Skip to main content

Leonardo Legal AI 

Leonardo Legal AI automates and manages every informational touchpoint — from case intake and contract review to interpreting court decisions via sentences of audio transcriptions . Leonardo is freeing your attorneys from administrative burdens. Our advanced, hallucination-free AI ensures accuracy, compliance, and instant access to structured, actionable legal insights and reports. Boost your efficiency, enhance your legal expertise, and unlock your firm’s true potential with Leonardo Legal AI Tools.

Leonardo Legal AI

Location: calle Henares 7
ES - 28002 Madrid / Spain
Contact:  info@leonardolegal.io
Legal Notice

LEGAL NOTICE - LEONARDO LEGAL AI

This Legal Notice, together with our Privacy and Cookies Policy, governs the use of the Leonardo Legal AI website.

By accessing this website, you automatically become a User and fully accept the terms set forth in this document. If you do not accept these terms, you must immediately stop browsing and leave the site.

Your continued use of the website constitutes an express declaration that:

  • You have reviewed, understood and fully accepted the content of this Legal Notice
  • You agree to comply with all obligations set forth herein.

Your continued browsing confirms your acceptance of these terms and your willingness to abide by the rules set forth herein.

1. General information about the Website

In compliance with the provisions of Article 10 of Law 34/2002, of July 11, on information society services and electronic commerce, the following general information about the Website is provided:

 

  • Owner: Scriptum Ai Technology SL (hereinafter referred to by its trade name, “Leonardo Legal AI”)
  • Headquarters and establishment: c/ Henares 7, Madrid 28002
  • NIF: B19399211
  • Email: support@leonardolegal.io
  • Registration data: Commercial Registry of Madrid, Volume 0, folio 0, entry 1 with sheet M-832026

2. Description of Leonardo Legal AI

Leonardo Legal AI is a comprehensive ecosystem of artificial intelligence tools specialized in the legal sector, which includes:

 

  • Leonardo Transcriptor: Transcription and analysis of legal audio and video with automatic speaker identification and diarization for up to 10 participants.
  • Leonardo Contract: Intelligent contract analysis for risk identification, problematic clauses, and compliance assessment
  • Leonardo Sentence: Intelligent analysis of CENDOJ sentences and court documents with critical deadline alerts.
  • Leonardo Legal Case: FIRAC analysis for legal cases under Spanish law with automatic detection of emergencies

3. Rules for using the Website

The User agrees to use the Website and all of its content and services in accordance with the law, morality, public order, and this Legal Notice. Furthermore, the User agrees to make appropriate use of the Website's services and/or content and not to use them to engage in illegal activities or activities that constitute a crime, violate the rights of third parties, or infringe any applicable legal provisions.

 

The User undertakes not to transmit, introduce, distribute and/or make available to third parties any type of material and information (data, content, messages, drawings, sound and image files, photographs, software, etc.) that is contrary to the law, morality, public order and this Legal Notice.

For professional use only

Leonardo Legal AI services are intended exclusively for legal professionals and legal entities. The User represents and warrants that:

 

  • It is a duly registered legal professional or an authorized legal entity
  • You will use the services solely for professional purposes in the legal field.
  • It will not allow access to minors
  • It will maintain the confidentiality of the information processed
  • Will respect the applicable professional secrecy

4. Exclusion of liability

4.1 General liability

The User's access to the Website does not imply any obligation on Leonardo Legal AI to monitor for the absence of viruses, worms, or any other harmful computer elements. In any case, the User is responsible for ensuring that appropriate tools are available to detect and disinfect harmful computer programs.

 

Leonardo Legal AI is not responsible for any damage to the software and/or computer equipment of the User or third parties during the use of the services offered on the Website or while browsing it.

4.2 Specific disclaimer for artificial intelligence services

The use of Leonardo Legal AI's artificial intelligence-based tools is intended to provide technological assistance and improve the efficiency of legal processes. However, Leonardo Legal AI expressly warns that:

Limitations of AI in legal services

  • The functionalities provided by AI DO NOT REPLACE the professional judgment, legal judgment, or personalized advice that should be provided by a qualified attorney.
  • The results generated by Leonardo Legal AI are support tools that ALWAYS require professional supervision and validation.
  • Any legal decision must be verified and supervised by a trained professional who evaluates the data and results obtained autonomously and in accordance with applicable legal regulations.

Exclusion of liability for decisions based on AI

Leonardo Legal AI is not responsible for:

 

  • Decisions that legal professionals or their clients make based on the results generated by Leonardo tools
  • The interpretation or application of the analyses provided by AI tools
  • Errors, omissions or inaccuracies in the information processed by the algorithms
  • The consequences arising from the use of transcripts, contractual analyses, interpretations of judgments or case analyses
  • Loss of procedural deadlines based solely on automatic system alerts

Nature of AI services

  • The responses, analyses or recommendations generated by Leonardo Legal AI DO NOT CONSTITUTE binding legal advice.
  • The results do not guarantee the accuracy, completeness or updating of the information.
  • Analyses are based on data patterns and may contain limitations inherent to the technology.
  • The anti-hallucination system minimizes but does not completely eliminate the possibility of errors

Responsibility of the professional user

Users are strongly advised to:

 

  • Independently verify all results generated by Leonardo Legal AI
  • Apply your professional judgment in the interpretation of the analyses
  • Consult current regulations and updated jurisprudence before making decisions
  • Do not use Leonardo Legal AI as the sole source for legal decision-making.
  • Validate all dates and deadlines identified by the system

5. Contents and services linked through the Website

The Website may contain technical linking devices, directories, and even search tools that allow the User to access other Internet pages and portals (hereinafter, "Linked Sites"). In these cases, Leonardo Legal AI will only be responsible for the content and services provided on the Linked Sites to the extent that it has actual knowledge of their unlawfulness and has not deactivated the link with due diligence.

 

Under no circumstances should the existence of Linked Sites imply the formalization of agreements between Leonardo Legal AI and the responsible parties or owners of the same, nor the recommendation, promotion or identification of Leonardo Legal AI with the statements, content or services provided by said Linked Sites.

6. Intellectual and industrial property

6.1 Leonardo Legal AI Rights

All content on the Website, including but not limited to:

 

  • The artificial intelligence algorithms of Leonardo tools
  • The source code and system architecture
  • Databases and training models
  • Technical documentation and methodologies
  • Graphic design and user interface
  • The trademarks "Leonardo Legal AI", "Leonardo Transcriptor", "Leonardo Contract", "Leonardo Sentence" and "Leonardo Legal Case"
  • FIRAC analysis and automatic diarization systems

 

They are the exclusive intellectual property of Leonardo Legal AI or third parties, and none of the exploitation rights recognized by current intellectual property regulations may be understood to be transferred to the User.

6.2 Rights to User Content

The User retains exclusive ownership of all documents, audios, videos, contracts, judgments, and other content entered into the Leonardo Legal AI tools. Leonardo Legal AI will process such content solely to provide the requested services, without acquiring ownership rights over it.

6.3 Rights to the results generated

The analyses, transcripts, FIRAC reports, deadline alerts, and other results generated by Leonardo Legal AI belong to the User, who may freely use them in their professional practice, without prejudice to the limitations of liability established in this Legal Notice.

7. Confidentiality and data protection

7.1 Professional confidentiality

Leonardo Legal AI recognizes the highly confidential nature of the information processed through its tools and is committed to:

 

  • Encrypted processing: All information is processed with end-to-end encryption
  • No permanent storage: Documents are not stored on servers beyond the time required for processing
  • GDPR compliant: Strict compliance with the General Data Protection Regulation
  • Total confidentiality: No access to the content of processed documents except for essential and authorized technical reasons.
  • Maximum security: Implementation of high-level technical and organizational security measures

7.2 Processing of personal data

The processing of personal data will be governed by Leonardo Legal AI's specific Privacy Policy and, where applicable, by any data processing agreements that may be entered into with professional users, especially when third-party data is processed in legal documents.

8. Technical limitations and availability

8.1 Service availability

Leonardo Legal AI will strive to maintain optimal availability of all its tools, but does not guarantee uninterrupted operation. The service may be affected by:

 

  • Scheduled maintenance of AI systems
  • Updates to machine learning algorithms and models
  • Unforeseen technical circumstances
  • Limitations of third-party infrastructure
  • System overload due to high demand

8.2 Specific technical limitations

Leonardo Legal AI has the following technical limitations:

Leonardo Transcriber:

  • Maximum identification of 10 different speakers
  • Supported audio formats: MP3, WAV, M4A, OGG
  • Supported video formats: MP4, WebM, MOV, MKV, AVI
  • Supported languages: Spanish, English and German

Leonardo Contract:

  • Analysis based exclusively on the text of the contract provided
  • Specialization in contracts under Spanish law
  • File size limitations depending on the plan purchased

Leonardo Sentence:

  • Processing of CENDOJ and similar documents
  • Multidimensional analysis limited to the information contained in the document
  • Automatic scoring system subject to the quality of the original document

Leonardo Legal Case:

  • FIRAC analysis applicable to the Spanish legal system
  • Specialization in criminal, civil, administrative and labor law
  • Detection of deadlines based on current Spanish regulations

9. Anti-hallucination system and validation

Leonardo Legal AI implements advanced systems to minimize errors and hallucinations:

 

  • Analysis based 100% on real text: No invented clauses, deadlines or non-existent arguments
  • Automatic cross-validation: Checking consistency across all extracted information
  • Exact references: Each finding includes a specific reference to the point in the document analyzed.
  • Consistency Scoring: Automatic evaluation of temporal and logical consistency
  • No creative interpretations: Only verifiable facts from the document

 

However, current AI technology cannot guarantee 100% accuracy, so the need for professional oversight remains.

10. Modifications and updates

Leonardo Legal AI reserves the right to:

 

  • Modify this Legal Notice at any time, notifying substantial changes
  • Update the functionalities of Leonardo tools
  • Improving artificial intelligence algorithms and anti-hallucination systems
  • Add new tools to the Leonardo ecosystem
  • Change the conditions of access and use with prior notice

 

Substantial changes will be communicated to users at least 30 days in advance.

11. Conflict resolution and customer service

For any questions, incidents, or complaints related to the use of Leonardo Legal AI, users can contact us through:

 

  • Support email: [support email]
  • Ticket system: [if applicable]
  • Customer service phone number: [if applicable]

 

Leonardo Legal AI is committed to responding to all inquiries within a maximum of 48 business hours.

12. Nullity and ineffectiveness of the clauses

If any clause included in this Legal Notice is declared totally or partially null or ineffective, such nullity or ineffectiveness will only affect said provision or the part thereof that is null or ineffective, the Legal Notice remaining in force in all other respects and such provision being considered totally or partially as not included.

13. Applicable legislation and competent jurisdiction

This Legal Notice shall be governed by and construed in accordance with Spanish law. For the resolution of any dispute arising from access to or use of the Website and Leonardo Legal AI's services, the parties expressly submit to the jurisdiction of the courts of Madrid, expressly waiving any other jurisdiction that may apply.

 

 

Last updated: September 1, 2025

 

Contact for legal inquiries: legal@leonardolegal.io

Privacy Policy

PRIVACY POLICY - LEONARDO LEGAL AI

Last updated: September 2025
 Version: 1.0
 Entry into force: September 2025

GENERAL INFORMATION

At Leonardo Legal AI, we are committed to protecting our users' privacy and personal data with the highest standards of security and regulatory compliance. This Privacy Policy describes how we collect, use, store, and protect your personal information when you use our ecosystem of specialized artificial intelligence tools for the legal sector.

All processing of personal data is carried out in strict compliance with applicable data protection regulations:

  • General Data Protection Regulation (EU) 2016/679 (GDPR)
  • Organic Law 3/2018 on the Protection of Personal Data and the Guarantee of Digital Rights (LOPDGDD)
  • Law 34/2002, on information society services and electronic commerce (LSSI)

1. DATA CONTROLLER

Leonardo Legal AI SL

  • NIF: B19399211
  • Address: c/ Henares, 7. Madrid 28002
  • Contact email: soporte@leonardolegal.io
  • Phone: [Phone Number]
  • Web: https://www.leonardolegal.io

1.1 Data Protection Officer (DPO)

Leonardo Legal AI has appointed a Data Protection Officer in compliance with Article 37 of the GDPR to oversee compliance with data protection regulations. The appointment of the DPO has been duly notified to the Spanish Data Protection Agency (AEPD).

Functions of the DPD:

  • Monitor compliance with data protection regulations
  • Advise on data protection obligations
  • Act as a point of contact with the supervisory authorities
  • Conduct data protection impact assessments where necessary
  • Train and raise awareness among staff on data protection

When to contact the DPO:

  • To exercise your rights as an interested party
  • For questions about the processing of personal data
  • To report potential data breaches
  • For questions related to this Privacy Policy

DPO contact details:

  • Email: dpo@leonardolegal.io
  • Address: [Same address as Leonardo Legal AI]
  • Opening hours: Mon 9:00-17:00 (CET)

2. LEONARDO LEGAL AI SERVICES

Leonardo Legal AI is a comprehensive ecosystem of artificial intelligence tools specialized in the legal sector, designed exclusively for legal professionals. Our services include:

2.1 Leonardo Transcriber

  • Automatic transcription of legal audio and video
  • Identification and diarization of up to 10 different speakers
  • Specialized analysis (Legal, Executive, Deadlines, Commitments)
  • Supported formats: MP3, WAV, M4A, OGG, MP4, WebM, MOV, MKV, AVI
  • Languages: Spanish, English and German

2.2 Leonardo Contract

  • Smart contract analysis
  • Identification of risks and problematic clauses
  • Verification of regulatory compliance
  • Anti-hallucination system with cross-validation
  • Specialization in Spanish law

2.3 Leonardo Sentence

  • Intelligent analysis of CENDOJ rulings and court documents
  • Detecting critical deadlines with automatic alerts
  • Specialized reports (strategic, corporate, academic)
  • Automatic scoring of temporal and logical coherence

2.4 Leonardo Legal Case

  • FIRAC Analysis (Facts, Issues, Rules, Application, Conclusion)
  • Specialization in criminal, civil, administrative and labor law
  • Automatic detection of procedural emergencies
  • Multidimensional analysis of legal cases

3. PURPOSES OF THE PROCESSING

3.1 User and service management

  • Purpose: Registration, identification and management of user accounts, access to the platform
  • Legal basis: Execution of the contract (Art. 6.1.b GDPR)
  • Data processed: Name, surname, email, password, billing information, professional information

3.2 Provision of artificial intelligence services

  • Purpose: Processing of legal documents through Leonardo tools
  • Legal basis: Execution of the contract (Art. 6.1.b GDPR)
  • Data processed: Content of legal documents, metadata, analysis results
  • Important: Leonardo Legal AI acts as the Data Processor for this data.

3.3 Service communications

  • Purpose: Sending transactional communications, security updates, changes in terms and conditions
  • Legal basis: Performance of the contract (Art. 6.1.b GDPR) / Legitimate interest (Art. 6.1.f GDPR)
  • Data processed: Email, communication preferences

3.4 Marketing and commercial communications

  • Purpose: Sending newsletters, information about new features and services
  • Legal basis: Consent (Art. 6.1.a GDPR) / Legitimate interest for existing customers (Art. 6.1.f GDPR)
  • Data processed: Email, name, commercial preferences

3.5 Technical support and customer service

  • Purpose: Resolution of queries, technical incidents and improvement of customer service
  • Legal basis: Performance of the contract (Art. 6.1.b GDPR) / Legitimate interest (Art. 6.1.f GDPR)
  • Data processed: Contact information, communication history, technical logs

3.6 Service improvement and AI development

  • Purpose: Usage analysis to improve algorithms, development of new functionalities
  • Legal basis: Legitimate interest (Art. 6.1.f GDPR) with anonymized data
  • Important: We NEVER use the content of legal documents for training.

3.7 Compliance with legal obligations

  • Purpose: To comply with legal, fiscal, judicial or administrative requirements
  • Legal basis: Compliance with legal obligations (Art. 6.1.c GDPR)

4. INTERNATIONAL TRANSFERS

Leonardo Legal AI uses technology providers specializing in artificial intelligence, which may involve international data transfers. We guarantee compliance with Chapter V of the GDPR:

4.1 Main infrastructure (100% Europe)

Digital Ocean LLC

  • Services: Cloud infrastructure, hosting, storage
  • Location: Frankfurt, Germany (fra1)
  • Guarantees: Data stored exclusively on German territory
  • Mechanism: No international transfers

4.2 Artificial intelligence services

AssemblyAI Inc. (United States)

  • Service: Automatic transcription and diarization
  • Tool: Leonardo Transcriber
  • Location: Dublin, Ireland (AWS EU West 1)
  • Guarantees:
    • 100% European processing via api.eu.assemblyai.com
    • Standard Contractual Clauses (SCC) + SOC 2 Type II
    • Automatic deletion after processing

Anthropic PBC (United States)

  • Services: Advanced legal document analysis
  • Tools: Leonardo Contract, Sentence, Legal Case
  • Guarantees:
    • European servers from August 2025
    • Standard Contractual Clauses (SCC)
    • Data Privacy Framework (DPF) where applicable
    • Temporary processing with automatic deletion

OpenAI LLC (United States)

  • Services: AI Complementary Processing
  • Guarantees:
    • Standard Contractual Clauses (SCC)
    • Data Privacy Framework (DPF)
    • Specific non-use policies for training

4.3 Additional protection measures

  • Data minimization: Only strictly necessary information
  • End-to-end encryption: TLS 1.3 for all communications
  • Pseudonymization: When technically possible
  • Automatic deletion: Immediate deletion after processing
  • Monitoring: Real-time monitoring of transfers

5. CONSERVATION PERIOD

5.1 Registered user data

  • Duration: During the validity of the active account
  • Inactivity: Elimination after 12 months without activity
  • Cancellation: Immediate deletion except for legal obligations

5.2 Processing data (Leonardo Tools)

  • Original documents: Not permanently stored
  • Analysis results: Preservation according to user settings
  • Technical metadata: 90 days for debugging and service improvement
  • Processing logs: 12 months for audit and security

5.3 Communications data

  • Support inquiries: 3 years from last interaction
  • Commercial communications: Until unsubscribed
  • Billing data: 6 years (legal tax obligation)

5.4 Anonymized data

  • Usage statistics: Indefinitely (does not constitute personal data)
  • Performance metrics: For continuous service improvement

6. RECIPIENTS AND TRANSFERS

Leonardo Legal AI does not sell, rent, or lease personal data to third parties for commercial purposes. The only data transfers are made:

6.1 Essential service providers

  • Technological infrastructure: Digital Ocean (Frankfurt, Germany)
  • AI services: AssemblyAI, Anthropic, OpenAI with GDPR guarantees
  • Payment Processing: Stripe with Standard Contractual Clauses
  • Transactional email: SendGrid with European servers

6.2 Legal obligations

  • Competent authorities: When there is a judicial or administrative requirement
  • Regulatory bodies: For compliance with applicable regulations

6.3 Corporate Operations

  • Mergers/acquisitions: Prior notification and with the same protection guarantees

7. USER RIGHTS

As a Leonardo Legal AI user, you have the following rights over your personal data:

7.1 Right of access (Art. 15 GDPR)

  • Confirm whether we process your personal data
  • Obtain a copy of your data and information about the processing
  • Exercise: Contacting dpo@leonardolegal.io

7.2 Right to rectification (Art. 16 GDPR)

  • Correction of inaccurate or incomplete data
  • Exercise: From your control panel or by contacting support

7.3 Right to erasure (Art. 17 GDPR)

  • Deleting your data when it is no longer needed
  • Limitations: When there are legal conservation obligations
  • Exercise: From account setup or request to dpo@leonardolegal.io

7.4 Right of limitation (Art. 18 GDPR)

  • Temporary suspension of treatment in certain circumstances
  • Exercise: Motivated request to dpo@leonardolegal.io

7.5 Right to portability (Art. 20 GDPR)

  • Transfer of your data to another service provider
  • Format: Structured, commonly used and machine-readable
  • Exercise: Contacting support@leonardolegal.io

7.6 Right to object (Art. 21 GDPR)

  • Opposition to processing based on legitimate interest
  • Commercial communications: Immediate cancellation via unsubscribe link
  • Exercise: From account settings or email to dpo@leonardolegal.io

7.7 Withdrawal of consent

  • Withdrawal of consent granted at any time
  • Effects: Does not affect treatments prior to consent
  • Exercise: From account settings

8. SECURITY MEASURES

Leonardo Legal AI implements state-of-the-art technical and organizational security measures:

8.1 Technical measures

  • Encryption: AES-256 for data at rest, TLS 1.3 for transmission
  • Authentication: Multi-factor required for professional accounts
  • Monitoring: 24/7 Intrusion Detection
  • Backup: Encrypted backups with geographically distributed retention
  • Isolation: Container architecture with data segregation

8.2 Organizational measures

  • Certification:
    • ISO 27001:2022.
    • ENS and ISO 42001-2023 (in process)
  • Training: Personnel specialized in data protection in the legal sector
  • Access: Principle of least privilege with full audit
  • Policies: Documented security and privacy procedures
  • Audits: Periodic internal and external reviews

8.3 Specific protection legal sector

  • Enhanced Confidentiality: Additional Professional Secrecy Commitments
  • Segregation: Data from different law firms completely isolated
  • Traceability: Immutable logs of access to legal documents
  • Secure Deletion: Verifiable Erasure with Certification

9. COOKIES AND TRACKING TECHNOLOGIES

Leonardo Legal AI uses cookies and similar technologies to improve user experience:

9.1 Essential Cookies

  • Purpose: Basic operation of the platform
  • Duration: User session
  • Legal basis: Legitimate interest / Execution of the contract

9.2 Functionality Cookies

  • Purpose: Remember preferences and settings
  • Duration: 12 months
  • Legal basis: Consent

9.3 Analytical cookies

  • Purpose: Anonymized usage analysis to improve service
  • Provider: Google Analytics 4 with IP anonymization
  • Legal basis: Consent

For more information, please see our specific Cookie Policy .

10. MINORS

Leonardo Legal AI services are designed exclusively for legal professionals and are not intended for persons under the age of 18. We do not knowingly collect personal data from minors.

If you become aware that a minor has provided personal data, please contact dpo@leonardolegal.io immediately to have it deleted.

11. POLICY MODIFICATIONS

Leonardo Legal AI reserves the right to modify this Privacy Policy to adapt to:

  • Legislative or jurisprudential changes
  • New features or services
  • Improvements in data protection measures
  • Recommendations from supervisory authorities

11.1 Notification of Changes

  • Substantial Changes: 30 Days' Notice
  • Minor Changes: Website Update with New Date
  • Communication: Email registered users for important changes

12. CONTROL AUTHORITY AND CLAIMS

12.1 Right to complain

If you believe that the processing of your data does not comply with regulations, you can file a complaint with:

Spanish Data Protection Agency (AEPD)

  • Website: aepd.es
  • Electronic headquarters: gob.es
  • Telephone: 912 663 517
  • Address: C/ Jorge Juan, 6, 28001 Madrid

12.2 Direct resolution

Before contacting the supervisory authority, we encourage you to contact us directly so we can collaboratively resolve any issues.

13. CONTACT INFORMATION

13.1 Specialized contacts

Consultation

Contact

General inquiries

support@leonardolegal.io

Data protection

dpo@leonardolegal.io

Exercise of rights

rights@leonardolegal.io

Security incidents

seguridad@leonardolegal.io

Technical support

support@leonardolegal.io

Billing

facturacion@leonardolegal.io

13.2 Opening Hours

  • General Support: Mon 9:00-18:00 (CET)
  • Security emergencies: 24/7
  • Data protection: Mon 9:00-17:00 (CET)

14. ADDITIONAL LEGAL INFORMATION

14.1 Applicable legislation

This Privacy Policy is governed by:

  • Regulation (EU) 2016/679 (GDPR)
  • Organic Law 3/2018 (LOPDGDD)
  • Law 34/2002 (LSSI-CE)
  • Complementary Spanish legislation

14.2 Jurisdiction

For any dispute that may arise in relation to this Privacy Policy, the parties expressly submit to the courts and tribunals of [City], waiving any other jurisdiction that may apply to them.

14.3 Language

In the case of translations into other languages, the Spanish version will always prevail in the event of any discrepancies.

SUMMARY INFORMATION

Field

Information

Responsible

Leonardo Legal AI SL

Main purpose

Legal AI services

Legal basis

Execution of contract / Consent

Transfers

US with CCT/DPF guarantees

Conservation

During validity + legal obligations

Rights

Access, rectification, deletion, etc.

DPO

dpo@leonardolegal.io

Authority

AEPD (www.aepd.es)

Last updated: September 2025
 Version: 1.0
 Next review: March 2026

This Privacy Policy has been specifically designed for Leonardo Legal AI's artificial intelligence services, taking into account the specificities of data processing in the legal sector and ensuring strict compliance with the GDPR and Spanish data protection legislation.

 

Terms and Conditions

Leonardo Legal AI Terms and Conditions

Version 1.0 - September 2025

1. GENERAL INFORMATION

1.1 Identification of the Service Provider

Leonardo Legal AI is a trademark operated by Scriptum AI Technology SL with registered office at Calle Henares 7, Madrid 28002 , registered in the Mercantile Registry of Madrid , Volume 0, folio 0, entry 1 with page M-832026 with CIF B19399211 .

Contact:

  • Website: leonardolegal.io
  • Support email: soporte@leonardolegal.io
  • DPO Email: dpo@leonardolegal.io

1.2 Nature of the Service

Leonardo Legal AI is a comprehensive ecosystem of artificial intelligence tools specialized in the legal sector, which includes:

  • Leonardo Transcriber : Transcription and analysis of legal audio/videos
  • Leonardo Contract : Intelligent Contract Analysis
  • Leonardo Sentence : Analysis of court rulings
  • Leonardo Legal Case : Analysis of legal cases using FIRAC methodology

1.3 Scope and Applicability

These terms govern exclusively the professional use of Leonardo Legal AI's services. They are not intended for end users and are intended for use by legal professionals or legal entities.

2. DEFINITIONS

For the purposes of these terms, the following are understood as:

"Services" : Leonardo Legal AI's suite of legal AI tools accessible through our SaaS platform.

"Client" : The natural or legal person who contracts the services and acts in the exercise of his or her professional activity.

"Authorized User" : A natural person authorized by the Client to access and use the Services.

"Knowledge Base" : A set of documents and data provided by the Client for processing by AI.

"Output" : Any result, analysis, transcription or report generated by Leonardo tools.

"Platform" means the SaaS technology infrastructure that enables access to the Services.

"Leonardo Credits" : Unit of measurement for the consumption of AI services, variable according to computational complexity.

3. PURPOSE OF THE CONTRACT

3.1 Services Provided

Leonardo Legal AI provides a non-exclusive, worldwide, non-transferable, revocable license to access our ecosystem of legal AI tools:

3.1.1 Leonardo Transcriber

  • Automatic transcription with AssemblyAI Universal-2
  • Automatic diarization of up to 10 different speakers
  • Specialized analysis using Claude Sonnet 4 (Legal, Executive, Deadlines, Commitments)
  • Supported formats: MP3, WAV, M4A, OGG, MP4, WebM, MOV, MKV, AVI
  • Languages: Spanish, English and German
  • Asynchronous processing with Celery and RabbitMQ

3.1.2 Leonardo Contract

  • Intelligent Contract Analysis with Claude Sonnet 4
  • Identification of risks and ambiguities
  • Verification of regulatory compliance
  • Anti-hallucination system with cross-validation
  • Professional downloadable reports in PDF format
  • Zero Data Retention enabled for maximum confidentiality

3.1.3 Leonardo Sentence

  • Multidimensional analysis of court rulings
  • Processing of CENDOJ and similar documents
  • Automatic detection of critical deadlines with integrated countdown
  • Automatic scoring system for consistency and relevance
  • Strategic, corporate and academic analysis

3.1.4 Leonardo Legal Case

  • FIRAC Analysis (Facts, Issues, Rules, Application, Conclusion)
  • Specialization in criminal, civil, administrative and labor law
  • Automatic detection of procedural emergencies
  • Deadline alerts based on Spanish regulations
  • Comparative analysis with similar jurisprudence

3.1.5 Veritas Chatbot

  • Conversational assistant specialized in Spanish law
  • Integration with knowledge base of processed documents
  • Natural language queries on cases and regulations
  • Contextualized responses based on previous analysis

3.2 License Modalities

SaaS license with the following features:

  • Non-exclusive and unilaterally revocable
  • Non-transferable to third parties
  • Duration linked to the contracted plan
  • Territory: Worldwide
  • Express prohibition of copies of the underlying software

3.3 Express Exclusions

The following are expressly excluded from the scope of the contract:

  • Access to the source code or algorithms of Leonardo Legal AI
  • The provision of direct legal advice
  • Custom developments not included in the contracted plan
  • Guarantee of infallibility of AI results

4. PLANS AND ECONOMIC CONDITIONS

4.1 Test Plan Modality

Leonardo Legal AI offers free access through a Trial Version intended exclusively for the evaluation of the platform's functionalities by legal professionals.

4.1.1 Access and Authentication

Registration : Simplified form available at leonardo-legal.ai

Authentication : Secure single-use link system (magic link) sent to email

No password : Access is managed exclusively through temporary links

Responsibility : The User is responsible for the custody of his/her email account.

4.1.2 Specific Limitations of the Trial Version

a) AI Interactions : Maximum 50 interactions with any of the Leonardo tools (Transcriber, Contract, Sentence, Legal Case, Veritas Chatbot) 10 per tool. Once the limit is reached, read-only access is available to view the generated history.

b) Legal Assistants : Maximum load of 1 document for analysis and processing.

c) Transcripts : Maximum 10 audio/video files with a total duration of no more than 150 minutes. 10 files for each paralegal.

d) Limited Functionalities : Leonardo Legal AI reserves the right to restrict certain advanced functionalities compared to paid plans.

e) Storage : Data retention limited to the duration from the initial registration.

4.1.3 Test Plan Characteristics

Duration : 15 days, but subject to usage limitations

Conversion : Possibility of upgrading to a paid plan at any time

No renewal : The trial version does not renew automatically.

Post-limit access : Read-only mode to view previous results

Support : Limited to documentation and FAQs

 

4.2 Contracting Modalities

Leonardo Legal AI offers flexible contracting options through different plans and subscription periods: monthly, quarterly, semi-annual, and annual. Each option provides access to a specific set of services and features determined by the selected plan and SLAs.

Contractual Stability : The economic and technical conditions in force at the time of the contract will remain unchanged throughout the duration of the contracted period, providing certainty and predictability to the Client.

Plan Changes : The Customer retains the right to update their service plan at any time during the term of the contract. Such changes will be governed by the terms and rates in effect at the time of the change, and will be effective immediately for the next billing period.

4.3 Leonardo Credit System

Leonardo Credits are consumed according to computational complexity:

  • Transcription : Variable depending on the duration of the files to be transcribed
  • Contractual analysis : Variable for consumption of queries on the document
  • Sentence analysis : Variable by consumption of queries on the document
  • FIRAC Analysis : Variable by consumption of queries on the document

4.4 Billing and Renewal

  • Advance Billing : Services are billed in advance
  • Automatic renewal : Plans are automatically renewed unless cancelled 15 days in advance.
  • Price modification : Possible with 60 days' notice for future renewals
  • No refunds : Payments made are non-refundable except for justified reasons.

5. CONDITIONS OF USE

5.1 Permitted Use

The Client is authorized to:

  • Use the Services for legal professional purposes only
  • Process legal documents for yourself or authorized clients
  • Share output with third parties related to specific cases
  • Download and store generated results
  • Integrate via API according to the contracted plan

5.2 Express Restrictions

It is strictly prohibited :

  • Reverse engineering of software or algorithms
  • Use to train competing AI models
  • Sharing login credentials with unauthorized third parties
  • Document processing for competitive analysis
  • Massive automated use without express authorization
  • Introduction of malware or harmful content
  • Use outside Spanish territory unless specifically authorized
  • Processing of personal data without an adequate legal basis

5.3 Customer Responsibilities

The Client agrees to:

  • Verify that you have rights to the processed documents
  • Maintain the confidentiality of your credentials
  • Comply with applicable data protection regulations
  • Professionally validate all generated outputs
  • Immediately report any unauthorized use

6. RESPONSIBILITY AND LIMITATIONS OF AI

6.1 Nature of AI Services

IMPORTANT NOTICE : Leonardo Legal AI is a technological assistance tool that DOES NOT REPLACE the professional judgment of a qualified attorney.

6.2 Specific Limitations

  • Outputs DO NOT constitute binding legal advice
  • The results require mandatory professional supervision and validation.
  • AI may contain limitations inherent to current technology
  • Analyses are based on data patterns and may contain errors.
  • The dates and deadlines identified must be independently verified

6.3 Anti-Hallucination System

Leonardo Legal AI implements:

  • Analysis based 100% on real text provided
  • Automatic cross-validation of findings
  • Exact references to specific points in the document
  • Prohibition of creating non-existent content
  • Temporal and logical consistency scoring system

6.4 Exclusion of Liability

Leonardo Legal AI is not responsible for:

  • Decisions made based solely on AI output
  • Loss of procedural deadlines by relying solely on automatic alerts
  • Errors in the interpretation of results
  • Consequences of improper use of tools
  • Damage due to service interruptions or maintenance

7. INTELLECTUAL PROPERTY

7.1 Property of Leonardo Legal AI

Leonardo Legal AI maintains exclusive ownership of:

  • The software, algorithms and source code
  • Trademarks and distinctive signs
  • Technical documentation and methodologies
  • The improvements and updates developed
  • Aggregate data and usage statistics

7.2 Customer Property

The Client retains exclusive ownership of:

  • The processed original documents
  • The output generated by Leonardo tools
  • Your Knowledge Base and own content
  • Your case and client data

7.3 Cross-Licensing

  • Client to Leonardo Legal AI : Limited license to process documents exclusively to provide the Services
  • Leonardo Legal AI to Client : Full ownership of the Output for commercial and professional use without restrictions

8. PROTECTION OF PERSONAL DATA

8.1 Regulatory Framework

The processing of personal data is governed by:

  • General Data Protection Regulation (GDPR)
  • Organic Law 3/2018 on Data Protection
  • Applicable national and international regulations

8.2 Roles and Responsibilities

  • Client : Data Controller
  • Leonardo Legal AI : Data Processor

8.3 Data Residency

Guaranteed Location :

  • Main data center : Amsterdam, Netherlands (Digital Ocean AMS3)
  • Residency Policy : All data stored exclusively within European territory
  • No US transfers : Data is not transferred to US storage centers.
  • AI Processing : AssemblyAI Dublin (Ireland), Anthropic and OpenAI with European residency when available

Europa First Mode (Settings Used) :

  • Digital Ocean Amsterdam: Storage and Database
  • AssemblyAI Dublin: Transcription via European endpoint
  • Anthropic Europe: Legal analysis on European servers
  • ✅ OpenAI Europe: Queries with EU data residency when available

Technical Guarantees :

  • MongoDB 7.0 managed by Digital Ocean in Amsterdam
  • Digital Ocean Spaces (S3-compatible) with AES-256 encryption
  • Backups replicated within the EEA exclusively
  • Zero Data Retention configured on all AI providers

8.4 International Transfers

When technically necessary:

  • Application of Standard Contractual Clauses approved by the EU
  • Specific data protection agreements (DPA)
  • Additional safeguards under the EU-US Data Privacy Framework

8.5 Rights of Interested Parties

Interested parties may exercise their rights by contacting:

  • Email : dpo@leonardo-legal.ai
  • Postal address : [COMPLETE ADDRESS]

9. SECURITY AND TECHNICAL MEASURES

9.1 Security Measures Implemented

Ocean Amsterdam Digital Infrastructure :

  • Encryption : AES-256 at rest for MongoDB 7.0 managed
  • Communications : TLS 1.3 for all connections
  • Authentication : Keycloak 24.x with MFA/OTP and TOTP support
  • Segregation : Complete isolation of data by client and environment
  • Monitoring : Native Digital Ocean Monitoring with 24/7 alerts

Secure Technology Stack :

  • Frontend : React 18.x with TypeScript served by Nginx 1.24.x
  • Backend : FastAPI 0.100+ with Python 3.11 and Uvicorn + Gunicorn
  • Process Queue : RabbitMQ 3.12 with TLS and Authentication
  • Database : MongoDB 7.0 with native encryption and daily backups
  • Storage : Digital Ocean Spaces S3-compatible encryption

Secure Asynchronous Processing :

  • Celery 5.3 for transcript processing and analysis
  • Task isolation : Independent workers for each type of process
  • Zero Data Retention : Configuration enabled in AssemblyAI and Anthropic
  • Automatic Deletion : Temporary files deleted post-processing

Access Control :

  • Keycloak 24.x with separate realms per environment
  • Granular RBAC : Admin and user roles with specific permissions
  • JWT : Tokens with a 90-minute expiration
  • Restrictive CORS : Configured between React frontend and FastAPI backend

9.2 Incident Response

In case of a security breach:

  • Notification to the Client within a maximum of 24 hours
  • Immediate investigation and corrective measures
  • Detailed incident report
  • Collaboration with authorities if necessary

10. AVAILABILITY AND TECHNICAL SUPPORT

10.1 Service Level

  • Target availability : 99.5% monthly
  • Scheduled maintenance : 48h advance notice
  • Schedule : Preferably outside of business hours

10.2 Technical Support

Starter/Professional Plan :

  • Email support during business hours
  • Response time: 24-48 hours

Enterprise Plan :

  • Multi-channel priority support
  • Dedicated Account Manager
  • Response time: 4-8 business hours

11. CONFIDENTIALITY

11.1 Confidential Information

It is considered confidential:

  • All documents processed by the Client
  • The output generated by the tools
  • The methods and strategies employed by Leonardo Legal AI
  • Any information expressly marked as confidential

11.2 Confidentiality Obligations

Both parties agree to:

  • Maintain strict confidentiality regarding the information exchanged
  • Do not disclose information to third parties without authorization
  • Use the information exclusively for the purposes of the contract
  • Apply the same protective measures as to your own confidential information

12. LIMITATIONS AND WARRANTIES

12.1 Limitations of AI Technology

The Client accepts that:

  • Current AI does not achieve 100% accuracy
  • The results require mandatory professional validation.
  • There may be limitations in complex or atypical legal cases.
  • Regulatory updates may require adaptations

12.2 Guarantees Provided

Leonardo Legal AI guarantees:

  • Legitimate ownership of the platform's rights
  • Implementation of security best practices
  • Compliance with data protection regulations
  • Operation in accordance with published specifications

12.3 Warranty Exclusions

The Services are provided "as is" without additional warranties of:

  • Merchantability or fitness for a particular purpose
  • Uninterrupted or error-free operation
  • Absolute accuracy of all results
  • Compatibility with third-party systems

13. RESPONSIBILITY

13.1 Limitation of Liability

Leonardo Legal AI's maximum liability is limited to:

  • Maximum amount : The value of the installments paid in the previous 12 months
  • Excluded damages : Loss of profits, loss of data, indirect damages
  • Exceptions : Fraud, gross negligence or breach of confidentiality

13.2 Customer Indemnity

The Client undertakes to indemnify Leonardo Legal AI against:

  • Claims for misuse of the Services
  • Infringements of third party rights by processed documents
  • Breaches of these conditions
  • Using Output without proper professional validation

14. DURATION AND TERMINATION

14.1 Validity

The contract will have a duration of:

  • Monthly plans : 1 month with automatic renewal
  • Annual plans : 1 year with automatic renewal
  • Business plans : As specified in the particular contract

14.2 Termination by the Client

The Client may terminate the contract:

  • Monthly plans : 15 days in advance
  • Annual plans : 30 days in advance
  • No right to refund of amounts already paid

14.3 Effects of Termination

At the end of the contract:

  • Access automatically switches to "Trial Mode" with limited functionality
  • Data retention for 12 months from the last activity
  • Notification 30 days before final deletion
  • Possibility of exporting data in standard format

15. DATA PROTECTION - DPA AGREEMENT

15.1 Roles in Data Protection

  • Client : Data Controller
  • Leonardo Legal AI : Data Processor

15.2 Purposes of the Treatment

The sole purpose of the processing is to provide the following services:

  • Legal document analysis using AI
  • Transcription of audiovisual content
  • Generation of specialized reports and analysis
  • Detection of critical deadlines and dates

15.3 Categories of Data Processed

Identification Data : Names, DNI/NIE, addresses, signatures Contact Data : Emails, telephone numbers, postal addresses

Professional Data : Positions, companies, professional associations

Economic Data : Amounts, bank accounts, tax information

Judicial Data : Details of procedures, files, facts

Special Categories : Only incidentally, under the Client's responsibility

15.4 Safety Measures

Techniques :

  • AES-256 encryption at rest and TLS 1.3 in transit
  • Mandatory multi-factor authentication
  • Complete data segregation by client
  • Encrypted backup across multiple locations EU
  • 24/7 Monitoring with AWS GuardDuty

Organizational :

  • Staff trained in data protection
  • Least privilege access policies
  • Annual security audits
  • Documented incident response plan
  • Record of processing activities

15.5 Authorized Subprocessors

Supplier

Location

Purpose

Guarantees

Digital Ocean

Frankfurt, DE

Hosting and infrastructure

CCT + EU Residence

AssemblyAI

Dublin, IE

Audio transcript

CCT + UE Endpoint

Anthropic

Variable

Document analysis

CCT + EU Residency available

OpenAI

Variable

AI Processing

CCT + EU Residency available

15.6 Rights of Interested Parties

Procedure :

  1. Leonardo Legal AI forwards requests to the Client within 72 hours
  2. Assistance in compliance with ARCO-POL rights
  3. Collaboration in impact assessments where appropriate

16. MODIFICATIONS

16.1 Modification Procedure

Leonardo Legal AI may modify these terms:

  • Notification : Minimum 30 days' notice
  • Tacit acceptance : Continued use implies acceptance
  • Right of termination : Possibility of canceling without penalty if the changes are not accepted

16.2 Justified Causes for Modification

  • Regulatory or jurisprudential changes
  • Significant technological improvements
  • New features or tools
  • Changes in operating costs
  • Updated security requirements

17. FORCE MAJEURE

Neither party shall be liable for any breach due to:

  • Natural disasters or extreme weather events
  • Acts of public authorities or legislative changes
  • Labor disputes or strikes
  • Cyberattacks or massive internet failures
  • Pandemics or other health emergencies

Duration : If force majeure persists for more than 90 days, either party may terminate the contract.

18. CONFLICT RESOLUTION

18.1 Prior Mediation

Before going to court, the parties will attempt to resolve any dispute amicably by:

  • Direct negotiation for 30 days
  • Mediation before a specialized institution if necessary

18.2 Jurisdiction and Applicable Law

  • Applicable law : Spanish legislation
  • Jurisdiction : Courts of Barcelona
  • Language : Spanish

19. FINAL PROVISIONS

19.1 Entire Agreement

These terms constitute the entire agreement between the parties, superseding any prior agreements except for specific written agreements.

19.2 Assignment

  • By the Client : Prohibited without written consent
  • By Leonardo Legal AI : Allowed to group companies or in cases of merger/acquisition

19.3 Divisibility

If any clause is declared invalid, the rest of the contract remains in force.

19.4 Notifications

Formal communications should be addressed to:

  • Leonardo Legal AI : support@leonardolegal.io
  • Client : Address provided at registration

20. ANNEXES

ANNEX I - DETAILED TECHNICAL SPECIFICATIONS

Leonardo Transcriber

  • Accuracy : >95% under optimal conditions with AssemblyAI Universal-2
  • Latency : Asynchronous processing with Celery 5.3 and RabbitMQ 3.12
  • Supported languages : Spanish (ES), English (EN), German (DE)
  • Speaker Identification : Up to 10 unique participants with automatic diarization
  • Input formats : MP3, WAV, M4A, OGG (audio), MP4, WebM, MOV, MKV, AVI (video)
  • Specialized analysis : Claude Sonnet 4 for detecting commitments, deadlines, and legal aspects
  • Zero Data Retention : Configuration enabled for maximum confidentiality

Leonardo Contract

  • Model IA : Claude Sonnet 4 with specialized prompts on Spanish law
  • Types of contracts supported : All those recognized in Spanish law
  • Identified risks : Ambiguities, imbalances, regulatory non-compliance
  • Validation : Anti-hallucination system with exact references to the original text
  • Output : Structured reports in downloadable PDF
  • Processing : FastAPI 0.100+ with Python 3.11, storage in MongoDB 7.0
  • Limitations : Contracts in languages other than Spanish may have less precision.

Leonardo Sentence

  • Compatible sources : CENDOJ, official Spanish court documents
  • Multidimensional analysis : Strategic, corporate, academic customizable
  • Deadline detection : Automatic with integrated countdown and alerts
  • Scoring : Scoring system for coherence and jurisprudential relevance
  • Specialization : All Spanish jurisdictions (civil, criminal, administrative, labor)
  • Technology : Claude Sonnet 4 with Zero Data Retention

Leonardo Legal Case

  • Methodology : FIRAC (Facts, Issues, Rules, Application, Conclusion)
  • Jurisdictional specialization : Criminal, civil, administrative, labor, commercial
  • Emergency detection : Automatic with classification by procedural severity
  • Deadline alerts : Based on current Spanish procedural regulations
  • Case law analysis : Comparison with similar cases of CENDOJ
  • Backend : FastAPI with Celery + RabbitMQ asynchronous processing

Veritas Chatbot

  • Technology : Claude Sonnet 4 integrated with contextual knowledge base
  • Specialization : Spanish law with access to processed documents
  • Interface : React 18.x + TypeScript with Ant Design 5.0
  • Authentication : Integration with Keycloak 24.x for controlled access
  • Responses : Contextualized based on previous analysis and regulations

ANNEX II - DATA PROCESSOR AGREEMENT (DPA)

PRELIMINARY CLAUSE

In compliance with Regulation (EU) 2016/679 (GDPR) and Organic Law 3/2018 on the Protection of Personal Data (LOPDGDD), this Data Processor Agreement governs the processing of personal data that Leonardo Legal AI will carry out on behalf of the Client.

PARTS:

  • Data Controller : The Client
  • Data Processor : Leonardo Legal AI

1. OBJECT AND PURPOSE OF THE ORDER

1.1 Main Purpose

The processing of personal data is for the sole purpose of providing legal assistant services using artificial intelligence, specifically:

  • Analysis, processing, summary and classification of legal documents
  • Transcription and analysis of legal audiovisual content
  • Conversational interaction for specialized legal consultations
  • Reporting and analysis using Leonardo tools
  • Automatic detection of deadlines, critical dates and procedural emergencies

1.2 Authorized Processing Operations

Collection - Reception of documents and content from the Client
Registration - Storage in secure systems
Structuring - Organization for analysis using AI
Conservation - Maintenance during the term of the contract
Consultation - Access for the provision of services
Analysis - Processing using AI algorithms
Extraction - Obtaining insights and conclusions
Limitation - Restricting access when appropriate
Deletion - Elimination at the end of the contract
Communication - Only when expressly authorized
Dissemination - Unauthorized

2. CATEGORIES OF PERSONAL DATA PROCESSED

2.1 Identification Data

  • Full names and surnames
  • DNI, NIE, passport numbers
  • Tax identification numbers
  • Digitized signatures and rubrics
  • Photographs in official documents

2.2 Contact Information

  • Email addresses
  • Telephone numbers (landline and mobile)
  • Complete postal addresses
  • Professional social network data
  • Emergency contact information

2.3 Professional and Academic Data

  • Professional associations of membership
  • Membership numbers
  • Academic and professional qualifications
  • Work experience and resume
  • Legal specializations

2.4 Economic and Financial Data

  • Bank accounts (IBAN, entities)
  • Tax and fiscal information
  • Salaries and remuneration
  • Corporate shares
  • Assets and valuations

2.5 Judicial and Procedural Data

  • File numbers and procedures
  • Facts and circumstances of the case
  • Legal arguments of the parties
  • Related resolutions and judgments
  • Criminal or administrative record
  • Precautionary or executive measures

2.6 Special Categories of Data (Art. 9 GDPR)

IMPORTANT : The Client guarantees a reinforced legal basis for special categories that may appear incidentally:

  • Health data (medical reports in civil liability cases)
  • Ethnic or racial origin (in cases of discrimination)
  • Union membership (in labor disputes)
  • Biometric data (identification in criminal proceedings)

2.7 Stakeholder Groups

  • Clients of the Controller (Leonardo Legal AI's Client)
  • Client Employees and Related Third Parties
  • Parties in judicial proceedings
  • Witnesses, experts and professionals involved
  • Legal representatives of all parties
  • Public officials (judges, secretaries, prosecutors)
  • Any third party whose information is contained in processed documents

3. OBLIGATIONS OF THE DATA PROCESSOR

3.1 Main Obligations

Leonardo Legal AI is committed to:

  1. a) Limitation of Purpose
  • Use the data exclusively to provide the contracted Services
  • Absolute prohibition of use for personal purposes or commercialization
  • Never use document content for AI training
  1. b) Confidentiality
  • Maintain professional secrecy regarding all data accessed
  • Specifically train staff in data protection
  • Document the confidentiality commitments of authorized personnel
  1. c) Security of Treatment (Art. 32 GDPR)
  • Ensure ongoing confidentiality, integrity, availability, and resilience
  • Restore availability quickly in the event of an incident
  • Regularly verify the effectiveness of security measures
  • Implement pseudonymization and encryption where necessary
  1. d) Activity Log (Art. 30 GDPR) Keep a written record containing:
  • Name and contact of the Manager and Responsible Party
  • Categories of treatments on behalf of the Controller
  • International transfers with documentation of guarantees
  • Description of technical and organizational security measures

3.2 Assistance to the Responsible Party

Rights of Interested Parties :

  • Facilitate the exercise of ARCO-POL rights within a maximum period of 72 hours
  • Provide information necessary to respond to requests
  • Immediately forward received requests directly

Impact Assessments :

  • Collaborate in impact assessments when required
  • Provide information on implemented security measures
  • Assist in prior consultations with supervisory authorities

Audits :

  • Allow annual audits of the Controller
  • Provide compliance documentation
  • Collaborate with authorized auditors

4. SPECIFIC SECURITY MEASURES

4.1 Technical Measures

Data Encryption :

  • At rest : AES-256 for all stored data
  • In transit : TLS 1.3 for all communications
  • Backups : Specific encryption with rotating keys
  • Database : Field-level encryption for sensitive data

Access Control :

  • Multi-factor authentication (MFA) mandatory for all staff
  • Principle of least privilege strictly applied
  • Quarterly access audits
  • Automatic revocation of access upon termination of employment

Data Segregation :

  • Complete data isolation per Client
  • Databases separated by confidentiality level
  • Virtual private networks (VPNs) for administrative access
  • Application containerization for maximum isolation

4.2 Organizational Measures

Personnel Management :

  • Mandatory data protection training for all staff
  • Written confidentiality commitments prior to access
  • Annual security reviews of authorized personnel
  • Access protocol only for personnel with justified need

Incident Management :

  • Formal security incident response plan
  • Specialized team available 24/7
  • Immediate containment and mitigation procedures
  • Post-forensic analysis for future prevention

4.3 Security Infrastructure

Continuous Monitoring :

  • Digital Ocean Monitoring for infrastructure monitoring
  • Specialized observability tools for legal data
  • Automatic alerts for performance and security events
  • Centralized log system with behavioral analysis

Network Protection :

  • Digital Ocean CDN for perimeter optimization and protection
  • Specifically configured web application firewalls
  • Intrusion detection and prevention systems (IDS/IPS)
  • Behavioral analysis for anomaly detection in Frankfurt

5. INTERNATIONAL TRANSFERS

5.1 Data Residency Policy

Europa First Mode (Recommended) :

  • Primary Storage : Digital Ocean Frankfurt (Germany)
  • Transcription : AssemblyAI Dublin (Ireland) via EU endpoint
  • AI Analysis : Anthropic/OpenAI with European residency when available
  • Guarantee : 100% configurable European processing

5.2 Guarantees for Transfers (when applicable)

Standard Contractual Clauses :

  • Application of SCCs approved by Commission Decision 2021/914
  • Transfer Impact Assessment (TIA)
  • Additional technical measures according to EDPB recommendations

Specific Sub-Managers :

Sub-manager

Location Data

Applied Guarantees

Services

Digital Ocean

Frankfurt, DE

EU + CCT Residence

Main hosting

AssemblyAI

Dublin, IE

Endpoint UE + CCT + SOC 2

Transcription

Anthropic PBC

Variable

CCT + EU Residency available

AI Analysis

OpenAI Ireland

Variable

CCT + EU Residence + DPF

AI Processing

MongoDB Atlas

Frankfurt, DE

Guaranteed EU residency

Database

6. OPERATING PROCEDURES

6.1 Notification of Security Violations

Notification Period : Maximum 24 hours from knowledge of the incident

Mandatory Information :

  • Detailed description of the nature of the violation
  • Categories and approximate number of affected stakeholders
  • Record of compromised personal data
  • Name and contact of the DPO or point of contact
  • Foreseeable consequences of rape
  • Measures taken or proposed for remedy
  • Actions to mitigate negative effects

Communication Channel : dpo@leonardo-legal.ai with copy to soporte@leonardo-legal.ai

6.2 Exercise of Rights

Procedure :

  1. Reception : Leonardo Legal AI receives request to exercise rights
  2. Immediate forwarding : Transfer to the Client within a maximum of 24 hours
  3. Assistance : Collaboration in the response within legal deadlines
  4. Documentation : Maintaining a record of all applications

Specific Rights Supported :

  • Access : Providing information on treatments performed
  • Rectification : Correction of inaccurate data in systems
  • Deletion : Immediate deletion upon request
  • Limitation : Restriction of processing on request
  • Portability : Export in standard structured formats
  • Opposition : Cessation of processing when there is no legal basis

6.3 Return and Deletion of Data

At the end of the payment contract :

Phase 1 - Transition to Trial Mode :

  • Full data preservation through continuous access
  • Limitation of new features according to the Trial plan
  • Maintaining a complete history of interactions

Phase 2 - Grace Period (12 months) :

  • Data retained as long as the account is considered "active"
  • Inactive Account: No login for 12 consecutive months
  • Read-only access for history query

Phase 3 - Elimination Process :

  • Prior notification : 30 days before final disposal
  • Address : Email registered in the Client's account
  • Reactivation possible : Login interrupts deletion process
  • Final Deletion : Secure and certified deletion of all data

Deletion on Request :

  • Available at any time during the term of the contract
  • Immediate execution within 5 working days
  • Certificate of Disposal provided to the Customer
  • Retention only for legal liabilities during limitation periods

7. SUBCONTRACTING

7.1 General Authorization

The Client authorizes Leonardo Legal AI to subcontract services with the providers listed in Annex II, Section 5.2, under the following conditions:

  • Due diligence : Selection of subcontractors with sufficient guarantees
  • Binding Contract : Same obligations as the Principal Manager
  • Joint liability : Leonardo Legal AI is liable for the actions of subcontractors
  • Continuous monitoring : Monitoring regulatory compliance

7.2 New Subcontractors

To incorporate new sub-managers:

  • Prior notice : 30 days in advance
  • Detailed information : Services, location, guarantees applied
  • Right of opposition : Client can object within 15 days
  • Alternative resolution : Search for technical alternatives if there is opposition

8. OBLIGATIONS OF THE DATA CONTROLLER

8.1 Main Obligations of the Client

Data Guarantees :

  • Confirm appropriate legal basis for all data processed
  • Check rights to processed documents (ownership or authorization)
  • Guarantee prior information to interested parties in accordance with Arts. 13-14 GDPR
  • Maintain an updated record of the legal bases applied

Supervision of the Order :

  • Monitor regulatory compliance of the Manager
  • Conduct annual audits with 60 days' notice
  • Provide clear, written instructions when necessary
  • Assess the need for impact assessments (EIPD)

Rights Management :

  • Respond to the exercise of rights within legal deadlines
  • Coordinate with Leonardo Legal AI to facilitate responses
  • Maintain effective communication channels with stakeholders

8.2 Treatment Instructions

The instructions for treatment are contained in:

  • The specific functionalities of each Leonardo tool
  • The configurations selected by the Client on the platform
  • Any additional instructions provided in writing

Additional Instructions : Any instructions not contemplated in this DPA must:

  • Be provided in writing
  • Clearly specify the purpose and authorized operations
  • Staying within the legal framework of the GDPR
  • Be technically feasible according to Leonardo Legal AI infrastructure

9. SECURITY MEASURES IMPLEMENTED

9.1 Granular Access Controls

Authentication :

  • Multi-factor authentication (MFA) required for all users
  • Strong password policy (minimum 12 characters, high complexity)
  • Automatically expiring access tokens
  • Monitoring unauthorized access attempts

Authorization :

  • Role-based access control (RBAC)
  • Principle of least privilege consistently applied
  • Quarterly reviews of access permits
  • Strict segregation between data from different Clients

9.2 Data Protection

Advanced Encryption :

  • Data at Rest : AES-256 with keys managed by Digital Ocean Spaces Encryption
  • Data in transit : TLS 1.3 with Perfect Forward Secrecy
  • Backups : Independent encryption with rotating keys in Frankfurt
  • Internal communications : End-to-end encryption between services

Anonymization and Pseudonymization :

  • Automatic pseudonymization for aggregated statistics
  • K-anonymization techniques for usage analysis
  • Removing direct identifiers from system logs
  • Data masking in development and testing environments

9.3 Business Continuity

Backup and Recovery :

  • Encrypted daily incremental backups
  • Real-time replication between multiple UE data centers
  • Documented quarterly recovery tests
  • RTO (Recovery Time Objective): 4 hours
  • RPO (Recovery Point Objective): 1 hour

Continuity Plan :

  • Documented procedures for service interruptions
  • Redundant infrastructure across multiple availability zones
  • Automatic failover in case of technical failures
  • Proactive communication with clients during incidents

10. MANAGEMENT OF SECURITY VIOLATIONS

10.1 Detection and Classification

Detection Systems :

  • 24/7 monitoring with automatic alerts
  • Behavior analysis with machine learning
  • Multi-source security event correlation
  • Threat intelligence updated daily

Severity Classification :

  • Criticism : Unauthorized access to Customer data
  • High : Attempt to exfiltrate or modify data
  • Media : Anomalies in access patterns
  • Low : Security events with no data impact

10.2 Response Protocol

Immediate (0-1 hour) :

  • Automatic threat containment
  • Activation of the incident response team
  • Preservation of forensic evidence
  • Initial impact assessment

Short Term (1-24 hours) :

  • Formal notification to the Client if there is an impact on their data
  • Detailed root cause investigation
  • Implementation of corrective measures
  • Communication with authorities if legally required

Medium Term (24-72 hours) :

  • Detailed incident report
  • Improvement plan to prevent recurrence
  • Update security measures if necessary
  • Impact monitoring and mitigation measures

11. AUDITS AND COMPLIANCE

11.1 Audits of the Controller

Frequency : Maximum one audit per year, except for justified reasons

Procedure :

  • Written request 60 days in advance
  • Definition of scope and specific objectives
  • Access during business hours with technical staff present
  • Report of findings within 30 days of completion

Limitations :

  • Respect for trade secrets in accordance with Law 1/2019
  • No interference with critical operations of other Clients
  • Absolute confidentiality of third-party information
  • Cost of external audits assumed by the Client

11.2 Certifications and Compliance

Current Certifications :

  • Leonardo Legal AI : ISO 27001:2022 (Information Security Management)
  • Digital Ocean : SOC 2, ISO 27001, PCI DSS, CSA STAR Level 1
  • AssemblyAI : SOC 2 Type II, PCI DSS, GDPR compliance
  • Anthropic : SOC 2, ISO 27001, ISO 42001 (AI Management Systems)

Infrastructure Certifications :

  • Digital Ocean Amsterdam (AMS3): Tier III+ Certification for Data Centers
  • Compliance with European data protection standards
  • Specific certifications for managed services (MongoDB, Spaces)

External Audits :

  • Annual security audit by an independent firm
  • Semi-annual pentesting of critical infrastructure
  • GDPR compliance review by a specialized consulting firm
  • Risk assessment of international transfers

12. DATA PROTECTION OFFICER

12.1 DPO Contact Information

Leonardo Legal AI DPO :

  • Email : dpo@leonardolegal.io
  • Address : c/ Henares, 7. Madrid 28002
  • Telephone : [Direct contact number]

12.2 Functions of the DPO

  • Monitoring compliance with GDPR and national regulations
  • Point of contact with control authorities
  • Advice on impact assessments
  • Staff training and awareness
  • Management of requests for the exercise of rights

13. DURATION AND TERMINATION OF THE DPA

13.1 Validity

This DPA comes into force simultaneously with the main contract and remains in force until:

  • Termination of the main contract for any reason
  • Full compliance with data deletion/return obligations
  • Elapsed retention periods for legal liabilities

13.2 Post-Termination Obligations

Immediate Deletion (except for justified legal retention):

  • Deleting data from production systems
  • Deletion of backups containing Customer data
  • Certified destruction of physical media, if any
  • Certificate of Disposal provided to the Customer

Limited Legal Conservation :

  • Only to meet legal, commercial or administrative responsibilities
  • Data duly blocked in accordance with Art. 32 LOPDGDD
  • Duration limited to legally established limitation periods
  • Access restricted to the minimum essential personnel

14. DATA PROTECTION RESPONSIBILITY

14.1 Responsibility of the Manager

Leonardo Legal AI will be liable as Data Controller if:

  • Uses data for unauthorized purposes
  • Communicates data without the Client's authorization
  • Fails to comply with express instructions from the Controller
  • Processes data outside the scope of this DPA

14.2 Coordination in Sanctioning Procedures

Immediate Notification : The Client shall inform Leonardo Legal AI of any:

  • Sanctioning procedure initiated by AEPD or other authority
  • Claim from interested parties related to the treatment
  • Request for information from competent authorities

Coordinated Defense :

  • Leonardo Legal AI will assume legal defense in its area of responsibility
  • Close coordination preserving the Client's image and reputation
  • Transparent information on measures taken
  • Assumption of costs arising from own non-compliance

15. FINAL PROVISIONS OF THE DPA

15.1 Prevalence

In the event of a conflict between this DPA and the main contract, the data protection provisions of this DPA shall prevail.

15.2 Modifications

This DPA can only be modified:

  • By express written agreement of both parties
  • To adapt to regulatory changes that may arise
  • At the request of competent authorities

15.3 Specific Jurisdiction

For specific data protection disputes:

  • Applicable law : GDPR + LOPDGDD + Spanish regulations
  • Jurisdiction : Courts of Barcelona with specific jurisdiction
  • Supervisory Authority : Spanish Data Protection Agency (AEPD)

ACCEPTANCE

By using Leonardo Legal AI services, the Client declares:

  • Have read and fully understood these terms and the DPA
  • Have legal capacity to contract
  • Act in the exercise of professional activity
  • Accept all the established conditions
  • Recognize your role as Data Controller

Effective Date : September 1, 2025
Last Updated : September 1, 2025

For questions about these terms or the DPA, please contact our legal team at legal@leonardo-legal.ai or our DPO at dpo@leonardolegal.io

 

Imprint

Imprint
Scriptum AI Technology SL
Calle Henares 7
28002 Madrid


Represented by: Isabel Anguera

Contact:
Phone: (+34) 607902266
Email: info@leonardolegal.io
VAT ID:
VAT identification number according to Section 27a of the Sales Tax Law: NIF: B19399211

Consumer Dispute Resolution/Universal Arbitration Board
We are neither willing nor obliged to participate in dispute resolution proceedings before a
consumer arbitration board.


Source: https://www.e-recht24.de