Sophia logosophia

Privacy Policy

Last updated: September 3, 2025

1. Introduction

Sophia ("we," "our," or "us") respects your privacy and is committed to protecting your personal data. This privacy policy explains how we collect, use, and safeguard your information when you use our AI legal assistant service.

As a service designed for legal professionals handling sensitive client data, we maintain the highest standards of data protection and comply with GDPR and other applicable privacy laws.

2. Data We Collect

2.1 Account Information

  • Name and professional credentials
  • Email address and contact information
  • Law firm or organization details
  • Billing and payment information

2.2 Usage Data

  • Queries and prompts submitted to our AI system
  • Generated documents and legal content
  • Integration data from connected legal tools
  • Usage patterns and feature interactions

2.3 Technical Data

  • IP address and device information
  • Browser type and version
  • Login times and session data
  • Error logs and performance metrics

3. How We Use Your Data

We use your personal data for the following purposes:

  • Service Provision: To provide and maintain our AI legal assistant service
  • Legal Assistance: To generate legal documents and provide compliance guidance
  • Account Management: To manage your subscription and provide customer support
  • Security: To monitor and prevent unauthorized access or misuse
  • Improvement: To analyze usage patterns and improve our service (with anonymized data only)

4. Legal Basis for Processing

Under GDPR, we process your personal data based on:

  • Contract Performance: To fulfill our service obligations
  • Legitimate Interest: To improve our service and ensure security
  • Legal Obligation: To comply with applicable laws and regulations
  • Consent: Where explicitly provided for specific processing activities

5. Data Security

We implement comprehensive security measures:

  • Encryption: All data is encrypted in transit (TLS 1.3) and at rest (AES-256)
  • EU Hosting: All data is stored within the European Union
  • Access Controls: Strict role-based access with multi-factor authentication
  • Regular Audits: Security assessments and penetration testing
  • Incident Response: Established procedures for data breach response

6. Data Sharing

We do not sell or rent your personal data. We may share data only in limited circumstances:

  • Service Providers: Trusted partners who assist in service delivery (under strict data processing agreements)
  • Legal Requirements: When required by law or to protect legal rights
  • Business Transfer: In the event of a merger or acquisition (with notice to users)

Important: Your legal queries and client data are never shared with third parties or used to train AI models without explicit consent.

7. Your Rights Under GDPR

As an EU data subject, you have the right to:

  • Access: Request copies of your personal data
  • Rectification: Request correction of inaccurate data
  • Erasure: Request deletion of your personal data
  • Portability: Request transfer of your data in a structured format
  • Object: Object to processing based on legitimate interests
  • Restrict: Request limitation of processing
  • Withdraw Consent: Where processing is based on consent

To exercise these rights, contact us at privacy@sophia.legal. We will respond within 30 days.

8. Data Retention

We retain personal data only as long as necessary:

  • Account Data: For the duration of your subscription plus 7 years for legal compliance
  • Usage Data: Anonymized after 2 years, deleted after 7 years
  • Legal Documents: As long as required by legal profession regulations
  • Technical Logs: 12 months for security purposes

9. International Transfers

We primarily process data within the EU. Any transfers outside the EU are protected by:

  • European Commission adequacy decisions
  • Standard Contractual Clauses (SCCs)
  • Other appropriate safeguards under GDPR

10. Cookies and Tracking

We use essential cookies for service functionality and optional cookies for analytics (with your consent). You can manage cookie preferences in your browser settings.

11. Contact Information

For privacy-related questions or to exercise your rights:

  • Email: privacy@sophia.legal
  • Data Protection Officer: dpo@sophia.legal
  • Supervisory Authority: You may also contact the Irish Data Protection Commission

12. Changes to This Policy

We may update this privacy policy to reflect changes in our practices or legal requirements. We will notify you of any material changes via email or through our service.