← Back to Legmint

Privacy Policy

Last updated: 2025-11-09

Your Privacy Matters

Global Legal Consulting Ltd ("Legmint," "we," "us") is committed to protecting your personal data and respecting your privacy rights. This Privacy Policy explains how we collect, use, share, and protect your information when you use our platform at legmint.com.

GDPR Compliance

If you are located in the European Union or United Kingdom, this policy complies with the General Data Protection Regulation (GDPR) and UK GDPR. You have specific rights regarding your personal data—see Section 9 for details.

Contents

  1. 1. Data Controller
  2. 2. What Data We Collect
  3. 3. How We Use Your Data
  4. 4. Legal Basis for Processing (GDPR)
  5. 5. Who We Share Data With
  6. 6. International Data Transfers
  7. 7. How Long We Keep Your Data
  8. 8. Security Measures
  9. 9. Your Privacy Rights
  10. 10. Cookies & Tracking
  11. 11. Children's Privacy
  12. 12. Changes to This Policy
  13. 13. Contact & Data Protection Officer

1. Data Controller

Global Legal Consulting Ltd is the data controller responsible for your personal data.

Company Name: Global Legal Consulting Ltd

Registered Address: 128 City Road, London, EC1V 2NX, United Kingdom

Contact Email: welcome@legmint.com

Data Protection Officer (DPO): privacy@legmint.com

2. What Data We Collect

We collect the following categories of personal data:

a) Account & Identity Information

  • Name, email address, password (hashed)
  • Authentication data managed by Clerk (our authentication provider)
  • Account preferences and settings

b) Payment & Billing Information

  • Billing name, address, and tax information (collected by Stripe, our payment processor)
  • Payment card details (tokenized and stored by Stripe—Legmint never sees your full card number)
  • Transaction history, invoices, and receipts

c) Document Generation Data

  • Inputs you provide when customizing legal templates (company names, addresses, dates, contractual terms, etc.)
  • Generated documents are stored in AWS S3 (encrypted at rest) for your access and download
  • We do not read or analyze the content of your documents unless required for technical support or legal compliance

d) Usage & Analytics Data

  • IP address, browser type, device information, operating system
  • Pages visited, time spent on pages, clickstream data
  • Referral source (how you found Legmint)
  • Error logs and performance metrics (to improve service reliability)

e) Communications

  • Emails, support tickets, and chat messages you send to us
  • Transactional emails (order confirmations, password resets) sent via SendGrid

f) Lawyer Referral Data

  • Information about consultations booked through our referral marketplace
  • Ratings, reviews, and feedback on lawyers (anonymized where possible)
  • Communication between you and lawyers occurs outside Legmint's systems—we do not monitor or store those conversations

3. How We Use Your Data

We use your personal data to:

  • Provide our services: Create your account, generate documents, process payments, deliver downloads
  • Communicate with you: Send order confirmations, support responses, service updates, and (with your consent) marketing emails
  • Improve the platform: Analyze usage patterns, fix bugs, optimize performance, and develop new features
  • Ensure security: Detect fraud, prevent abuse, enforce our Terms of Service
  • Comply with legal obligations: Tax reporting, responding to lawful requests from authorities, dispute resolution
  • Facilitate lawyer referrals: Connect you with attorneys, manage bookings, process referral fees

5. Who We Share Data With

We do not sell your personal data. We share data only with trusted service providers and as required by law:

a) Service Providers (Data Processors)

These third parties process data on our behalf under strict data processing agreements:

ProviderPurposeLocation
StripePayment processing and subscription managementUS (Standard Contractual Clauses)
ClerkAuthentication and user account managementUS (Standard Contractual Clauses)
AWS S3Secure document storage (encrypted at rest)EU region
SendGridTransactional email deliveryUS (Standard Contractual Clauses)
VercelFrontend hosting and content deliveryGlobal CDN
RenderBackend API hostingEU region

b) Lawyers (Independent Controllers)

  • When you book a consultation via our referral marketplace, we share your contact information with the lawyer you select.
  • Lawyers are independent data controllers responsible for how they handle your data during consultations.

c) Legal & Compliance Disclosures

  • We may disclose data to comply with court orders, subpoenas, tax authorities, or other lawful requests.
  • We may share data to enforce our Terms, protect our rights, or investigate fraud.

6. International Data Transfers

Legmint operates globally. Your data may be transferred to and processed in countries outside the EU/UK, including the United States.

Safeguards:

  • Standard Contractual Clauses (SCCs): We use EU-approved SCCs with US-based processors (Stripe, Clerk, SendGrid) to ensure GDPR-level protection.
  • EU/UK hosting: Where possible, we use EU/UK data centers (e.g., AWS S3 in Frankfurt, Render EU region).
  • Encryption: Data in transit is encrypted via TLS; data at rest is encrypted in AWS S3.

For more information on safeguards, contact our DPO at privacy@legmint.com.

7. How Long We Keep Your Data

We retain personal data only as long as necessary:

  • Account data: Retained while your account is active, plus 90 days after closure (to handle support requests or disputes).
  • Generated documents: Stored for the lifetime of your account or until you delete them. Deleted documents are permanently removed within 30 days.
  • Payment records: Retained for 7 years to comply with tax and accounting laws.
  • Marketing consent: Retained until you withdraw consent or for 2 years of inactivity.
  • Analytics & logs: Aggregated/anonymized data may be retained indefinitely for research and service improvement.

8. Security Measures

We implement industry-standard security measures to protect your data:

  • Encryption: TLS 1.2+ for data in transit; AES-256 encryption at rest for documents in AWS S3.
  • Access controls: Role-based access; only authorized personnel can access sensitive data.
  • Authentication: Passwords are hashed using bcrypt; Clerk manages secure authentication flows.
  • Monitoring: Automated alerts for suspicious activity; regular security audits.
  • Vendor security: We vet all third-party processors for SOC 2, ISO 27001, or equivalent certifications.

No system is 100% secure. If you suspect a breach, contact privacy@legmint.com immediately.

9. Your Privacy Rights

a) Rights Under GDPR (EU/UK Users)

You have the right to:

  • Access: Request a copy of your personal data we hold.
  • Rectification: Correct inaccurate or incomplete data.
  • Erasure ("right to be forgotten"): Request deletion of your data (subject to legal retention requirements).
  • Restriction: Limit how we process your data in certain circumstances.
  • Data portability: Receive your data in a machine-readable format (e.g., JSON, CSV).
  • Object: Object to processing based on legitimate interests or direct marketing.
  • Withdraw consent: Revoke consent for marketing or optional cookies at any time.
  • Lodge a complaint: File a complaint with your national supervisory authority (see Section 9c).

b) Rights Under CCPA (California Users)

If you are a California resident, you have the right to:

  • Know what personal information we collect and how we use/share it.
  • Request deletion of your personal information.
  • Opt out of the "sale" of personal information (note: we do not sell data).
  • Non-discrimination for exercising your rights.

c) How to Exercise Your Rights

To exercise any of these rights, email privacy@legmint.com with the subject line "Privacy Rights Request" and include:

  • Your account email address
  • The right you wish to exercise (e.g., access, deletion)
  • Verification information (we may ask for proof of identity)

We will respond within 30 days (GDPR) or 45 days (CCPA).

d) Supervisory Authorities (EU/UK)

If you are unhappy with how we handle your data, you can lodge a complaint with your local data protection authority:

10. Cookies & Tracking

Legmint uses minimal cookies and tracking technologies:

a) Essential Cookies

  • Session cookies: Keep you logged in, remember preferences (required for platform functionality).
  • Security cookies: Prevent CSRF attacks, verify authentication.

b) Analytics Cookies (Optional)

  • We may use Google Analytics or similar tools to understand usage patterns (anonymized where possible).
  • You can opt out via cookie banner or browser settings.

c) Managing Cookies

  • Adjust preferences via your browser settings or our cookie consent banner.
  • Disabling essential cookies may prevent you from using core features.

11. Children's Privacy

Legmint is not intended for individuals under 16 years old (or under 18 in jurisdictions where the age of majority is 18).

  • We do not knowingly collect personal data from children.
  • If we learn that we have collected data from a child without parental consent, we will delete it promptly.
  • If you believe a child has provided us with data, contact privacy@legmint.com.

12. Changes to This Policy

  • We may update this Privacy Policy to reflect changes in our practices, legal requirements, or new features.
  • Material changes will be notified via email or a prominent notice on the Platform at least 30 days before they take effect.
  • Continued use after changes constitutes acceptance. If you disagree, please close your account.

13. Contact & Data Protection Officer

If you have questions about this Privacy Policy or wish to exercise your rights, please contact us:

General Inquiries: welcome@legmint.com

Data Protection Officer (DPO): privacy@legmint.com

Company: Global Legal Consulting Ltd

Address: 128 City Road, London, EC1V 2NX, United Kingdom

Related Legal Documents

Refund PolicyTerms of ServicePricingContact Support