Is Legora safe with your data?
Legora
Legora AB
Partial disclosure · high confidence
Legora earns a C (56/100) because it discloses its data practices only in part.
#64
of 211 apps ranked
56
score · Legal avg 47
+9
vs category average
Legora discloses a no-train-on-user-data commitment, clear data subject rights with conditions, limited retention periods, and ISO 27001/42001 security certifications, but is silent on breach notification timelines, automated decision-making governance, and children's protections.
What Legora's privacy policy and terms of service say about your data
D1.1 upgraded: explicit no-train commitment
"Legora will not use Subscriber's Confidential Information to train or fine-tune AI models" is a blanket prohibition, not an opt-out, stronger than award 'half' indicated. Changed to full.
D3.1 ladder justified at 0.2
Vague "as long as necessary" plus named periods (5-7 years) for compliance data = ladder 0.2 (mid-range for ambiguous retention with some specificity).
Silent on: breach notification, ADM, children's protections
D7.2 (breach timeline), D6.1 (automated decisions), D6.4 (children's age gate) all zero because privacy policy is silent on these; terms document also does not disclose.
All other awards verified as correct
D1.4 half (limited license), D2.1-2.5 correctly calibrated, D4.1/4.4 full (enumerated), D5.3-5.5 full (enumerated, versioned), D7.1/7.3 full (named controls & certs).
What the policy is silent or vague on
- Not stated: a way to opt out of training
- Not stated: whether training use differs by plan
- Not stated: shorter retention for AI conversation logs
- Not stated: a data-minimisation commitment
Legora privacy rating
Details
- Category
- Legal
- Modalities
- text
- Processes biometrics
- No
- Policy last updated
- 2026-06-04
- Region scored
- Global / US-default
- Last assessed
- 2026-07-08
Documents examined
Other legal apps
Each grade reflects our analysis of what an app states in its public privacy policy and terms as of the assessment date. It measures the transparency of those documents, not the company's actual data practices, security, or compliance. Grades are our opinion, offered for general information. Full disclaimer.