Skip to main content

Privacy Policy

Last updated: February 2026

Legatus is committed to protecting your privacy. This policy explains what data we collect, how we use it, and the choices available to you.

1. Information We Collect

Account information: If you create an account, we collect your name, email address, and a hashed version of your password. We never store passwords in plain text.

Claims data: Logged-in users may save claims, deadlines, saved analyses, and evidence files. This data is stored in our database and associated with your account.

Workspace data: If you use the claims workspace without an account, data is stored locally in your browser (localStorage) and never sent to our servers.

Usage data: We maintain an audit log of actions taken within the platform (such as creating a claim or running an AI analysis) for security and feature-gate tracking purposes.

2. AI Data Processing

When you use AI-powered features (chat, nexus evaluation, denial analysis, buddy statement generation, condition finder, or hearing practice), the text you submit is sent to third-party AI APIs for processing:

  • OpenAI — primary AI provider
  • Anthropic — fallback AI provider

Text submitted to AI features is processed in real time and is not stored permanently by Legatus. Refer to OpenAI's Privacy Policy and Anthropic's Privacy Policy for details on how they handle data sent to their APIs.

3. File Storage

Files uploaded to the Evidence Vault are stored securely via Vercel Blob. Files are associated with your account and are accessible only to you. Accepted file types include PDFs, images, DOCX, and plain text files, subject to tier-based storage limits.

4. Authentication & Sessions

Authentication is handled via NextAuth.js using a JWT (JSON Web Token) strategy. We use session cookies to maintain your logged-in state. We do not use tracking cookies, advertising cookies, or third-party analytics cookies.

5. Third-Party Services

In addition to the AI providers listed above, we use the following third-party services:

  • Stripe — payment processing for subscription billing. Stripe handles all payment card data directly; we never see or store your full card number. See Stripe's Privacy Policy.
  • Vercel — application hosting and file storage (Vercel Blob).
  • Neon — PostgreSQL database hosting.
  • Resend — transactional email delivery (password resets, magic link authentication).

6. Data Retention & Deletion

Your account data, claims, deadlines, saved analyses, and evidence files are retained for as long as your account is active. If you downgrade to a free tier, excess evidence files may be archived but are not immediately deleted.

To request deletion of your account and all associated data, contact us at support@legatusos.com. We will process deletion requests within 30 days.

7. Children's Privacy

Legatus is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children.

8. Changes to This Policy

We may update this privacy policy from time to time. Changes will be reflected by updating the “Last updated” date at the top of this page. Continued use of the platform after changes are posted constitutes acceptance of the updated policy.

9. Contact

If you have questions about this privacy policy or how your data is handled, contact us at support@legatusos.com or visit our Contact page.

About UsContact Us