Privacy Policy

Welcome to andri.ai, a product of Andri AI B.V. ("we," "us," or "our"), registered in The Netherlands. We are committed to protecting your privacy and handling your data in a transparent and secure manner. This Privacy Policy outlines how we collect, use, store, and protect your personal data when you use our legal AI assistant services. For detailed information about our security measures, please refer to our Security Policy.

AI-Specific Data Responsibilities

As required by the LRGD guidelines and best practices for the responsible use of Artificial Intelligence (AI) in legal contexts:

• We ensure AI-generated content is used only to assist and support legal professionals, not to replace human judgment.
• All AI-generated results must be reviewed and verified by the end user, who retains full responsibility for their use in legal documents or reports.
• We provide mechanisms for prompt logging, result auditing, and content transparency to comply with court and peer-review expectations.
• AI interactions are anonymized or stripped of sensitive personal data unless user consent and lawful basis exist under GDPR.
• We do not allow automated or bulk uploading of client-identifying documents into AI models without user control and anonymization.
• We monitor and evaluate our AI tools regularly to ensure compliance with legal, ethical, and technical standards.

By using our platform, you acknowledge your role in verifying the appropriateness and accuracy of AI-generated output, especially in the context of judicial expert work or regulated legal proceedings.

1. Introduction

At andri.ai, we value your trust. This Privacy Policy explains:

• What data we collect and why (see our Data Collection & Processing Policy)
• How we use your data
• Your rights regarding your personal data
• Our commitment to compliance with the General Data Protection Regulation ("GDPR") and relevant European data protection laws

By using our services, you acknowledge that you have read and understood this Privacy Policy and agree to the collection and use of information as described herein. Please also review our Acceptable Use Policy.

2. Data We Collect

2.1 Personal Data

While using our service, we may ask you to provide certain personally identifiable information ("Personal Data"), including but not limited to:

• Contact Information: Name, email address, phone number
• Professional Information: Law firm details, practice areas
• Legal Data: Case files, documents, and any other legal information you choose to provide

2.2 Usage Data

We may also collect information on how the service is accessed and used ("Usage Data"), which may include:

• IP address
• Browser type and version
• Pages visited
• Time and date of visits
• Time spent on pages
• Diagnostic data

This information helps us maintain and improve the quality, security, and performance of our services.

3. How We Use Your Data

We use your data for the following purposes:

• To provide and maintain our services
• To personalize and improve your experience
• To process and analyse legal data to offer you the best possible legal assistance
• To communicate with you about updates, offers, and relevant information
• To comply with legal obligations and protect our legal rights

We will not process your data in ways that are incompatible with the purposes stated above without your prior consent or unless otherwise required by law.

3.1 Publicly Available Information and AI Training

To develop and improve our AI platform, we access publicly available legal information, including:

• Judgments and court decisions
• Public legal filings
• Statutes and legislation
• Public legal briefs

This information is similar to what most law firms access daily to serve their clients. While some of this publicly available information may relate to individuals and be considered Personal Data in certain jurisdictions, we process this data solely to provide context for customer queries and improve our AI platform's responses. We do not intentionally use this information to identify individuals.

4. Legal Basis for Processing Personal Data

Our processing of your personal data is grounded in one or more of the following legal bases:

• Consent: You have given explicit consent for one or more specific purposes.
• Contract Performance: Processing is necessary for the performance of a contract with you or to take steps at your request before entering into a contract.
• Legal Obligations: Compliance with a legal obligation to which we are subject.
• Legitimate Interests: Processing is necessary for our legitimate business interests or those of a third party, provided these interests do not override your fundamental rights and freedoms.

5. Data Retention

We retain your personal data only for as long as necessary for the purposes stated in this Privacy Policy or to comply with our legal obligations, resolve disputes, and enforce our agreements. We regularly review the data we hold and securely delete or anonymize it when it is no longer needed.

6. Data Security & Breach Notification

We take the security of your data very seriously. We implement industry-standard technical and organizational measures to protect your personal data against unauthorized or unlawful processing, accidental loss, destruction, or damage. Data is stored in secure servers located in the Ireland region of Amazon Web Services (AWS). For a comprehensive overview of our security measures, please refer to our Security Policy.

These measures include, but are not limited to, encryption at rest and in transit, strict access controls, and regular security assessments. However, no method of transmission over the internet or method of electronic storage is 100% secure.

In the event of a personal data breach that poses a high risk to your rights and freedoms, we will notify you and the relevant supervisory authorities without undue delay, and in any case within 72 hours after becoming aware of the breach, where feasible.

7. Data Transfer

Your personal data may be processed at our operating offices and at other service providers' locations. For details on how we handle international data transfers, please see our Data Transfers Policy. Whenever we transfer personal data outside the European Economic Area ("EEA"), we ensure that an adequate level of protection is provided by implementing appropriate safeguards, such as Standard Contractual Clauses approved by the European Commission.

For information about our subprocessors and their locations, please refer to our Subprocessors page.

8. Disclosure of Data

8.1 Legal Requirements

We may disclose your personal data in good-faith belief that such action is necessary to:

• Comply with a legal obligation or respond to lawful requests by public authorities
• Protect and defend the rights or property of Andri AI B.V.
• Prevent or investigate possible wrongdoing in connection with the service
• Protect the personal safety of users or the public
• Protect against legal liability

8.2 No Data Sharing Between Customers

We do not share your private data with other customers. Each customer's data is isolated and inaccessible to others. Access to personal data is restricted to those employees, agents, or subcontractors who need it to operate, develop, or improve our services and who are subject to strict contractual confidentiality obligations.

9. Your Data Protection Rights Under GDPR

If you are a resident of the EEA, you have certain data protection rights, including:

• Right of Access: Request copies of your personal data
• Right to Rectification: Request correction of any inaccurate or incomplete personal data
• Right to Erasure ("Right to be Forgotten"): Request that we erase your personal data under certain circumstances
• Right to Restrict Processing: Request that we restrict the processing of your personal data under certain conditions
• Right to Data Portability: Request that we transfer your data to another organization, or directly to you, under certain conditions
• Right to Object: Object to our processing of your personal data under certain circumstances

Please note that these rights may not be absolute in cases involving publicly available information used for AI training or other lawful exemptions. However, we make every effort to respond to such requests in accordance with applicable laws. To exercise any of these rights, please contact us at info@andri.ai. We will respond within a reasonable timeframe and in accordance with applicable data protection laws.

10. Third-Party Services

Our service may include links to third-party websites or services that we do not own or control. We have no control over, and assume no responsibility for, the content, privacy policies, or practices of any third-party sites or services. For information about how we use cookies and similar technologies, please see our Cookie Policy.

11. Children's Privacy

Our service is not intended for individuals under the age of 18. We do not knowingly collect personally identifiable information from anyone under 18. If you are a parent or guardian and become aware that your child has provided us with personal data, please contact us. We will take steps to remove such data from our systems.

12. Changes to This Privacy Policy

We may update our Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. When we do, we will post the new Privacy Policy on this page and update the "Last updated" date. We encourage you to review this Privacy Policy periodically for any changes.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us via:

• Email: info@andri.ai
• Address: Andri AI B.V., The Netherlands

For information about our support services and availability, please see our Support & Service Level Agreement.

By using andri.ai, you confirm that you have read and understood this Privacy Policy. We remain committed to protecting your privacy and ensuring the security of your data in accordance with GDPR and applicable data protection laws.

Disclaimer: While we strive to provide accurate and reliable information, any legal or compliance-related content generated by our AI is for informational purposes only and should not be construed as legal advice. Always consult with qualified legal professionals for guidance tailored to your specific circumstances.