Seraa AI

This Privacy Policy describes how Seraa AI ("we," "us," or "our") collects, uses, shares, and protects your information when you use our legal automation platform at seraa.ai (the "Service").

1. Information We Collect

1.1 Information You Provide

•Account Information: When you sign in via Google OAuth, we receive your name, email address, and profile picture.
•Organization Information: Firm name, size, and practice areas provided during onboarding.
•User Content: Legal documents, case files, client matter metadata, and other content you create, upload, or process through the Service.
•Communications: Support requests, feedback, and correspondence with us.

1.2 Information Collected Automatically

•Device Information: Browser type, operating system, and device identifiers.
•Usage Data: Pages visited, features used, and interactions with the Service (collected via PostHog).
•Log Data: IP addresses, access times, and referring URLs for security and debugging purposes.
•Cookies: Session cookies for authentication and maintaining your logged-in state.

1.3 Information from Third Parties

•Google: Profile information when you authenticate via Google OAuth.
•Payment Processor: Polar provides us with billing information (not full payment card numbers).

2. How We Use Your Information

We use your information for the following purposes:

Provide the Service

To operate, maintain, and deliver the features of Seraa AI.

Process Documents

To analyze, summarize, and generate content using AI technologies.

Authentication

To verify your identity and manage your account.

Communications

To send service-related notifications, updates, and support responses.

Improvement

To analyze usage patterns and improve the Service.

Security

To detect, prevent, and address fraud, abuse, and security issues.

Legal Compliance

To comply with applicable laws, regulations, and legal processes.

3. How We Share Your Information

3.1 AI Service Providers

To provide AI-powered features, we transmit document text and user prompts to the following providers via their APIs:

Provider	Purpose	Data Sent
Anthropic	Document analysis, drafting assistance	Document text, user prompts
OpenAI	Document analysis, drafting assistance	Document text, user prompts
Mistral	Document analysis	Document text, user prompts

Important: We use API and enterprise tiers of these providers that contractually prohibit the use of your data to train their AI models. Your legal documents are processed for your request only and are not used to improve third-party AI systems.

3.2 Infrastructure Providers

Provider	Purpose	Data Processed
DigitalOcean	Cloud hosting infrastructure	All platform data
Redis	Session and cache management	Session tokens, temporary data
Polar	Subscription and payment processing	Billing information
PostHog	Product analytics	Usage data, feature interactions
PrivateMail / Microsoft 365	Transactional email	Email addresses, notification content

3.3 Other Disclosures

We may also share your information:

•Legal Compliance: When required by law, subpoena, court order, or government request.
•Safety: To protect the rights, safety, or property of Seraa AI, our users, or the public.
•Business Transfers: In connection with a merger, acquisition, or sale of assets.
•With Consent: When you direct us to share information with third parties.

4. Data Retention

We retain your information according to the following schedule:

Data Type	Retention Period
Account data	Duration of account + 30 days after deletion
Uploaded documents	Until you delete them or account termination + 30 days
AI interaction logs	90 days (for debugging and support)
Analytics data	Aggregated/anonymized after 12 months
Backup data	30-day rolling retention

You can delete your documents at any time through the Service. Deleting your account initiates a full data purge within 30 days.

5. Data Security

We implement industry-standard security measures to protect your data:

Encryption in Transit

All data transmitted to and from our servers is encrypted using TLS 1.3.

Encryption at Rest

Data stored on our servers is encrypted using AES-256.

Access Controls

Role-based access following the principle of least privilege.

Authentication

Secure authentication via Google OAuth and session management.

Monitoring

Security logging and anomaly detection.

Incident Response

Breach notification within 72 hours as required by GDPR.

6. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

6.1 GDPR Rights (EU/EEA Users)

•Access: Request a copy of your personal data

•Rectification: Correct inaccurate or incomplete data

•Erasure: Request deletion ("right to be forgotten")

•Portability: Receive data in machine-readable format

•Restriction: Limit processing of your data

•Objection: Object to processing

•Withdraw Consent: Withdraw consent at any time

•Lodge Complaint: File with data protection authority

6.2 CCPA Rights (California Residents)

•Know: Request disclosure of information collected
•Delete: Request deletion of personal information
•Opt-Out of Sale: We do not sell your personal information
•Non-Discrimination: We will not discriminate for exercising rights

6.3 African Users

If you are located in Africa, you may have rights under applicable national data protection laws, including:

East Africa

•Kenya: Data Protection Act 2019 - enforced by the Office of the Data Protection Commissioner (ODPC)
•Tanzania: Personal Data Protection Act 2022
•Uganda: Data Protection and Privacy Act 2019 - enforced by the Personal Data Protection Office
•Rwanda: Law on Protection of Personal Data 2021

West Africa

•Nigeria: Nigeria Data Protection Act 2023 (NDPA) - enforced by the Nigeria Data Protection Commission (NDPC)
•Ghana: Data Protection Act 2012 - enforced by the Data Protection Commission

Southern Africa

•South Africa: Protection of Personal Information Act 2013 (POPIA) - enforced by the Information Regulator

Under these laws, you generally have rights similar to those under GDPR, including the right to access, correct, delete, and port your personal data. You may also have the right to lodge a complaint with your local data protection authority.

Cross-border transfers: By using the Service, you acknowledge that your data will be transferred to and processed in the United States, where our servers are located. We implement appropriate safeguards to protect your data in accordance with applicable laws.

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

7. Google API Disclosure

Seraa AI's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

✓We only use Google data to provide and improve the Service.
✓We do not transfer Google data to third parties except as necessary.
✓We do not use Google data for advertising purposes.
✓You may revoke access via Google Account settings.

8. International Data Transfers

Seraa AI is based in the United States. If you access the Service from outside the United States, your information will be transferred to, stored, and processed in the United States and other countries where our service providers operate.

For transfers from the EU/EEA, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission to ensure adequate protection of your personal data.

9. Children's Privacy

The Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a child, please contact us immediately at [email protected].

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

•Posting the updated policy on this page with a new effective date.
•Sending an email to the address associated with your account.
•Displaying a prominent notice within the Service.

Your continued use of the Service after changes become effective constitutes acceptance of the revised policy.

11. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

Seraa AI

Email: [email protected]