This document explains how Vitacore Tech LTD trading as Legal Connection (“we” or “us”) uses information relating to you. The company is incorporated in England (company number 15122071) and its registered office is 7 Bell Yard, London, England, WC2A 2JR.
We take privacy seriously and have implemented robust technical, organisational and contractual controls to protect and safeguard your personal information in compliance with applicable data‑protection legislation (including the UK Data Protection Act, the EU General Data Protection Regulation (“GDPR”), the California Consumer Privacy Act (“CCPA”) and other relevant US and international laws).
Our Customers: We use your information to manage our commercial relationship with you. This includes contact details such as phone number, email address, organisation and role.
Product Users: We use your information to provide access to and manage the product, and also to improve and further develop our products, which is in our legitimate interest. This includes account information (name, email, organisation, profile picture), feedback on issues, and usage insights.
Outlook Plugin – Privacy Details: Our Outlook plugin operates within Microsoft Outlook. It allows users to link specific emails and attachments to legal matters in Legal Connection. Linked emails and attachments are accessible within Legal Connection under a dedicated ‘Emails’ tab for each matter, and users can unlink them at any time.
All data collected by the plugin and the Legal Connection platform is stored securely on Legal Connection’s servers. Data transmission to our servers is protected using encrypted channels (TLS 1.2+).
We host customer data in Amazon Web Services (AWS) in a region aligned with the customer’s location (UK, EU or US). Replication of data outside that region only takes place with the customer’s written consent. Failover and backups occur within the same AWS region (multi‑AZ redundancy). Cross‑region disaster‑recovery is available only on explicit customer request.
We use third‑party service providers that may have access to your data. In such cases, we implement contractual safeguards and ensure the same level of security, confidentiality and integrity of your personal data as required under applicable data‑protection laws.
We maintain a register of our approved material sub‑processors and will notify you within 30 days of any material sub‑processor change. Customers may object to such change on reasonable data‑protection grounds.
Approved sub‑processors:
- Amazon Web Services (AWS): Cloud hosting, encryption, fail‑over (regional: UK/EU/US)
- OpenAI / Azure OpenAI: AI‑driven text analysis and clause generation (ephemeral processing only)
- IBM AstraDB: Vector/document database for metadata storage (regional replication, AES‑256)
- SendGrid (Twilio): Transactional email (TLS in transit, 30‑day retention)
- Ably: Real‑time WebSocket relay (regional routing, transient storage)
- Thoropass: Compliance‑management platform (SOC 2 Type II certified)
We keep your personal information for the period during which you are a customer and for a reasonable period thereafter to meet legal obligations, resolve disputes or enforce agreements.
Once your account is terminated or you request deletion of your personal data, we will delete all personal data within 30 days unless legal obligations require longer.
Deletion logs are retained for audit purposes in accordance with recognised standards (such as NIST 800‑88).
We are audited annually for SOC 2 Type II by an independent auditor (Laika). Our environment is continuously monitored using AWS Security Hub and GuardDuty. We perform weekly automated vulnerability scans with 48‑hour remediation targets and conduct annual third‑party penetration tests. All policies are reviewed annually via Thoropass ISMS.
Your personal data may be transferred internationally (for example to the US) or processed outside your country of residence. In such cases, we ensure appropriate safeguards are in place (e.g., EU Standard Contractual Clauses or other lawful transfer mechanisms) and that your rights are preserved under applicable data‑protection laws.
You have the right to request access, rectification, erasure, restriction of processing, data portability, or to object to processing of your personal data in certain circumstances. To exercise these rights, please contact us using the details below.
If you have any concerns about our use of your personal data, you can make a complaint to us using the contact details below. If you remain unhappy after contacting us, you may also complain to the UK Information Commissioner’s Office or your local data‑protection authority.
Phone: +1 (215) 208-0767
Copyright © 2025 Legal Connection. All rights reserved.