Privacy Policy | legal.org.ua

Last Updated: January 24, 2026

Introduction

This Privacy Policy governs the collection, processing, and protection of personal data by legal.org.ua ("Platform," "we," "our," or "us") in connection with Google OAuth 2.0 authentication services.

Our Platform provides semantic legal analysis tools, court case research capabilities, and parliamentary data access services for legal professionals and researchers working within the Ukrainian legal system.

Legal Basis

Our data processing activities are conducted in accordance with:

The Law of Ukraine "On Protection of Personal Data" (No. 2297-VI)
General Data Protection Regulation (GDPR) where applicable
Google API Services User Data Policy
Google OAuth 2.0 Limited Use requirements

Data We Collect

When you authenticate using Google OAuth 2.0, we collect:

Profile Information:

Full name as registered with your Google Account
Profile photograph URL (if publicly available)
Preferred language and locale settings

Authentication Credentials:

Email address associated with your Google Account
Unique Google Account identifier (OAuth subject ID)
OAuth access tokens and refresh tokens (stored in encrypted form)

Session Metadata:

Timestamp of authentication events
IP address and user agent string for security monitoring
Geographic location inferred from IP address (country-level only)

We do not collect:

Google Account passwords or credentials
Email content, attachments, or correspondence
Google Drive files, documents, or metadata
Google Calendar events or scheduling information
Contacts, address books, or social graph data

How We Use Your Data

We process collected data for:

Authentication: Verifying user identity through secure OAuth flows
Account Management: Creating and maintaining user profiles
Service Delivery: Providing personalized legal research recommendations
Communication: Delivering service-related notifications and updates
Security: Detecting and preventing fraudulent authentication attempts

Data Sharing

We do not sell, rent, or commercially exploit your personal data under any circumstances.

We may share minimal necessary data with trusted technical service providers (cloud hosting, security services) operating under strict data processing agreements. We may also disclose data when legally required by competent Ukrainian authorities.

Data Security

We implement industry-standard security controls:

TLS 1.3 for all data transmission
AES-256 encryption for data at rest
Multi-factor authentication for administrative accounts
Regular security audits and penetration testing

Data Retention

Active accounts: Data retained while account remains active
Inactive accounts: Data deleted after 24 months of inactivity
Account deletion: Processed within 30 days of request

Your Rights

You have the right to:

Access your personal data
Rectify inaccurate information
Request deletion of your data
Restrict processing of your data
Object to processing based on legitimate interests
Revoke OAuth authorization at any time via Google Account Settings

Google API Compliance

Our use of information received from Google APIs adheres strictly to the Google API Services User Data Policy, including Limited Use requirements. We request only essential OAuth scopes:

openid - Basic authentication
profile - Name and profile photo
email - Email address for account management

Children's Privacy

Our Platform is designed exclusively for legal professionals and adults. We do not knowingly collect personal data from individuals under 18 years of age.

Contact Information

For questions or requests related to this Privacy Policy:

Email: hello@legal.org.ua

You have the right to lodge a complaint with the Ukrainian Parliament Commissioner for Human Rights if you believe our data processing violates applicable law.