Privacy Policy

1. Information We Collect

1.1 Personal Information

We collect personal information that you voluntarily provide to us, including:

• Account Information: Full name, email address, professional designation, law firm affiliation, and profile picture (when using third-party authentication services)
• Professional Details: Bar enrollment number, practice areas, years of experience, and institutional affiliations
• Contact Information: Phone number, mailing address, and preferred communication methods
• Payment Information: Billing address, payment method details (processed securely through third-party payment processors), and transaction history

1.2 Usage and Technical Data

We automatically collect certain information about your use of our platform:

• Research Queries: Search terms, case law citations, legal concepts searched, and research patterns
• Document Interactions: Documents accessed, analysis requests, drafting activities, and collaboration features used
• Device Information: IP address, browser type and version, operating system, device identifiers, and mobile network information
• Usage Analytics: Time spent on platform, features utilized, error logs, and performance metrics
• Location Data: General geographic location based on IP address (for compliance and service optimization)

1.3 Cookies and Tracking Technologies

We use various tracking technologies to enhance your experience:

• Essential Cookies: Required for platform functionality, authentication, and security
• Analytics Cookies: Help us understand user behavior and improve our services
• Preference Cookies: Remember your settings and customizations
• Marketing Cookies: Used for targeted advertising and promotional communications (with your consent)

2. How We Use Your Information

2.1 Primary Service Delivery

• Provide AI-powered legal research and case law analysis services
• Generate legal document drafts and contract templates
• Deliver personalized legal insights and recommendations
• Maintain and update your professional profile and preferences
• Process payments and manage subscription services

2.2 Platform Improvement and Development

• Analyze usage patterns to enhance AI algorithms and accuracy
• Develop new features and legal research capabilities
• Conduct research and development for legal technology innovation
• Improve user interface and overall platform experience
• Train and refine machine learning models (using anonymized data)

2.3 Communication and Support

• Send important service updates, security alerts, and policy changes
• Provide customer support and technical assistance
• Share educational content, legal updates, and industry insights
• Conduct user surveys and feedback collection
• Send marketing communications (with your explicit consent)

2.4 Legal and Compliance

• Comply with applicable laws, regulations, and legal obligations
• Respond to legal requests, court orders, and government inquiries
• Protect our rights, property, and the safety of our users
• Prevent fraud, abuse, and unauthorized access to our services
• Maintain audit trails and compliance records as required by law

3. Data Security and Protection

3.1 Security Measures

We implement comprehensive security measures to protect your personal information:

• Encryption: All data is encrypted in transit using TLS 1.3 and at rest using AES-256 encryption
• Access Controls: Multi-factor authentication, role-based access controls, and regular access reviews
• Infrastructure Security: Secure cloud hosting with regular security audits and penetration testing
• Data Minimization: We collect only the minimum necessary information for service delivery
• Regular Updates: Continuous security monitoring, vulnerability assessments, and system updates

3.2 Data Breach Response

In the unlikely event of a data breach, we will:

• Immediately investigate and contain the breach
• Notify affected users within 72 hours of discovery
• Report to relevant authorities as required by law
• Provide detailed information about the breach and remediation steps
• Offer credit monitoring and identity protection services if appropriate

4. Your Privacy Rights

4.1 General Rights

You have the following rights regarding your personal information:

• Access: Request a copy of all personal data we hold about you
• Rectification: Correct inaccurate or incomplete personal information
• Erasure: Request deletion of your personal data (subject to legal obligations)
• Portability: Receive your data in a structured, machine-readable format
• Restriction: Limit how we process your personal information
• Objection: Object to certain types of data processing
• Withdraw Consent: Withdraw consent for data processing where applicable

4.2 GDPR Rights (EU Residents)

If you are located in the European Union, you have additional rights under the General Data Protection Regulation:

• Right to be informed about data processing activities
• Right to data portability and automated decision-making
• Right to lodge a complaint with supervisory authorities
• Right to compensation for damages resulting from data protection violations

4.3 CCPA Rights (California Residents)

California residents have specific rights under the California Consumer Privacy Act:

• Right to know what personal information is collected and how it's used
• Right to delete personal information (with certain exceptions)
• Right to opt-out of the sale of personal information
• Right to non-discrimination for exercising privacy rights

5. Data Sharing and Third Parties

5.1 Service Providers

We may share your information with trusted third-party service providers who assist us in:

• Cloud hosting and data storage services
• Payment processing and billing management
• Customer support and communication platforms
• Analytics and performance monitoring
• AI model training and improvement (using anonymized data only)

5.2 Legal Requirements

We may disclose your information when required by law or to:

• Comply with court orders, subpoenas, or legal processes
• Respond to government investigations or regulatory requests
• Protect our rights, property, or safety
• Prevent fraud or illegal activities
• Enforce our Terms of Service or other agreements

5.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your personal information may be transferred to the acquiring entity, subject to the same privacy protections outlined in this policy.

6. Data Retention and Deletion

6.1 Retention Periods

We retain your personal information for different periods depending on the type of data:

• Account Information: Retained for the duration of your account plus 7 years for legal compliance
• Usage Data: Retained for 3 years for service improvement and analytics
• Research Queries: Anonymized and retained for 2 years for AI model training
• Payment Records: Retained for 7 years as required by financial regulations
• Communication Records: Retained for 3 years for customer support purposes

6.2 Deletion Process

When you request account deletion or when retention periods expire, we will:

• Permanently delete your personal information from our active systems
• Remove your data from backup systems within 90 days
• Anonymize any data that must be retained for legal or business purposes
• Provide confirmation of deletion upon request

7. International Data Transfers

Your personal information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place for international transfers, including:

• Standard Contractual Clauses approved by the European Commission
• Adequacy decisions by relevant data protection authorities
• Certification schemes and codes of conduct
• Binding corporate rules and other appropriate safeguards

8. Children's Privacy

Our services are not intended for individuals under 18 years of age. We do not knowingly collect personal information from children under 18. If we become aware that we have collected personal information from a child under 18, we will take steps to delete such information promptly.

9. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

• Post the updated policy on our website with a new effective date
• Notify you via email or through our platform at least 30 days before changes take effect
• Highlight significant changes in a summary at the top of the policy
• Provide an opportunity to review and accept the updated terms

10. Contact Information and Complaints

10.1 Data Protection Officer

For privacy-related inquiries, data subject requests, or complaints, please contact our Data Protection Officer:

10.2 Supervisory Authority

If you are not satisfied with our response to your privacy concerns, you have the right to lodge a complaint with your local data protection supervisory authority. For EU residents, you can find your supervisory authority at: https://edpb.europa.eu/about-edpb/board/members_en