Largence

Legal

Privacy Policy

How Largence handles personal data for which it is the controller

This policy explains how Largence Group Ltd collects, uses, stores, and protects personal data when we act as the data controller for accounts, billing, website visitors, and Service users.

Entity

Largence Group Ltd

Company no.

16633893

Registered office

3 Circus Drive, Cambridge, England, CB4 2BT

Effective

30 June 2026

Section 1

Who we are and what this policy covers

This Privacy Policy explains how Largence Group Ltd (Largence, we, us) collects and uses personal data when you visit our websites, create or manage an account, subscribe to or use the Service, or contact us. It applies where we act as the data controller.

What this policy does not cover. When you use the Service to handle your own clients' and matters' information, you (the law firm, chambers or organisation) are the controller of that data and Largence is your processor. Our handling of that data is governed by the DPA and your instructions, not by this policy. This policy also does not cover third-party websites or services we link to.

Our contact details and supervisory authorities are in section 12 and the Jurisdiction Annex.

Section 2

The personal data we collect

Account and profile data — name, work email, phone, organisation, role/profession, professional details, language and jurisdiction preferences, and login credentials.

Billing data — billing name and address, plan, transaction history, and limited payment-method details processed by our payment providers (we do not store full card numbers).

Usage and device data — log data, IP address, device and browser information, pages and features used, and similar technical data, including via cookies and similar technologies.

Communications and support data — messages, support tickets, survey responses, and call/meeting records where applicable.

Marketing data — preferences and engagement with our communications and events. Eligibility data — for the Learn tier, information used to verify student or legal-aid status.

We collect this data from you directly, automatically through your use of our websites and Service, and from limited third parties (such as our payment providers, security and anti-fraud providers, and verification or marketing partners).

Section 3

How we use personal data, and our lawful bases

We use personal data to operate accounts, provide and secure the Service, take payment, provide support, communicate with you, comply with law, and to develop and improve our websites and Service (using usage data, not the content of your Customer Data).

We rely on the following lawful bases under the UK GDPR and the equivalent provisions of the Nigeria Data Protection Act 2023:

PurposeLawful basis
Provide the Service; manage your account; take paymentPerformance of a contract with you (or steps before entering one)
Secure the Service; prevent fraud and abuse; improve and develop the Service (usage data)Our legitimate interests (kept in balance with your rights)
Send service and transactional messagesPerformance of a contract / legitimate interests
Send marketing; set non-essential cookiesYour consent (which you may withdraw at any time)
Comply with legal, tax, accounting and regulatory obligationsLegal obligation
Verify Learn-tier eligibilityConsent / legitimate interests

Where we rely on legitimate interests, you may object (section 9). Where we rely on consent, you may withdraw it at any time without affecting prior processing.

Section 4

AI and your personal data

We do not use the content of your Customer Data, Inputs or Outputs to train, fine-tune or improve AI models. The AI features are powered by enterprise services from OpenAI and Anthropic, which under their enterprise and API terms do not train on data submitted through their APIs, and which we have configured for zero data retention so that your data is not retained by them after a request is processed. Within the Service, AI processing of matter data is carried out on your instructions as controller under the DPA. We may use de-identified, aggregated usage statistics (not the content of your Customer Data) to operate and improve the Service.

Section 5

Who we share personal data with

We share personal data with: (a) service providers and sub-processors who help us run the Service (hosting, AI model providers, email, analytics, support, security and payments), under contracts that restrict their use of the data; (b) payment providers (Paystack and/or Stripe) to process payments; (c) professional advisers, auditors and authorities where necessary or required by law; and (d) a successor entity in a merger, acquisition or asset sale, subject to this policy.

We do not sell personal data. A current list of sub-processors is available at largence.com/legal/subprocessors and you may subscribe to change notifications there.

Connections you enable. If you sign in through, or connect, a third-party service you control (such as a single-sign-on, Microsoft, Google, messaging, scheduling, finance, e-signature, or external MCP-server connection), we exchange the information needed to operate that connection (such as authentication and basic profile data) with that provider. That provider is not our sub-processor and processes your data under its own terms and privacy notice, which this policy does not cover. Connections you enable within the Service to handle client or matter data are addressed in the Terms of Service and the DPA, not this policy.

Section 6

International transfers

By default, Largence hosts all customer data in European data centres in Falkenstein, Germany, provided by Hetzner. Enterprise customers who require particular data residency or data sovereignty may instead be hosted on Amazon Web Services in a chosen region (for example, South Africa). We may transfer personal data between the United Kingdom, the European Economic Area, and other countries where we or our sub-processors operate. Where we transfer personal data across borders, we use an appropriate safeguard, such as: an adequacy decision; the UK International Data Transfer Agreement or Addendum; the European Commission Standard Contractual Clauses; or the transfer mechanisms permitted under the Nigeria Data Protection Act 2023.

You can request information about the safeguards we use by contacting us (section 12).

Section 7

How long we keep personal data

We keep personal data only as long as necessary for the purposes in this policy, including to provide the Service, comply with legal, tax and accounting obligations, resolve disputes and enforce our agreements. When data is no longer needed, we delete or anonymise it. Retention of matter data is governed by the DPA and your settings.

Section 8

How we protect personal data

We maintain technical and organisational measures appropriate to the risk, including encryption in transit and at rest, access controls, role-based permissions, logging and monitoring, and staff confidentiality obligations. No system is completely secure, but we work to protect personal data and to detect and respond to incidents. Our security measures are described further in the DPA and at largence.com/security.

Section 9

Your rights

Subject to the applicable law (the UK GDPR / DPA 2018 in the UK, and the Nigeria Data Protection Act 2023 in Nigeria), you have rights to: access your personal data; have it corrected; have it erased; restrict or object to processing; data portability; and withdraw consent. You also have the right to complain to a supervisory authority (section 12).

To exercise your rights, contact us at privacy@largence.com. We will respond within the time required by law. We may need to verify your identity. Where you are exercising rights about matter data we process for a firm, we will direct your request to the relevant firm as controller.

Section 10

Cookies and similar technologies

We use essential cookies to run our websites and Service, and, with your consent, analytics and preference cookies. You can manage non-essential cookies through our cookie banner and your browser settings. See our Cookie Policy for details.

Section 11

Children and students

The Service is for legal professionals and is not directed to children. The Learn tier is for verified students aged 18 or over and legal-aid users. We do not knowingly collect personal data from anyone under 18.

Section 12

Changes, contact and complaints

We may update this policy and will post the updated version with a new effective date; for material changes we will give additional notice where required. Effective date: 30 June 2026.

Contact. For any privacy question, or to exercise your rights, contact our privacy team at privacy@largence.com or by post to Largence Group Ltd, 3 Circus Drive, Cambridge, England, CB4 2BT. Supervisory authorities are listed in the Jurisdiction Annex.

Annex

Annex

Jurisdiction Annex

Nigeria. Processing is subject to the Nigeria Data Protection Act 2023 and subsidiary regulation. The supervisory authority is the Nigeria Data Protection Commission (NDPC) (ndpc.gov.ng). Our Nigerian privacy contact is privacy@largence.com.

England & Wales / United Kingdom. Processing is subject to the UK GDPR and the Data Protection Act 2018. The supervisory authority is the Information Commissioner's Office (ICO) (ico.org.uk). Largence is registered with the ICO under registration reference ZC129015.

Privacy contact

For any privacy question, or to exercise your rights, contact our privacy team at privacy@largence.com or by post to Largence Group Ltd, 3 Circus Drive, Cambridge, England, CB4 2BT. Supervisory authorities are listed in the Jurisdiction Annex.