Vant Legal

Privacy Policy

Pi-Grade Tech S.L.

Early-Access Beta — Vant Legal

Version 1.0 (Beta) — Effective date: 2 July 2026

This Privacy Policy explains how Pi-Grade Tech S.L. (“we”, “us”, “Vant Legal”) processes personal data when you use the Vant Legal early-access beta platform (the “Platform”). It is written in compliance with Regulation (EU) 2016/679 (“GDPR”), Spanish Organic Law 3/2018 (LOPDGDD) and Law 34/2002 (LSSI-CE). “Vant Legal” is a commercial brand of Pi-Grade Tech S.L.

1. Data controller

  • Controller: Pi-Grade Tech S.L.
  • Registered office: Calle de Fernández de los Ríos 98, 1A, 28015 Madrid, Spain.
  • Tax ID (NIF): B-88947528
  • Privacy contact: info@vantlegal.com.

For most matters we act as controller of the personal data you provide. Where a Lawyer provides legal advice, the Lawyer acts as an independent controller (or, under a direct engagement, as your controller) for the data processed within the legal engagement, under their own professional-secrecy obligations.

2. What data we collect

2.1 At sign-up

To reduce friction, we initially collect only: name, email address and company.

2.2 After you approve the estimate and are matched to a Lawyer

We then collect the information needed to deliver the service, which may include: NIF/NIE, phone number, billing address, and the documents and information you upload for the matter (“Client Content”).

2.3 Third-party personal data in your documents

Client Content may contain personal data of third parties (e.g. counterparties, employees, representatives). You are responsible for ensuring you have a valid legal basis to share it. You warrant that you hold all necessary rights and consents, and you will not upload special-category data unless strictly necessary and lawfully permitted.

2.4 Technical data

We automatically collect limited technical data (e.g. IP address, device/browser information and usage logs) to operate and secure the Platform.

3. Why we process your data and on what legal basis

PurposeData usedLegal basis (Art. 6 GDPR)
Create and manage your accountName, email, companyPerformance of a contract (6.1.b)
Provide the estimate, matching and legal serviceOnboarding data (NIF/NIE, phone, billing address), matter documentsPerformance of a contract (6.1.b)
Issue invoices and meet accounting/tax dutiesBilling dataLegal obligation (6.1.c)
Internal quality assurance of the servicePseudonymised platform and matter dataLegitimate interest (6.1.f)
Product improvement & analyticsAnonymised / aggregated data onlyOutside GDPR scope once anonymised
Security and fraud preventionAccount and usage dataLegitimate interest (6.1.f)
Respond to support requestsContact details, correspondenceLegitimate interest (6.1.f)

4. Anonymised data, quality and AI

We may create truly anonymised and aggregated data from platform activity, which no longer identifies you or any individual and therefore falls outside the scope of the GDPR. We use it to improve the service, for example to refine what information we request at intake and how documents are presented to the Lawyer.

Where information cannot be fully anonymised, we may process it in pseudonymised form for internal quality assurance, relying on our legitimate interest in maintaining and improving service quality; you may object to this processing (see Section 8).

We use Anthropic’s AI models to assist with document preparation and intake. This processing supports the delivery of the service; it does not involve using your Client Content to train AI models, and it does not produce legal effects on you without human (Lawyer) review.

5. Who we share data with

We share personal data only where necessary:

  • Matched Lawyer(s) — to provide the legal service you requested.
  • Sub-processors — service providers that operate the Platform under a data-processing agreement, listed below.
  • Authorities — where required by law or to defend our legal rights.

We do not sell your personal data.

5.1 Sub-processors

Sub-processorPurpose / roleLocation & safeguard
Amazon Web Services (AWS)Cloud hosting and storage of Platform dataEU region (data hosted in the EU)
AnthropicAI models used to assist document preparation and intakeUS processor; EU-hosted inference where available. Transfer safeguarded by Standard Contractual Clauses; inputs/outputs not used to train models under commercial terms

6. International data transfers

Platform data is hosted in the EU (AWS EU region). Some processing (e.g. AI-assisted preparation via Anthropic) may involve a provider established outside the EEA. Where personal data is transferred outside the EEA, we rely on appropriate safeguards, principally the European Commission’s Standard Contractual Clauses (SCCs), together with supplementary measures where required. You may request a copy of the relevant safeguards using the contact details above.

7. How long we keep your data

Data categoryRetention periodBasis
Account data (name, email, company)Life of the account + 30 days after a deletion requestContract performance
Uploaded documents & matter dataDeleted 90 days after the matter closes, or earlier on requestContract; data minimisation
Billing & invoicing records6 yearsArt. 30 Código de Comercio; tax law
Support communications2 years after resolutionLegitimate interest
Anonymised / aggregated dataIndefinite (no longer personal data)Outside GDPR scope

8. Your rights

Under the GDPR you may exercise the following rights, free of charge, by contacting info@vantlegal.com:

  • access to your personal data;
  • rectification of inaccurate data;
  • erasure (“right to be forgotten”), subject to legal retention duties such as tax records;
  • restriction of processing;
  • data portability;
  • objection to processing based on legitimate interest;
  • withdrawal of any consent, without affecting prior lawful processing.

We may need to verify your identity before acting on a request. You also have the right to lodge a complaint with the Spanish Data Protection Agency, the Agencia Española de Protección de Datos (AEPD) — www.aepd.es — if you believe your rights have been infringed.

9. Security

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, loss or alteration, including encryption in transit, access controls and data-processing agreements with sub-processors. As the Platform is in beta, we continue to strengthen these measures over time.

10. Data of minors

The Platform is intended exclusively for businesses and is not directed to individuals under 18. We do not knowingly collect data relating to minors.

11. Changes to this Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or through the Platform, and the effective date above will be updated accordingly.

This Privacy Policy forms part of the Vant Legal Terms and Conditions.