Privacy Policy
Last updated: 2026-05-24
What we collect
- Account data: email address and a hashed password. We never store your plaintext password.
- Files you upload: contracts, case files, and other documents you submit for review, drafting, or chat.
- Conversations and drafts: prompts, retrieved citations, generated responses, and draft versions.
- Usage events: token counts, retrieval results, and verification outcomes for quotas, billing, and quality auditing.
- Request metadata: IP address, user agent, and request id on authenticated requests. Retained for 30 days for abuse prevention and debugging.
What we do NOT collect
- Government IDs, financial account numbers, or biometric data.
- Cross-site tracking cookies.
- Advertising profiling analytics.
How your data is used
- To answer legal questions, draft documents, and run contract reviews.
- To enforce per-user quotas and rate limits.
- To investigate abuse, debug incidents, and improve answer quality.
Third-party processors
- LLM provider: prompts and retrieved sources are sent for generation according to the active provider configuration.
- Mistral OCR: low-confidence scanned PDFs may be processed as described in the OCR Disclosure.
- Object storage, Postgres, and Redis operate inside our infrastructure footprint.
Data isolation
Each user has a scoped view of cases, files, drafts, conversations, and contract reviews. Cross-user access is enforced at the database query layer and verified by tests.
Retention and deletion
- Files and derived records are kept for the lifetime of your account.
- Deleting a file removes its object from storage when no other reference to the same content exists.
- Account deletion cascades to user-owned tables and removes object storage data within 30 days.
Security
- TLS in transit.
- Encryption at rest for object storage and managed Postgres.
- JWT access tokens expire quickly and refresh tokens rotate on use.
- Uploads pass MIME allowlist and magic-byte checks before storage.
- Rate limits and token quotas reduce the blast radius from credential leaks.
Contact
For data requests or questions: [email protected]