This Privacy Policy explains how Largence Group Ltd (Largence, we, us) collects and uses personal data when you visit our websites, create or manage an account, subscribe to or use the Service, or contact us. It applies where we act as the data controller.
Legal
Privacy Policy
How Largence handles personal data for which it is the controller
This policy explains how Largence Group Ltd collects, uses, stores, and protects personal data when we act as the data controller for accounts, billing, website visitors, and Service users.
Entity
Largence Group Ltd
Company no.
16633893
Registered office
3 Circus Drive, Cambridge, England, CB4 2BT
Effective
30 June 2026
Section 1
Who we are and what this policy covers
What this policy does not cover. When you use the Service to handle your own clients' and matters' information, you (the law firm, chambers or organisation) are the controller of that data and Largence is your processor. Our handling of that data is governed by the DPA and your instructions, not by this policy. This policy also does not cover third-party websites or services we link to.
Our contact details and supervisory authorities are in section 12 and the Jurisdiction Annex.
Section 2
The personal data we collect
Account and profile data — name, work email, phone, organisation, role/profession, professional details, language and jurisdiction preferences, and login credentials.
Billing data — billing name and address, plan, transaction history, and limited payment-method details processed by our payment providers (we do not store full card numbers).
Usage and device data — log data, IP address, device and browser information, pages and features used, and similar technical data, including via cookies and similar technologies.
Communications and support data — messages, support tickets, survey responses, and call/meeting records where applicable.
Marketing data — preferences and engagement with our communications and events. Eligibility data — for the Learn tier, information used to verify student or legal-aid status.
We collect this data from you directly, automatically through your use of our websites and Service, and from limited third parties (such as our payment providers, security and anti-fraud providers, and verification or marketing partners).
Section 3
How we use personal data, and our lawful bases
We use personal data to operate accounts, provide and secure the Service, take payment, provide support, communicate with you, comply with law, and to develop and improve our websites and Service (using usage data, not the content of your Customer Data).
We rely on the following lawful bases under the UK GDPR and the equivalent provisions of the Nigeria Data Protection Act 2023:
| Purpose | Lawful basis |
|---|---|
| Provide the Service; manage your account; take payment | Performance of a contract with you (or steps before entering one) |
| Secure the Service; prevent fraud and abuse; improve and develop the Service (usage data) | Our legitimate interests (kept in balance with your rights) |
| Send service and transactional messages | Performance of a contract / legitimate interests |
| Send marketing; set non-essential cookies | Your consent (which you may withdraw at any time) |
| Comply with legal, tax, accounting and regulatory obligations | Legal obligation |
| Verify Learn-tier eligibility | Consent / legitimate interests |
Where we rely on legitimate interests, you may object (section 9). Where we rely on consent, you may withdraw it at any time without affecting prior processing.
Section 4
AI and your personal data
We do not use the content of your Customer Data, Inputs or Outputs to train, fine-tune or improve AI models. The AI features are powered by enterprise services from OpenAI and Anthropic, which under their enterprise and API terms do not train on data submitted through their APIs, and which we have configured for zero data retention so that your data is not retained by them after a request is processed. Within the Service, AI processing of matter data is carried out on your instructions as controller under the DPA. We may use de-identified, aggregated usage statistics (not the content of your Customer Data) to operate and improve the Service.
Section 6
International transfers
By default, Largence hosts all customer data in European data centres in Falkenstein, Germany, provided by Hetzner. Enterprise customers who require particular data residency or data sovereignty may instead be hosted on Amazon Web Services in a chosen region (for example, South Africa). We may transfer personal data between the United Kingdom, the European Economic Area, and other countries where we or our sub-processors operate. Where we transfer personal data across borders, we use an appropriate safeguard, such as: an adequacy decision; the UK International Data Transfer Agreement or Addendum; the European Commission Standard Contractual Clauses; or the transfer mechanisms permitted under the Nigeria Data Protection Act 2023.
You can request information about the safeguards we use by contacting us (section 12).
Section 7
How long we keep personal data
We keep personal data only as long as necessary for the purposes in this policy, including to provide the Service, comply with legal, tax and accounting obligations, resolve disputes and enforce our agreements. When data is no longer needed, we delete or anonymise it. Retention of matter data is governed by the DPA and your settings.
Section 8
How we protect personal data
We maintain technical and organisational measures appropriate to the risk, including encryption in transit and at rest, access controls, role-based permissions, logging and monitoring, and staff confidentiality obligations. No system is completely secure, but we work to protect personal data and to detect and respond to incidents. Our security measures are described further in the DPA and at largence.com/security.
Section 9
Your rights
Subject to the applicable law (the UK GDPR / DPA 2018 in the UK, and the Nigeria Data Protection Act 2023 in Nigeria), you have rights to: access your personal data; have it corrected; have it erased; restrict or object to processing; data portability; and withdraw consent. You also have the right to complain to a supervisory authority (section 12).
To exercise your rights, contact us at privacy@largence.com. We will respond within the time required by law. We may need to verify your identity. Where you are exercising rights about matter data we process for a firm, we will direct your request to the relevant firm as controller.
Section 11
Children and students
The Service is for legal professionals and is not directed to children. The Learn tier is for verified students aged 18 or over and legal-aid users. We do not knowingly collect personal data from anyone under 18.
Section 12
Changes, contact and complaints
We may update this policy and will post the updated version with a new effective date; for material changes we will give additional notice where required. Effective date: 30 June 2026.
Contact. For any privacy question, or to exercise your rights, contact our privacy team at privacy@largence.com or by post to Largence Group Ltd, 3 Circus Drive, Cambridge, England, CB4 2BT. Supervisory authorities are listed in the Jurisdiction Annex.
Annex
AnnexJurisdiction Annex
Nigeria. Processing is subject to the Nigeria Data Protection Act 2023 and subsidiary regulation. The supervisory authority is the Nigeria Data Protection Commission (NDPC) (ndpc.gov.ng). Our Nigerian privacy contact is privacy@largence.com.
England & Wales / United Kingdom. Processing is subject to the UK GDPR and the Data Protection Act 2018. The supervisory authority is the Information Commissioner's Office (ICO) (ico.org.uk). Largence is registered with the ICO under registration reference ZC129015.
Privacy contact
For any privacy question, or to exercise your rights, contact our privacy team at privacy@largence.com or by post to Largence Group Ltd, 3 Circus Drive, Cambridge, England, CB4 2BT. Supervisory authorities are listed in the Jurisdiction Annex.