Privacy Policy

Last updated: January 2025

1. Data Controller

Malta Lex Ltd. ("Malta Lex", "we", "us") is the data controller for personal data collected through malta-lex.io. Contact: [email protected].

2. Data We Collect

  • Account data: email address, name (on registration).
  • Query data: questions you submit and AI responses generated; used to provide the service and improve retrieval quality.
  • Device identifier:a randomly generated UUID stored in your browser's localStorage, used to enforce the anonymous free-tier quota (10 queries/day). Never linked to your identity unless you register.
  • Usage logs: timestamps, query counts, error logs — retained for 90 days.
  • Uploaded documents: files you upload for analysis; stored encrypted, retained for 30 days after upload or until you delete them.

3. Legal Basis

  • Contract performance (Art. 6(1)(b) GDPR): processing necessary to provide the service you signed up for.
  • Legitimate interests (Art. 6(1)(f) GDPR): usage logs and fraud prevention.
  • Consent (Art. 6(1)(a) GDPR): marketing communications — you may opt out at any time.

4. Data Retention

Account data is retained while your account is active and for 30 days after deletion. Query history is retained for 12 months for paid plans, 30 days for free tier. Uploaded documents are deleted 30 days after upload unless you choose to retain them.

5. Data Transfers

All data is stored on servers within the European Union. AI inference uses Anthropic's API under a Data Processing Agreement. No data is sold or transferred to third parties for advertising.

6. Your Rights

Under GDPR you have the right to:

  • Access a copy of your personal data.
  • Correct inaccurate data.
  • Erase your data ("right to be forgotten").
  • Restrict or object to processing.
  • Data portability.
  • Lodge a complaint with the Information and Data Protection Commissioner (IDPC) of Malta.

To exercise these rights, contact [email protected]. We will respond within 30 days.

7. Cookies

We use only strictly necessary cookies for authentication (session token). No third-party advertising or tracking cookies are set.

8. Changes to This Policy

We will notify registered users by email of any material changes at least 14 days before they take effect. Continued use of the service constitutes acceptance.