Privacy Policy
Last updated: January 15, 2025 · Effective: January 15, 2025
1. Information We Collect
Account & Profile Data. When you register, we collect your name, email address, bar number, phone number, and firm affiliation. Billing contacts may provide payment information (processed by our PCI-compliant payment processor — we never store raw card numbers).
Matter & Document Data. Documents, notes, case files, and other content you upload or create within Legalitize are stored on your behalf. This content may include protected health information (PHI) and personally identifiable information (PII) belonging to your clients.
Usage & Telemetry Data. We automatically collect information about how you interact with our platform: pages visited, features used, session duration, IP address, browser type, operating system, and device identifiers. This data is used exclusively for service improvement and security monitoring.
Communications. If you contact our support team, we retain records of your communications to resolve issues and improve our services.
2. How We Use Your Information
- Provide, maintain, and improve the Legalitize platform and its features
- Process transactions and manage your subscription
- Send transactional emails (account verification, password resets, security alerts)
- Monitor for security threats, abuse, and unauthorized access
- Generate anonymized, aggregated analytics to improve our AI models and features
- Comply with legal obligations, including responding to lawful requests from courts and regulators
- Enforce our Terms of Service and other agreements
We do not sell, rent, or trade your personal data or your clients' data to third parties for marketing purposes.
3. How We Share Information
Service Providers. We engage vetted sub-processors — including cloud infrastructure (Cloudflare), AI services (Anthropic), and payment processors — under data processing agreements that restrict their use of your data to service delivery only. A current list of sub-processors is available upon request.
Legal Requirements. We may disclose information when required by law, regulation, court order, or valid government request. Where permissible, we will notify you before disclosing.
Business Transfers. In the event of a merger, acquisition, or sale of assets, your data may be transferred to the successor entity, subject to equivalent privacy protections.
4. Data Security
Legalitize employs industry-leading security measures appropriate for handling sensitive legal and client data:
- AES-256 encryption at rest for all stored data
- TLS 1.3 encryption in transit
- Role-based access control (RBAC) with audit logging of all access events
- SOC 2 Type II certified infrastructure
- Annual third-party penetration testing
- Automatic session expiry and multi-factor authentication (MFA) support
No method of electronic transmission or storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security. You are responsible for maintaining the confidentiality of your account credentials.
5. Data Retention
Active Accounts. We retain your data for as long as your account is active. Document retention settings can be configured by your firm administrator in the Compliance settings panel.
After Termination. Upon account cancellation, we retain data for 90 days to allow for export or reactivation. After this period, data is permanently deleted from our systems within 30 days. Audit logs may be retained for up to 7 years to meet legal and regulatory obligations.
6. Your Rights
GDPR (EEA/UK residents). You have the right to access, rectify, erase, and port your personal data; to restrict or object to processing; and to lodge a complaint with your supervisory authority.
CCPA (California residents). You have the right to know what personal information is collected, to delete personal information, to opt out of the sale of personal information (we do not sell personal information), and to non-discrimination for exercising these rights.
To exercise these rights, contact us at privacy@legalitize.com. We will respond within 30 days.
7. Cookies
We use strictly necessary cookies for session management and security, and optional analytics cookies to understand usage patterns. You can manage cookie preferences via our Cookie Policy page or your browser settings. See our Cookie Policy for details.
8. Children's Privacy
Legalitize is a professional platform intended for attorneys and law firm staff. We do not knowingly collect personal information from individuals under 18. If you believe a minor has provided information to us, contact us immediately.
9. International Data Transfers
Legalitize is operated from the United States. If you are located in the EEA, UK, or another jurisdiction with data transfer restrictions, your data may be transferred to and processed in the U.S. under appropriate safeguards, including Standard Contractual Clauses (SCCs). Our DPA is available at /dpa.
10. Changes to This Policy
We may update this Privacy Policy periodically. We will notify you of material changes via email or prominent notice within the platform at least 30 days before the changes take effect. Continued use of the platform after changes constitutes acceptance of the updated policy.
11. Contact
For privacy-related inquiries, data subject requests, or to reach our Data Protection Officer:
Legalitize, Inc.
Attn: Privacy Team
123 Legal Tech Drive, Suite 400
San Francisco, CA 94105
privacy@legalitize.com