Legibly

Legal

Privacy Policy

Last updated:

This policy describes how Legibly collects, uses, and protects your personal information.

01Who We Are

Legibly is an AI-powered document analysis service. We are responsible for the personal information we collect and process in accordance with applicable privacy laws.

Our designated privacy contact:
Privacy Officer, Legibly
privacy@legibly.ca

02Information We Collect

Account information

When you create an account we collect your email address. If you subscribe to a paid plan, billing is handled directly by Stripe — we never receive or store your payment card details.

Documents you upload

We temporarily receive the file you upload (PDF or photo) to perform the analysis. That file is processed in memory and is never written to persistent storage. Only the resulting plain-language summary is retained.

Usage analytics

We collect aggregate, anonymized analytics — document type, detected region, file size, and processing duration. This data is not linked to your identity and cannot be used to re-identify you.

Server logs

Our servers automatically record IP addresses, browser type, and pages visited. This information is used solely to operate and secure the service.

03Purposes & Legal Basis

We collect and use personal information only for the specific purposes identified at or before the time of collection, and only with your knowledge and consent under applicable privacy law. Those purposes are:

  • To create and manage your account;
  • To provide the document analysis service;
  • To process payments and prevent fraud;
  • To send transactional communications (receipts, account notices);
  • To maintain the security and performance of the service.

We do not sell your personal information. We do not use your uploaded documents to train AI models.

04Disclosure to Third Parties

We share personal information only with service providers who require it to deliver the service, and only under written data-processing agreements:

  • Supabase

    Authentication and database hosting. Your account data is stored on servers in the United States. Supabase is contractually bound to protect your data and processes it only on our instructions.

  • Stripe

    Subscription billing. Stripe processes payment information directly and is subject to its own published privacy policy.

  • Anthropic

    The AI model that generates document summaries. The text extracted from your document is sent to Anthropic's API. Anthropic does not use API inputs to train its models under its commercial API terms.

We may also disclose information when required by a valid court order, search warrant, or other legal process.

Cross-border transfers. Because Supabase and Anthropic operate in the United States, your personal information may be processed outside your country and become subject to U.S. law, including lawful government access. We take contractual steps to require equivalent protection where applicable.

05Data Retention

  • Uploaded files: Deleted immediately after analysis — never persisted to disk.
  • Analysis summaries: Retained for 90 days, then permanently and automatically deleted.
  • Account information: Retained while your account is active. You may delete your account at any time from the Account tab; deletion is immediate and permanent.
  • Anonymized analytics: Retained indefinitely as aggregate statistics that cannot identify you.

06Your Privacy Rights

Under applicable privacy laws, you may have the right to:

  • Know what personal information we hold about you and how it is used;
  • Access the personal information we hold about you;
  • Request correction of inaccurate or incomplete information;
  • Withdraw consent to our collection and use of your information (which may prevent us from providing the service);
  • File a complaint with the relevant privacy regulator in your jurisdiction.

To exercise any of these rights, email privacy@legibly.ca. We will respond within 30 days. We may need to verify your identity before fulfilling certain requests.

International users. We extend the same access, correction, and deletion rights to all users regardless of location.

07Security

We apply security safeguards appropriate to the sensitivity of the information, including TLS encryption in transit, row-level security controls on our database, and access restricted to authorized service accounts.

No transmission over the internet is 100% secure; we cannot guarantee absolute security.

08Cookies

We use only essential session cookies required to authenticate you. We do not use tracking, advertising, or analytics cookies.

09Children's Privacy

Legibly is not directed at children under 13. We do not knowingly collect personal information from children. If you believe we have inadvertently collected such information, contact us at privacy@legibly.ca and we will delete it promptly.

10Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or by a notice within the service at least 14 days before they take effect. Your continued use of Legibly after the effective date constitutes acceptance of the updated policy.

11Governing Law

This Privacy Policy is governed by applicable privacy and consumer protection laws. Disputes about privacy practices will be resolved under the jurisdiction of competent courts or the relevant privacy regulator.

12Contact

Privacy questions or complaints: privacy@legibly.ca

General support: support@legibly.ca