Privacy Policy

How we collect, use, and protect your personal information

Last updated: 2025-11-14

1. Introduction

This Privacy Policy describes how Complir.ai ("we", "us", or "our") collects, uses, and shares your personal information when you use our AI-powered legal assistant platform.

We are committed to protecting your privacy and handling your data transparently and securely in compliance with applicable data protection laws, including:

GDPR (General Data Protection Regulation) for users in the European Union
LGPD (Lei Geral de Proteção de Dados) for users in Brazil
CCPA (California Consumer Privacy Act) for users in California

2. Information We Collect

Account Information:

Name, email address, and contact details
Authentication credentials
Profile information

Usage Data:

Log data (IP address, browser type, device information)
Service usage patterns and preferences
Feature interactions and performance metrics

User Content:

Documents you upload to the platform
Legal queries and conversations with the AI assistant
Files stored in your vault
Compliance review submissions

Automatically Collected Data:

Cookies and similar tracking technologies
Session information
Analytics data

3. How We Use Your Information

We use your personal information for the following purposes:

Service Provision: To provide, maintain, and improve our legal assistant services
AI Processing: To analyze documents, generate summaries, and provide legal research assistance
Account Management: To create and manage your account
Communication: To send service updates, technical notices, and support messages
Security: To detect, prevent, and address fraud, security issues, and technical problems
Analytics: To understand how users interact with our Service and improve functionality
Compliance: To comply with legal obligations and enforce our Terms of Service
Product Development: To develop new features and improve existing services (with anonymized data)

4. Legal Basis for Processing (GDPR)

Under GDPR, we process your personal data based on the following legal grounds:

Contract Performance: Processing is necessary to provide the Service you requested
Legitimate Interests: We have legitimate business interests in improving our Service, preventing fraud, and ensuring security
Legal Obligation: We must process data to comply with legal requirements
Consent: Where required, we obtain your explicit consent before processing certain data (e.g., marketing communications)

For LGPD compliance (Brazil), we process data based on similar legal bases as outlined in Brazilian data protection law.

5. How We Share Your Information

We do not sell your personal information. We may share your data in the following limited circumstances:

Service Providers: With third-party vendors who help us operate the Service (e.g., cloud hosting, authentication services). These providers are contractually obligated to protect your data.
AI Services: Your documents may be processed by AI models to provide analysis and assistance. We use reputable AI providers with strong data protection measures.
Legal Requirements: When required by law, court order, or government authority
Business Transfers: In connection with a merger, acquisition, or sale of assets (with continued protection of your data)
Protection of Rights: To protect our rights, property, safety, or that of our users

Third-Party Services: We use these third-party services to operate the platform:

Auth0: Authentication
AWS: File storage and text extraction
Google Gemini: AI chat responses
Jina AI: Web search

These services process data necessary to provide functionality.

6. Data Security

We implement industry-standard security measures to protect your personal information:

Encryption: Data is encrypted in transit (TLS/SSL) and at rest
Access Controls: Strict access controls limit who can access your data
Authentication: Secure authentication via Auth0 with industry best practices
Monitoring: Continuous security monitoring and incident response procedures
Regular Audits: Periodic security assessments and updates

However, no method of transmission or storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

7. Data Retention

We retain your personal information for as long as necessary to provide the Service and fulfill the purposes described in this Privacy Policy.

Account Data: Retained while your account is active and for 30 days after account closure
User Documents: Retained until you delete them or close your account
Usage Logs: Typically retained for 1 year for security and analytical purposes
Legal Requirements: We may retain data longer if required by law or for legitimate business purposes

You can request deletion of your data at any time by contacting us at dpo@complir.ai.

8. Your Rights (GDPR - EU Residents)

GDPR

If you are in the European Union, you have the following rights under GDPR:

Right to Access: Request a copy of your personal data we hold
Right to Rectification: Request correction of inaccurate or incomplete data
Right to Erasure ("Right to be Forgotten"): Request deletion of your personal data
Right to Restriction: Request limitation of how we process your data
Right to Data Portability: Receive your data in a structured, machine-readable format
Right to Object: Object to processing based on legitimate interests
Right to Withdraw Consent: Withdraw consent at any time (where processing is based on consent)
Right to Lodge a Complaint: File a complaint with your local data protection authority

To exercise these rights, contact us at dpo@complir.ai.

Data Protection Officer: dpo@complir.ai

9. Your Rights (LGPD - Brazil Residents)

LGPD

If you are in Brazil, you have the following rights under LGPD:

Right to Confirmation and Access: Confirm whether we process your data and access your personal data
Right to Correction: Request correction of incomplete, inaccurate, or outdated data
Right to Anonymization, Blocking, or Deletion: Request anonymization, blocking, or deletion of unnecessary or excessive data
Right to Portability: Request transfer of your data to another service provider
Right to Deletion: Request deletion of personal data processed with your consent
Right to Information: Request information about entities with which we share your data
Right to Information about Consent: Be informed about the possibility and consequences of not providing consent
Right to Revoke Consent: Withdraw your consent at any time
Right to Object: Object to processing based on legitimate interest

To exercise these rights, contact us at dpo@complir.ai.

Data Protection Officer (DPO): dpo@complir.ai

You may also file a complaint with ANPD (Autoridade Nacional de Proteção de Dados).

10. Your Rights (CCPA - California Residents)

CCPA

If you are a California resident, you have the following rights under CCPA:

Right to Know: Request information about the categories and specific pieces of personal information we collect, use, and disclose
Right to Delete: Request deletion of your personal information (subject to certain exceptions)
Right to Opt-Out of Sale: We do not sell your personal information. If this changes, you will have the right to opt-out.
Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights

Categories of Personal Information Collected:

Identifiers (name, email, IP address)
Commercial information (usage records)
Internet activity (browsing behavior, interactions)
Professional information (legal documents, case information)

How to Exercise Your Rights:

Submit a verifiable request by emailing dpo@complir.ai.

We will respond within 45 days of receiving your request. You may designate an authorized agent to make requests on your behalf.

11. Cookies and Tracking Technologies

We use a minimal set of cookies strictly necessary for our service:

Essential Cookies: Authentication and security (Auth0, CSRF protection)
Functional Cookie: Language preference (NEXT_LOCALE)

We do not use analytics, advertising, or tracking cookies of any kind.

For detailed information about cookies, see our Cookie Policy.

12. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws.

EU Data Transfers: When transferring data outside the EU, we ensure appropriate safeguards such as:

Standard Contractual Clauses (SCCs) approved by the European Commission
Adequacy decisions
Binding Corporate Rules

Brazil Data Transfers: International transfers comply with LGPD requirements and use appropriate safeguards.

We ensure that all international transfers maintain an adequate level of data protection.

13. Children's Privacy

Our Service is not intended for individuals under the age of 21 (or the minimum age required in your jurisdiction). We do not knowingly collect personal information from children.

If you believe we have collected information from a child, please contact us immediately at support@complir.ai, and we will delete the information.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements.

We will notify you of material changes by:

Posting the updated policy on this page with a new "Last Updated" date
Sending an email notification to your registered email address
Displaying a prominent notice in the Service

Your continued use of the Service after changes become effective constitutes acceptance of the updated Privacy Policy.

15. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email: dpo@complir.ai
Data Protection Officer: dpo@complir.ai
Website: https://complir.ai

For GDPR inquiries: dpo@complir.ai

For LGPD inquiries: dpo@complir.ai

For CCPA inquiries: dpo@complir.ai