Patent pending

LegisGate™ is a proprietary compliance intelligence engine — deterministic regulatory rules with AI-assisted analysis layered on top. Not a chatbot. AI Tool Intelligence Reports your Data Protection Team can act on at the click of a button.

Privacy Notice

LegisGate Inc.

Last updated: March 2026

1. Who we are

LegisGate Inc. ("LegisGate", "we", "us", "our") operates the LegisGate compliance intelligence platform at legisgate.com and app.legisgate.com. LegisGate produces AI Tool Intelligence Reports for enterprise Data Protection Teams.

If you use a free trial of the LegisGate platform, the Trial Terms of Service also apply to your trial access.

For privacy inquiries, contact us at: privacy@legisgate.com
legisgate.com/contact

2. What this notice covers

This Privacy Notice explains how LegisGate collects, uses, stores, and shares personal data when you:

  • Visit our website at legisgate.com
  • Use the LegisGate platform at app.legisgate.com
  • Contact us for information or support
  • Enter into a Founding Partner or customer agreement with us

3. Personal data we collect

3.1 — Data you provide directly

Account registration:

  • Name and email address
  • Organization name and role
  • Password (stored in encrypted form — we never see your plain text password)

Platform usage:

  • AI tool information submitted through the intake form
  • Organization profile data including operating regions and industry
  • Vendor documentation you upload for assessment purposes
  • Deployment decisions recorded in the platform

Communications:

  • Email address and message content when you contact us
  • Feedback you provide about the platform

3.2 — Data collected automatically

Website and platform usage data:

  • IP address and approximate location
  • Browser type and version
  • Pages visited and time spent
  • Referring URLs
  • Device type and operating system

Platform performance data:

  • Report generation logs
  • Error and diagnostic logs
  • Feature usage patterns

3.3 — Data we do not collect

LegisGate does not collect:

  • Patient health records or protected health information (PHI) — your AI Tool Intelligence Reports reference PHI handling by your vendors, but you do not upload actual PHI to LegisGate
  • Payment card data — payments are processed by third party payment processors who handle card data directly
  • Special category personal data about our users
  • Personal data about your customers or patients

4. Legal basis for processing (GDPR and UK GDPR)

For users in the European Economic Area, United Kingdom, and Switzerland, we process your personal data on the following legal bases:

Contract performance (Art. 6(1)(b) GDPR): Account registration data, platform usage data, and billing data are processed to perform our contract with you and deliver the LegisGate platform.

Legitimate interests (Art. 6(1)(f) GDPR): Website analytics, platform performance monitoring, security monitoring, and product improvement are processed based on our legitimate interest in operating and improving a secure, functional platform. We have conducted legitimate interests assessments for these processing activities and determined that our interests are not overridden by your data protection rights.

Legal obligation (Art. 6(1)(c) GDPR): We process data as required to comply with applicable law including tax obligations and regulatory requirements.

Consent (Art. 6(1)(a) GDPR): Marketing communications are sent only with your explicit consent. You may withdraw consent at any time by unsubscribing or contacting privacy@legisgate.com.

AI-assisted analysis in the platform involves a separate sub-processor and is described in our AI Transparency Notice.

5. How we use your data

We use your personal data to:

  • Provide and operate the LegisGate platform
  • Generate AI Tool Intelligence Reports based on your submissions
  • Send transactional emails including report notifications and account communications
  • Respond to your support and sales inquiries
  • Improve the platform based on usage patterns
  • Maintain platform security and prevent fraud
  • Comply with legal obligations
  • Enforce our Terms of Service

We do not:

  • Sell your personal data to third parties
  • Use your data to train AI models without your explicit consent
  • Share your data with advertisers
  • Use your organizational or vendor data to generate intelligence reports for other customers

6. Data processors and sub-processors

LegisGate uses the following third party processors to operate the platform. All processors are bound by data processing agreements meeting applicable legal requirements.

ProcessorPurposeLocationSafeguard
Anthropic, Inc.AI-assisted analysis within the intelligence engineUnited StatesStandard Contractual Clauses
Supabase, Inc.Database infrastructure and authenticationUnited StatesStandard Contractual Clauses
Vercel, Inc.Platform hosting and edge computingUnited StatesStandard Contractual Clauses
Resend, Inc.Transactional email deliveryUnited StatesStandard Contractual Clauses
Microsoft CorporationProductivity and communication (Microsoft 365)United StatesStandard Contractual Clauses

We will notify you of any changes to this sub-processor list that materially affect the processing of your personal data.

7. International data transfers

LegisGate is incorporated in the United States. If you are located in the European Economic Area, United Kingdom, or Switzerland, your personal data is transferred to the United States when you use our platform.

We rely on the following transfer mechanisms:

European Economic Area: European Commission Standard Contractual Clauses (2021) with supplementary measures including encryption in transit and at rest, access controls, and contractual commitments against unauthorized government access.

United Kingdom: ICO-approved International Data Transfer Agreement (IDTA) or UK Addendum to EU Standard Contractual Clauses.

Switzerland: Swiss Federal Data Protection and Information Commissioner (FDPIC) approved standard contractual clauses.

A copy of our transfer impact assessment is available to enterprise customers upon request.

8. Data retention

We retain your personal data for the following periods:

Data typeRetention period
Account dataDuration of account plus 2 years
AI Tool Intelligence ReportsDuration of account plus 7 years
Final Designation ReportsDuration of account plus 7 years
Billing records7 years (tax obligation)
Support communications3 years
Website analytics13 months
Security logs12 months

Upon account deletion we will delete or anonymize your personal data within 30 days except where retention is required by law or legitimate business interest.

9. Your rights

Depending on your location you may have the following rights regarding your personal data:

Right of access: Request a copy of the personal data we hold about you.

Right to rectification: Request correction of inaccurate personal data.

Right to erasure: Request deletion of your personal data subject to legal retention obligations.

Right to restriction: Request that we restrict processing of your personal data in certain circumstances.

Right to data portability: Receive your personal data in a structured, commonly used, machine-readable format.

Right to object: Object to processing based on legitimate interests.

Right to withdraw consent: Where processing is based on consent, withdraw consent at any time without affecting the lawfulness of prior processing.

Right to lodge a complaint: Lodge a complaint with your local supervisory authority:

  • EU/EEA: Your national data protection authority
  • United Kingdom: Information Commissioner's Office (ico.org.uk)
  • Switzerland: Federal Data Protection and Information Commissioner (edoeb.admin.ch)
  • United States (California): California Privacy Protection Agency

To exercise any of these rights contact us at privacy@legisgate.com. We will respond within 30 days.

10. Cookies

LegisGate uses the following cookies:

Essential cookies: Required for platform authentication and security. Cannot be disabled.

Analytics cookies: Used to understand how visitors use our website and platform. You may opt out through our cookie preference center.

Performance cookies: Used to monitor platform performance and diagnose errors. You may opt out through our cookie preference center.

We do not use advertising cookies or share cookie data with advertisers.

Details: Cookie Policy.

11. Children's privacy

The LegisGate platform is intended for enterprise professionals and is not directed at individuals under the age of 18. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child please contact us at privacy@legisgate.com.

12. Changes to this notice

We will notify you of material changes to this Privacy Notice by email to your registered address and by posting the updated notice at legisgate.com/privacy with a revised "Last updated" date. Continued use of the platform following notification constitutes acceptance of the updated notice.

13. Contact us

For privacy inquiries, data subject rights requests, or questions about this notice:

Email: privacy@legisgate.com

For enterprise customers with a Data Processing Agreement in place, please use the contact details specified in your DPA.

← Back to home