Privacy Policy

At PONS LABS AS (we, us, or our), protecting your personal data is a responsibility we take seriously. This Privacy Policy explains how we collect, use, disclose, and protect your personal data when you interact with us and use our AI-driven legal platform, tools, and services. These services include, but are not limited to, our AI-driven platform services, collaboration features, and our website (collectively, the "Service").

We are committed to ensuring that all personal data we process is handled in a secure and lawful manner in compliance with the General Data Protection Regulation (GDPR) and other applicable laws. This policy also outlines your rights regarding your personal data, how we protect your data, and the specific circumstances in which we share your data. For further information about your rights and how to exercise them, please refer to Section 6.

PONS LABS AS serves as the data controller when we decide the purposes and methods of processing personal data. In certain cases, such as when our clients use the platform for managing their legal operations, we may also act as a data processor.

1. Personal Information We Collect

We collect a wide range of personal data necessary for the smooth operation of our platform and services. This includes information that you provide to us directly and data that we collect automatically through the use of our services.

1.1 Personal Information You Provide

We may collect personal data in the following ways:

Account Information: When you create an account, we collect essential information such as your name, email address, password, phone number, billing information, and user preferences. This information is necessary to provide you with a personalized and secure experience.

Legal Information: In the course of providing legal consultations or processing legal documents, we may collect identification data such as government-issued IDs, business registration numbers, tax identification numbers, and other legal documentation required for compliance with relevant laws.

Communication Information: Any communications you have with legal professionals, other users on our Platform, or with our customer service team may be recorded and stored. This includes inquiries, legal case details, feedback, and all correspondences related to your interactions on the platform.

Payment Information: When you subscribe to our services or make purchases, we collect payment details such as your credit card number, expiration date, billing address, transaction history, and other financial information necessary to process payments. We use trusted third-party processors to ensure secure payment handling.

Social Media Information: If you interact with us on social media platforms such as LinkedIn, Instagram, or X (formerly Twitter), we may collect your social media username, public profile data, and the content of any messages you send us through these platforms. These interactions are governed by the privacy settings of the respective social media service.

1.2 Automatically Collected Information

In addition to the personal data you provide, we collect certain information automatically when you use our platform:

Log Data: We collect data such as your Internet Protocol (IP) address, browser type, operating system, and access times. We also log details about how you navigate and interact with our services, including the pages you visit, the duration of your session, and any links clicked.

Usage Data: Our platform gathers detailed information about your usage patterns. This may include the types of content you access, the features you use most frequently, the number of interactions with legal professionals, your time zone, device settings, and interactions with automated AI-driven tools.

Device Information: We collect details about the devices you use to access our platform, such as the device name, operating system, browser type, and network information. This data helps us optimize performance across different devices and operating environments.

Cookies and Similar Technologies: We use cookies and other tracking technologies to monitor your activity on our platform. Cookies help us remember your preferences, track your interactions with the Service, and improve your overall experience. A detailed explanation of our cookie usage is provided in Section 2.

1.3 Data From Third-Party Sources

We may collect personal data from third-party sources in the following contexts:

Payment Processors: We receive transaction data from our payment processing partners, including transaction IDs, status updates, chargeback details, and other relevant financial information. These third parties comply with industry-standard security practices to protect your payment information.

Social Media Platforms: If you engage with our social media profiles or content, we may collect personal data from those interactions. This includes public information shared via social platforms, analytics data provided by the platform, and any messages or inquiries you send us.

Third-Party Analytics Providers: We work with analytics providers (e.g., Google Analytics) that help us analyze user behavior on our platform. These services may collect data such as usage patterns, time spent on different features, geographic information, and more. This data is aggregated and anonymized, though it may still contain identifiable information such as IP addresses.

2. Cookies and Tracking Technologies

We use cookies and other tracking technologies to enhance your user experience, provide personalized content, and analyze performance metrics. These tools enable us to improve the Service by understanding user preferences and behavior.

2.1 Types of Cookies We Use

Essential Cookies: These cookies are necessary for the functioning of our platform, including account login, session management, and security features. Without these cookies, certain parts of the Service will not function properly.

Performance and Analytics Cookies: These cookies collect aggregated information about how users interact with the platform. This data helps us identify trends and usage patterns, optimize our services, and troubleshoot any issues that may arise.

Functional Cookies: These cookies remember your preferences, such as language settings, to provide a more personalized experience. Functional cookies may also store user authentication details to streamline your login process.

Advertising Cookies: These cookies track your browsing behavior to deliver targeted advertisements based on your interests. Advertising cookies may track interactions across different websites, allowing us to show relevant ads on third-party websites.

2.2 Cookie Management

You can manage or disable cookies by adjusting your browser settings. Please note that disabling cookies may affect the functionality of certain features of our products. For more information about how we use cookies, please review our Cookies Policy on the website.

3. How We Use Your Personal Information

We process personal data for a variety of purposes to ensure that our services operate effectively, securely, and in compliance with legal requirements. Below are the primary ways we use your personal data:

3.1 Service Provision and Enhancement

We use your personal data to:

• Facilitate the functionality of our AI-driven legal services, document tools, and case handling features.
• Ensure that your account is maintained, payments are processed correctly, and legal consultations proceed smoothly.
• Personalize your experience on our platform by providing AI-powered recommendations based on your interactions.

3.2 Communication and Support

We may use your personal data to:

• Send you service-related notifications, such as changes to our policies, account updates, and security alerts.
• Respond to customer inquiries, provide troubleshooting support, and assist with legal or technical questions.
• Send you marketing communications, including newsletters, special offers, and new service announcements, subject to your consent.

3.3 Payment Processing

We collect and process payment data to:

• Facilitate transactions for legal services, subscriptions, licenses, and other platform-related purchases.
• Facilitate transactions between clients and lawyers.
• Handle payment disputes, refunds, and chargebacks in coordination with third-party payment processors like Stripe.

3.4 Fraud Prevention and Security

We use your personal data to:

• Monitor the platform for suspicious activity or fraudulent behavior.
• Implement security measures such as encryption, multi-factor authentication, and role-based access controls to protect your account and personal data.

3.5 Analytics and Performance Monitoring

We analyze user data to:

• Identify trends in platform usage and optimize system performance.
• Gather insights to improve features, functionality, and user experience.
• Monitor service health and conduct troubleshooting to ensure platform stability.

3.6 Data Processing Summary Table

The following table provides a comprehensive overview of the purposes for which we process personal data, the types of data involved, the legal basis for processing under GDPR, and the retention periods:

Purpose	Types of Personal Data	Legal Basis (GDPR)	Retention Period
Service Provision and Enhancement (e.g., facilitating AI-driven legal services, account maintenance, personalization via AI recommendations)	Account information (name, email, password, phone, billing, preferences); Legal information (IDs, business registration, tax numbers, documents); Communication information (inquiries, case details); Usage data (content accessed, features used, interactions); Device information (device name, OS, browser); Log data (IP, access times, navigation)	Performance of a contract (Art. 6(1)(b)) for core services; Legitimate interests (Art. 6(1)(f)) for enhancements and optimization	Duration of account activity or service engagement + up to 7 years for legal/audit compliance; anonymized thereafter for aggregated insights
Communication and Support (e.g., sending notifications, responding to inquiries, providing support, marketing communications)	Account information (name, email, phone); Communication information (messages, feedback, inquiries); Social media information (username, profile data, messages)	Performance of a contract (Art. 6(1)(b)) for service-related comms; Consent (Art. 6(1)(a)) for marketing; Legitimate interests (Art. 6(1)(f)) for support	Until inquiry resolved or consent withdrawn + 2 years for records; marketing data deleted upon opt-out
Payment Processing (e.g., handling subscriptions, purchases, transactions between clients and lawyers, disputes/refunds)	Payment information (credit card details, billing address, transaction history); Account information (billing details)	Performance of a contract (Art. 6(1)(b)); Legal obligation (Art. 6(1)(c)) for tax/financial compliance	7 years for tax/accounting purposes, or longer if required by law
Fraud Prevention and Security (e.g., monitoring for suspicious activity, implementing security measures)	Log data (IP, browser, access times); Usage data (patterns, interactions); Device information; Payment information (for fraud checks)	Legitimate interests (Art. 6(1)(f)) for protecting systems and users; Legal obligation (Art. 6(1)(c)) where applicable	Up to 1 year for routine monitoring; longer (e.g., 5 years) if tied to an incident or legal requirement
Analytics and Performance Monitoring (e.g., identifying trends, optimizing features, troubleshooting)	Usage data; Log data; Device information; Aggregated data from third-party analytics (e.g., Google Analytics)	Legitimate interests (Art. 6(1)(f)) for improvements; Consent (Art. 6(1)(a)) if involving cookies/tracking	Raw data up to 26 months; anonymized indefinitely for aggregated statistics

4. Sharing Your Personal Information

We do not sell or trade your personal data. However, we may share your data with trusted third parties in certain circumstances, as outlined below:

4.1 Vendors and Service Providers

We work with third-party vendors to help us provide our services, including:

Cloud Hosting Providers: Companies like Microsoft Azure host and process data to ensure the secure and reliable operation of our platform.

Payment Processors: We share payment data with partners like Stripe to securely handle financial transactions.

These vendors are contractually obligated to handle your personal data securely and in compliance with applicable laws.

4.2 Legal and Regulatory Requirements

We may disclose personal data when required to do so by law, in response to valid legal requests from public authorities, or to protect our legal rights. This may include sharing data with law enforcement, regulatory agencies, or other governmental entities.

4.3 Business Transfers

In the event of a merger, acquisition, reorganization, or sale of assets, your personal data may be transferred as part of the transaction. You will be notified of any significant changes in data processing practices if such a transfer occurs.

4.4 With Your Consent

We may share your data with third parties when you explicitly provide consent. This includes situations where you request additional services or functionalities from third-party providers integrated into our platform.

5. Retention of Your Personal Information

We retain personal data for as long as necessary to provide our services and meet legal obligations. The retention period depends on the following factors:

Service Delivery: We retain personal data for the duration of your account's activity or until the legal services you've engaged in are completed.

Legal Compliance: We may retain personal data to meet regulatory or legal obligations, including tax, accounting, or audit requirements.

Security and Fraud Prevention: Personal data may be retained to protect the integrity of our systems and prevent unauthorized access.

When data is no longer required, we securely delete or anonymize it, following established data retention policies and legal requirements.

6. Your GDPR Rights

As a resident of the European Economic Area (EEA), you have specific rights under the General Data Protection Regulation (GDPR). These rights include:

Right to Access: You have the right to request a copy of the personal data we hold about you and to receive information on how we process it.

Right to Rectification: If your personal data is inaccurate or incomplete, you have the right to request that we correct or update it.

Right to Erasure: Under certain circumstances, you have the right to request that we delete your personal data, particularly if the data is no longer necessary for the purpose it was collected.

Right to Restrict Processing: You can request that we limit the processing of your data under specific conditions, such as if you contest the accuracy of the data or if the processing is unlawful.

Right to Data Portability: You have the right to receive your personal data in a structured, machine-readable format and to transfer it to another controller if processing is based on your consent or contract.

Right to Object: You have the right to object to the processing of your personal data, particularly when the processing is for direct marketing purposes or based on our legitimate interests.

Right to Withdraw Consent: If we rely on your consent for processing personal data, you can withdraw that consent at any time, and we will cease processing your data for that purpose.

To exercise any of these rights, please contact us at contact@pons.io. We may request verification of your identity before processing your request.

7. Security of Your Personal Information

We employ state-of-the-art security measures to protect your personal data from unauthorized access, misuse, loss, and breaches. Our security protocols include:

Data Encryption: All sensitive data is encrypted both in transit and at rest using advanced encryption standards (AES-256 for data at rest and TLS 1.2+ for data in transit).

Access Controls: Role-based access controls (RBAC) limit data access to only authorized personnel, ensuring that only those who need access to your data for their job functions can access it.

Network and System Monitoring: We employ continuous monitoring of our infrastructure to detect suspicious activity, intrusions, or security vulnerabilities. Regular security audits and penetration tests are conducted to assess the robustness of our systems.

While we take every precaution to safeguard your data, no system can be entirely secure. Therefore, we cannot guarantee absolute security. If you have any concerns about the security of your data, please contact us immediately.

8. Children's Privacy

Our services are not intended for individuals under the age of 18, and we do not knowingly collect personal data from children under this age. If we become aware that we have inadvertently collected data from a child, we will take immediate steps to delete such information.

9. International Data Transfers

Your personal data may be transferred and processed outside of your country, including to countries that may not have the same data protection standards as your jurisdiction. We take appropriate steps, including Standard Contractual Clauses (SCCs), to ensure that your data is adequately protected when transferred internationally.

If you are located in the European Economic Area (EEA), we will only transfer your personal data to countries that provide an adequate level of data protection, as determined by the European Commission, or where appropriate safeguards are in place, such as SCCs or Binding Corporate Rules (BCRs).

10. Changes to This Privacy Policy

We reserve the right to update or modify this Privacy Policy at any time to reflect changes in our practices or applicable laws. When we make significant updates, we will notify you via email or through a prominent notice on our platform. The "Last Updated" date at the top of this page will reflect the date of the most recent changes. We encourage you to review this policy periodically to stay informed about how we protect your personal data.

11. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us at:

Email: contact@pons.io

Address: Alnafetgata 8B, 0192 Oslo, Norway