How we protect your data

KGM Technologies SAS ("KGM", "we", "our") operates the AI-assisted legal workflow platform available at app.kgm-technologies.com. KGM is the data controller within the meaning of the GDPR (Regulation (EU) 2016/679).

• Account: email address, display name, profile picture URL, OAuth provider identifier (Google, Notion), user role.
• Session: session token (stored in an HttpOnly cookie), IP address, browser user-agent string.
• Email verification: one-time passcode (OTP) used for passwordless sign-in; not persisted after use.

Collected during onboarding via an AI-assisted conversation. Fields vary by professional domain:

• All users: first name, last name, job title, working languages, professional domain (vertical).
• Legal professionals: seniority level, legal specialisations, jurisdictions, bar registration number, contract types handled.
• Software professionals: engineering role, tech stack, team name.

• Raw files: PDF, DOCX, and other supported formats. Stored on Scaleway object storage (EU, Paris region).
• Extracted text: plain-text version produced by our OCR pipeline, stored in our database.
• Document embeddings: vector representations (768 dimensions) computed using a local embedding model — no text leaves our servers for this step.
• Pseudonymisation map: when you use the contract-analysis feature, a mapping between detected entities and their placeholders is encrypted and stored. The original entity text is retained encrypted so you can restore it.

• All messages exchanged with the AI assistant, stored per thread.
• Agent state snapshots ("checkpoints") — at most the last 50 per thread by default.

• Per-request token counts (input, output), AI model used, cost estimate, and thread identifier — linked to your account.
• Credit wallet balance and credit transaction history.
• Subscription plan identifiers (Paddle IDs) — planned feature, not yet live.

• Contractual necessity (Art. 6(1)(b) GDPR): processing your identity data, uploaded documents, and conversation history is necessary to provide the service you subscribed to.
• Legitimate interest (Art. 6(1)(f) GDPR): aggregated usage analytics (token counts, feature usage) help us improve the platform and ensure fair billing. We have assessed that this interest is not overridden by your rights.
• Legal obligation (Art. 6(1)(c) GDPR): audit logs may be retained to comply with applicable regulations.

Documents pass through the following steps, in order:

1. OCR (local): text is extracted from your file using our on-premises OCR engine. No data leaves our infrastructure at this step.
2. Optional VLM correction: if enabled, page images are sent to OpenAI or Anthropic to improve extraction quality for complex layouts.
3. Chunking & embedding (local): the extracted text is split into chunks and converted to vector embeddings using a local E5 embedding model. No data is sent externally for this step.
4. Pseudonymisation (local): named entities (persons, organisations, locations, dates, bar numbers, etc.) are detected and replaced with pseudonyms using GLiNER and Presidio — both running entirely on our servers. The pseudonymised text, not the original, is sent to the AI model.
5. AI analysis: pseudonymised or raw text is sent to the configured AI provider (OpenAI or Anthropic) for reasoning, clause analysis, or summarisation.

We use the following third-party processors. Where they process data outside the EU, the legal safeguard is Standard Contractual Clauses (SCCs) under GDPR Art. 46.

• Session tokens: 7 days from creation, or until sign-out.
• Conversation messages & checkpoints: retained until you delete your account. Checkpoints are capped at 50 per thread automatically.
• Uploaded documents: retained until you delete them or your account is closed. Automated expiry is not yet implemented; document deletion is available on request.
• Usage records: retained for accounting and audit purposes for up to 5 years, after which they are deleted or anonymised.
• Account data: deleted within 30 days following a verified erasure request, subject to our legal retention obligations.

Under GDPR you have the following rights:

Access (Art. 15)

You may request a copy of the personal data we hold about you.

Rectification (Art. 16)

You may correct inaccurate data via your profile settings, or by contacting us.

Erasure (Art. 17 — "right to be forgotten")

You may request deletion of your account and associated data. Note: a self-service document deletion endpoint is planned but not yet available; erasure requests can currently be submitted by email.

Data portability (Art. 20)

You may request your data in a structured, machine-readable format.

Restriction of processing (Art. 18)

In certain circumstances you may request that we limit how we use your data.

Objection (Art. 21)

You may object to processing based on legitimate interest.

To exercise any of these rights, contact us at privacy@kgm-technologies.com. We will respond within 30 days.

We use exactly one cookie: better-auth.session_token (or __Secure-better-auth.session_token in production). It is strictly necessary to keep you authenticated. It is HttpOnly, SameSite=Lax, and expires after 7 days.

For full detail see our Cookie Policy.

• Data in transit: TLS 1.2+ for all connections.
• Data at rest: encrypted storage volumes on Scaleway.
• Pseudonymisation maps: encrypted at rest using Fernet symmetric encryption.
• Access controls: role-based access control (RBAC) at application and database level.
• Session management: HttpOnly, short-lived session cookies; no tokens in localStorage.

For any privacy-related questions or to exercise your rights: privacy@kgm-technologies.com

We may update this policy from time to time. When we make material changes, we will notify you by email and update the "Last updated" date at the top of this page. Continued use of the service after the effective date constitutes acceptance of the revised policy.