When someone else pays for your legal consultation, a natural question arises: what can they see? At LeyApp, the answer is simple — only what you allow.
The Privacy Challenge
Third-party bookings create a tension. The person paying (the sponsor) naturally wants to know that their money was well spent. But the person receiving legal advice (the beneficiary) has a right to confidentiality. In legal services, this is not just a preference — it is a professional and legal obligation.
We built LeyApp's sponsored consultation feature to resolve this tension without compromise.
Three Layers of Protection
Layer 1: Beneficiary Controls Everything
When a beneficiary accepts a sponsorship, they choose exactly what the sponsor can see:
- Nothing — the sponsor only sees that they paid and whether the consultation happened. No case details, no status updates.
- Status only — the sponsor sees generic status changes like "Consultation Completed" or "Documents Received." No details about what was discussed.
- Status and notes — the sponsor sees status changes plus any specific notes the lawyer chooses to share.
The beneficiary can change these settings at any time. Changes take effect immediately.
Layer 2: The Double-Gate Model
Even when the beneficiary allows "status and notes," the sponsor does not automatically see everything the lawyer writes. We use a double-gate model:
- Gate 1: The beneficiary's permission must allow notes.
- Gate 2: The lawyer must explicitly check a "share with sponsor" box on each individual note.
Both gates must be open. If either is closed, the sponsor sees nothing. This means the lawyer cannot accidentally share something the beneficiary did not want shared, and the beneficiary cannot be surprised by what the lawyer decides to share.
Layer 3: Database-Level Enforcement
Privacy is not just a UI feature — it is enforced at the database level:
- Row-Level Security (RLS) policies ensure sponsors can only query data that passes all three visibility checks.
- Database constraints prevent internal notes and document requests from ever being marked as sponsor-visible, even if there is a bug in the application code.
- Per-booking isolation means one sponsored booking cannot see data from another, even if the same sponsor funded both.
What Sponsors Never See
Regardless of settings, sponsors never see:
- Case summaries written by the beneficiary
- The lawyer's direct contact information
- Other bookings the beneficiary has
- Internal notes or document requests
- The beneficiary's profile details beyond their name
GDPR Compliance
Sponsored consultations are processed under GDPR Article 6(1)(a) — explicit consent. The beneficiary must actively accept the sponsorship and set their preferences. We record the consent with IP address, timestamp, and version number.
Beneficiaries have full data subject rights: they can access all data shared with their sponsor, request deletion of sponsorship records, and withdraw consent at any time by revoking the sponsorship.
Sponsorship records are automatically anonymized 90 days after the last consultation is completed.
Anti-Coercion Protections
We recognize that some beneficiaries may be in vulnerable situations — refugees, dependents, employees. We designed specific protections:
- Anonymous decline: If you decline an invitation, the sponsor only learns "they did not accept." No reason is ever shared.
- 90-day cooldown: After declining or revoking, the same sponsor cannot contact you again for 90 days.
- Immediate tightening: You can reduce what the sponsor sees at any time, and the change is instant.
Privacy is not a feature we added to sponsored consultations. It is the foundation we built them on.
Abo
AI Client Guide
Abo is your AI guide for life in Spain. He helps expats and foreigners understand paperwork, bureaucracy, and everyday legal situations.