Privacy Policy

Legiant ("Legiant", "we", "us") operates the regulatory-monitoring service available at legiant.io and related subdomains (the "Service"). Legiant is the data controller for personal data processed in connection with the Service. You can contact us at hello@legiant.io.

We collect the minimum personal data required to provide the Service:

• Account data — your name, email address, password hash, organisation name, country, VAT number, language preference.
• Usage data — pages visited, features used, timestamps, approximate location derived from IP, browser/device information.
• Billing data — processed by Stripe; we store only the Stripe customer / subscription identifier and metadata returned by Stripe (we never see or store full card numbers).
• Content you submit — feature requests, support messages, tasks, notes, and any text you choose to enter into the Service.

We process the data above to (i) provide and improve the Service, (ii) authenticate users, (iii) bill you and prevent fraud, (iv) communicate operational messages, and (v) comply with our legal obligations. Our legal bases under GDPR are performance of contract, our legitimate interest in running and improving the Service, and your consent where required (e.g. analytics cookies).

We use a small number of cookies and similar technologies:

• Strictly necessary — to authenticate sessions and remember your language preference. These are always on; the Service will not work without them.
• Analytics (optional) — to understand aggregate usage. Loaded only after you accept via the cookie banner.

You can change your preference at any time by clearing your browser storage for this site; the cookie banner will reappear.

We use third-party providers strictly to deliver the Service. Each is bound by a data-processing agreement and processes data only on our instructions:

• Supabase — database and authentication (EU region).
• Vercel — hosting.
• Stripe — payments and invoicing.
• Anthropic — AI text summarisation. Only public regulatory texts are sent; your personal data is not.
• Resend — transactional email (where enabled).

We retain account data for as long as your account is active and for up to 12 months after closure for legal and accounting purposes. Billing records are kept for the period required by applicable tax law. Backups are rotated and overwritten on a rolling basis.

Personal data is hosted in the EU. Some sub-processors (e.g. Anthropic, Stripe) may transfer limited data outside the EEA under the European Commission's Standard Contractual Clauses or an adequacy decision.

If you are in the EEA or UK you have the right to access, rectify, erase, restrict, and port your personal data, and to object to processing. To exercise any of these rights, email hello@legiant.io. You also have the right to lodge a complaint with your local data-protection authority (in Denmark: Datatilsynet).

We use industry-standard measures to protect personal data, including encryption in transit (TLS) and at rest, row-level security in the database, and least-privilege access controls. No system is fully secure, however, and we cannot guarantee absolute security.

We may update this policy from time to time. Material changes will be announced in the Service or by email. Continued use of the Service after an update constitutes acceptance.