Privacy Policy

1. Introduction

The AI Company LTD ("we", "us", or "our") operates THEMIS AI, an AI-powered legal research platform. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

We are committed to protecting the privacy and confidentiality of the information entrusted to us, particularly given the sensitive nature of legal work.

2. Information We Collect

2.1 Information You Provide

• Account Information: Name, email address, organization name, job title, and password when you register
• Profile Information: Professional details, preferences, and settings you configure
• Documents and Content: Legal documents, case files, and other content you upload to the Service
• Queries and Communications: Questions you ask the AI, chat history, and support communications
• Payment Information: Billing details processed through our secure payment providers

2.2 Automatically Collected Information

• Usage Data: Pages visited, features used, time spent, and interaction patterns
• Device Information: Browser type, operating system, device identifiers, and IP address
• Log Data: Access times, error logs, and referring URLs
• Cookies and Tracking: Session cookies, authentication tokens, and analytics data

2.3 AI Interaction Data

When you interact with our AI features, we collect:

• Your queries and prompts
• AI-generated responses
• Feedback you provide on AI responses
• Context from uploaded documents used in queries

3. How We Use Your Information

• Provide the Service: Process your queries, manage your cases, and deliver AI-powered legal research
• Improve the Service: Analyze usage patterns to enhance features and user experience
• Customer Support: Respond to inquiries and resolve issues
• Security: Detect and prevent fraud, abuse, and security incidents
• Communications: Send service updates, security alerts, and (with consent) marketing materials
• Legal Compliance: Meet regulatory requirements and respond to legal requests

4. AI and Machine Learning

• AI Processing: Uploaded documents are indexed to provide context-aware responses
• Model Training: We do NOT use your individual documents or queries to train AI models without explicit consent
• Third-Party AI: We may use third-party AI services with appropriate data processing agreements
• Anonymization: Aggregate, anonymized data may be used to improve service quality

5. Data Sharing and Disclosure

We do NOT sell your personal information. We may share data with:

• Service Providers: Cloud hosting, payment processing, and analytics partners under strict contracts
• Your Organization: Tenant administrators can access organization-level data
• Legal Requirements: When required by law, court order, or to protect our rights
• Business Transfers: In connection with mergers, acquisitions, or asset sales (with notice)

6. Data Security

We implement comprehensive security measures including:

• Encryption: Data encrypted in transit (TLS 1.3) and at rest (AES-256)
• Access Controls: Role-based access, multi-factor authentication, and audit logging
• Infrastructure: Secure cloud infrastructure with regular security audits
• Tenant Isolation: Logical separation between tenant data with strict access controls
• Incident Response: Documented procedures for security incident detection and response

7. Data Retention

• Active Accounts: Data retained while your account is active and as needed for services
• Account Deletion: Upon request, we delete personal data within 30 days, subject to legal obligations
• Backups: May be retained for up to 90 days for disaster recovery
• Legal Holds: Data may be retained longer if required by law or litigation
• Ephemeral Files: Temporary uploads are automatically deleted after 24 hours

8. Your Rights

Depending on your jurisdiction, you may have the right to:

• Access: Request a copy of your personal data
• Rectification: Correct inaccurate or incomplete data
• Erasure: Request deletion of your data ("right to be forgotten")
• Portability: Receive your data in a structured, machine-readable format
• Restriction: Limit how we process your data
• Objection: Object to certain processing activities
• Withdraw Consent: Where processing is based on consent, withdraw at any time

To exercise these rights, contact us at [email protected].

9. Cookies and Tracking

9.1 Types of Cookies We Use

• Essential Cookies: Required for authentication and core functionality
• Performance Cookies: Help us understand how you use the Service
• Preference Cookies: Remember your settings and preferences

9.2 Managing Cookies

You can control cookies through your browser settings. Disabling essential cookies may impact Service functionality.

10. International Transfers

Your data may be processed in countries other than Mauritius. We ensure appropriate safeguards are in place, including:

• Standard contractual clauses
• Adequacy decisions where applicable
• Binding corporate rules for international transfers

11. Children's Privacy

The Service is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If we discover that we have collected data from a child, we will delete it promptly.

12. Third-Party Links

The Service may contain links to third-party websites. We are not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies.

13. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes via email or prominent notice on the Service. Your continued use after changes constitutes acceptance.

14. Data Protection Officer

For privacy-related inquiries or to exercise your rights, contact our Data Protection Officer:

15. Regulatory Authority

If you believe we have not addressed your privacy concerns satisfactorily, you have the right to lodge a complaint with the Data Protection Office of Mauritius or your local data protection authority.