← Back to home

Privacy Policy

Last updated: February 2026

Who We Are

Sophia.law provides AI-powered compliance tools for legal professionals. For privacy inquiries, contact us at privacy@sophia.law.

Data We Collect

Account data: Name, email, firm name, and billing information when you register.

Usage data: Queries submitted to Sophia, documents generated, and feature usage patterns.

Technical data: IP address, browser type, and device information for security and service optimization.

Communications: Support tickets, feedback, and correspondence with our team.

How We Use Your Data

  • Provide and improve our AI compliance services
  • Process your queries and generate documents
  • Send service updates and respond to support requests
  • Detect and prevent fraud or abuse
  • Comply with legal obligations

Legal basis (GDPR): Contract performance (Art. 6(1)(b)), legitimate interests (Art. 6(1)(f)), and legal compliance (Art. 6(1)(c)).

AI & Your Data

Your queries are processed by our AI systems to generate responses. We do not use your client data to train our models. Query content is retained for 90 days to provide conversation history and improve response quality, then automatically deleted.

Generated documents remain accessible in your account until you delete them.

Data Sharing

We do not sell your data. We share data only with:

  • Infrastructure providers: EU-based cloud hosting (AWS Frankfurt, Hetzner)
  • Payment processors: Stripe for billing
  • Analytics: Plausible (privacy-focused, no cookies)

All sub-processors are bound by data processing agreements with EU-adequate protections.

International Transfers

Your data is processed and stored within the European Economic Area. Where transfers outside the EEA are necessary (e.g., certain AI model providers), we rely on Standard Contractual Clauses and verify adequate security measures.

Security

We implement encryption in transit (TLS 1.3) and at rest (AES-256), access controls, audit logging, and regular security assessments.

Retention

Account data is retained while your account is active and for 2 years after closure for legal compliance. Query logs are retained for 90 days. You can request earlier deletion at any time.

Your Rights

Under GDPR, you have the right to:

  • Access your personal data
  • Rectify inaccurate data
  • Request deletion ("right to be forgotten")
  • Restrict or object to processing
  • Data portability
  • Lodge a complaint with a supervisory authority

To exercise these rights, email privacy@sophia.law. We respond within 30 days.

Cookies

We use only essential cookies for authentication and session management. We use Plausible for analytics, which does not use cookies or collect personal data.

Changes

We may update this policy and will notify you of material changes via email or in-app notice. Continued use after changes constitutes acceptance.

Contact

privacy@sophia.law