Privacy Policy

Your privacy is important to us. This policy explains how we collect, use, and protect your personal information.

Last updated: 26 May 2025

Introduction

Casper AI Limited ("we", "our", or "us") is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered legal platform and related services (the "Service").

This policy applies to all users of our Service, including visitors to our website, prospective customers, and enterprise clients. By using our Service, you consent to the data practices described in this policy.

Information We Collect

Personal Information

We may collect the following types of personal information:

  • Contact Information: Name, email address, phone number, job title, company name
  • Account Information: Username, password, profile information
  • Professional Information: Law firm details, practice areas, role within organisation
  • Communication Data: Records of communications with us, including support requests
  • Billing Information: Payment details, billing address (processed securely by third-party providers)

Document and Usage Data

  • Document Content: Legal documents uploaded for analysis (processed in accordance with strict confidentiality measures)
  • Usage Analytics: How you interact with our Service, features used, time spent
  • Technical Data: IP address, browser type, device information, operating system
  • Cookies and Tracking: See our Cookie Policy for detailed information

How We Use Your Information

We use your information for the following purposes:

  • Service Provision: To provide, maintain, and improve our AI-powered legal analysis services
  • Document Processing: To analyse legal documents and provide insights, reports, and recommendations
  • Account Management: To create and manage your account, process payments, and provide customer support
  • Communication: To send service updates, security alerts, and administrative messages
  • Improvement: To enhance our AI models and platform functionality (using anonymised data only)
  • Compliance: To comply with legal obligations and protect our rights
  • Marketing: To send promotional communications (with your consent, where required)

Legal Basis for Processing (GDPR)

Under the General Data Protection Regulation (GDPR), we process your personal data based on the following legal grounds:

  • Contract Performance: Processing necessary to perform our services under our agreement with you
  • Legitimate Interests: For service improvement, security, and business operations
  • Consent: Where you have provided explicit consent (e.g., for marketing communications)
  • Legal Obligation: To comply with applicable laws and regulations

Data Location and Security

Data Residency: All your data is stored and processed exclusively within the United Kingdom and the European Union. Your data will never be transferred to or processed outside of the UK and EU.

We implement industry-standard security measures to protect your information:

  • Encryption: All data is encrypted in transit and at rest using AES-256 encryption
  • Access Controls: Strict access controls and authentication requirements
  • ISO 27001 Compliance: Our platform maintains ISO 27001 certification
  • Regular Audits: Regular security assessments and penetration testing
  • Data Isolation: Client data is logically separated and access-controlled
  • Incident Response: Comprehensive incident response and breach notification procedures

Data Sharing and Disclosure

We do not sell your personal information. We may share information in the following limited circumstances:

  • Service Providers: With trusted third-party vendors who assist in providing our services (all located within the UK and EU)
  • Legal Requirements: When required by law, court order, or regulatory authority
  • Business Transfers: In connection with a merger, acquisition, or sale of assets
  • Consent: With your explicit consent for specific purposes
  • Protection: To protect our rights, property, or safety, or that of others

Data Retention

We retain your information for as long as necessary to provide our services and comply with legal obligations:

  • Account Data: Retained whilst your account is active and for 3 years after closure
  • Document Data: Retained according to your data retention settings or contractual agreements
  • Usage Analytics: Aggregated and anonymised data may be retained indefinitely
  • Legal Requirements: Some data may be retained longer to comply with legal obligations

Your Privacy Rights

You have the following rights regarding your personal information:

  • Access: Request access to your personal data
  • Rectification: Request correction of inaccurate or incomplete data
  • Erasure: Request deletion of your personal data (subject to legal requirements)
  • Portability: Request transfer of your data to another service
  • Restriction: Request limitation of processing in certain circumstances
  • Objection: Object to processing based on legitimate interests
  • Withdraw Consent: Withdraw consent where processing is based on consent

To exercise these rights, please contact us at hello@casper.law.

Children's Privacy

Our Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that we have collected such information, we will take steps to delete it promptly.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on our website and updating the "Last updated" date. For significant changes, we may also notify you via email.

Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

Casper AI Limited

Email: hello@casper.law