← Back to Home

Privacy Policy

Last Updated: March 1, 2026

1. Introduction

Welcome to Kesi ("we," "our," or "us"). We are committed to protecting your privacy and ensuring the security of your personal information and legal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our legal SaaS platform (the "Service").

By using our Service, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our Service.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

  • Name and contact information (email address, phone number)
  • Professional information (law firm name, bar number, practice areas)
  • Billing and payment information (processed securely through third-party payment processors)
  • Account credentials (encrypted passwords)

2.2 Legal Data and Documents

Our Service is designed with end-to-end encryption, which means:

  • All case documents, client information, and legal data are encrypted before being stored
  • We cannot access, read, or view your encrypted legal documents or data
  • Only you and authorized users within your organization can decrypt and access your data
  • We do not have visibility into the contents of your documents, cases, or client information

2.3 Usage Information

We collect technical information about how you use our Service:

  • Log data (IP address, browser type, device information)
  • Usage patterns and feature interactions (without accessing document contents)
  • Performance and error logs
  • Authentication and access logs

2.4 Cookies and Tracking Technologies

We use cookies and similar tracking technologies to:

  • Maintain your session and authentication state
  • Remember your preferences and settings
  • Analyze Service usage patterns (aggregated and anonymized)
  • Improve Service performance and user experience

You can control cookie preferences through your browser settings.

3. How We Use Your Information

3.1 Service Provision

We use your information to:

  • Provide, maintain, and improve our Service
  • Process transactions and manage your account
  • Send you service-related communications (notifications, updates, security alerts)
  • Respond to your inquiries and provide customer support
  • Enforce our Terms of Service and prevent fraud or abuse

3.2 What We Do NOT Do

We want to be absolutely clear about what we do NOT do with your data:

  • We do NOT use your documents or legal data for AI training. Your case documents, client information, and legal data are never used to train artificial intelligence models, machine learning algorithms, or any automated systems.
  • We do NOT have visibility into your encrypted data. Due to our end-to-end encryption architecture, we cannot read, access, or view the contents of your legal documents or case information.
  • We do NOT sell your data. We never sell, rent, or trade your personal information or legal data to third parties.
  • We do NOT use your data for advertising. We do not use your information to serve targeted advertisements or share it with advertising networks.

4. Data Security

4.1 End-to-End Encryption

Our Service employs industry-standard end-to-end encryption (E2EE) to protect your data:

  • All legal documents and case data are encrypted on your device before transmission
  • Data remains encrypted while stored on our servers
  • Only authorized users with the correct decryption keys can access the data
  • We use AES-256 encryption for data at rest and TLS 1.3 for data in transit

4.2 Security Measures

We implement comprehensive security measures including:

  • Regular security audits and penetration testing
  • Access controls and authentication mechanisms
  • Network security and intrusion detection systems
  • Secure data centers with physical security controls
  • Employee training on data protection and security best practices
  • Incident response and breach notification procedures

4.3 Your Responsibility

While we implement strong security measures, you are responsible for:

  • Maintaining the confidentiality of your account credentials
  • Using strong, unique passwords
  • Enabling two-factor authentication when available
  • Not sharing your account access with unauthorized individuals
  • Promptly notifying us of any suspected security breaches

5. Data Sharing and Disclosure

We do not sell, rent, or trade your personal information or legal data. We may share information only in the following limited circumstances:

5.1 Service Providers

We may share information with trusted third-party service providers who assist us in operating our Service, such as:

  • Cloud hosting and infrastructure providers (who cannot access your encrypted data)
  • Payment processors (for billing and transaction processing)
  • Email service providers (for sending service-related communications)
  • Customer support and analytics tools (with strict data protection agreements)

All service providers are contractually obligated to protect your information and use it only for the purposes we specify.

5.2 Legal Requirements

We may disclose information if required by law, court order, or governmental authority, including:

  • Compliance with legal obligations or court orders
  • Protection of our rights, property, or safety
  • Prevention of fraud or illegal activities
  • Response to government requests (subject to legal review)

Due to our end-to-end encryption, we may not be able to provide access to encrypted legal documents even if legally required, as we do not have the decryption keys.

5.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred. We will notify you of any such change and ensure the acquiring entity agrees to protect your information in accordance with this Privacy Policy.

6. Your Rights Under GDPR

If you are located in the European Economic Area (EEA) or United Kingdom, you have the following rights under the General Data Protection Regulation (GDPR):

6.1 Right of Access

You have the right to request access to your personal information and receive a copy of the data we hold about you.

6.2 Right to Rectification

You can request correction of inaccurate or incomplete personal information.

6.3 Right to Erasure ("Right to be Forgotten")

You can request deletion of your personal information when:

  • The data is no longer necessary for the original purpose
  • You withdraw consent (where processing is based on consent)
  • You object to processing and there are no overriding legitimate grounds
  • The data has been unlawfully processed

Note: Due to end-to-end encryption, you will need to provide your decryption keys or authorize deletion through your account to remove encrypted legal documents.

6.4 Right to Restrict Processing

You can request that we limit how we use your personal information in certain circumstances.

6.5 Right to Data Portability

You have the right to receive your personal information in a structured, commonly used, and machine-readable format and to transmit that data to another service provider.

6.6 Right to Object

You can object to processing of your personal information for direct marketing purposes or based on legitimate interests.

6.7 Right to Withdraw Consent

Where processing is based on consent, you have the right to withdraw consent at any time without affecting the lawfulness of processing based on consent before withdrawal.

6.8 Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority in your country if you believe we have violated your data protection rights.

To exercise any of these rights, please contact us at legal@kesihq.com. We will respond to your request within 30 days.

7. Data Retention

We retain your information for as long as necessary to:

  • Provide our Service to you
  • Comply with legal obligations
  • Resolve disputes and enforce agreements
  • Maintain security and prevent fraud

When you delete your account, we will:

  • Delete your personal information within 30 days
  • Delete encrypted legal documents (you must authorize this through your account)
  • Retain certain information as required by law (e.g., billing records for tax purposes)

You can request deletion of your data at any time by contacting us or using account deletion features in the Service.

8. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. We ensure that:

  • Data transfers comply with applicable data protection laws
  • Appropriate safeguards are in place (e.g., Standard Contractual Clauses for GDPR)
  • Data remains encrypted during transfer and storage
  • We maintain the same level of data protection regardless of location

9. Children's Privacy

Our Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately, and we will take steps to delete such information.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

  • Posting the updated policy on this page
  • Updating the "Last Updated" date
  • Sending you an email notification (for significant changes)
  • Displaying a notice in the Service

Your continued use of the Service after changes become effective constitutes acceptance of the updated Privacy Policy.

11. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Kesi Privacy Team

Email: legal@kesihq.com

Data Protection Officer: legal@kesihq.com

This Privacy Policy is effective as of the date listed above and applies to all users of the Kesi Service.