Legal
Last updated: March 2026
OKLegal ("we", "our", or "the Platform") operates the website oklegal.io and the legal management software available at that domain. This Privacy Policy describes how we collect, use, store, and protect your personal information, in compliance with Law No. 8968 — Protection of Individuals Against the Processing of Their Personal Data of Costa Rica and the equivalent principles of the European Union's General Data Protection Regulation (GDPR).
By registering for and using OKLegal, you agree to the terms of this Policy. If you do not agree, please do not use the Platform.
We collect the following types of information:
Full name, email address, firm name, country, time zone, phone number (optional), and profile photo (optional). This data is required to create and manage your account.
OKLegal uses Stripe as its payment processor. We do not store full credit card numbers or banking details on our servers. Stripe provides us with a payment token and the last four digits of the card for identification purposes. See Stripe's privacy policy at stripe.com/privacy.
Access logs (IP address, browser type, operating system, pages visited, date and time of access), feature usage metrics, and error logs. We use this data to improve the Platform and diagnose technical issues.
The information you enter about your clients, cases, documents, and communications within OKLegal is treated as data entrusted to us under your responsibility as Data Controller. OKLegal acts as a Data Processor with respect to such data. This data is not analyzed or used for any purpose other than delivering the contracted service.
If you connect your email or calendar account through Nylas, OKLegal accesses only the data you expressly authorize: emails associated with cases and relevant calendar events. Nylas acts as a sub-processor. See their policy at nylas.com/privacy-policy.
Artificial Intelligence: OKLegal uses Claude from Anthropic as its AI provider for document drafting assistance and analysis features. Texts sent to the model are anonymized to the extent possible and are not used to train external models. See Anthropic's privacy policy (anthropic.com/privacy).
Under Article 5 of Law 8968 and equivalent GDPR principles, the processing of your personal data is based on the following legal grounds:
| Purpose | Legal basis |
|---|---|
| Providing the contracted service | Contract performance (art. 5.b Law 8968 / art. 6.1.b GDPR) |
| Payment processing | Contract performance |
| Security and fraud prevention | Legitimate interest (art. 5.f Law 8968 / art. 6.1.f GDPR) |
| Marketing communications | Express consent (art. 5.a Law 8968 / art. 6.1.a GDPR) |
| Compliance with legal obligations | Legal obligation (art. 5.c Law 8968 / art. 6.1.c GDPR) |
OKLegal does not sell or rent your personal data. We share information only with the following sub-processors, under confidentiality agreements and only to the extent strictly necessary:
Payment processing and subscription management. Receives billing data needed to process charges.
Email and calendar synchronization, only when the user activates this integration.
AI provider (Claude) for document drafting assistance and analysis features.
Cloud infrastructure providers (servers, file storage, databases). All operate under data processing agreements with equivalent security controls.
E-signature providers when the user selects these methods to sign documents.
We may also disclose data as required by a court order, competent authority, or to protect the legal rights of OKLegal or its users.
We retain your data for as long as your account is active and for the additional period necessary to fulfill legal obligations or resolve disputes:
OKLegal implements appropriate technical and organizational measures to protect your personal data, including:
No system is completely invulnerable. In the event of a security breach affecting your personal data, we will notify you in accordance with the timelines established by Law 8968 and, where applicable, the GDPR (72 hours to the supervisory authority; without undue delay to affected individuals).
Under Law 8968 and GDPR principles, you have the following rights regarding your personal data:
Request a copy of the personal data OKLegal holds about you.
Correct inaccurate or incomplete data. You can update most data directly from your profile.
Request deletion of your data when it is no longer necessary for the purpose for which it was collected.
Receive your data in a structured, commonly used, machine-readable format (CSV/JSON). Available under Settings → Export.
Object to the processing of your data for direct marketing purposes at any time.
Request that we restrict the processing of your data while a dispute about its accuracy or lawfulness is being resolved.
To exercise any of these rights, send a request to [email protected]. We respond within a maximum of 30 business days.
OKLegal uses strictly necessary cookies for the Platform to function (user session, language preferences, CSRF token). We do not use third-party tracking cookies for advertising purposes.
| Type | Purpose | Duration |
|---|---|---|
| Session | Maintain authenticated session | Session / 7 days (remember me) |
| CSRF | Cross-site request forgery protection | Session |
| Preferences | Language and UI settings | 1 year |
| Cookie consent | Records your cookie banner choice | 1 year |
Some of our sub-processors (Stripe, Nylas, Anthropic, cloud infrastructure providers) operate in the United States and other countries outside Costa Rica. By using OKLegal, you consent to your data being transferred to those countries.
For users in the European Union, these transfers are supported by Standard Contractual Clauses (SCCs) or other GDPR-recognized transfer mechanisms. For users in Costa Rica, transfers are made in accordance with Article 14 of Law 8968, which allows transfers to countries with an adequate level of protection or under equivalent contractual safeguards.
OKLegal is directed exclusively at legal professionals aged 18 and over. We do not intentionally collect data from minors. If you are aware that a minor has provided data without parental consent, please contact us for deletion.
We may update this Privacy Policy periodically. When we make material changes, we will notify you by email and/or through a prominent notice on the Platform at least 15 days in advance. Your continued use of OKLegal after the effective date of the changes constitutes your acceptance of them.
For inquiries, to exercise your rights, or to report a privacy issue, contact us:
If you are not satisfied with our response, you may file a complaint with the Agencia de Protección de Datos de los Habitantes (PRODHAB) of Costa Rica, the competent data protection authority in the country. For EU users, you may contact the supervisory authority in your country of residence.