Privacy Policy — Celsus

Privacy Policy

Last updated: March 10, 2026

1. Scope

This Privacy Policy applies to FixedPoint IO Ltd (Company number 13288661, registered office 20-22 Wenlock Road, London, England, N1 7GU) and its products and services, including Celsus (together, Celsus, we, us, or our).

This policy explains how we collect, use, disclose, and protect personal data and other information processed through our website and services.

If you use Celsus through an organization, chambers, firm, or other customer entity, that organization may separately control parts of the data processed in your workspace. In general:

  • for website, account, billing, and business-contact data, FixedPoint IO Ltd generally acts as a controller;
  • for documents, prompts, messages, files, and other workspace content submitted to Celsus on behalf of a customer organization, FixedPoint IO Ltd generally acts as a processor or service provider on behalf of that customer.

If you have a separate master services agreement, data processing agreement, or other written contract with us, that agreement controls to the extent of any conflict.

2. Information We Collect

We may collect and process the following categories of information:

2.1 Account and contact information

  • name
  • email address
  • organization, role, or workspace details
  • account credentials and authentication-related data

2.2 Customer Content

We may process content submitted to or generated through Celsus, including:

  • uploaded documents and files
  • prompts, instructions, questions, and messages
  • legal work product, notes, drafts, and case materials
  • generated outputs and summaries
  • workspace metadata, permissions, and usage context

Customer Content may contain confidential, privileged, personal, or other sensitive information.

2.3 Usage, device, and log information

  • IP address
  • browser type, device information, and operating system
  • service logs, audit logs, and security events
  • feature usage, diagnostics, performance, and troubleshooting information

2.4 Billing and transaction information

  • billing contact information
  • payment-related records provided by payment processors or other service providers

2.5 Support and communications

  • information you provide when contacting support, requesting demos, or corresponding with us

3. How We Use Information

We use information, including personal data and Customer Content, to:

  • provide, host, operate, and maintain Celsus;
  • authenticate users and enforce permissions;
  • process requests, run workflows, and generate outputs;
  • index, retrieve, and present documents and other workspace content as part of the requested service;
  • monitor performance, security, abuse, and reliability;
  • provide support, onboarding, billing, and account administration;
  • comply with legal obligations and enforce our agreements and policies; and
  • improve the service using operational, aggregate, statistical, or de-identified information.

4. AI Features, Model Providers, and Training

Some Celsus features use third-party AI model providers, including the OpenAI API.

4.1 OpenAI API training position

When Celsus uses the OpenAI API, OpenAI states that API inputs and outputs are not used to train or improve OpenAI models by default, unless the relevant customer explicitly opts in to data sharing.

Consistent with that model, we do not use the OpenAI API in a configuration that opts Customer Content submitted through Celsus into OpenAI model training or improvement unless we first clearly disclose that change and have the legal basis, agreement, or consent required to do so.

4.2 Celsus model training position

We do not use Customer Content submitted through Celsus to train or fine-tune our own general-purpose AI models unless we first clearly disclose that practice and have the legal basis, agreement, or consent required to do so.

4.3 Operational processing still occurs

The commitments above do not prevent processing required to provide, secure, and support the service, including:

  • secure transmission to AI and infrastructure providers;
  • temporary processing, caching, and routing;
  • embeddings, indexing, retrieval, ranking, and document-scope operations;
  • logging, monitoring, debugging, abuse prevention, and incident response; and
  • compliance with applicable law, court order, or regulatory obligation.

4.4 Limited provider retention may still apply

Even where customer content is not used for model training, third-party providers may retain limited data for security, abuse monitoring, service operation, or legal compliance.

For example, OpenAI states that API abuse-monitoring logs may be retained for a limited period by default, unless enhanced retention controls such as Zero Data Retention or Modified Abuse Monitoring are separately approved and configured.

5. Disclosure of Information

We may disclose information to:

  • hosting, infrastructure, storage, authentication, email, analytics, support, and security vendors;
  • AI and machine-learning service providers used to operate requested features;
  • professional advisers, auditors, insurers, and financing or transaction counterparties;
  • law enforcement, courts, regulators, or other authorities where required by law or legal process; and
  • other parties where you direct us to do so or otherwise consent.

We do not sell Customer Content or personal data submitted through Celsus.

6. International Transfers

We and our service providers may process information in the United Kingdom, the European Economic Area, the United States, and other jurisdictions where we or our subprocessors operate.

Where required by law, we use appropriate safeguards for cross-border transfers.

7. Data Retention

We retain information for as long as reasonably necessary to:

  • provide the service;
  • maintain security and integrity;
  • comply with contractual, legal, tax, accounting, and regulatory obligations;
  • resolve disputes; and
  • enforce our agreements.

Retention periods vary depending on the type of data, customer configuration, backup cycles, deletion workflows, and applicable legal requirements.

8. Security

We implement reasonable technical and organizational measures designed to protect information against unauthorized access, disclosure, alteration, or destruction.

No system can be guaranteed to be completely secure. You are responsible for maintaining the confidentiality of your credentials and for using appropriate access controls within your workspace.

9. Your Rights and Choices

Depending on applicable law, you may have rights to:

  • access personal data we hold about you;
  • request correction of inaccurate data;
  • request deletion of data;
  • request restriction of processing;
  • object to certain processing;
  • request portability of certain data; and
  • lodge a complaint with a supervisory authority.

If you use Celsus through an organization, your organization may need to handle certain requests first because it controls the workspace.

To exercise privacy rights or make a privacy inquiry, contact legal@celsus.pro.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will post the updated version on this page and update the “Last updated” date above.

11. Contact

If you have questions about this Privacy Policy or our privacy practices, contact:

This Privacy Policy, and any dispute or claim arising out of or in connection with it, is governed by the laws of England and Wales.