Taliara

Privacy Notice

Taliara Ltd Last updated: 13 June 2026

1. Who We Are

TALIARA LIMITED (company number 17228820) ("Taliara", "we", "us", or "our") is a company registered in England and Wales. We operate a software platform for legal work (the "Service"): AI-assisted contract review, e-signature, data rooms, invoicing, matter and practice management, and an API/MCP through which AI agents and their users can submit work. Taliara Limited is a software company; it is not a law firm and does not provide legal services or legal advice. Where regulated legal services (such as solicitor review of a contract) are provided through the platform, they are delivered by a separate regulated solicitor practice under its own engagement terms; that practice is the controller of the personal data it processes in providing those services.

TALIARA LIMITED is the data controller responsible for the personal data collected through the Service. This means we determine the purposes and means of processing your personal data.

If you have any questions about this Privacy Notice or our data practices, please contact us at:

Email: hello@taliara.co.uk Address: 167-169 Great Portland Street, London, England, W1W 5PF (Company number: 17228820)

We do not currently have a designated Data Protection Officer. If you have a concern that cannot be resolved through the above contact, you have the right to complain to the Information Commissioner's Office (ICO) at www.ico.org.uk or by calling 0303 123 1113.

2. Scope of This Notice

This Privacy Notice applies to:

  • visitors to our website;
  • people who make an enquiry or use our free tools;
  • customers who use the Service — founders and businesses, law firms, and consultant solicitors — including via the API/MCP; and
  • any individual whose personal data is processed in connection with their use of the Service.

It does not apply to third-party websites or services that may be linked from our platform — those services have their own privacy policies which you should review separately.

3. What Personal Data We Collect

Depending on how you interact with the Service, we may collect and process the following categories of personal data:

Identity and Contact Data Name, job title, email address, and (where relevant) company name and billing address.

Account Data Username, password (stored in hashed form), account preferences, and usage settings.

Technical and Usage Data IP address, browser type and version, operating system, referring URLs, pages visited, time zone, device identifiers, and information about how you use the Service (e.g. API call logs, SDK version, error logs).

Transaction and Billing Data Records of purchases, subscription tier, billing history, and payment method details. Note: full payment card numbers are processed directly by our payment provider and are not stored by us.

Communications Data Records of correspondence you send us, including support requests, feedback, and enquiries.

Aggregated and Anonymised Data We may generate and use aggregated, anonymised usage statistics (e.g. feature adoption rates). Once anonymised such data is not personal data and falls outside this Notice.

We do not intentionally collect special category data (such as health, racial or ethnic origin, religious beliefs, or biometric data) through the Service. If you believe special category data has been submitted, please contact us immediately so we can address it.

We do not knowingly collect personal data from children under 18. If you become aware that a child has provided us with personal data without parental consent, please contact us.

4. How We Collect Personal Data

We collect personal data through the following means:

  • Direct interactions — when you register for an account, install the SDK, make a payment, contact us for support, or otherwise provide information to us directly.
  • Automated technologies — when you use the Service, we automatically collect Technical and Usage Data via server logs, cookies, and similar technologies (see Section 9 on Cookies).
  • Third-party sources — we may receive data from payment processors, identity verification services, or analytics providers in the ordinary course of providing the Service.

5. How and Why We Use Your Personal Data

We only process personal data where we have a lawful basis to do so under UK GDPR. The table below sets out the main purposes for which we use your data and the legal basis relied upon.

Purpose Data used Lawful basis
Creating and managing your account Identity, Contact, Account Data Performance of a contract
Providing and improving the Service Account, Technical, Usage Data Performance of a contract; Legitimate interests (improving reliability and features)
Processing payments and managing billing Transaction, Identity, Contact Data Performance of a contract; Legal obligation
Sending service-related communications (e.g. product updates, security alerts) Identity, Contact Data Performance of a contract; Legitimate interests
Sending marketing communications (where you have opted in) Identity, Contact, Communications Data Consent
Responding to support requests and enquiries Identity, Contact, Communications Data Performance of a contract; Legitimate interests
Ensuring security, detecting fraud, and preventing misuse Technical, Usage Data Legitimate interests; Legal obligation
Complying with legal and regulatory obligations All relevant categories Legal obligation
Analytics and product development Aggregated/anonymised usage data Legitimate interests

Where we rely on legitimate interests, we have assessed that our interests do not override your rights and freedoms. You may request details of that assessment by contacting us.

6. Marketing

We will only send you marketing communications if you have opted in to receive them. You may withdraw consent or opt out at any time by:

  • clicking the unsubscribe link in any marketing email; or
  • contacting us at hello@taliara.co.uk.

Withdrawing consent does not affect the lawfulness of processing carried out before withdrawal.

7. Sharing Your Personal Data

We do not sell your personal data. We may share it with:

  • Service providers — third parties who provide hosting (Supabase; Cloudflare R2 for file storage), product analytics (PostHog, EU), email delivery (Resend), identity verification (Yoti), and similar tooling on our behalf, under appropriate data processing agreements.
  • Legal and regulatory authorities — where required to comply with a legal obligation, court order, or governmental request.
  • Business transfers — in connection with any merger, acquisition, or sale of all or substantially all of our business, subject to confidentiality obligations.
  • Professional advisers — lawyers, auditors, and insurers who require access in the ordinary course of their professional services.

We require all third parties to handle your data securely and only in accordance with our instructions.

8. International Transfers

We are based in England and Wales and primarily process data within the UK and European Economic Area. Where data is transferred outside the UK, we ensure appropriate safeguards are in place, such as the UK International Data Transfer Agreement (IDTA) or equivalent standard contractual clauses approved by the ICO.

If you would like further information about the specific safeguards applied to international transfers, please contact us.

9. Cookies

Our website and Service use cookies and similar technologies. The types we use are:

  • Strictly necessary cookies — essential for the Service to function (e.g. authentication, security). These do not require consent.
  • Analytics cookies — help us understand how the Service is used. We use PostHog (configured against its EU instance, with data resident in the EU); autocapture and session recording are disabled, and we capture only deliberate, metadata-level events — never the content of your legal questions, contracts, or documents.

Consent. Analytics cookies are non-essential and are not loaded until you consent. On your first visit we show a cookie banner with Accept and Reject options; analytics load only if you Accept. You can change your choice at any time via the "Cookie preferences" link in the site footer (withdrawing consent is as easy as giving it). You can also block cookies through your browser settings.

10. Data Retention

We retain personal data only for as long as necessary for the purposes described in this Notice, or as required by law. In general:

  • Account data is retained for the duration of your account and for 12 months after closure.
  • Transaction and billing data is retained for 7 years to comply with financial and tax obligations.
  • Technical and usage logs are retained for 90 days unless required longer for security or legal purposes.
  • Marketing preference records are retained until you withdraw consent and for a reasonable period thereafter.

When we no longer need personal data, we securely delete or anonymise it.

11. Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, destruction, or disclosure. These include encryption in transit and at rest, access controls, and regular security reviews.

No method of transmission over the internet is completely secure. If you have reason to believe your interaction with us is no longer secure, please notify us immediately.

12. Your Rights

Under UK GDPR, you have the following rights in relation to your personal data:

  • Right of access — to obtain a copy of the personal data we hold about you.
  • Right to rectification — to request correction of inaccurate or incomplete data.
  • Right to erasure — to request deletion of your data in certain circumstances ("right to be forgotten").
  • Right to restrict processing — to request that we limit how we use your data in certain circumstances.
  • Right to data portability — to receive your data in a structured, machine-readable format.
  • Right to object — to object to processing based on legitimate interests, including direct marketing.
  • Rights related to automated decision-making — to not be subject to a decision made solely by automated means which significantly affects you, without human review.

To exercise any of these rights, please contact us at hello@taliara.co.uk. We will respond within one month of receipt. In complex or high-volume cases we may extend this by a further two months, with notice to you. We may ask you to verify your identity before processing your request.

You also have the right to lodge a complaint with the ICO at any time (see Section 1 for contact details).

13. Changes to This Notice

We may update this Privacy Notice from time to time. When we make material changes, we will notify you by email (where we hold your email address) or by posting a prominent notice on our website. The "last updated" date at the top of this Notice will always reflect the most recent version.

We encourage you to review this Notice periodically.

14. Contact Us

For any questions, concerns, or to exercise your data rights, please contact:

Taliara Limited 167-169 Great Portland Street, London, England, W1W 5PF Company number 17228820 Email: hello@taliara.co.uk