IU
Conseloria

Updated

Privacy and Data Use Policy

Effective November 16, 2025

This policy explains how we collect, use, store and protect data when you use Conseloria.

1. Controller and scope

  • The controller is the owner of Conseloria identified in the billing information.
  • This Policy applies to lawyers, law firms and authorized staff who use Conseloria.
  • By using the Service you accept the data processing described here and in applicable laws.

2. Data we collect

  • Account data: full name, professional email, hashed password, billing data and plan preferences.
  • Uploaded content: documents, case files, notes and messages that may include third-party data.
  • Usage metadata: activity logs, IP, device type, processed volume, queries and technical logs.
  • Payment information: handled by certified providers; we do not store full card details.

3. Purposes and legal bases

  • Provide, maintain and improve the Service (contract performance).
  • Manage onboarding, billing, payments and legal obligations (contract and legal compliance).
  • Monitor usage, prevent fraud and security incidents (legitimate interest).
  • Offer support and communicate relevant changes (contract and legitimate interest).
  • Where required we will request your consent for specific processing activities.

4. AI processing

  • Documents are processed with private models and trusted providers bound by data protection agreements.
  • We do not reuse identifiable case files to train public models.
  • We may use anonymized data to evaluate performance and develop new features.
  • You can request more information about our AI providers at privacidad@conseloria.com.

5. Retention and deletion

  • We retain account data while the subscription remains active and for a reasonable time afterwards.
  • We retain uploaded documents while the account is active; you may delete them or request deletion.
  • After cancellation we delete or anonymize data within reasonable timelines, including backups.
  • Minimal records may be kept to address claims or legal requirements.

6. Sharing with third parties

  • Technology sub-processors access only the data needed and are bound by protection agreements.
  • We may share information with professional advisors when strictly necessary.
  • We will disclose information if compelled by a competent authority.
  • We do not sell databases or share case files for third-party marketing purposes.

7. Information security

  • We use TLS encryption in transit and strong encryption at rest.
  • We enforce role-based access controls, auditing and continuous monitoring.
  • We maintain incident response and notification procedures aligned with applicable regulations.

8. Data subject rights

  • You may request access, rectification or updates to your personal data.
  • You may request deletion, restriction or portability when allowed by law.
  • We will respond within statutory deadlines and may verify your identity.
  • You can lodge complaints with the competent data protection authority.

9. Cookies and similar technologies

  • We use essential cookies for authentication and session management.
  • We may use analytics cookies to improve the experience, mainly on aggregated data.
  • You can configure your browser to reject cookies, although some features might be affected.
  • Where required we will seek consent before enabling non-essential cookies.

10. International data transfers

  • We may host data in data centers located in different countries with adequate safeguards.
  • When required we will implement valid transfer mechanisms such as Standard Contractual Clauses.
  • We contractually require our providers to offer protection levels equivalent to the origin jurisdiction.

11. Minors

  • The Service is intended solely for professional legal organizations and not for minors.
  • We do not knowingly collect data from minors; if we detect it, we will delete it.

12. Policy changes and contact

  • We may update this Policy to reflect changes in the Service, providers or regulations.
  • We will notify active customers about relevant updates.
  • Continued use after the effective date constitutes acceptance.
  • For privacy inquiries contact privacidad@conseloria.com.

13. AI usage disclaimers

  • Assistant outputs may contain errors, be incomplete or lack context.
  • We are not responsible for decisions made solely on automated outputs.
  • Review and validate generated texts before sharing them with clients or authorities.