Privacy Policy

Who we are

TempusLex is a product of Hackweb (Italy). Privacy contact: [email protected].

What we collect

• Email address. Captured at sign-in (magic-link), on newsletter sign-up, or when you leave your email on a public calculator to receive the PDF reminder.
• Case file data. Case reference, parties, court, procedural acts, deadlines, and notes you enter. We do not request data beyond what is necessary to manage deadlines.
• Payment metadata. Stripe stores your card; we store the subscription id, the tier (Solo/Pro/Studio), the interval (monthly/yearly), and the amount.
• Operational metadata. Sign-in events, error logs (via Sentry).
• Lead emails. When you leave your email on a public calculator to receive the PDF reminder, we store email, rule id, and locale only — no IP, no fingerprint.

Why we collect it

• To authenticate you and deliver the Service (Art. 6(1)(b) GDPR — performance of contract).
• To send deadline reminders, notifications, and receipts (Art. 6(1)(b)).
• To send statutory updates and newsletters only with your consent (Art. 6(1)(a)) — you can unsubscribe at any time.
• To meet tax and accounting obligations (Art. 6(1)(c)).

Sub-processors

See the sub-processors page for the up-to-date list.

Where we process

Primary Postgres database: EU (managed provider with EU data centres). Cloudflare R2 (archived PDF reminders): EU + US with encryption at rest. Stripe: Ireland (EU) + US for payments back-office. Resend (transactional email): EU + US. Sentry (error tracking): EU. TempusLex does not use generative AI in the deadline-computation path: the engine is purely deterministic and rules-based.

Retention

• Public-calculator leads who never convert: 180 days, then deleted unless you subscribe to the newsletter.
• Case file and account data: for the duration of the subscription + 30 days read-only after cancellation, then deleted subject to legal obligations.
• Payment records and invoices: 10 years under Italian tax law.
• Error logs (Sentry): 90 days.

Your rights

Under GDPR you can: access, rectify, erase, restrict, port, or object to processing. You can export case files at any time from settings, or request a full extract at [email protected]. We respond within 30 days.

Complaints

You can lodge a complaint with the Italian Garante per la protezione dei dati personali (garanteprivacy.it) or with the supervisory authority of your country of residence.

Cookies

We use only strictly necessary cookies: session cookie for authentication and the NEXT_LOCALE cookie to remember your language choice from the switcher. Traffic analytics (when enabled) are provided by Umami in cookie-free, privacy-respecting mode. We will surface a cookie banner only if we introduce non-essential cookies later.

Data Processing Addendum

Customers acting as data controllers (law firms with employees, companies processing their own clients' data through TempusLex) can request a Data Processing Addendum (DPA) at [email protected]. A standard DPA is available at /dpa.