Mitralex

PRIVACY POLICY and Personal Data Processing Policy

Mitralex Privacy Policy — how we collect, use, and protect your personal data

Last updated: January 25, 2026

1. ABOUT US AND THIS POLICY

FOP Kobzov Maksym Oleksiiovych, Tax Identification Number 302920371, registered in accordance with the legislation of Ukraine (hereinafter referred to as “we”, “us”, “our” or the “Company”), is a personal data controller pursuant to the Law of Ukraine “On Personal Data Protection”.

This Privacy Policy (hereinafter referred to as the “Policy”) describes how we collect, use, store and protect your personal data in connection with your use of our Service — a professional AI platform for Ukrainian lawyers, advocates and accountants, providing access to regulatory documents, consultations, analytics and AI functionality (hereinafter referred to as the “Service” or the “Platform”).

The Service is available at: www.mitralex.com (hereinafter referred to as the “Website”).

This Policy applies to all persons who visit our Website, register on the Platform, use our services or otherwise provide us with their personal data.

2. DEFINITIONS

AI Functionality — the functional capabilities of the Platform based on artificial intelligence technologies, in particular large language models (Large Language Models), which provide automated query processing, document analysis, text generation and other intelligent functions of the Service.

Personal Data — information or a set of information about a natural person who is identified or can be specifically identified.

Personal Data Controller — a natural or legal person who determines the purpose of personal data processing, establishes the composition of such data and the procedures for their processing.

Personal Data Processing — any action or set of actions performed in whole or in part in an information system and/or in filing systems, related to the collection, registration, accumulation, storage, adaptation, modification, renewal, use and dissemination, depersonalisation, destruction of information about a natural person.

Personal Data Subject — a natural person whose personal data are being processed.

Consent of the Personal Data Subject — any voluntary expression of will by a natural person granting permission for the processing of their personal data in accordance with the stated purpose of such processing.

Content — any data, information, queries and materials that the user enters or uploads to the Platform for interaction with the AI Functionality.

We process your personal data on the following legal grounds in accordance with Article 11 of the Law of Ukraine “On Personal Data Protection”:

  • your consent to the processing of personal data;

  • the necessity of performing a contract to which the personal data subject is a party, or for taking measures at the request of the personal data subject prior to entering into such a contract;

  • the necessity of fulfilling an obligation of the personal data controller as prescribed by law;

  • the legitimate interest of the Company, provided it does not conflict with the rights and freedoms of the personal data subject.

Although our activities do not fall within the scope of the General Data Protection Regulation (GDPR), we strive to adhere to the principles and best practices of personal data protection provided for by this regulation.

4. WHAT PERSONAL DATA WE COLLECT

4.1. Data you provide directly

During registration and use of the Service, we may collect the following personal data:

  • surname, first name, patronymic;

  • email address;

  • telephone number;

  • account login credentials (username, password in encrypted form);

  • other information you voluntarily provide when contacting customer support.

4.2. Professional data

To improve the quality of the Service and personalise your experience, we may collect professional information:

  • name of the company, organisation or law firm (employer);

  • position;

  • work email address;

  • area of practice (for example: corporate law, criminal law, tax law, accounting, etc.).

4.3. Payment data

To pay for the Service, you are redirected to a secure page of the payment provider LiqPay operated by JSC CB “PRIVATBANK”. We do not collect, process or store your bank card data — all payment information is processed directly by LiqPay in accordance with its privacy policy.

From the payment provider, we receive only confirmation of the payment status (successful/unsuccessful), the transaction identifier and the payment amount for the purpose of recording the services provided.

4.4. Subscription information

We store information about your subscriptions within our Service, including subscription type, start and end dates, and payment history.

4.5. Technical data

When using the Platform, we automatically collect certain technical data:

  • IP address;

  • browser type and version;

  • operating system;

  • device type;

  • language settings;

  • time zone.

This data is collected automatically and is technically necessary to ensure the functioning of the Platform and its security.

4.6. Log files and metadata

For the purposes of security, diagnostics and improvement of the Service, we maintain log files which may contain:

  • time of access to the Platform;

  • session duration;

  • metadata of queries to the AI system (time, query type, without the content of the query itself);

  • information about errors and technical failures;

  • actions in the system (authorisation, logging out, changing settings).

4.7. Cookies

We use technically necessary cookies to ensure the proper functioning of the Platform.

5. USER CONTENT AND LIABILITY

5.1. Liability for Content

Users of the Platform may enter data (Content) to interact with the AI Functionality. Such Content may contain personal data of third parties.

The user bears sole responsibility for the lawfulness of processing the personal data they enter into the Platform, including obtaining the necessary consents from the subjects of such data.

In such cases, the Company acts as a personal data processor, processing data on behalf of the user. We take all reasonable technical and organisational measures to protect user Content.

5.2. Content protection and policy of non-use for AI training

We guarantee that your Content is not used for training or improving artificial intelligence models. To this end, we ensure the following:

Commercial tariffs of providers. The Platform uses exclusively corporate (enterprise) and commercial API tariffs of AI technology providers (in particular OpenAI, Anthropic, Google), the terms of which expressly prohibit the use of client data for model training.

Zero data retention policy. Our terms of use of large language models (LLM) with AI technology suppliers provide that user Content is not stored on the providers’ servers after processing the query, or is stored for a minimum technical period solely for abuse monitoring purposes, without use for any other purposes, but taking into account the data retention policies of API providers regarding security monitoring (abuse monitoring), which may provide for temporary storage of up to 30 days without third-party access.

The data you enter is used exclusively to provide a response to your specific query.

6. PURPOSE OF PERSONAL DATA PROCESSING

We process your personal data for the following purposes:

  • providing access to the Service and its functional capabilities;

  • creating and administering your account;

  • processing payments and managing subscriptions;

  • communicating with you regarding the Service, technical support and updates;

  • sending marketing communications (with your consent);

  • personalisation and improvement of the Service quality;

  • analytics and improvement of the Service;

  • fulfilling legal obligations prescribed by the legislation of Ukraine;

  • preventing fraud, abuse and ensuring the security of the Platform;

  • investigating and responding to security incidents;

  • internal audit and ensuring compliance;

  • defence against claims and legal actions, building an evidence base;

  • research and development aimed at improving the AI system (without using user Content for model training);

  • protecting the legitimate interests of the Company.

7. TRANSFER OF DATA TO THIRD PARTIES

We may transfer your personal data to third parties in the following cases:

7.1. Service providers

We cooperate with contractors and service providers who assist us in providing the Service:

  • payment systems — for payment processing;

  • CRM systems — for customer relationship management;

  • email services — for sending communications;

  • hosting providers — for data storage and processing;

  • other contractors necessary for the functioning of the Service.

All our partners are obliged to ensure an appropriate level of personal data protection in accordance with the agreements concluded with them.

7.2. Employer (for B2B clients)

If access to the Service is provided to you through your employer (law firm, company, organisation), we may transfer certain information about your use of the Service to your employer for the purposes of internal audit and ensuring compliance, including metadata about activity in the system.

7.3. Law enforcement and government authorities

We may disclose your personal data at the request of competent authorities in cases prescribed by the legislation of Ukraine.

7.4. Protection of rights

We may disclose personal data where necessary to protect our legitimate rights and interests or the rights of third parties.

8. INTERNATIONAL DATA TRANSFER

In connection with the use of technological services and cloud infrastructure of AWS, Microsoft Azure, Google, OpenAI and Anthropic, your personal data may be transferred outside Ukraine, in particular to countries of the European Union and the USA.

Such transfer is carried out in accordance with Article 29 of the Law of Ukraine “On Personal Data Protection” to states that ensure an adequate level of personal data protection, namely:

  • member states of the European Economic Area;

  • states that have signed the Council of Europe Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data;

  • states whose capital market regulators are signatories to the IOSCO Multilateral Memorandum of Understanding (including the USA).

Additionally, we ensure the protection of your data by using services of providers that comply with international data protection standards.

Personal data are not transferred for any purpose other than the purpose for which they were collected.

9. DATA RETENTION PERIODS

We retain your personal data for the period necessary to achieve the purposes for which they were collected, or for the period established by the legislation of Ukraine.

In particular:

  • account data — for the duration of the contract and up to 3 years after its termination;

  • financial data — in accordance with the requirements of tax and accounting legislation (as a rule, not less than 7 years);

  • log files and technical data — up to 12 months from the moment of collection;

  • data for marketing communications — until the withdrawal of your consent;

  • data necessary for defence against claims — for the limitation period established by legislation.

Upon expiry of the retention period, personal data are destroyed or depersonalised.

10. PERSONAL DATA PROTECTION

We take organisational and technical measures to protect your personal data from unauthorised access, accidental loss, destruction or damage:

  • use of encryption for data transmission and storage;

  • restriction of access to personal data to authorised employees only;

  • regular data backup;

  • use of firewalls and antivirus protection;

  • maintenance of log files for detecting and investigating security incidents;

  • training of employees on personal data protection matters;

  • regular review and improvement of security measures.

Notwithstanding all measures taken, no method of data transmission over the internet or data storage is absolutely secure. In the event of a personal data security breach, we will notify you and the relevant authorities in accordance with the requirements of the legislation.

11. RIGHTS OF PERSONAL DATA SUBJECTS

In accordance with the Law of Ukraine “On Personal Data Protection”, you have the following rights:

  • the right to know about the sources of collection, the location of your personal data, and the purpose of their processing;

  • the right of access to your personal data;

  • the right to receive information about the conditions for granting access to personal data, in particular information about third parties to whom your data are transferred;

  • the right to receive a response no later than 30 calendar days from the date of receipt of a request as to whether your personal data are being processed, and to receive the content of such data;

  • the right to object — to submit a reasoned objection against the processing of your personal data;

  • the right to rectification or erasure — to submit a reasoned request for the rectification or erasure of your personal data if they are processed unlawfully or are inaccurate;

  • the right to protection of your personal data from unlawful processing and accidental loss, destruction or damage;

  • the right to lodge a complaint — to lodge complaints regarding the processing of personal data with the Ukrainian Parliament Commissioner for Human Rights or with a court;

  • the right to make reservations regarding the limitation of the right to process your personal data when giving consent;

  • the right to withdraw consent to the processing of personal data;

  • the right to know the mechanism of automatic processing of personal data;

  • the right to protection against an automated decision which produces legal effects concerning you.

To exercise your rights, please contact us using the contact details provided in this Policy.

12. COOKIES

These files are strictly necessary for the functioning of the Service. They do not require your consent and are used for:

  • maintaining the session of an authorised user;

  • remembering your settings (language, interface);

  • ensuring security and protection against unauthorised access.

We may use analytical tools (for example, Google Analytics) to collect depersonalised statistics on Website usage. This helps us understand how users interact with the Platform, identify technical errors and improve the functionality of the Service. The data collected are aggregated and are not used for your personal identification.

We do not use cookies to display third-party advertising or for marketing tracking (retargeting). You may change your web browser settings at any time to block or delete cookies; however, please note that disabling technical cookies may affect the proper functioning of the Platform and access to your account.

13. AGE RESTRICTION

Our Service is intended exclusively for professional use by lawyers, advocates and accountants. The Service is not intended for use by persons under the age of 18.

We do not knowingly collect personal data of minors. If you become aware of the registration of a minor on our Platform, please notify us immediately.

14. MARKETING COMMUNICATIONS

We may send you marketing communications by email if we have your consent. You may opt out of receiving such communications at any time by:

  • clicking the unsubscribe link in the email;

  • changing the settings in your account;

  • contacting us using the contact details provided below.

Opting out of marketing communications does not affect the receipt of service messages related to the functioning of your account and the provision of services.

Our Website may contain links to external websites of third parties. We are not responsible for the privacy policies and personal data processing practices of such websites. We recommend that you review the privacy policy of each third-party resource before providing it with your personal data.

16. CHANGES TO THE POLICY

We may update this Policy from time to time to reflect changes in our data processing practices or legislative requirements.

We will notify you of material changes by:

  • publishing the updated Policy on the Website with an indication of the update date;

  • sending a notification to your email address (if available).

We recommend that you periodically review this Policy to familiarise yourself with the current terms of processing your personal data.

By registering on the Platform or using our Service, you confirm that:

  • you have read this Privacy Policy;

  • you grant consent to the processing of your personal data on the terms set out in this Policy;

  • you have been informed of the procedure, purpose and other conditions of personal data processing in accordance with Articles 6, 8, 10, 11 of the Law of Ukraine “On Personal Data Protection”;

  • you have full legal capacity to grant such consent.

You may grant your consent by ticking the appropriate box during account registration.

18. CONTACT INFORMATION

If you have any questions regarding this Policy, the processing of your personal data, or if you wish to exercise your rights as a personal data subject, please contact us:

Personal Data Controller: FOP Kobzov Maksym Oleksiiovych

Address: 17 Shchipnyi Lane, Office 2, Odesa, Odesa Oblast, 65020, Ukraine

Email: info@mitralex.com

We will make every effort to consider your request and provide a response as soon as possible.

Back to Home