Privacy Policy
Privacy policy for Lua Legal.
LUA LEGAL CORPORATION PRIVACY POLICY
Last Updated: July 2025
This Privacy Policy for Lua Legal Corporation doing business as Lua Legal and Lua (“Lua Legal”, “Lua”, "we," "us," or "our"), describes how and why we might access, collect, store, use, and/or share ("process") your personal information when you use our services ("Services"), including when you:
- Visit our Website at https://lualegal.ai or any website of ours that links to this Privacy Policy
- Use Lua. A legal communications application on web, computer, and mobile (the “App”) that enables active direct-to-client communications, and passive administrative tracking and updates. These include general and voice AI for inbound and outbound communications, as well as general programmatic and AI use for note taking, database updates, calendar management, referral matching, client and law firm portals, and integrations with existing legal technology software.
- Engage with us in other related ways, including any sales, marketing, or events
This Privacy Policy is incorporated by reference into the Lua Legal Corporation Terms of Service. Any capitalized terms used in this Privacy Policy but not defined herein shall have the meaning ascribed to them in the Terms of Service. Your use of our Services is subject to both this Privacy Policy and the Terms of Service. Before accessing or using the Lua Legal Service, please ensure that you have read and understood our collection, storage, use and disclosure of your personal information as described in this Privacy Policy. By accessing or using the Lua Legal Service, you are accepting and consenting to the practices described in this Privacy Policy. Questions or concerns? Reading this Privacy Policy will help you understand your privacy rights and choices. We are responsible for making decisions about how your personal information is processed. If you do not agree with our policies and practices, please do not use our Services. If you still have any questions or concerns, please contact us at support@lualegal.ai.
TABLE OF CONTENTS
- OUR APPROACH TO PRIVACY
- PERSONAL INFORMATION WE COLLECT ABOUT YOU AND HOW WE USE IT
- DISCLOSURE OF YOUR PERSONAL INFORMATION
- MARKETING AND ADVERTISING
- STORING AND TRANSFERRING YOUR PERSONAL INFORMATION
- OUR USE OF ARTIFICIAL INTELLIGENCE-BASED PRODUCTS
- RETAINING YOUR INFORMATION
- REFERRAL PROGRAM
- YOUR RIGHTS IN RESPECT OF YOUR PERSONAL INFORMATION
- COOKIES AND SIMILAR TECHNOLOGIES
- LINKS TO THIRD PARTY SITES
- OUR POLICY TOWARDS CHILDREN
- CHANGES TO THIS POLICY
- NOTICE TO YOU
- CALIFORNIA USERS AND RESIDENTS
- CONTACT US
EXHIBIT 1 - PERSONAL INFORMATION WE COLLECT
EXHIBIT 2 - PERSONAL INFORMATION WE COLLECT AUTOMATICALLY
1. OUR APPROACH TO PRIVACY
A. Role as a Data Custodian & ABA Compliance.
Lua Legal is committed to protecting your privacy and the data you own. We understand that as a legal professional, you have stringent ethical obligations regarding client data and technology. We have designed our Services with these duties in mind and acknowledge our role as a data custodian for the information you entrust to us. Our platform is built to help you meet your professional responsibilities, including those outlined in the American Bar Association (ABA) Model Rules of Professional Conduct.
B. Handling of Client Data.
We acknowledge that when you use certain features of the Service, you entrust us with your Confidential Information, including information relating to the representation of your clients that is protected by professional rules of conduct ("Client Data"). We agree to maintain the confidentiality of this Client Data with at least the same degree of care that you are required to maintain under the applicable rules of professional conduct and to use such Client Data solely for the purpose of providing the Service to you.
To these ends, Lua Legal will ensure that Client Data is stored in accordance with information security best practices and is encrypted during storage. Unless you provide consent in a separate data agreement, we will never view Client Data while we provide you with the Service, and we will never use Client Data for training, fine-tuning, or improving the Service.
2. PERSONAL INFORMATION WE COLLECT ABOUT YOU AND HOW WE USE IT
A. Information You Give to Us.
We collect personal information about you when you voluntarily submit information directly to us by filling in forms on our Website or by corresponding with us by phone, email or other means. This includes information you provide when you register to use our Website, subscribe and use the Lua Legal Service, or enter a competition, promotion or survey and when you report a problem with our Website, or use some other feature of the Lua Legal Service as available from time to time.
The personal information that we collect depends on the context of your interactions with us and the Services, the choices you make, and the products and features you use. Examples of information types that depend on how you utilize the service include the following:
“Authorized User” information, including partners, members, employees, temporary employees, and independent contractors of an organization with a subscription to the Service. This information is required to provide the Service to Subscribers.
“Registered Client” information, meaning an individual who has been invited to use the client-facing features of the Service. This information will be collected only if a Subscriber utilizes client-facing features of the Service, and Clients accept the Terms of Service.
“Content” which includes any information you upload to the Service. This may include Sensitive Information that will be processed to provide the Service, or less critical information like Submissions by you to improve the Service.
“Client Data” which is Confidential Information, including information relating to the representation of your clients that is protected by professional rules of conduct. It is a specific subcategory of Content that we hold in the strictest confidence to provide the Service.
The personal information we collect within any of these information types may include names, email addresses, phone numbers, mailing addresses, job titles, usernames, passwords, contact preferences, and contact or authentication data.
When necessary, with your consent or as otherwise permitted by applicable law, we may process Client Data related to your cases, including case notes and recordings. We use Client Data solely for the purpose of providing the Service to you, and only with your consent.
We will never use Client Data for training, fine-tuning, or improving the Service. We encrypt all Client Data during storage and will never view this information in order to provide you with the Service.
To maintain our Service Level Agreements, we may need your permission to access your application environment and view sensitive data, we will never do so without your express consent. By default, this consent is not given by agreeing to this Terms of Service or our Privacy Policy. However, you may give us this consent without the need for a separate data agreement when discrete service issues arise. To ensure the protection of your data, we assume this consent is automatically withdrawn once the discrete service issue has been addressed.
Exhibit 1 lays out the categories of personal information you provide to us and that we receive from other sources and how we use it. Exhibit 2 sets out the categories of personal information we collect about you automatically and how we use it.
B. Opting Out of Our Use of Your Data.
If you choose not to provide personal information, we may not be able to provide the Lua Legal Service to you or respond to your other requests. However, we believe in giving you the power to decide how your data is used. To opt out of specific features, please contact us at support@lualegal.ai so we can work with you to help deliver the best Service for you.
C. Information We Receive from Other Sources.
We may receive personal information about you from individuals or corporate entities which are subscribers to the Lua Legal Service ("Subscribers") where you are to be designated a user of the Lua Legal Service. We may receive personal information about you if you use any of the other websites we operate or the other services we provide from time to time. We also work closely with third parties (including, for example, subcontractors in technical, payment and delivery services, advertising networks, analytics providers, search information providers, credit reference agencies) and may receive information about you from them, subject to your agreements with them.
D. Automatic Collection of Personal Information.
We also automatically collect personal information about you indirectly about how you access and use the Lua Legal Service and information about the device you use to access the Lua Legal Service.
We may link or combine the personal information we collect and/or receive about you and the information we collect automatically. This allows us to provide you with a personalized experience regardless of how you interact with us.
E. Anonymization of Data.
We may anonymize and aggregate any of the personal information we collect (so that it does not identify you). We may use anonymized information for purposes that include testing our IT systems, research, data analysis, improving the Lua Legal Service and developing new products and features.
3. DISCLOSURE OF YOUR PERSONAL INFORMATION
A. Disclosure to Third Party Vendors and Hosting Partners.
We may share your personal information with any member of our group, which includes our subsidiaries. We will not share your personal information with any third parties except as described in this Privacy Policy or in connection with the Service. We may share your information with selected third parties, including:
- Business partners, vendors, suppliers, and subcontractors who provide the necessary hardware, software, networking, storage, and related technology required to run the Service. (these companies are authorized to use your personal information only as necessary to provide these services to us and are contractually obligated to hold Content in strict confidence);
- Analytics and search engine providers that assist us in the improvement and optimization of our Website;
- Credit reference agencies for the purpose of assessing your credit score where this is a condition of us entering into a contract with you;
- Payment processors for the purpose of fulfilling relevant payment transactions;
B. Legal Compliance.
In certain situations, we may be required to disclose personal information in response to lawful requests by public authorities, including to meet law enforcement requirements.
We may disclose personal information in order to comply with any legal obligation, or in order to enforce or apply our terms and conditions of service and other agreements; or to protect the rights, property, or safety of Lua Legal, our customers, or others. This includes exchanging information with other companies and organizations for the purposes of fraud protection and credit risk reduction.
C. Testimonials.
With consent, we may display personal testimonials of satisfied customers on our site, along with other endorsements. If you wish to update or delete your testimonial, you can contact us at support@lualegal.ai.
D. Business Transfers.
We may disclose personal information to third parties in connection with a business transaction. Personal information may be disclosed to third parties in connection with a transaction, such as a merger, sale of assets or shares, reorganization, financing, change of control or acquisition of all or a portion of our business. If we are involved in a merger, acquisition, or sale of all or a portion of its assets, you will be notified via email and/or a prominent notice on our Website of any change in ownership that impacts the use of your personal information, as well as any choices you may have regarding your personal information.
4. MARKETING AND ADVERTISING
A. Marketing Communications.
From time to time we may contact you with relevant information about the Lua Legal Service and our other products and services. Most messages will be sent electronically. For some messages, we may use personal information we collect about you to help us determine the most relevant information to share with you.
B. Opting Out.
If you do not want to receive such messages from us, you will be able to tell us by selecting certain boxes on forms we use when we first collect your contact details. You can also change your marketing preferences at any time by following the unsubscribe link at the bottom of our emails, or by replying to SMS messages with “STOP”.
5. STORING AND TRANSFERRING YOUR PERSONAL INFORMATION
A. Security.
Lua Legal has implemented administrative, technical, and physical safeguards to protect its and its customers' information. We recognize that as a legal professional, you have stringent ethical obligations regarding client data and technology. We have designed our Services with these duties in mind and acknowledge our role as a data custodian for the information you entrust to us. Our platform is built to help you meet your professional responsibilities, including those outlined in the American Bar Association (ABA) Model Rules of Professional Conduct. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our Service, you are responsible for keeping this password confidential. Subscribers should not share their password with anyone.
While no transmission of information via the internet is completely secure, we take reasonable measures to protect your personal information. We cannot guarantee the security of your personal information transmitted to our Website; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorized access, including encrypting and never viewing or training on Client Data that we store.
B. International Transfers of Your Personal Information.
Our Services are hosted in the United States. If you access the Services from any other region of the world with laws or other requirements governing personal data collection, use, or disclosure that differ from applicable laws in the United States, then through your continued use of the Services, you are transferring your data to the United States, and you expressly consent to have your data transferred to and processed in the United States.
If you wish to inquire further about these safeguards used, please contact us using the details set out at the end of this policy.
6. OUR USE OF ARTIFICIAL INTELLIGENCE-BASED PRODUCTS
As part of our Services, we offer products, features, or tools powered by artificial intelligence, machine learning, or similar technologies (collectively, "AI Products"). These tools are designed to enhance your experience and provide you with innovative solutions. The terms in this Privacy Policy govern your use of the AI Products within our Services.
We will never use Client Data for training, fine-tuning, or improving our Service, unless you provide explicit consent in a separate data agreement.
A. Use of AI Technologies.
We provide the AI Products through third-party service providers ("AI Service Providers"), including but not limited to Google Cloud AI, Anthropic, OpenAI and Amazon Web Services (AWS) AI. As outlined in this Privacy Policy, your input, output, and personal information will be shared with and processed by these AI Service Providers to enable your use of our AI Products for purposes of providing the Service.
These companies have limited access to your information, may use your information only to perform agreed tasks, and are prohibited from disclosing or using your information for other purposes.
You must not use the AI Products in any way that violates the terms or policies of any AI Service Provider.
B. Our AI Products.
Our AI Products are designed for improving the Service through: AI applications, AI development, AI predictive analytics, AI insights, AI search, natural language processing, and text analysis.
C. How We Process Your Data Using AI.
All personal information processed using our AI Products is handled in line with our Privacy Policy and our agreement with third parties.
D. How to Opt Out.
Many of the features provided by the Service require the use of AI to function, however, we believe in giving you the power to decide how your data is used. To opt out of specific features, please contact us at support@lualegal.ai so we can work with you to help deliver the best Service for you.
7. RETAINING YOUR INFORMATION
A. Length of Retention
We will only retain your personal information for as long as necessary to fulfill the purposes we collected it for, including for the purposes of our legitimate business interests and satisfying any legal or reporting requirements (such as tax, accounting, or other legal requirements). Following any cancellation or termination of Service, Subscriber shall have ninety (90) days to retrieve any and all Content. After this period, all Content associated with such subscription will be irrevocably deleted from the Service.
To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure of your personal information, the purposes for which we process your personal information and the applicable legal requirements.
8. REFERRAL PROGRAM
A. your Disclosure of Referral Information.
We operate a referral program for our Service; you may choose to provide us with names and email addresses of individuals who you feel would be interested in learning more about our products and services in exchange for rewards. We will store the contact details in order to track the success of our referral service. The referred individual may request that their contact details be removed from our database and they may also contact us at any time at support@lualegal.ai to make the request.
B. Your Obligations when Referring.
Where you provide us with names and email addresses of such individuals as set out above, you will obtain the prior consent of those individuals and provide them with the information as to how we handle their personal information as described in this Privacy Policy.
9. YOUR RIGHTS IN RESPECT OF YOUR PERSONAL INFORMATION
A. Your Rights.
In accordance with applicable privacy law, you have the following rights in respect of your personal information that we hold:
- Right of access and portability. The right to obtain access to your personal information along with certain information, and to receive that personal information in a commonly used format and to have it ported to another data controller or custodian.
- Right to rectification. The right to obtain rectification of your personal information without undue delay where that personal information is inaccurate or incomplete.
- Right to erasure. The right to obtain the erasure of your personal information without undue delay in certain circumstances, such as where the personal information is no longer necessary in relation to the purposes for which it was collected or processed.
- Right to restriction. The right to obtain the restriction of the processing undertaken by us on your personal information in certain circumstances, such as where the accuracy of the personal information is contested by you or the sale of your personal information for a period enabling us to verify the accuracy of that personal information.
- Right to object. The right to object, on grounds relating to your particular situation, to the processing of your personal information, and to object to the processing of your personal information for direct marketing purposes, to the extent it is related to such direct marketing.
- Right to non-discrimination. The right to non-discrimination for exercising your rights as outlined in this policy. This includes, but is not limited to, denying you goods or services, charging you different prices for similar services, or providing a different level or quality of service.
B. Exercising Your Rights.
If you wish to exercise any of these rights, you may do so by contacting us at support@lualegal.ai. Upon request, we will provide you with information about whether we hold any of your personal information. We may request that you verify your identity prior to transferring personal information. You may also access, correct or request deletion of your personal information by logging into your Lua Legal Service account. We will respond to your request within 30 days.
C. Sale of Data.
Lua Legal does not sell personal information shared by you. Lua Legal has not sold personal information shared by you in the 12 months preceding the modification date for this policy. All use of personal information is done for the delivery, use, and improvement of the Service.
10. COOKIES AND SIMILAR TECHNOLOGIES
A. Cookies We Collect.
Our Service uses cookies and similar technologies (collectively referred to as cookies) to distinguish you from other users of our Service. This helps us to provide you with good service. This helps us enhance and personalize your user experience, to monitor and improve our Website and services, and for other internal purposes. As is true of most websites, we gather certain information automatically.
We use the following types of cookies:
- Strictly necessary cookies. These cookies are required for the essential operation of our Service such as to authenticate you and prevent fraudulent use.
- Analytical/performance cookies. These cookies allow us to recognize and count the number of visitors and to see how visitors move around our Service when they are using it. This helps us to improve the way our Service works, for example, by ensuring that you can find information easily.
- Functionality cookies. These cookies are used to recognize you when you return to our Service. This enables us to personalize our content for you, greet you by name and remember your preferences (for example, your choice of language or region).
B. Third Parties.
Please note that third parties (including, for example, advertising networks and providers of external services like web traffic analysis services) may also use cookies, over which we have no control. These cookies are likely to be analytical/performance cookies or targeting cookies.
C. Our Advertisements on Other Sites.
We partner with third parties to manage our advertising on other sites. Our third party partners may use technologies such as cookies to gather information about your activities on this Website and other sites in order to provide you advertising based upon your browsing activities and interests.
D. How to Disable Cookies.
You block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including strictly necessary cookies) you may not be able to access all or parts of our site.
11. LINKS TO THIRD PARTY SITES
The Lua Legal Service may, from time to time, contain links to and from third party websites. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for their policies. Please check the individual policies before you submit any information to those websites.
Some of the pages on our Website may utilize framing techniques to serve content to/from our partners while preserving the look and feel of our Website. Please be aware that you are providing your personal information to these third parties and not to Lua Legal.
12. OUR POLICY TOWARDS CHILDREN
The Lua Legal Service is not directed at persons under 18 and we do not intend to collect personal information from children under 18 in our capacity as a controller and custodian. If you become aware that a child has provided us with personal information without appropriate consent, then please contact us using the details below so that we can take the appropriate steps in accordance with our legal obligations and this Privacy Policy.
13. CHANGES TO THIS POLICY
We may update this Privacy Policy from time to time and so you should review this page periodically. When we change this Privacy Policy in a material way, we will update the “last modified" date at the end of this Privacy Policy. We will provide you with prior notice of any scheduled changes to this Privacy Policy. The modified Legal Terms will become effective upon posting or notifying you by outreach@lualegal.ai, as stated in the email message. By continuing to use the Service after the effective date of any changes, you agree to be bound by the modified terms.
14. NOTICE TO YOU
If we need to provide you with information about something, whether for legal, marketing or other business-related purposes, we will select what we believe is the best way to get in contact with you. We will usually do this through email or by placing a notice on our Website. The fact that we may send notices to you will not stop you from being able to opt out of certain types of contact as described in this Privacy Policy.
15. CALIFORNIA USERS AND RESIDENTS
If any complaint with us is not satisfactorily resolved, you can contact the Complaint Assistance Unit of the Division of Consumer Services of the California Department of Consumer Affairs in writing at 1625 North Market Blvd., Suite N 112, Sacramento, California 95834 or by telephone at (800) 952-5210 or (916) 445-1254.
16. CONTACT US
Regardless of your location, any questions, comments, and requests regarding this Privacy Policy are welcome and should be addressed to us at support@lualegal.ai. Communication can also be addressed to:
Lua Legal Corporation
49 Belmont St, Unit 2
Somerville, MA 02143
United States of America
Phone:+1 (858) 774-1149
EXHIBIT 1 - PERSONAL INFORMATION WE COLLECT
| Category of Personal Information | Examples | How we use it | Legal basis for processing | Retention Policy |
|---|---|---|---|---|
Identifiers | Contact information and basic personal details. Such as your real name, alias, phone number, postal address, location, unique personal identifier, online identifier, account name, IP address, e-mail address and where applicable, professional details such as your title and employer. | We use this information to communicate with you, including sending statements, news, Service alerts and marketing communication. We also use this information to operate, maintain and provide to you the features and functionality of the Service. | The processing is necessary for our legitimate interests, namely for marketing purposes, providing the Service, and communicating with you effectively and responding to your queries. | As long as you have an account with us. |
Personal information as defined in the California Customer Records statute | Name, contact information, education, employment, employment history, and financial information. | We use this information to communicate with you, including sending statements, news, Service alerts and marketing communication. We also use this information to operate, maintain and provide to you the features and functionality of the Service. | The processing is necessary for our legitimate interests, namely for marketing purposes, providing the Service, and communicating with you effectively and responding to your queries. | As long as you have an account with us. |
Protected classification characteristics under state or federal law | Gender, age, date of birth, race and ethnicity, national origin, marital status, and other demographic data. | We use this information to operate, maintain and provide to you the features and functionality of the Service. Including case notes synthesis and organization, as well as collecting case information through the client-facing portal. | The processing is necessary for our legitimate interests, namely for providing the Service, and communicating with you effectively and responding to your queries. | As long as the user consents to having the records being retained. |
Audio, electronic, sensory, or similar information | Images and audio, video or call recordings created in connection with our business activities. | We use this information to operate, maintain and provide to you the features and functionality of the Service. Including call and meeting summaries and transcripts. | The processing is necessary for our legitimate interests, namely for providing the Service. | As long as the user consents to having the records being retained. |
Payment information | Credit card or other financial information including credit scores obtained from credit reference agencies. | We use this information to facilitate payment through or for use of the Service, to asses your credit score and to detect and prevent fraud. We primarily process payment information through our payment provider, Stripe. You can access their Privacy Policy at: https://stripe.com/privacy. | The processing for assessing your credit score and facilitating payment is necessary for the performance of our contract (namely our Terms of Service). The processing is necessary for our legitimate interests, namely the detection and prevention of fraud. | As long as you have an account with us. |
Sensitive personal information. | Account login information, and contents of email, phone, or text messages. | The processing is necessary for our legitimate interests, namely for providing the Service. | The processing is necessary for our legitimate interests, namely for providing the Service. | As long as the user consents to having the records being retained. |
EXHIBIT 2 - PERSONAL INFORMATION WE COLLECT AUTOMATICALLY
| Category of Personal Information | Examples | How we use it | Legal basis for processing | Retention Policy |
|---|---|---|---|---|
Geolocation information, Inferences about personal preferences and attributes drawn from profiling, Internet Activity | The website from which you came and the website to which you are going when you leave our Website, your social media profiles, how frequently you access the Service, the time you access the Service and how long you use it for, whether you open emails or click the links contained in emails, whether you access the Service from multiple devices, and other actions you take on the Service. We also gather information, which may include Internet protocol (IP) addresses, browser type, internet service provider (ISP), referring/exit pages, operating system, date/time stamp, and/or clickstream data. | We use this information to: Conduct market analysis, monitor the Service and how it is used in order to and improve our business and help us develop new products and services; Generate marketing leads and determine news, alerts and other products and services that may be of interest to you for marketing purposes. | The processing is necessary for our legitimate interests, namely: to conduct relevant analysis to improve the Service generally and for marketing purposes. | As long as the user consents to having the records being retained. |
Internet or other electronic network activity information | Information about the computer, tablet, smartphone or other electronic devices you use to connect to the Service. This information can include details about the type of device, unique device identifying numbers, operating systems, browsers, and applications connected to the Service through the device, your Internet service provider or mobile network, your IP address. | We use this information to: Enable the Service to be presented to you on your device; and Operate, maintain and provide to you the features and functionality of the Service. We use this information to monitor and improve the Service and business and to help us develop new products and services. | The processing is necessary for the performance of a contract and (namely our Terms of Service). The processing is necessary for our legitimate interests, namely: to tailor the Service to the user and to improve the Service generally. | As long as the user consents to having the records being retained. |
Questions About Our Privacy Policy?
If you have any questions about our privacy policy, please don't hesitate to contact us.
Contact Us