Lacuna Lex — Auditoria Jurídica Adversarial
PT/EN
Talk to us

LEGAL · LGPD

Privacy Policy

Last updated: June 2026 · beta version

⚠️ Preliminary document (beta), pending final legal review. Brazil's LGPD (Law 13.709/2018) is the guiding principle of the product — this policy reflects architecture decisions already made and will be formalized by a Data Protection Officer (DPO) before commercial launch.

1. Who processes the data

Lacuna Lex (Lacuna). To exercise your rights or ask questions, use our contact form.

2. Data we process

(a) Account: name and email. (b) Case content: the text extracted from the case file submitted by the lawyer — we do not store the original PDF, only the encrypted text. (c) Anonymous technical metadata (page count, tokens, duration, etc.), with no identifiable content.

3. Purpose and legal bases

Case content is processed to perform the contracted analysis (performance of contract). Any use beyond that — such as system learning — depends on the firm's opt-in consent, always over anonymized data.

4. The "brain" receives no client content

The learning component of Lacuna Lex receives only anonymous technical metadata. Client case content is never used for training without anonymization and explicit consent.

5. Sharing and international transfer

To produce the analysis, case text is processed by AI model providers, some located abroad — which constitutes an international data transfer (Art. 33 of the LGPD). We apply safeguards: no-retention, no-training endpoints and data processing agreements. Cases under judicial secrecy receive isolated treatment, processed in a regional environment.

6. Retention and deletion

On cancellation or default, the client's database is automatically deleted after 90 days. Before that, the client can export and delete their data at any time.

7. Your rights (Art. 18 of the LGPD)

You may request confirmation, access, correction, portability/export, deletion, and revoke consent. In the app, export and deletion are self-service, with password and MFA. Requests can also be made through our contact form.

8. Security

Encryption at rest, per-client isolation, mandatory MFA (authenticator app), access control and an audit trail.

9. Cookies and analytics

We use cookieless analytics. We do not track you for advertising.

10. Changes

This policy may be updated; the current version always lives here. The DPO and a formal request channel will be published before commercial launch.