Privacy Policy

Last Updated: November 12, 2025

1. Introduction

AI Attorney ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our legal document generation service ("the Service").

We take data security seriously. All documents and user data are encrypted using industry-standard encryption protocols. Your legal information is stored securely on Amazon Web Services (AWS) with enterprise-grade security.

2. Information We Collect

2.1 Information You Provide

  • Account Information: Name, email address, password
  • Billing Information: Payment details processed securely through Stripe (we do not store credit card numbers)
  • Legal Documents: Case details, document content, jurisdictional information
  • Uploaded Files: Supporting documents you upload for analysis
  • Communication Data: Messages, support requests, feedback

2.2 Automatically Collected Information

  • Usage Data: Pages visited, features used, time spent
  • Device Information: IP address, browser type, operating system
  • Cookies: Session cookies for authentication and functionality
  • Log Data: Error logs, system performance data

3. How We Use Your Information

We use your information to:

  • Provide, operate, and maintain the Service
  • Process your transactions and manage your subscription
  • Generate legal documents based on your inputs
  • Provide CrossCheck™ AI verification and quality assurance
  • Improve, personalize, and expand the Service
  • Communicate with you about your account, updates, and support
  • Send you marketing communications (with your consent, which you can withdraw anytime)
  • Detect, prevent, and address technical issues and security threats
  • Comply with legal obligations and enforce our Terms of Service

4. How We Share Your Information

We do NOT sell your personal information. We may share your information only in the following circumstances:

4.1 Service Providers

  • AI Providers: Anthropic (Claude), OpenAI, Google (for document generation and analysis)
  • Payment Processing: Stripe (for secure payment processing)
  • Cloud Hosting: Amazon Web Services (AWS) (for secure data storage)
  • Email Services: SendGrid/Brevo (for transactional emails)

All service providers are bound by contractual obligations to protect your data and use it only for the purposes we specify.

4.2 Legal Requirements

We may disclose your information if required by law, court order, or government regulation, or if we believe disclosure is necessary to:

  • Comply with legal obligations
  • Protect our rights, privacy, safety, or property
  • Prevent fraud or abuse
  • Respond to emergency situations

4.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred. We will notify you via email and/or a prominent notice on our website before your information is transferred and becomes subject to a different privacy policy.

5. Data Security

We implement industry-standard security measures to protect your information:

  • Encryption: All data is encrypted in transit (TLS/SSL) and at rest (AES-256)
  • Access Controls: Strict access controls and authentication requirements
  • Regular Audits: Security audits and vulnerability assessments
  • Secure Infrastructure: AWS enterprise-grade security and compliance
  • Password Protection: Passwords are hashed using industry-standard algorithms

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee absolute security.

6. Data Retention

We retain your information for as long as necessary to provide the Service and fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required by law.

  • Active Accounts: Information retained while your account is active
  • Closed Accounts: Most data deleted within 90 days of account closure
  • Legal Obligations: Some data may be retained longer to comply with legal requirements
  • Backups: Data in backups may persist for up to 90 days after deletion

7. Your Data Rights

Depending on your jurisdiction, you may have the following rights:

  • Access: Request a copy of your personal data
  • Correction: Request correction of inaccurate data
  • Deletion: Request deletion of your data ("right to be forgotten")
  • Portability: Request transfer of your data to another service
  • Objection: Object to processing of your data for certain purposes
  • Restriction: Request restriction of processing in certain circumstances
  • Withdraw Consent: Withdraw consent for data processing at any time

To exercise these rights, please contact us at privacy@aiattorney.app. We will respond to your request within 30 days.

8. Cookies and Tracking

We use cookies and similar tracking technologies to:

  • Essential Cookies: Required for authentication and core functionality
  • Analytics Cookies: Google Analytics to understand usage patterns
  • Preference Cookies: Remember your settings and preferences

You can control cookies through your browser settings. Note that disabling certain cookies may limit functionality.

9. Third-Party Links

The Service may contain links to third-party websites or services (e.g., legal databases like CanLII, WorldLII). We are not responsible for the privacy practices of these third parties. We encourage you to read their privacy policies.

10. Children's Privacy

The Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately, and we will take steps to delete such information.

11. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws different from your jurisdiction. We ensure appropriate safeguards are in place to protect your information in accordance with this Privacy Policy.

12. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

  • Right to know what personal information is collected, used, shared, or sold
  • Right to delete personal information
  • Right to opt-out of the sale of personal information (we do not sell your data)
  • Right to non-discrimination for exercising your rights

13. European Privacy Rights (GDPR)

If you are in the European Economic Area (EEA), you have rights under the General Data Protection Regulation (GDPR), including the rights listed in Section 7 above. Our legal basis for processing your data includes:

  • Contract: Necessary to provide the Service
  • Consent: You have given explicit consent
  • Legitimate Interest: For improving and securing the Service
  • Legal Obligation: Required by law

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

  • Posting the new Privacy Policy on this page
  • Updating the "Last Updated" date
  • Sending you an email notification (for significant changes)

We encourage you to review this Privacy Policy periodically for any changes.

15. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

Email: privacy@aiattorney.app
Data Protection Officer: dpo@aiattorney.app
Website: https://aiattorney.app/legal/privacy