Privacy Policy

1. Introduction

Lina (“Company”, “we”, “our”, or “us”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you use our AI-powered legal document generation platform.

We process personal data in accordance with the General Data Protection Regulation (GDPR) and Belgian data protection law. Lina acts as the data controller for the processing activities described in this policy.

2. Data We Collect

We collect the following categories of personal data:

Account Information

• Name and email address
• Organization name and industry
• Account credentials (securely hashed)
• Billing information (processed by Stripe)

Document Data

• Information you provide to generate documents
• Generated documents and their content
• Document revision history

Usage Data

• IP address and device information
• Browser type and language preferences
• Pages visited and features used
• Time and date of access

3. How We Use Your Data

We use your personal data for the following purposes:

• Service Delivery: To provide, maintain, and improve our document generation services
• Account Management: To create and manage your user account
• Communication: To send you service updates, security alerts, and support messages
• Billing: To process payments and manage subscriptions
• Legal Compliance: To comply with applicable laws and regulations
• Security: To detect, prevent, and address technical issues and fraud

4. Legal Basis for Processing

Under GDPR, we process your data based on the following legal grounds:

• Contract Performance: Processing necessary to provide our Services
• Legitimate Interests: To improve our Services and ensure security
• Legal Obligation: To comply with applicable laws
• Consent: For marketing communications (where applicable)

5. Data Sharing

We may share your personal data with:

• Partner Attorneys: When you request attorney review services
• Service Providers: Cloud hosting (Google Cloud), payment processing (Stripe), and analytics
• Legal Authorities: When required by law or to protect our rights

We do not sell your personal data to third parties.

6. AI and Document Processing

7. Data Retention

We retain your personal data for as long as necessary to provide our Services and comply with legal obligations:

• Account Data: Until account deletion, plus 30 days for recovery
• Documents: Until you delete them or close your account
• Billing Records: 7 years (Belgian tax requirements)
• Usage Logs: 90 days for security purposes

8. Your Rights

Under GDPR, you have the following rights:

• Access: Request a copy of your personal data
• Rectification: Correct inaccurate or incomplete data
• Erasure: Request deletion of your personal data
• Restriction: Limit how we process your data
• Portability: Receive your data in a portable format
• Objection: Object to certain processing activities
• Withdraw Consent: Where processing is based on consent

To exercise your rights, contact us at privacy@lina.law. We will respond within 30 days.

9. Data Security

We implement industry-standard security measures to protect your data:

• TLS 1.3 encryption for data in transit
• AES-256 encryption for data at rest
• Regular security audits and penetration testing
• Access controls and employee training
• EU-based data centers (Google Cloud Belgium)

10. International Transfers

Your data is primarily processed within the European Economic Area (EEA). If we transfer data outside the EEA, we ensure appropriate safeguards such as Standard Contractual Clauses are in place.

11. Cookies

We use essential cookies to provide our Services. These include:

• Authentication cookies: To keep you logged in
• Security cookies: To protect against fraud
• Preference cookies: To remember your settings

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or through a notice on our website. Your continued use of our Services after changes constitutes acceptance of the updated policy.