Legal
Last updated:
This policy describes how Legibly collects, uses, and protects your personal information.
Legibly is an AI-powered document analysis service. We are responsible for the personal information we collect and process in accordance with applicable privacy laws.
Our designated privacy contact:
Privacy Officer, Legibly
privacy@readlegibly.com
Account information
When you create an account we collect your email address. If you subscribe to a paid plan, billing is handled directly by Stripe — we never receive or store your payment card details.
Documents you upload
When you upload a file (PDF or photo), we extract the text content and send it to our AI service for analysis. We retain the following for up to 90 days:
All three are permanently deleted 90 days after upload. Your original file is never shared with third parties and is not used to train AI models.
Usage analytics
We collect usage analytics including document type, detected region, file size, and processing duration. While your account is active, this data is linked to your account for service improvement purposes. It is not sold or shared with third parties for advertising. If you delete your account, your user identifier is removed from analytics records.
Server logs
Our servers automatically record IP addresses, browser type, and pages visited. This information is used solely to operate and secure the service.
We collect and use personal information only for the specific purposes identified at or before the time of collection, and only with your knowledge and consent under applicable privacy law. Those purposes are:
We do not sell your personal information. We do not use your uploaded documents to train AI models.
We share personal information only with service providers who require it to deliver the service, and only under written data-processing agreements:
Supabase
Authentication and database hosting. Your account data is stored on servers in the United States. Supabase is contractually bound to protect your data and processes it only on our instructions.
Stripe
Subscription billing. Stripe processes payment information directly and is subject to its own published privacy policy.
Anthropic
The AI model that generates document summaries. The text extracted from your document is sent to Anthropic's API and processed on servers in the United States. As a result, your document content may be subject to U.S. law during processing. Anthropic does not use API inputs to train its models under its commercial API terms, which serve as the data protection safeguard for this transfer.
We may also disclose information when required by a valid court order, search warrant, or other legal process.
Cross-border transfers. Because Supabase and Anthropic operate in the United States, your personal information may be processed outside your country of residence and become subject to U.S. law, including lawful government access. For users in Quebec and other Canadian provinces, we rely on contractual protections with each provider — specifically Anthropic's commercial API terms and Supabase's data processing agreement — as the safeguards for these transfers.
Under applicable privacy laws, you may have the right to:
To exercise any of these rights, email privacy@readlegibly.com. We will respond within 30 days. We may need to verify your identity before fulfilling certain requests.
International users. We extend the same access, correction, and deletion rights to all users regardless of location.
Quebec residents. In addition to the rights above, residents of Quebec have the right under Law 25 to be informed of any cross-border transfer of their personal information and the protections in place (described in Section 4 above), and to file a complaint with the Commission d'accès à l'information (CAI) at cai.gouv.qc.ca.
We apply security safeguards appropriate to the sensitivity of the information, including TLS encryption in transit, row-level security controls on our database, and access restricted to authorized service accounts.
No transmission over the internet is 100% secure; we cannot guarantee absolute security.
Legibly is not directed at children under 13. We do not knowingly collect personal information from children. If you believe we have inadvertently collected such information, contact us at privacy@readlegibly.com and we will delete it promptly.
We may update this Privacy Policy from time to time. We will notify you of material changes by email or by a notice within the service at least 14 days before they take effect. Your continued use of Legibly after the effective date constitutes acceptance of the updated policy.
This Privacy Policy is governed by the laws of Canada, including the Personal Information Protection and Electronic Documents Act(PIPEDA) and, where applicable, provincial privacy legislation including Quebec's Act respecting the protection of personal information in the private sector (Law 25). Privacy complaints may be directed to our Privacy Officer at privacy@readlegibly.com or to the Office of the Privacy Commissioner of Canada at priv.gc.ca.
Privacy questions or complaints: privacy@readlegibly.com
General support: support@readlegibly.com