Privacy Policy

Account information: When you create an account, we collect your full name, email address, phone number, organization name, and professional role. This information is necessary to provide you with access to the Platform and to manage your subscription.

Device and technical information: We automatically collect technical data including your IP address, browser type and version, device type, operating system, and user agent string. Each user account may have up to four (4) active devices, and we track device-specific information for security purposes (login activity, last active timestamp, IP address per device).

Usage data: When you use the Platform, we collect data about your interactions, including search queries, AI chat conversations, features accessed, documents created or uploaded, and interaction patterns. This data is used to improve our services and is anonymized and aggregated wherever possible.

Payment information: Payment data (credit card numbers, billing details) is collected and processed exclusively by our payment processor, Stripe, Inc. Leyona Technologies does not store, access, or process your full payment card information. We retain only Stripe customer and subscription identifiers necessary to manage your subscription.

Authentication data: We use one-time passwords (OTP) for certain verification processes. OTPs are temporary (5-minute validity), limited to three (3) verification attempts, and automatically deleted after use or expiration.

Your information is used to provide, maintain, and improve the Platform, including AI-powered legal search, AI chat assistance, contract lifecycle management, electronic signatures, and regulatory monitoring features. We also use your information to manage your subscription, process billing, and provide customer support.

We use anonymized and aggregated usage data to improve our AI models and Platform performance. Your confidential legal documents and contracts are never used for AI model training. AI processing of your queries and documents is performed solely to deliver the requested service to you.

We use your contact information to send essential service communications, including account verification, security alerts, billing notifications, subscription updates, and trial expiration reminders. With your consent, we may also send product announcements and legal industry insights. You may opt out of non-essential communications at any time.

All data is stored on Microsoft Azure enterprise-grade cloud infrastructure with AES-256 encryption at rest and TLS 1.3 encryption in transit. User passwords are cryptographically hashed and never stored in plain text. Payment tokens are managed exclusively by Stripe (PCI-DSS Level 1 certified).

We implement strict access controls, regular security audits, and continuous monitoring to protect your data. Access to production systems is restricted to authorized personnel only and requires multi-factor authentication.

Client data is logically isolated at the organizational level — no organization can access another organization's data. We maintain comprehensive audit trails for all data access events. Webhook payloads and billing events are logged for compliance and dispute resolution purposes.

We use the following categories of third-party service providers to operate the Platform. Each sub-processor is contractually bound by data processing agreements to protect your data and use it only for the purposes we specify:

Stripe, Inc. (United States): Payment processing and subscription management. Stripe is PCI-DSS Level 1 certified. Stripe's privacy policy governs the handling of your payment data. Resend: Transactional email delivery for account notifications, billing alerts, and service communications. Microsoft Azure (including Azure OpenAI and Azure Cognitive Services): Cloud infrastructure, AI model hosting, search indexing, and data storage.

We do not sell, rent, or trade your personal information to third parties for marketing purposes. We will never share your confidential legal data with any third party without your explicit prior consent, except where required by law or court order.

Leyona Technologies maintains an up-to-date list of sub-processors and will notify Users of any material changes to sub-processor arrangements that may affect the processing of their personal data.

Active accounts: Your personal data is retained for as long as your account remains active and a valid subscription exists. Usage data and interaction logs are retained for analytics purposes in anonymized form.

Cancelled or terminated accounts: Following account cancellation or termination, your data is retained for thirty (30) days to allow you to export your data or reactivate your account. After this period, personal data and user-generated content are permanently deleted from our active systems.

Legal retention obligations: Billing records and invoices are retained for the period required by applicable tax law (up to ten (10) years under Moroccan tax regulations). Audit logs related to security events are retained for twelve (12) months. Data that is subject to a legal hold or ongoing dispute will be retained until the matter is resolved.

You have the right to access, rectify, or delete your personal data at any time. You may request a copy of your data in standard machine-readable formats (JSON, CSV) or request complete account deletion by contacting us at the address provided below.

You have the right to object to certain processing activities, to request restriction of processing, and to withdraw your consent for non-essential data processing at any time. Withdrawal of consent does not affect the lawfulness of processing carried out prior to withdrawal.

For users in Morocco: Your rights are protected under Law 09-08 on the Protection of Individuals with Regard to the Processing of Personal Data. You may file a complaint with the Commission Nationale de Controle de la Protection des Donnees a Caractere Personnel (CNDP) if you believe your data protection rights have been violated.

For users in the UAE: Your rights are protected under Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data. For users in the European Union: Your rights are protected under the General Data Protection Regulation (GDPR), including the right to data portability and the right to lodge a complaint with your local supervisory authority.

Your data may be processed in jurisdictions outside your country of residence, including but not limited to the locations where our cloud infrastructure and sub-processors operate. Where such transfers occur, Leyona Technologies ensures that appropriate safeguards are in place, including standard contractual clauses and sub-processor data processing agreements.

By using the Platform, you acknowledge and consent to the processing of your data in accordance with this Privacy Policy, including international transfers necessary to provide the Platform services.

If you have any questions about this Privacy Policy, wish to exercise your data protection rights, or have concerns about our data practices, please contact Leyona Technologies SARL-AU at: Rue Dakar IMM N 5 APPT N 1 Ocean Rabat, Morocco.

Email us at saad.lachhab@lawis.ai