Sign Up

Privacy Policy

Our privacy policy and how we use your data

Last updated: January 21, 2025

1. Introduction

Lega ("we," "our," or "us") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-first graphic design service.

This policy complies with the Digital Personal Data Protection Act, 2023 (DPDP Act) of India, the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and other applicable privacy laws.

2. Information We Collect

2.1 Information You Provide

  • Account Information: Email address, name, and password when you create an account
  • Profile Information: Optional profile picture and display name
  • User Content: Designs, images, and other content you create or upload
  • Payment Information: Billing details processed through our payment provider (Stripe)
  • Communications: Information you provide when contacting support

2.2 Information Collected Automatically

  • Usage Data: How you interact with our service, features used, and actions taken
  • Device Information: Browser type, operating system, and device identifiers
  • Log Data: IP address, access times, and pages viewed
  • Cookies: Essential cookies for authentication and optional analytics cookies (see our Cookie Policy)

3. How We Use Your Information

We use your information to:

  • Provide, maintain, and improve our service
  • Process your designs and deliver AI-powered features
  • Authenticate your account and ensure security
  • Process payments and manage subscriptions
  • Send service-related communications and updates
  • Respond to your requests and provide customer support
  • Analyze usage patterns to improve our service (with consent)
  • Comply with legal obligations

4. Legal Basis for Processing (GDPR)

We process your personal data based on:

  • Contract Performance: To provide our service as agreed in our Terms of Service
  • Legitimate Interests: To improve our service, ensure security, and prevent fraud
  • Consent: For analytics and marketing communications (which you can withdraw at any time)
  • Legal Obligation: To comply with applicable laws and regulations

5. Data Sharing

We share your information only with:

5.1 Service Providers

  • Stripe: Payment processing
  • Cloud Infrastructure: Data storage and hosting
  • Analytics Services: Usage analysis (with your consent)

5.2 Other Disclosures

We may disclose your information:

  • To comply with legal requirements or valid legal processes
  • To protect our rights, privacy, safety, or property
  • In connection with a merger, acquisition, or sale of assets (you will be notified)

We do not sell your personal information to third parties.

6. Data Retention

We retain your data for as long as:

  • Your account is active
  • Necessary to provide our services and fulfill the purposes described in this policy
  • Required by law (e.g., financial records for tax purposes)

Retention Periods:

  • Account Data: Until account deletion + 30 days grace period
  • User Content: Until account deletion (you can export first)
  • Payment Records: 7 years for tax compliance
  • Usage Logs: 90 days

7. Your Rights

7.1 GDPR Rights (EU Residents)

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate or incomplete data
  • Erasure: Request deletion of your data ("right to be forgotten")
  • Portability: Receive your data in a structured, machine-readable format
  • Restriction: Limit how we process your data
  • Objection: Object to processing based on legitimate interests
  • Withdraw Consent: Withdraw consent at any time for consent-based processing

7.2 DPDP Act Rights (Indian Residents)

  • Access: Right to obtain confirmation and access to your personal data
  • Correction: Right to correct inaccurate or incomplete personal data
  • Erasure: Right to request erasure of your personal data
  • Grievance Redressal: Right to have grievances addressed by our Grievance Officer
  • Nomination: Right to nominate another person to exercise your rights in case of death or incapacity

7.3 CCPA Rights (California Residents)

  • Know: What personal information we collect and how it's used
  • Delete: Request deletion of your personal information
  • Non-Discrimination: Equal service regardless of privacy choices

7.4 How to Exercise Your Rights

Contact us at privacy@uselega.com or use the privacy controls in your account settings. We will respond within 30 days (GDPR) or 45 days (CCPA).

8. Data Security

We implement appropriate technical and organizational measures to protect your data, including:

  • Encryption in transit (TLS/SSL) and at rest
  • Regular security assessments and updates
  • Access controls and authentication requirements
  • Secure data backup and recovery procedures

While we strive to protect your information, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security.

9. International Data Transfers

Your data is primarily stored and processed in India. In some cases, your data may be transferred to and processed in other countries (such as when using third-party service providers). We ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses approved by the European Commission (for EU data transfers)
  • Compliance with data localization requirements under Indian law where applicable
  • Data processing agreements with all service providers

10. Children's Privacy

Our service is not intended for children under 18 years of age. We do not knowingly collect personal information from children without verifiable parental consent. Under the DPDP Act of India, processing of children's personal data requires consent from a parent or lawful guardian. If you believe we have collected data from a child without appropriate consent, please contact us immediately.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

  • Posting the new policy on this page
  • Updating the "Last updated" date
  • Sending you an email notification (for significant changes)

12. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

Grievance Officer (for Indian residents)
Email: grievance@uselega.com
We will acknowledge your grievance within 48 hours and resolve it within 30 days.

Data Protection Officer (for EU residents)
Email: privacy@uselega.com

General Privacy Inquiries
Email: privacy@uselega.com

For EU residents, you also have the right to lodge a complaint with your local data protection authority. For Indian residents, you may file a complaint with the Data Protection Board of India once established under the DPDP Act.