal data from unauthorized access or deletion, we may require you to verify your identity before we will process any request to know or delete personal data. If we cannot verify your identity (and, where applicable, proof of residency) to our satisfaction, we will not provide or delete your personal data. You may submit a request to exercise your rights through an authorized agent. Such an agent must present signed written authority to act on your behalf and must be able to verify your identity (and, where applicable, proof of residency) to our satisfaction.

Rest assured that we will not discriminate against you for making any such request. Your right to access and delete your personal data is important to us, and we will take reasonable steps to verify and process your request promptly. 

Please be aware that even if we delete your personal data, certain residual data may still remain in our backups or archives for a limited period in accordance with our data retention policies and applicable laws.

If you have any questions or concerns about this process or our data deletion practices, please feel free to contact us.

You have several rights under the applicable data protection laws (including the GDPR) related to your control over your personal data and to receive information directly from us on how we process personal data about you. In the following you can read about your rights.

Right to information and access. You have the right to be informed of how we process your personal data. We do this through this Privacy Policy and by answering your questions. You can request information regarding whether we are processing your personal data and ask to receive a copy of your personal data (“data extract”), so called data subject access. Through the data extract you will receive information about what personal data Legora holds about you and how we process it.

Right to rectification. If you believe that your personal data is inaccurate or incomplete, you have the right to ask for it to be corrected or completed.

Right to restriction. If you believe that your personal data is inaccurate, that our processing is unlawful or that we do not need the information for a specific purpose, you have the right to request that we restrict the processing of such personal data. You also have the possibility to request that we stop processing your personal data while we assess your request. If you object to our processing per your right described directly below, you may also request us to restrict processing of that personal data while we make our assessment.

Right to object. You have the right to object to the processing of your personal data which is based on our legitimate interest (Article 6(1)(f) GDPR), by referencing your personal circumstances. If we cannot demonstrate compelling and legitimate grounds to continue processing the personal data, we must cease the processing. You can also always object to our processing of your personal data for direct marketing purposes. If you do so, we will turn off marketing for you, and stop sending it to you.

Right to be forgotten. In some cases, you have the right to have us delete personal data about you. For example, you can request us to delete personal data that we (i) no longer need for the purpose it was collected for, or (ii) process based on your consent and you revoke your consent. There are situations where Legora is unable to delete your data, for example, when the data is still necessary to process for the purpose for which the data was collected, Legora’s interest to process the data overrides your interest in having them deleted, or because we have a legal obligation to keep it.

Right to transfer your personal data (data portability). If we process your personal data to fulfill a contract or on the basis of your consent, you may, in certain cases, be able to obtain the personal data for use elsewhere, e.g. by obtaining a copy of it in a machine-readable format and transmitting it to another data controller.

Right to withdraw consent. In those cases where we process your personal data based on your consent, you have the right to withdraw your consent at any time. When you withdraw your consent, we will stop any processing of personal data which is based on your consent. Where your consent relates to the use of cookies and similar tracking technologies on our Site, you may withdraw your consent at any time via our consent management platform accessible via the cookie banner on our Site. For further information please see our Cookie Policy.

Right to lodge a complaint. If you have objections or concerns about how we process your personal data, you have the right to contact, or lodge a complaint with, the relevant authority for privacy protection, which is the supervisory authority for our personal data processing.

To exercise your rights, please contact us at any time. We reserve the right to limit our facilitating such requests to that which is required by applicable law. 

In order to protect your personal data from unauthorized access or deletion, we may require you to verify your identity before we will process any request to know or delete personal data. If we cannot verify your identity (and, where applicable, proof of residency) to our satisfaction, we will not provide or delete your personal data. You may submit a request to exercise your rights through an authorized agent. Such an agent must present signed written authority to act on your behalf and must be able to verify your identity (and, where applicable, proof of residency) to our satisfaction.

Rest assured that we will not discriminate against you for making any such request. Your right to access and delete your personal data is important to us, and we will take reasonable steps to verify and process your request promptly. 

Please be aware that even if we delete your personal data, certain residual data may still remain in our backups or archives for a limited period in accordance with our data retention policies and applicable laws.

If you have any questions or concerns about this process or our data deletion practices, please feel free to contact us.

7

How do we keep your personal data safe

7

How do we keep your personal data safe

We take significant and appropriate steps to protect your personal data in an effort to prevent loss, misuse, and unauthorized access, disclosure, alteration and destruction. We use appropriate technical and organizational measures to protect your personal information which may include: physical access controls, encryption, intrusion detection and network monitoring depending on the nature of the information and the scope of processing. 

For more information regarding our security measures, please view our Security Policy.

We take significant and appropriate steps to protect your personal data in an effort to prevent loss, misuse, and unauthorized access, disclosure, alteration and destruction. We use appropriate technical and organizational measures to protect your personal information which may include: physical access controls, encryption, intrusion detection and network monitoring depending on the nature of the information and the scope of processing. 

For more information regarding our security measures, please view our Security Policy.

8

How long do we store your personal data

8

How long do we store your personal data

Legora retains your personal information for as long as necessary to fulfill the purposes for which we collected it or longer if that is required under applicable law:

  • If you are a Legora user covered by a Subscription Agreement between your employer and Legora, we will delete your data in accordance with that Subscription Agreement.

  • Personal data that Legora is under a legal obligation to retain, for example under anti-money laundering or bookkeeping laws, is retained for the required periods under applicable laws (generally for 5 or 7 years). 

  • Personal data which is not used for the purposes of a contractual relationship or where Legora does not have a legal obligation to retain the data is only retained as long as necessary to fulfil the respective purpose for our data processing. 

More information can be found in the table in Section 3. For more information about the retention periods applicable to cookies and similar technologies used on our Site, please see our Cookie Policy. 

In some limited cases, the personal data may need to be stored for a longer period in order for Legora to protect its legal rights. If we don’t have a legal obligation to retain the personal data, we instead have to make an assessment if we may require the personal data in order to protect Legora from legal claims. 

Please note that just because we have a legal obligation to store your personal data, this does not mean that we are also permitted to use this data for any other purpose. 

When we no longer need your personal data, we will delete it or anonymize it in accordance with our data retention policies and applicable laws, or, if this is not possible (for example, because your personal data has been stored in backup archives), then we will securely store your personal data and isolate it from any further processing until deletion is possible.

9

Updates to this Privacy Policy

9

Updates to this Privacy Policy

We may update this Privacy Policy from time to time. When the Privacy Policy is updated, we will post an updated version on this page, unless another type of notice is required by applicable law or contractual agreement. By continuing to use our Online Services or providing us with personal data after we have posted an updated Privacy Policy, or notified you by other means, you consent to the revised Privacy Policy.

10

Contact us

10

Contact us

If you have any questions about our Privacy Policy or any other privacy related issue, please contact us at privacy@legora.com or via mail.

Controller’s Contact Information:
Legora AB, 559338-6872
Box 7242
103 89 Stockholm
Sweden 


Previous Versions: Privacy Policy | February 28, 2025


Previous Versions: Privacy Policy | February 28, 2025

Product

Legora aOS

Word Add-In

Outlook Add-In

Editor

Mobile app

Tabular Review

Workflows

Legal Research

Portal

Monitors

Agent

Lists

Solutions

M&A

Litigation

Banking

Tax

Insurance

Law firms

In-house

Certified

GDPR

AICPA SOC

ISO 27001

ISO 42001

Trust Center

Company

Careers

Blog

Press

About

Contact

Terms of use

Privacy Policy

Cookie Policy

Security Policy

aOS

News

Articles

X

LinkedIn

Youtube

© 2026 Legora. All rights reserved.

Product

Solutions

Certified

Company

Legal

Resources

Social

© 2026 Legora. All rights reserved.

Product

Solutions

Certified

Company

Legal

Resources

Social

© 2026 Legora. All rights reserved.