This Data Processing Agreement explains how Lawix AI processes personal data submitted through the platform, including account data, document content, payment-related records and support requests.
Lawix AI is operated by OTTIMASOFT LTD, a company registered in England and Wales.
Company Name: OTTIMASOFT LTD
Company Number: 15701705
Registered Office Address: 91 Battersea Park Road, London, England, SW8 4DU
This Data Processing Agreement forms part of the Lawix AI legal terms and applies where Lawix AI processes personal data on behalf of a user, customer or organisation in connection with the provision of digital services.
This Agreement is intended to support compliance with applicable data protection laws, including the UK GDPR, the EU GDPR where applicable, and related data protection requirements.
Where a user or organisation uploads, enters or submits personal data into Lawix AI for document generation, document review support or related digital services, the user or organisation may act as the data controller and Lawix AI may act as the data processor.
For personal data that Lawix AI processes for its own business purposes, including account administration, billing records, fraud prevention, security, tax records and service communications, OTTIMASOFT LTD may act as an independent data controller.
Personal data processed through Lawix AI may include names, email addresses, account details, login data, user messages, support requests, prompts, uploaded files, document content, generated outputs, payment-related records, balance top-up records, plan activation records and Legal Audit request information.
The exact categories of personal data depend on what the user chooses to submit or use inside the platform.
Data subjects may include users of Lawix AI, customers, employees, contractors, business contacts, document parties, legal counterparties or other individuals whose information appears in documents, prompts, uploaded files or support communications.
Processing is carried out for the purpose of providing Lawix AI digital services, including account management, document generation, document review support, Legal Audit services, account balance management, customer support and website security.
Processing continues for as long as necessary to provide the service, maintain the user account, comply with legal obligations, resolve disputes, prevent fraud and maintain required business records.
Lawix AI will process personal data submitted by users only as necessary to provide the requested services, comply with these legal terms, follow documented user instructions, maintain security or comply with applicable law.
Users are responsible for ensuring that their instructions are lawful and that they have the required rights and permissions to submit personal data to Lawix AI.
Lawix AI may process documents, legal-related text, prompts, uploaded files and generated outputs submitted by users. Such content may include confidential, commercial or personal information.
Users should avoid submitting information that they are not authorised to process, disclose or upload. Users are responsible for reviewing and managing the content they place into the platform.
Lawix AI takes reasonable steps to ensure that personnel and service providers who may access personal data are subject to appropriate confidentiality obligations.
Access to personal data is limited to those who require it for service operation, support, security, billing, compliance or technical maintenance.
Lawix AI applies reasonable technical and organisational measures designed to protect personal data against unauthorised access, loss, misuse, alteration or disclosure.
These measures may include access controls, secure authentication, encrypted connections, infrastructure security, activity monitoring, backup controls, internal access restrictions and security review procedures.
Lawix AI may use third-party service providers and subprocessors to support hosting, infrastructure, payment processing, security, email delivery, analytics, customer support, AI-related processing and other operational functions.
Subprocessors are expected to process personal data only as necessary to provide their services and under appropriate contractual, confidentiality and data protection obligations.
Some subprocessors or infrastructure providers may process personal data outside the United Kingdom or the European Economic Area.
Where required by applicable data protection law, Lawix AI uses appropriate safeguards intended to protect personal data during international transfers.
Where Lawix AI acts as a processor, we will provide reasonable assistance to help the controller respond to data subject requests, taking into account the nature of the processing and the information available to us.
Requests may include access, correction, deletion, restriction, objection, portability or other rights available under applicable data protection law.
If Lawix AI becomes aware of a personal data breach affecting personal data processed on behalf of a user or customer, we will take reasonable steps to assess the incident and notify affected users or controllers without undue delay where required by applicable law.
Notification may include available information about the nature of the incident, affected data, likely consequences and measures taken or proposed to address the breach.
Upon account closure, valid deletion request or termination of relevant services, Lawix AI may delete or return personal data where technically feasible and legally permitted.
Certain records may be retained where required for legal, tax, accounting, fraud prevention, security, dispute resolution or legitimate business purposes.
Upon reasonable written request, Lawix AI may provide information reasonably necessary to demonstrate compliance with this Agreement, subject to confidentiality, security and protection of other users' data.
Any audit request must be reasonable, proportionate and limited to information relevant to the requesting user's use of Lawix AI.
Lawix AI may process payment-related records such as balance top-ups, custom top-up amounts, plan activations, Legal Audit charges, invoices, receipts and payment status for billing, accounting, fraud prevention and customer support purposes.
Full card numbers and sensitive card authentication data are handled by payment providers and are not stored on Lawix AI servers.
This Agreement should be read together with the Lawix AI Privacy & Cookie Policy, Terms of Service, Refund & Cancellation Policy and other applicable legal documents.
The Privacy & Cookie Policy provides additional information about how Lawix AI collects, uses, stores and protects personal data.
Lawix AI may update this Data Processing Agreement from time to time. Updated versions will be posted on this page.
Continued use of Lawix AI after changes are published means that the updated Agreement applies to ongoing use of the service.
Questions about this Data Processing Agreement or data protection matters may be sent to: [email protected].
Effective Date: May 3, 2026
All legal and policy documents are available in one place for clarity and easy access.
Need help or have a legal concern? Contact us at [email protected]