Privacy Policy
Last updated: 9 December 2025
1. Introduction
Legal Mate ("we", "us", "our") is committed to protecting your privacy and ensuring the security of your personal data. This Privacy Policy explains how we collect, use, store, and protect your information when you use our AI-powered legal case analysis platform.
Legal Mate is operated by Yair Tech Ltd, a company registered in England and Wales. We are committed to complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
By using Legal Mate, you agree to the collection and use of information in accordance with this policy.
2. Data Controller
The data controller responsible for your personal data is:
Yair Tech Ltd
Email: privacy@legal-mate.ai
Website: https://legal-mate.ai
3. Information We Collect
3.1 Account Information
When you register for Legal Mate, we collect:
- Email address (required)
- Full name (required)
- Phone number (optional)
- Job title (optional)
- Law firm/organisation name
- Business address (optional)
3.2 Case Data
When you create and manage legal cases, we process the following categories of data:
- Client information: Names, contact details, case reference numbers
- Financial information: Bank names, account types, transaction amounts, disputed amounts
- Complaint details: Fraud descriptions, complaint narratives, dates and circumstances
- Banking transactions: Transaction dates, amounts, merchant names, payment methods
- Vulnerability information: Special category data regarding client vulnerabilities that may affect case outcomes
- Supporting documents: Bank statements, correspondence, evidence files
3.3 Document Data (DSAR Processing)
When you upload documents for Data Subject Access Request (DSAR) processing:
- PDF documents containing bank statements and financial records
- Extracted transaction data including dates, amounts, and descriptions
- OCR-processed text and images from documents
3.4 Usage Data
We automatically collect:
- Login timestamps and session information
- Features used and actions performed
- API usage and processing metrics
- Error logs and performance data
3.5 Payment Information
Payment processing is handled by Stripe. We store subscription status and invoice references but do not store credit card numbers or full payment details on our servers.
4. Special Category Data
Legal Mate may process special category data as defined under UK GDPR Article 9, including:
- Health-related vulnerability information relevant to Financial Ombudsman Service (FOS) cases
- Information about mental health conditions affecting decision-making capacity
- Data relating to financial hardship or difficult personal circumstances
This data is only processed where it is necessary for the establishment, exercise, or defence of legal claims, or where you have given explicit consent. Such data is treated with the highest level of security and access controls.
5. Legal Basis for Processing
We process your personal data under the following legal bases:
Contract Performance (Article 6(1)(b))
Processing necessary to provide Legal Mate services, including case analysis, document processing, and AI-powered legal research.
Legitimate Interests (Article 6(1)(f))
Processing for service improvement, security, fraud prevention, and business analytics, balanced against your rights and interests.
Legal Obligation (Article 6(1)(c))
Processing required to comply with legal requirements, including financial regulations and data protection laws.
Explicit Consent (Article 9(2)(a))
For processing special category data such as health-related vulnerability information.
6. How We Use Your Data
We use your personal data to:
- Provide AI-powered legal case analysis and recommendations
- Process and extract data from uploaded documents (OCR)
- Search and match cases against legal precedent databases
- Generate reports, decision letters, and case summaries
- Process payments and manage subscriptions
- Send service-related communications and updates
- Improve our AI models and service quality
- Detect and prevent fraud or misuse
- Comply with legal obligations
7. AI and Automated Processing
Legal Mate uses artificial intelligence to analyse legal cases and provide recommendations. This includes:
- Natural language processing of case descriptions and documents
- Optical Character Recognition (OCR) of uploaded documents
- Vector similarity search for precedent matching
- AI-generated case analysis and success probability estimates
- Conversational AI for case intake
Important: AI-generated analysis is provided as a decision-support tool only. All final decisions regarding legal cases remain with qualified legal professionals. We do not make automated decisions that produce legal effects without human review.
You have the right to request human review of any AI-generated analysis or recommendation.
8. Data Sharing with Third Parties
We share your data with the following categories of third-party service providers:
AI Training Exclusion
None of our AI sub-processors use your data for model training. All data is processed via enterprise API agreements that explicitly prohibit the use of customer data for training purposes.
OpenAI (United States)
Purpose: AI analysis, document OCR, text embeddings, and chat functionality
Data shared: Case descriptions, document content, chat messages
Training exclusion: Data sent via our enterprise API is not used by OpenAI for model training or improvement. Data is processed and discarded in accordance with their API data usage policies.
Supabase (United States/EU)
Purpose: Database hosting, user authentication, file storage
Data shared: All application data including user accounts, cases, and documents
Stripe (United States)
Purpose: Payment processing, subscription management
Data shared: Billing information, subscription status, firm identifier
Sentry (United States)
Purpose: Error tracking and performance monitoring
Data shared: Error logs, user identifiers (anonymised where possible), performance metrics
All third-party providers are bound by Data Processing Agreements (DPAs) and are required to implement appropriate security measures. For transfers to the United States, we rely on Standard Contractual Clauses (SCCs) approved by the UK Information Commissioner's Office.
9. Our Role as Data Processor
When law firms use Legal Mate to process their clients' data, the law firm remains the data controller for that client data, and Legal Mate acts as a data processor on behalf of the law firm.
In this capacity, we:
- Only process client data according to your documented instructions
- Ensure staff with access to client data are bound by confidentiality obligations
- Implement appropriate security measures as detailed in Section 13
- Only engage sub-processors with your authorisation (see Section 8)
- Assist you in responding to data subject requests
- Delete or return client data upon termination of services (subject to legal retention requirements)
- Make available information necessary to demonstrate compliance
Law firms using Legal Mate are responsible for ensuring they have a lawful basis to process their clients' personal data and for providing appropriate privacy notices to their clients.
10. International Data Transfers
Some of our third-party service providers are located outside the United Kingdom. When we transfer personal data internationally, we ensure appropriate safeguards are in place:
- Standard Contractual Clauses (SCCs) for transfers to the United States
- Adequacy decisions where applicable
- Supplementary measures including encryption and access controls
11. Data Retention
We retain your data for the following periods:
| Data Type | Retention Period |
|---|---|
| Account information | Duration of account + 2 years |
| Case data (active) | 6 years from case closure |
| Archived cases | 6 years from archival |
| Uploaded documents | Until deleted by user or 6 years |
| Chat history | 2 years from last message |
| Payment records | 7 years (legal requirement) |
| Activity logs | 1 year |
12. Your Rights
Under UK GDPR, you have the following rights regarding your personal data:
To exercise any of these rights, please contact us at privacy@legal-mate.ai. We will respond to your request within one month.
13. Data Security
We implement appropriate technical and organisational measures to protect your personal data, including:
- Encryption of data in transit (TLS/HTTPS) and at rest
- Multi-tenancy isolation with Row-Level Security (RLS)
- Role-based access controls (admin, lawyer, viewer)
- Regular security audits and vulnerability assessments
- Secure authentication with JWT tokens
- Automatic session timeouts
- Sensitive data filtering in error logs
14. Cookies and Tracking
Legal Mate uses essential cookies required for the application to function:
- Authentication cookies: To maintain your login session
- Preference cookies: To remember your settings (e.g., dark mode)
We do not use third-party advertising or analytics cookies. For more information, see our Cookie Policy.
15. Children's Privacy
Legal Mate is a business-to-business service intended for legal professionals. We do not knowingly collect personal data from individuals under the age of 18. If you believe we have inadvertently collected such data, please contact us immediately.
16. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of significant changes by email or through the Legal Mate application. The "Last updated" date at the top of this policy indicates when it was last revised. Continued use of Legal Mate after changes constitutes acceptance of the updated policy.
17. Complaints
If you have concerns about how we handle your personal data, please contact us first at privacy@legal-mate.ai.
You also have the right to lodge a complaint with the Information Commissioner's Office (ICO):
Information Commissioner's Office
Wycliffe House, Water Lane
Wilmslow, Cheshire, SK9 5AF
Tel: 0303 123 1113
Website: ico.org.uk
18. Contact Us
If you have any questions about this Privacy Policy or our data practices, please contact us: