LegimusAI

LEGIMUS AI PRIVACY POLICY

Last updated: March 9, 2026

This Privacy Policy (the "Policy") describes how Legimus S.A.C., identified with RUC No. 20614130157, domiciled at Calle Tarapaca 1106, Tacna, Peru, commercially operating under the name "Legimus AI" (hereinafter, "Legimus AI", "we" or "us"), collects, uses, stores, shares and protects the personal data of the users of the website https://legimus.ai, the digital platform (the "Platform") and the services offered (the "Services").

This Policy has been prepared in compliance with Law No. 29733, the Personal Data Protection Law of Peru, its Regulations approved by Supreme Decree No. 003-2013-JUS, and other applicable regulations.

BY ACCESSING THE WEBSITE, USING THE PLATFORM OR CONTRACTING THE SERVICES, YOU DECLARE THAT YOU HAVE READ AND ACCEPTED THIS PRIVACY POLICY. IF YOU DO NOT AGREE, YOU MUST NOT ACCESS OR USE THE PLATFORM OR THE SERVICES.

1. DATA CONTROLLER

The data controller responsible for your personal data is:

  • Company name: Legimus S.A.C.
  • RUC: 20614130157
  • Address: Calle Tarapaca 1106, Tacna, Peru
  • Email for personal data matters: [email protected]

2. PERSONAL DATA WE COLLECT

Depending on your interaction with us, we may collect the following personal data:

2.1 Data provided directly by the User

  • Registration data: full name, email address, phone number, password.
  • Company data: company name, tax ID (RUC), industry or sector, address, approximate customer volume.
  • Contact data: information provided through contact forms, demo requests or support.
  • Billing data: information necessary for the issuance of payment receipts.

2.2 Data collected through third-party platform integrations

When the User connects their online store or other third-party platforms (such as Shopify) with Legimus AI Services, we may collect and process the following data through those platforms' APIs:

  • Product data: name, description, price, images, variants, inventory status and availability.
  • Store data: store name, domain, currency, language and general configuration.
  • Order data: order information necessary for customer service through AI agents (order number, status, ordered products).

This data is used exclusively to feed the knowledge base of the User's AI agents, enabling accurate responses about products, availability and order information to End Users.

2.3 Data collected automatically

  • Browsing data: IP address, browser type, operating system, pages visited, time spent, referring URL.
  • Platform usage data: features used, configurations made, usage frequency, activity logs.
  • Cookies and similar technologies: as detailed in Section 7 of this Policy.

2.4 Third-party data processed through the Services

When the User uses the Services to assist their own customers ("End Users"), Legimus AI may process data from such End Users, such as:

  • Name, phone number and messages sent through integrated communication channels (e.g., WhatsApp).
  • Conversation history with AI agents.

In these cases, the User acts as the data controller for their End Users' data and Legimus AI acts as the data processor. The User is responsible for obtaining consents and complying with the obligations required by legislation regarding such data.

3. PURPOSES OF DATA PROCESSING

We process your personal data for the following purposes:

3.1 Primary purposes (necessary for service provision)

  • Managing User registration and Account.
  • Providing, maintaining and improving the contracted Services.
  • Processing payments and issuing payment receipts.
  • Providing technical support and customer service.
  • Communicating changes to the Services, Platform updates or modifications to the Terms and Conditions and this Policy.
  • Complying with legal and regulatory obligations.
  • Preventing fraud, misuse and ensuring Platform security.

3.2 Additional purposes (with User consent)

  • Sending commercial communications, promotions and news about the Services.
  • Conducting satisfaction surveys and market studies.
  • Personalizing the User's experience on the Platform.
  • Preparing internal statistics and analyses with aggregated and anonymized data.

The User may withdraw their consent for additional purposes at any time, without affecting the provision of the Services.

4. LEGAL BASIS FOR PROCESSING

The processing of your personal data is based on:

  • Contractual performance: processing is necessary for the provision of the contracted Services.
  • Consent: for additional purposes such as sending commercial communications.
  • Legitimate interest: for improving the Services, fraud prevention and Platform security.
  • Legal compliance: when processing is necessary to comply with legal obligations.

5. DATA SHARING AND TRANSFER

5.1 Third parties with whom we share data

We may share your personal data with the following third parties, exclusively for the purposes described in this Policy:

  • AI model providers: we use language model (LLM) provider services for processing conversations managed through AI agents. Conversation data may be sent to these providers to generate responses.
  • WhatsApp / Meta: the Services integrate with the WhatsApp Business API for sending and receiving messages. Conversation data is processed by Meta in accordance with their own privacy policies.
  • Shopify: when the User integrates their Shopify store with the Services, we access product, order and store data through Shopify APIs. Shopify processes this data in accordance with its own privacy policy. Additionally, for Users who contract the Services through the Shopify App Store, Shopify acts as a payment processor through Shopify Billing.
  • Payment processors: we use payment gateways (such as Culqi and Shopify Billing) to process transactions. These providers receive only the data necessary to complete the payment.
  • Infrastructure and hosting providers: we use cloud computing services to host the Platform and store data.
  • Professional advisors: accountants, lawyers or other advisors, when necessary for compliance with legal obligations.

Legimus AI does not sell, rent or commercialize personal data to third parties.

5.2 International data transfer

For the provision of the Services, your personal data may be transferred and processed on servers located outside Peru, including the United States, where the servers of our infrastructure and AI model providers are located.

Legimus AI adopts the necessary measures to ensure that such transfers are carried out with an adequate level of protection, in accordance with the provisions of Law No. 29733 and its regulations, including the execution of contractual clauses and the verification of security standards of the recipient providers.

6. DATA RETENTION

We retain your personal data for the time necessary to fulfill the purposes for which it was collected, including:

  • While the User's Account is active and the contractual relationship is maintained.
  • During the periods established by applicable legislation for compliance with legal, tax or accounting obligations.
  • During the statute of limitations period for possible legal actions arising from the contractual relationship.

Once these purposes have been fulfilled, the data will be deleted or irreversibly anonymized.

7. COOKIES AND SIMILAR TECHNOLOGIES

The website and the Platform may use cookies and similar technologies for:

  • Essential cookies: necessary for the basic functioning of the website and the Platform (e.g., login, language preferences).
  • Performance and analytics cookies: allow us to understand how users interact with the website to improve its operation and content.
  • Functionality cookies: allow us to remember User preferences and personalize their experience.

The User may manage cookies through their browser settings. Please note that disabling certain cookies may affect the functionality of the website or the Platform.

8. RIGHTS OF THE DATA SUBJECT

In accordance with Law No. 29733, you have the right to:

  • Access: know what personal data of yours is being processed and obtain a copy thereof.
  • Rectification: request the correction of inaccurate or incomplete personal data.
  • Cancellation: request the deletion of your personal data when it is no longer necessary for the purposes for which it was collected.
  • Opposition: object to the processing of your personal data on legitimate grounds.

To exercise these rights, you may send a request to [email protected], indicating:

  • Full name and identity document.
  • Clear description of the right you wish to exercise.
  • Email address to receive the response.

Legimus AI will respond to your request within a maximum period of ten (10) business days, in accordance with applicable legislation. In case of disagreement, you may file a complaint with the National Authority for Personal Data Protection of the Ministry of Justice and Human Rights of Peru.

9. DATA SECURITY

Legimus AI implements reasonable technical, organizational and legal measures to protect your personal data against unauthorized access, alteration, disclosure or destruction, including:

  • Data encryption in transit and at rest.
  • Role-based access control.
  • Monitoring and logging of activities on the Platform.
  • Periodic security assessments.

However, no system is completely secure. Legimus AI cannot guarantee the absolute security of data, but is committed to acting diligently to mitigate any risk.

10. CHILDREN'S DATA

Legimus AI Services are not directed at individuals under 18 years of age. We do not intentionally collect personal data from minors. If we become aware that we have collected data from a minor without the consent of their legal representative, we will proceed to delete it immediately.

11. CHANGES TO THIS POLICY

Legimus AI may modify this Privacy Policy at any time. The current version will always be available at https://legimus.ai/privacy.

When significant changes are made, Legimus AI may notify the User through reasonable means (e.g., email or notices on the Platform). Continued use of the Services after publication of the modifications implies acceptance of the new version of the Policy.

12. CONTACT

If you have questions, comments or requests related to this Privacy Policy or the processing of your personal data, you may contact us through: