LEGALAUDIT

Privacy

Privacy Policy

This notice explains in practical terms how LegalAudit handles chat, files, orders, and audit logs.

Controller and contacts

LegalAudit SA, Lugano, Switzerland. For privacy requests write to privacy@legalaudit.ch.

Mythos AI processing

User content may be processed by an AI provider in Switzerland/EU to generate triage and dossiers. It is never used for training, and the provider applies zero retention to user content.

Chat and assets

Chats, uploads, and technical results are processed to deliver the service.

  • Free assets: auto-purge within 24h.
  • Paid assets: 30-day retention.
  • No model-vendor training on user files.

Uploads and security

Every upload is scanned with ClamAV. Archives are extracted in a bwrap sandbox; URLs pass SSRF guard; SSE-KMS S3 storage is optional for paid orders.

Cookies

We use only necessary technical cookies.

  • lac_anon: httpOnly, links anonymous conversations.
  • NEXT_LOCALE: language preference.
  • next-auth session cookie: authenticated user session.

Audit log

Every relevant action is recorded in a sha256 hash-chained audit log designed to be tamper-evident.

Data subject rights

You may request access, deletion, and rectification. Account deletion is available from /dashboard/account; data portability is coming.

Informational document - the official version is available on request at privacy@legalaudit.ch. Final counsel review is recommended before public launch.

Privacy Policy