Privacy Policy

Last updated: 2026-05-24

What we collect

  • Account data: email address and a hashed password. We never store your plaintext password.
  • Files you upload: contracts, case files, and other documents you submit for review, drafting, or chat.
  • Conversations and drafts: prompts, retrieved citations, generated responses, and draft versions.
  • Usage events: token counts, retrieval results, and verification outcomes for quotas, billing, and quality auditing.
  • Request metadata: IP address, user agent, and request id on authenticated requests. Retained for 30 days for abuse prevention and debugging.

What we do NOT collect

  • Government IDs, financial account numbers, or biometric data.
  • Cross-site tracking cookies.
  • Advertising profiling analytics.

How your data is used

  • To answer legal questions, draft documents, and run contract reviews.
  • To enforce per-user quotas and rate limits.
  • To investigate abuse, debug incidents, and improve answer quality.

Third-party processors

  • LLM provider: prompts and retrieved sources are sent for generation according to the active provider configuration.
  • Mistral OCR: low-confidence scanned PDFs may be processed as described in the OCR Disclosure.
  • Object storage, Postgres, and Redis operate inside our infrastructure footprint.

Data isolation

Each user has a scoped view of cases, files, drafts, conversations, and contract reviews. Cross-user access is enforced at the database query layer and verified by tests.

Retention and deletion

  • Files and derived records are kept for the lifetime of your account.
  • Deleting a file removes its object from storage when no other reference to the same content exists.
  • Account deletion cascades to user-owned tables and removes object storage data within 30 days.

Security

  • TLS in transit.
  • Encryption at rest for object storage and managed Postgres.
  • JWT access tokens expire quickly and refresh tokens rotate on use.
  • Uploads pass MIME allowlist and magic-byte checks before storage.
  • Rate limits and token quotas reduce the blast radius from credential leaks.

Contact

For data requests or questions: [email protected]