Back to Prescia AI

Privacy Policy

How we collect, use, and protect personal data, and your rights under the GDPR and the Data Protection Act 2018.

Effective 14 July 2026Prescia AI Limited

Draft — pending review by qualified counsel. This document is a working template provided for transparency. It has not yet been reviewed or approved by a solicitor and does not constitute legal advice. Verify and adapt before relying on it.

1. Who we are

Prescia AI is operated by Prescia AI Limited (“Prescia AI”, “we”, “us”), a company registered in Ireland. For the personal data we process about our account holders and website visitors, Prescia AI Limited is the data controller. You can contact us about privacy at support@prescia.ai.

Where a law firm or organisation uses Prescia AI to process personal data contained in their own documents and matters, that firm is the data controller for that content and we act as their data processor. In those cases our processing is governed by the data-processing terms agreed with the firm (see section 8).

2. What data we process

We process the following categories of personal data:

  • Account & identity data — name, email address, organisation, role, and authentication data.
  • Usage & device data — log data, IP address, browser/device information, and interactions needed to run and secure the service.
  • Content you provide — the documents, prompts, and firm knowledge you upload or submit for AI processing. This may contain personal data and client-confidential information, for which your firm is the controller.
  • Activity & audit records — metadata about AI interactions retained for transparency and accountability (the audit trail records metadata, not message content).

3. Why we process it and our lawful basis

  • To provide the service (contract, GDPR Art. 6(1)(b)) — authenticating you, running AI research/drafting, and storing your firm's knowledge.
  • To secure and improve the service (legitimate interests, Art. 6(1)(f)) — logging, fraud/abuse prevention, and reliability. We balance this against your rights.
  • To meet legal and regulatory obligations (Art. 6(1)(c)) — including transparency and record-keeping obligations under the EU AI Act and the Data Protection Act 2018.

4. AI models and your content

Prescia AI sends prompts and selected source material to third-party AI models to generate responses. The models available for chat responses are listed, with their data-handling status, in our AI transparency statement. Your firm's information is not used to train these models, and we contract for zero data retention (ZDR) where offered by the provider. Do not submit confidential client information via any model flagged as not offering ZDR.

5. Processors and sub-processors

We rely on a small number of vetted providers to run the service, including:

  • Supabase — database, authentication, and file storage.
  • AI model providers routed via OpenRouter — e.g. OpenAI, Anthropic, Google, and others listed in the transparency statement, used to generate AI responses.
  • Hosting and email providers used to operate the application and send transactional messages.

Some of these providers are located outside the EEA. Where personal data is transferred internationally, we rely on appropriate safeguards (such as Standard Contractual Clauses). A current list of sub-processors is available on request.

6. Retention

We keep account data for as long as your account is active and as required to meet legal obligations. Firm content is retained per your organisation's configuration and instructions. Audit metadata is retained to satisfy transparency and accountability obligations. When data is no longer needed, we delete or anonymise it.

7. Your rights

Under the GDPR and the Data Protection Act 2018 you have the right to access, rectify, erase, restrict, or object to processing of your personal data, and to data portability. Where a firm is the controller of the content, please direct such requests to that firm; we will assist them as their processor. To exercise rights in relation to data for which we are the controller, contact support@prescia.ai. You also have the right to lodge a complaint with the Irish Data Protection Commission (dataprotection.ie).

8. Firm customers (data processing)

Where your firm uses Prescia AI to process personal data in its own matters, that processing is governed by a data-processing agreement between your firm and Prescia AI Limited. That agreement sets out the subject matter, duration, nature and purpose of processing, the types of personal data, and the obligations of each party under Art. 28 GDPR. Contact us to put one in place.

9. Cookies

We use cookies as described in our Cookie Policy.

10. Changes

We may update this policy from time to time. Material changes will be notified through the service. The “Effective” date above shows when this version took effect.