GDPR Compliance

The data controller for personal data processed through the Law4Devs website and API is:

For the full description of what data we collect, why, and on what legal basis, refer to our Privacy Policy.

• Account registrationEmail address, name. Legal basis: contract (GDPR Art. 6(1)(b)).
• API usage logsRequest timestamps, endpoint, key ID, response status. Legal basis: legitimate interests — security, abuse prevention, billing accuracy (GDPR Art. 6(1)(f)).
• Billing dataName, billing address, payment method details (processed by our payment provider; we do not store card numbers). Legal basis: contract (GDPR Art. 6(1)(b)).
• Cookies and analyticsSession identifiers, preference cookies, anonymised analytics. Legal basis: consent for non-essential cookies (GDPR Art. 6(1)(a)).
• Legal agreementsEmail, IP address, timestamp at Terms acceptance. Legal basis: legal obligation / legitimate interests (GDPR Art. 6(1)(c)/(f)).

Under the General Data Protection Regulation (EU) 2016/679, you have the following rights with respect to your personal data:

• →
  Right of access — Request a copy of the personal data we hold about you.
• →
  Right to rectification — Request correction of inaccurate or incomplete personal data.
• →
  Right to erasure — Request deletion of your personal data under the conditions set out in GDPR Article 17.
• →
  Right to restriction — Request that we restrict the processing of your data in certain circumstances.
• →
  Right to portability — Receive your personal data in a structured, commonly used, machine-readable format.
• →
  Right to object — Object to processing based on legitimate interests, including profiling.
• →
  Right to withdraw consent — Where processing is based on consent, withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of the rights listed above, send a written request to [email protected]. We will respond within 30 days of receiving a valid request. We may ask you to verify your identity before processing the request.

We do not charge a fee for exercising your rights, except where requests are manifestly unfounded or excessive, in which case we may charge a reasonable administrative fee or decline to act.

If you are not satisfied with our response, you have the right to lodge a complaint with the supervisory authority in your country of residence. In France, this is the Commission Nationale de l'Informatique et des Libertés (CNIL) at cnil.fr.

The Law4Devs API is designed to return regulatory data. It does not require you to transmit personal data to query frameworks, articles, or obligations. Query parameters (sector, product type, company size) are anonymous filtering values and are not associated with individuals.

If your integration nonetheless involves the processing of personal data — for example, passing user identifiers in custom request headers — and you are operating as a business, you are required to enter into a Data Processing Agreement with us before using the API in this way.

The DPA is available at /dpa. It is mandatory for Pro and Scale tier customers and governs our obligations as data processor under GDPR Article 28.

All personal data we collect is processed and stored within the European Union. We do not transfer personal data to third countries outside the EU/EEA unless an adequate level of protection is ensured (e.g. adequacy decision, Standard Contractual Clauses).

Our sub-processors are listed in the DPA. Where applicable, transfers to sub-processors outside the EU are covered by Standard Contractual Clauses approved by the European Commission.