Privacy Policy
Effective date: [date] · Version: draft
[Company Legal Name] (“we,” “us”) operates CasePen, a first-pass contract-review assistant for licensed attorneys. This Policy explains what we collect, how we use it, who we share it with, and your choices. Because attorneys use the Service to review confidential client contracts, it is built to minimize collection and isolate every firm's data.
1. Information we collect
- Account and identity — name, email, password (stored hashed), law-firm name, and each attorney's bar number and licensing jurisdiction (to enforce attorney-only access, with spot-audit verification).
- Customer content — the contracts you upload and the material generated from them (findings, redlines, memos, assistant chat threads). For your clients' data within it, your firm is the controller and we act as your processor (see §7).
- Usage and billing — review counts, AI inference-cost metering, plan status, and an immutable audit log of review events. Payment cards are processed by Stripe and never stored by us.
- Technical — standard server logs needed to operate and secure the Service. Error monitoring, when enabled, captures error metadata without matter content.
Cookies and local storage. The web app stores your session token in your browser's local storage to keep you signed in. We do not use advertising trackers or third-party analytics cookies.
2. How we use information
To provide the Service (parse and review contracts, generate findings, redlines, memos, and answers); to enforce attorney-only eligibility; to meter usage and bill; to secure the Service and maintain the audit trail supporting your supervision obligations; to provide support; and to comply with law. Where GDPR applies, our legal bases are contract, legitimate interest, legal obligation, and consent as applicable. We do not sell personal information, we do not share it for behavioral advertising, and we do not use your content to train AI models.
3. AI processing and data retention
To generate output, the Service sends contract text and prompts to our AI model provider ([Anthropic]). Under the provider's commercial data-use commitments, your prompts and the model's outputs are used to provide the Service and are not used to train the provider's models. We are putting a formal zero-data-retention agreement in place with the provider and will update this Policy when it is in force. We log prompts and outputs only to our own access-controlled, per-tenant store, where they form part of your firm's audit trail.
4. Subprocessors
| Subprocessor | Role | Location | Safeguard |
|---|---|---|---|
| [Anthropic] | AI contract analysis | [US] | Provider data-use commitments (no training on your content); zero-data-retention agreement in progress |
| [Hosting provider] | App, database, object storage | [US region] | DPA; TLS in transit [at-rest encryption confirmed with production hosting] |
| Stripe | Payments | US | PCI-DSS; card data never touches our systems |
| [Sentry — if enabled] | Error monitoring | [US/EU] | DPA; no matter content captured |
5. Data isolation and security
Tenant isolation is enforced at the database layer (PostgreSQL row-level security with FORCE ROW LEVEL SECURITY, per-tenant storage prefixes; connections reset tenant context between uses). The audit log is append-only and enforced by a database trigger. We use TLS in transit, access controls, periodic security self-audits, and documented incident-response and backup/restore runbooks. [At-rest encryption will be documented here with production hosting.] No method of transmission or storage is completely secure; we will notify affected firms without undue delay after becoming aware of a breach affecting their data.
6. Retention and deletion
We retain firm data for the life of the account and as needed for legal, billing, and audit purposes. You may request deletion of your firm's tenant data at any time from firm settings; we perform a hard delete and confirm completion with a deletion certificate. Billing records are retained as required by law.
7. Your rights — and your clients' data
Depending on your jurisdiction, you may have rights to access, correct, export, restrict, or delete personal data (GDPR), or equivalent rights under the CCPA/CPRA (we do not sell or share personal information). Contact [email protected]. For personal data contained in contracts you upload, your firm is the controller/business and we act only as processor/service provider on your instructions; if a data subject contacts us directly about that content, we will refer them to you and assist you as described in the DPA.
8. International transfers, children, changes
The Service is hosted in [US region]; where a transfer mechanism is required, we rely on [Standard Contractual Clauses / other]. The Service is for licensed attorneys and not directed to anyone under 18. We may update this Policy with notice posted in the app (and by email for material changes) at least [30 days] before the effective date; each version is dated and archived.
9. Contact
[Company Legal Name], [address] · Privacy questions and rights requests: [email protected]