Book Demo
privacy policy


Privacy Policy

Last Updated: May 8, 2025

Introduction

www.ai.law Corp. (“we,” “us,” or “our“) operates a U.S.-based AI document-generation web platform (the “Platform“). We are committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and share your personal information, and outlines your rights under applicable privacy laws. We comply with U.S. privacy laws (including California’s Consumer Privacy Rights Act (CPRA) and other state laws in Virginia, Colorado, Connecticut, and Utah) and, as we may serve individuals in the European Economic Area (“EEA“) and United Kingdom (“UK“), we also incorporate principles of the EU/UK General Data Protection Regulation (“GDPR“).

By using our Platform, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree, please do not use the Platform. This Policy applies to our website and online services (no mobile apps) and not to any third-party websites or services that we do not control.

Note for Legal Professionals and Their Clients: If you use our Platform as an attorney or on behalf of another individual, you are responsible for ensuring you have the right to provide any personal information about others. In such cases, we treat that data as described in this Policy and in accordance with our agreements with you. When we process personal data on behalf of a business client (for example, a law firm), we act as a “service provider” or “processor” to that client, and that client is responsible for compliance with relevant privacy laws as the “data controller.”

Information We Collect

We collect personal information (“personal data”) that you provide to us directly and information that we collect automatically when you use the Platform. The types of information we may collect include:

  • Information You Provide Directly: When you create an account or use our services, you may provide personal details such as your name, email address, phone number, and account login credentials. You also input information into the Platform when generating documents (e.g., details about your legal case, names and contact information of parties involved, and other content you choose to provide). This may include sensitive personal information if you voluntarily include it (for example, health-related information, financial details, or other sensitive data relevant to a legal matter). We only collect such sensitive information if you choose to provide it, and we handle it with special care (see Data Security below).
  • Payment Information: If you make a purchase or subscription on our Platform, you may provide payment information. Payments are processed by our third-party payment processor; we do not store your full credit card numbers. We may retain basic transaction information (e.g., billing name, payment method, and amount) for record-keeping purposes.
  • Communications: If you contact us for support or feedback, we collect the information you provide in those communications (such as your contact details and the content of your messages). If you request assistance with a document, our support staff may temporarily access your document content with your permission to help resolve your issue.
  • Automatically Collected Data: When you use our website, we automatically collect certain information about your device and usage:
    • Usage and Device Information: We collect data such as your IP address, browser type, device type, operating system, referring URLs, pages viewed, and the dates/times of access. We also log your interactions with the Platform (e.g., features used, errors encountered) to help us understand usage patterns and improve performance.
    • Cookies and Tracking Technologies: We use cookies and similar technologies to remember your preferences, authenticate your login, and gather information about how you interact with our site. For example, we may use cookies to keep you logged in and analytics tools to collect information about user interactions (see Cookies and Tracking below for details and your choices).

Categories of Personal Information (CPRA): For California residents, the following categories of personal information have been collected from users in the past 12 months (as defined by California law):

  • Identifiers: e.g., name, email address, IP address.
  • Customer Records Information: Contact details and account credentials.
  • Protected Class Characteristics: (Only if you choose to provide this in your document content, such as health information or demographic details relevant to a case.)
  • Commercial Information: Transaction records (e.g., subscription purchases).
  • Internet or Network Activity: Browsing or usage data on our Platform.
  • Geolocation Data: Approximate location (e.g., derived from your IP address).
  • Professional or Employment Information: If you provide it (for example, your law firm name or job title).
  • Sensitive Personal Information: Account login credentials, and any sensitive data you choose to include in your documents (such as health or legal information).

We collect these categories of information directly from you and through automated means as you use the Platform.

How We Use Your Information

We use personal information for the following purposes:

  • To Provide and Improve Our Services: We process your information to operate the Platform’s core functionality. This includes generating documents based on the information you input, maintaining your account, and storing your documents for your convenience. We may analyze usage trends and feedback to improve our AI document-generation algorithms, add new features, and enhance the user experience.
  • To Communicate with You: We use contact information (like your email and phone number) to send service-related communications. These include confirmations of document generation, updates about changes to our Platform or policies, and responses to your inquiries or support requests. If you have opted in, we may also send newsletters or marketing communications about new features or services; you can unsubscribe from these at any time.
  • Customer Support: If you reach out for help, we will use the information you provide (and may access your document content with your permission) to assist you and resolve issues. Our staff access to user content is very limited and only granted for customer support or troubleshooting with your consent and under strict confidentiality.
  • Legal and Compliance: We may process and retain personal data to comply with applicable laws, regulations, and legal obligations. For example, we may use your information to fulfill tax and accounting requirements, to verify your identity where required by law, or to respond to lawful requests by public authorities (such as court orders or government inquiries).
  • Security and Fraud Prevention: We use information (such as device identifiers and usage patterns) to maintain the security of the Platform and detect and prevent fraud, unauthorized access, and abuse of our services. This includes using automated systems and manual review of activities that appear suspicious or may violate our Terms of Service.
  • Analytics and Product Development: We analyze how users interact with our Platform (e.g., which features are used most or where users encounter errors) to understand performance and improve our offerings. This may involve creating aggregated, de-identified statistics that do not identify any individual. We do not use any personal information you provide in your documents to profile you for marketing; any analysis of document content to improve our AI is done in a manner that does not identify specific individuals.
  • Advertising and Marketing (with Consent/Opt-Out): We may use cookies and third-party tools to help deliver relevant advertisements about our services on our site or elsewhere, and to measure the effectiveness of our marketing campaigns. For example, we might use an advertising network that uses cookies to track that you visited our site, so we can later show you an ad for our Platform on other websites. These activities may be considered targeted advertising. We will only engage in such advertising practices in compliance with applicable laws – for instance, by obtaining opt-in consent where required or providing you the opportunity to opt out (see Cookies and Tracking for how to control advertising cookies).

We will not use personal information for purposes incompatible with those listed above without your consent. If we need to process your information for a new purpose, we will notify you or seek your permission as required.

How We Share Your Information

We do not sell your personal information to third parties, and we do not share your personal information with third parties for their own marketing purposes without your explicit consent. We only disclose your information in the following circumstances:

  • Service Providers and Contractors: We share personal information with trusted third-party companies and individuals who perform services on our behalf and under our instructions (these are our “service providers” under laws like CPRA, or “processors” under GDPR). For example, this includes cloud hosting providers (to store data and run our Platform), IT support and security service providers, email and communication tools, payment processors, and AI technology partners that assist in document generation. These parties are contractually obligated to protect your information, to use it only for the services we specify, and to comply with applicable privacy requirements (for instance, they must not use your data for their own purposes and must meet the standards of laws like CPRA and GDPR).
  • Business Transfers: If we are involved in a corporate transaction such as a merger, acquisition, investment financing, reorganization, bankruptcy, or sale of company assets, your information may be disclosed to the parties involved (e.g., to lawyers, auditors, potential buyers) as part of that process. We will ensure that any party receiving your personal data as part of such a transaction is bound to keep it confidential and use it only for the purposes of evaluating or completing the transaction (or as otherwise legally required).
  • Legal Obligations and Protection of Rights: We may disclose personal information when required by law or when we believe in good faith that such disclosure is necessary to: (i) comply with a legal obligation, investigation, or lawful request (for example, a subpoena, court order, or government demand); (ii) protect and defend our rights, property, or safety, or that of our users or others; (iii) enforce our Terms of Service or other agreements; or (iv) detect, prevent, or address fraud, security, or technical issues.
  • With Your Consent or At Your Direction: We will share your personal information with third parties if you specifically request or consent to us doing so. For example, if you choose to integrate our Platform with another service or ask us to collaborate with another professional (such as your attorney or colleague) on your behalf, we will share data as needed with your permission. We may also publish user testimonials or case studies that include personal information only with your explicit consent.
  • Advertising and Analytics Partners: As part of our use of cookies and tracking tools, we may allow certain third-party analytics and advertising partners to collect identifiers and internet/activity information about users through our site for the purposes of analytics and targeted advertising (see Cookies and Tracking below). For instance, we use analytics providers like Google Analytics to understand website traffic, and we might work with advertising networks to show our ads on other sites to people who have visited our Platform. These third parties may use cookies or similar technologies to collect data about your interactions over time and across different websites. Where required by law, we will obtain your consent for this kind of data sharing. In all cases, you can opt out of or limit such data collection and sharing as described in the Cookies and Tracking section and Your Rights and Choices sections of this Policy.

No Sale of Personal Data: In the last 12 months, we have not sold any personal data, and we do not share personal data for cross-context behavioral advertising without your consent. If this ever changes, we will update this Policy and provide the required notices and opt-out mechanisms so you can exercise your rights.

Cookies and Tracking Technologies

Our Platform uses cookies, pixels, and similar tracking technologies to provide functionality, analyze usage, and support marketing efforts. A cookie is a small text file that a website stores on your device which allows the site to recognize your device and remember information (like user preferences or login status). Pixels (also known as web beacons) are tiny images or code snippets that can track actions such as opening an email or visiting a webpage. We use these technologies in the following ways:

  • Necessary Cookies: These cookies are essential for the operation of our website and services. They enable core functionality such as user authentication, security (e.g., keeping your session secure), and network management. For example, when you log in, we set a cookie to maintain your session. You cannot opt out of these required cookies, as our service cannot function properly without them.
  • Functional & Preference Cookies: These cookies remember your preferences and settings to enhance your experience. For instance, they might recall your preferred language or other customizations so you don’t have to set them every time. While you can disable these cookies via your browser settings, doing so may make some features of the Platform less efficient or unavailable.
  • Analytics Cookies: We use analytics tools (like Google Analytics) that set cookies to collect information about how users navigate and use the Platform. This data (such as which pages are visited, how long users stay, and any errors encountered) helps us improve the content and performance of our services. The information collected via analytics cookies is aggregated and does not directly identify you. If you prefer not to be included in Google Analytics measurements, you can install the Google Analytics Opt-out Browser Add-on, or use the cookie preference tools described below.
  • Advertising Cookies: With your consent, we and certain third parties may use cookies and similar trackers to collect information about your browsing activities on our site and other sites, in order to provide you with targeted advertisements for our services. For example, if you visit our Platform, a cookie may remember that you showed interest, and then enable us to display our ads to you on other websites. These cookies also help us measure the effectiveness of our ad campaigns. We will not set advertising cookies or trackers unless you have had an opportunity to opt out or (where required by law) you have opted in.

Your Choices for Cookies: When you first visit our site, you will see a cookie notice or banner that allows you to accept or adjust your cookie settings. You can change your preferences at any time by using our cookie management tool (if available) or by adjusting your browser settings. Most web browsers provide options to refuse new cookies, delete existing cookies, or notify you when a cookie is being set. Please note that blocking or deleting certain cookies (especially the necessary ones) may affect the functionality of our Platform.

If you wish to opt out of targeted advertising cookies specifically, you can also use industry-provided opt-out tools. For example, you can visit the Network Advertising Initiative’s opt-out page or the Digital Advertising Alliance’s Consumer Choice page to opt out of many advertising networks’ cookies. Additionally, if you enable a browser signal such as the Global Privacy Control (GPC), which is a mechanism that communicates your desire to opt out of the sale or sharing of personal information, our site will honor it as an opt-out request for cookies that involve sharing your data for targeted advertising.

Do Not Track: “Do Not Track” (DNT) is a setting in some web browsers that signals a preference to disable tracking across sites. Currently, our Platform does not respond to DNT signals specifically. However, as noted above, we do respond to the Global Privacy Control for California residents as a valid opt-out of cookie-based data sharing. We continue to monitor developments around DNT and may update our practices if an industry standard emerges.

Data Retention

We retain personal information for as long as necessary to fulfill the purposes outlined in this Policy, unless a longer retention period is required or permitted by law. In general:

  • Account Information and User Content: We keep your account information and any documents or data you have stored on the Platform for as long as your account is active. You have the ability to delete specific documents or information at any time through your account settings. If you delete information or close your account, we will remove or anonymize your personal data within a reasonable time, except as noted below.
  • Transaction Records: If you have made payments or engaged in transactions through the Platform, we may retain certain records (like invoices, payment history, and related communications) as needed for legitimate business purposes and as required by law. For example, for tax and accounting reasons we might keep billing records for a number of years as mandated by regulations.
  • Backup and Log Data: Due to the way our data backup systems work, copies of your personal data (especially content you provided) might persist in encrypted backups for a short period (e.g., a few weeks) after you delete it from our live systems, until those backups are securely overwritten. We also maintain server logs and audit trails for security monitoring; these logs may include some personal identifiers (like IP addresses or account IDs) and are retained only as long as necessary for those security and audit purposes.
  • Legal Obligations and Dispute Resolution: We may retain information if needed to comply with our legal obligations or for handling disputes. For instance, if we deactivated your account due to a violation or if we are addressing a legal claim involving your use of the Platform, we might preserve relevant data until the issue is resolved. In such cases, the data will be stored securely and isolated from routine use.

Once the applicable retention period has passed, we will either delete your personal information or de-identify it (so it can no longer be linked to you). If we convert data to an anonymized form (removing or irreversibly hashing personal identifiers), we may use that information for analytics, research, or improvements indefinitely without further notice to you.

Data Security

We take the security of your personal information very seriously and implement a range of administrative, technical, and physical safeguards to protect against unauthorized access or disclosure. Our security measures include:

  • Encryption: We use encryption technology to protect data in transit and at rest. When data is sent to our Platform (for example, when you log in or upload information), it is encrypted using Transport Layer Security (TLS). Likewise, sensitive data stored on our servers is encrypted. This means that your document content and personal details are encoded such that they cannot be read by unauthorized parties.
  • Access Controls: Access to personal data within our organization is limited to personnel who need that information to perform their job duties. For example, customer support or engineering staff will only access your data when necessary to assist you or maintain the service, and even then, only with appropriate authorization. All employees undergo training on privacy and data protection. We also implement measures like two-factor authentication and strict password policies for our systems to prevent unauthorized access.
  • Security Certifications and Practices: Our Platform and internal practices adhere to industry standards for security. We undergo security audits for a SOC 2 (Service Organization Control 2) compliant program, which means we have formal controls and processes in place for data security, availability, and confidentiality. Additionally, although our service is not primarily a healthcare service, we follow HIPAA-aligned security practices for any health-related data that users might input (e.g., encryption, strict access controls, audit logging) to ensure a high level of protection for sensitive information.
  • Monitoring and Testing: We employ tools and services to monitor our systems for vulnerabilities, unusual access patterns, and potential threats. This includes firewalls, intrusion detection systems, anti-malware scanning, and routine penetration testing by security professionals. We quickly address any vulnerabilities identified, and we continually update our infrastructure and practices to respond to new security threats.
  • Incident Response: We have an incident response plan in place for handling any data security breach or incident. If a security breach were to occur, we will promptly investigate and take steps to mitigate the issue. In the unlikely event that a data breach results in unauthorized access to personal information, we will notify affected users and relevant authorities as required by law, and provide information on steps we are taking and recommendations for you to protect yourself.

Despite all these precautions, it’s important to note that no method of transmission over the Internet or method of electronic storage is 100% secure. We cannot guarantee absolute security of your data. You can help protect your account by using a strong, unique password, keeping it confidential, and notifying us immediately if you suspect any unauthorized access to your account or any security vulnerability. We will also notify you of any unauthorized access or breach affecting your personal information, as required by applicable laws.

International Data Transfers

We are headquartered in the United States. If you are accessing the Platform from outside the U.S. (for example, from the EEA or UK), please be aware that your personal information will likely be transferred to and stored on servers in the United States or other jurisdictions where our service providers are located. These countries may not have the same level of data protection laws as your home jurisdiction.

However, we take steps to ensure that appropriate safeguards are in place when we transfer personal data internationally. In particular, for personal data transferred from the EEA, UK, or Switzerland to the U.S. (or other countries), we rely on approved legal mechanisms to ensure an adequate level of protection. These mechanisms may include the European Commission’s Standard Contractual Clauses (“SCCs“), which are contractual commitments between parties transferring data, obligating them to protect the data to EU standards. We also may rely on your explicit consent for certain cross-border transfers where that consent is obtained and valid.

By using our services or providing us with information, you acknowledge the transfer of your personal data to the United States and other jurisdictions as described in this Policy. We will always protect your information as described here, wherever it is processed. If you have questions about our international data transfer practices or want more information about the safeguards in place, you can contact us as described in Contact Us below.

Children’s Privacy

Our Platform is not intended for children under 13 years of age, and we do not knowingly collect personal information from children under 13. If you are under 13, do not use or provide any information on this Platform. If we discover that we have inadvertently collected personal information from a child under 13, we will promptly delete such information from our records.

If you are between 13 and 18 years old, you may use the Platform only with involvement of a parent or guardian. We encourage parents and guardians to be aware of and supervise the online activities of their minors.

If you believe that we might have any information from or about a child under 13 (or the relevant minimum age in your jurisdiction), please contact us so that we can take appropriate action.

California Privacy Rights

If you are a resident of California, you have specific rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA). These rights are summarized below, and this section of our Policy is intended to comply with Cal. Civ. Code § 1798.100 et seq.:

  • Right to Know (Categories and Specific Pieces of Information): You have the right to request that we disclose the personal information we have collected about you over the past 12 months. This includes the categories of personal information, the categories of sources from which the information was collected, the business or commercial purpose for collecting (or sharing) the information, and the categories of third parties with whom we share personal information. You can also request the specific pieces of personal information we have about you (this is sometimes called the right to access).
  • Right to Delete: You have the right to request that we delete personal information we have collected from you. Once we receive and verify your request, we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies. For example, we may retain information needed to complete a transaction you requested, to detect security incidents, to comply with a legal obligation, or other purposes permitted by law.
  • Right to Correct: You have the right to request that we correct inaccuracies in the personal information we maintain about you. If you become aware that any information we have is incorrect, please let us know. Upon verifying your request, we will correct (and instruct our processors/service providers to correct) your information as you direct.
  • Right to Opt-Out of Sale or Sharing: You have the right to opt out of the sale of your personal information, or the sharing of your personal information for cross-context behavioral advertising. As noted earlier, we do not sell personal information, and we only share information for targeted advertising with consent. If we ever engage in practices that fall under “selling” or “sharing” as defined by California law, we will provide a clear way for you to exercise this right (such as a “Do Not Sell or Share My Personal Information” link on our homepage). You may also send an opt-out request to us at any time (see Submitting Requests below).
  • Right to Limit Use of Sensitive Personal Information: You have the right to direct us to limit the use and disclosure of your sensitive personal information if we use it for purposes beyond what is necessary to provide the services. However, we only use sensitive personal information that you provide (like document content or account credentials) for the core services you’ve requested (or for security, anti-fraud, and compliance, which are purposes allowed by law). We do not use or disclose sensitive information for purposes like profiling or targeted advertising. Therefore, at this time, we do not offer a separate opt-out mechanism for limiting use of sensitive information, because we do not use your sensitive data for unintended secondary purposes.
  • Right of Non-Discrimination: We will not discriminate against you for exercising any of your rights under the CCPA/CPRA. This means that if you exercise your privacy rights, we will not deny you our services, charge you a different price, or provide you with a lower quality of service just because you made a privacy request. (However, please note that if your request involves us deleting or not using certain information, we may not be able to provide services that rely on that information. For instance, if you ask us to delete your account data, you will no longer be able to use the account.)

Submitting Requests (California): If you are a California resident and wish to exercise any of the rights described above, you or your authorized agent can submit a request to us by contacting [email protected] with the subject line “California Privacy Rights Request,” and specifying which right you seek to exercise. Alternatively, you may call our toll-free privacy request line at 1-614-279-9035 (if available) or use any online web form we provide for CCPA requests.

When you submit a request, please provide sufficient information that allows us to verify you are the person about whom we have collected personal information (or an authorized representative of that person). Verification: To protect your privacy, we will take steps to verify your identity before fulfilling your request. For example, we may ask you to confirm certain account details or respond to an email from the address associated with your account. If an authorized agent is making the request on your behalf, we will require proof of the agent’s authority (such as a signed permission from you or power of attorney) and will still verify your identity directly.

We will respond to your verified request within 45 days as required by California law (or inform you in writing if we need more time, up to an additional 45 days). If we decline any part of your request, we will explain the reason in our response.

Shine the Light: Separately from CCPA, California’s “Shine the Light” law (Civil Code § 1798.83) allows California residents to request information about certain types of personal information a business has disclosed to third parties for direct marketing purposes in the preceding year. We do not share personal information with third parties for their own direct marketing purposes without your consent. Therefore, we do not maintain a list of such disclosures. If you have questions about our direct marketing practices, you can contact us at [email protected].

Privacy Rights in Other U.S. States (Virginia, Colorado, Connecticut, Utah)

Several other U.S. states have enacted privacy laws that grant residents rights over their personal data. If you are a resident of Virginia, Colorado, Connecticut, or Utah (and, to the extent applicable, other states with similar privacy laws), you may have the following rights:

  • Right to Access: You can request confirmation of whether we are processing your personal data, and access to such personal data.
  • Right to Obtain a Copy (Data Portability): You may request a copy of the personal data you provided to us, in a portable and readily usable format, so that you can transfer it to another service or controller, where technically feasible.
  • Right to Correct: You can ask us to correct inaccuracies in the personal data we hold about you, taking into account the nature of the data and the purposes of processing.
  • Right to Delete: You can request that we delete personal data that we have collected from you or obtained about you. As with the California right to delete, there may be exceptions (for instance, if the data is needed to complete a transaction you requested, to comply with law, to exercise or defend legal claims, or for certain internal uses).
  • Right to Opt Out of Targeted Advertising, Sales, or Profiling: You have the right to opt out of:
    • Targeted Advertising: We have described above how we may use cookies for targeted advertising of our own services. You can opt out of this processing (for example, by using the cookie preferences on our site or contacting us to register an opt-out).
    • Sale of Personal Data: Our business does not sell personal data in exchange for monetary compensation. If the definition of “sale” under your state law includes other types of sharing, we similarly honor opt-out requests and, as of now, we do not engage in such sharing without consent.
    • Profiling in Furtherance of Decisions with Legal or Similar Effects: You have the right to opt out of any processing of personal data that constitutes profiling to make decisions that produce legal or similarly significant effects. Our Platform does not make autonomous decisions that impact your legal rights; the AI-generated documents are based on your input and are under your control. We do not engage in automated processing that produces legal effects on you without human involvement. Therefore, this opt-out is not applicable to our services at this time.
  • Right to Appeal: If we decline to take action on a request you make regarding your personal data, you have the right to appeal our decision. When we respond to your request, we will provide instructions on how you can appeal if you are dissatisfied with the outcome. If your appeal is ultimately denied, and you believe we have not respected your rights, you may contact your state’s Attorney General to submit a complaint.

Exercising Your State Privacy Rights: To exercise the rights above, please contact us at [email protected] and indicate that you are a resident of Virginia, Colorado, Connecticut, Utah, or another applicable state, and specify your request. For example, you can say “Virginia Data Request – Access” in the subject line, and in the email, detail your request. Just as with California requests, we will need to verify your identity (and/or authority, if you are an authorized agent) before processing the request, to ensure we are protecting your data from unauthorized access or deletion.

We will respond within the timeframe required by your state law (generally within 45 days). If an extension is needed, we will inform you. Any information we provide in response will be specific to you (or general to our data practices if it’s a broader inquiry). Note that these state laws may have some differences; for instance, Virginia, Colorado, Connecticut, and Utah all require opt-in consent for processing sensitive personal data (such as data about health, race, ethnicity, precise geolocation, etc.). By using our Platform and inputting any sensitive information, you are giving us consent to process that information for the purpose of providing our service. You can withdraw that consent at any time by removing such information and/or contacting us to delete it.

GDPR and UK Data Protection Rights

If you are located in the EEA (European Economic Area) or the UK, you have additional rights under the GDPR (and the UK’s equivalent law) regarding your personal data. In GDPR terms, www.ai.law Corp. is the Data Controller of personal data you provide through the Platform (except in cases where we act as a processor for a business client, as noted in the Introduction). This section explains how we lawfully process your data and the rights you have as a Data Subject under GDPR/UK law.

Lawful Bases for Processing

We will only collect and process your personal data when we have a valid legal basis to do so under GDPR. The legal bases we rely on include:

  • Contractual Necessity (Art. 6(1)(b)): We process personal data to provide our services as agreed in our Terms of Service with you. For example, we need to use your personal details and document inputs to generate the legal documents you request and to perform our contract with you as a user of the Platform.
  • Consent (Art. 6(1)(a)): We rely on your consent in certain situations. For instance, if you voluntarily input sensitive personal data (what GDPR refers to as “special category data,” such as information about health, biometric data, or racial/ethnic origin) into the Platform as part of your document content, we treat that as you consenting to our processing of that information for the purpose of providing the service to you. Similarly, we will ask for your consent to send you marketing emails (if you are an EU/UK user) and for the use of any non-essential cookies or trackers on our site. You have the right to withdraw consent at any time, as described below.
  • Legitimate Interests (Art. 6(1)(f)): We may process your data as necessary for our legitimate interests, provided those interests are not overridden by your rights and interests. Our legitimate interests include improving and securing our Platform, communicating with you about product updates or services you might be interested in (where not overridden by your marketing preferences), preventing fraud, and conducting analytics (in a privacy-friendly way). When we rely on legitimate interests, we conduct a balancing test to ensure our interest isn’t outweighed by your privacy rights. We do not use this basis to process sensitive data or to engage in activities that people would not reasonably expect from an AI document service.
  • Legal Obligation (Art. 6(1)(c)): In some cases, we need to process or retain personal data to comply with a law or legal requirement. For example, we might keep records to satisfy financial reporting laws, or disclose information if required by a court order.
  • Protection of Vital Interests (Art. 6(1)(d)) or Public Interest (Art. 6(1)(e)): These bases are less likely to apply, but if processing your data were necessary to protect someone’s life, or for a task in the public interest, we could rely on those provisions. (For completeness, we mention them, but our typical operations do not involve these bases.)

Additionally, GDPR has specific rules for processing “special category” sensitive data. We will only process such data if you have given explicit consent (Art. 9(2)(a)) or if it’s necessary for the establishment, exercise, or defense of legal claims (Art. 9(2)(f)), since our service might be used in a legal context.

If we ever need to use your personal data for a new purpose that is not compatible with the original purposes, we will inform you and, if required, seek your consent or provide an opportunity to opt out.

Your Data Subject Rights

Under the GDPR (and UK data protection law), you have the following rights regarding your personal data:

  • Right of Access: You have the right to obtain confirmation as to whether or not we are processing personal data about you. If we are, you can request access to the personal data (commonly known as a “data subject access request”). This allows you to receive a copy of the personal data we hold about you and to check that we are processing it lawfully.
  • Right to Rectification: You have the right to request correction of any incomplete or inaccurate data that we hold about you. We want to make sure your information is correct and up-to-date. If you realize that any information in your account or in the documents we store is incorrect, you can correct some of it through your account settings, or you can contact us to request correction.
  • Right to Erasure: This is sometimes called the “right to be forgotten.” You have the right to ask us to delete or remove personal data when there is no good reason for us to continue processing it. For example, if you cancel your account and ask us to delete all information, we will do so (aside from data we are required to keep for legal reasons, as explained in Data Retention). You also have the right to request deletion or removal of your data if you have exercised your right to object to processing (see below) or if we unlawfully processed your data or must erase it to comply with law. Note that there are exemptions – for instance, we might retain certain information if needed for freedom of expression, legal claims, or compliance with a legal obligation – but we will inform you if any such exemption applies.
  • Right to Restrict Processing: You have the right to request that we suspend the processing of your personal data in certain scenarios. You might ask us to restrict processing if: (i) you contest the accuracy of the data (until we can verify its accuracy); (ii) the processing is unlawful but you don’t want us to delete the data; (iii) we no longer need the data, but you want us to keep it for the establishment, exercise, or defense of legal claims; or (iv) you have objected to our use of your data (when relying on legitimate interests) and we are considering whether our reasons for processing override your rights.
  • Right to Data Portability: You have the right to obtain your personal data that you provided to us, in a structured, commonly used, machine-readable format, and to transfer (or have us transfer) that data to another controller where technically feasible. This right only applies to information you have provided to us, when the processing is based on your consent or our contract with you, and when processing is carried out by automated means. In practice, if you need a copy of the information you’ve put into our Platform (such as the content of your legal documents or your account details), we will provide that to you electronically upon request.
  • Right to Object: You have the right to object to the processing of your personal data in certain circumstances:
    • Direct Marketing: You can object at any time to the processing of your personal data for direct marketing purposes. If you object, we will stop processing your personal data for such purposes immediately. (Note: We only send marketing communications with your consent as mentioned, but you always have the right to opt out and we will honor that.)
    • Legitimate Interests: If we are processing your data based on our legitimate interests, you also have the right to object to that processing. However, we may continue processing if we have compelling legitimate grounds that override your rights and freedoms or if the processing is needed for legal claims. If you do object to processing based on legitimate interest, please explain your situation so we can assess whether there is an overriding need to keep processing your data.
  • Rights Related to Automated Decision-Making: You have the right not to be subject to a decision solely based on automated processing (including profiling) which produces legal effects concerning you or similarly significantly affects you, unless it is necessary for entering into or performing a contract between you and us, is authorized by law, or is based on your explicit consent. Note: Our Platform does not make any decisions about you with legal or significant effects without human involvement. The AI simply assists in generating document text based on your input; it does not make judgments about your rights or status. Therefore, this right is more relevant to other contexts and is not applicable in any impactful way to our services at this time.
  • Right to Withdraw Consent: If we are processing your personal data based on your consent, you have the right to withdraw that consent at any time. For example, if you consented to receive marketing emails, you can opt out via the unsubscribe link in those emails or by contacting us. If you consented to our use of certain cookies, you can change your cookie settings to withdraw that consent. Withdrawing consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, and it won’t affect processing under other legal bases.
  • Right to Complain: If you believe we have infringed your data protection rights, you have the right to lodge a complaint with a supervisory authority. If you are in the EU, you can contact the data protection authority in the country where you live, where you work, or where you believe the breach may have occurred. In the UK, you can file a complaint with the Information Commissioner’s Office (ICO). We would, however, appreciate the chance to address your concerns directly before you do this, so we encourage you to contact us first if possible.

Exercising Your GDPR/UK Rights: You may contact us at [email protected] to exercise any of the rights listed above. Please describe your request with sufficient detail for us to understand and respond. We will need to verify your identity (for example, by confirming information we have on file or asking for identification) before releasing or deleting personal data, to ensure we protect your privacy and that of others. We will respond to your request within one month of receipt, or inform you if we need additional time (we can extend the period by two further months for complex or multiple requests, as allowed by GDPR). We will not charge a fee for fulfilling your request unless it is excessive or unfounded, in which case we will explain the situation and why a fee may apply.

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us using one of the methods below. We will respond as promptly as we can.

  • Email: [email protected]
  • Mail: www.ai.law Corp., Attn: Privacy Team, 485 Metro Place South, Suite 300, Dublin, OH 43017, USA

We take your privacy inquiries seriously. If you contact us to exercise a privacy right, please make sure to mention which right you are concerned with and provide any relevant information (such as your state or country of residence, if applicable), so we can more efficiently route your request.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or for other operational reasons. When we make updates, we will revise the “Last Updated” date at the top of this Policy. If we make significant changes, we may also provide additional notice (such as adding a prominent statement on our website or sending you an email notification).

We encourage you to review this Policy periodically to stay informed about how we protect your personal information. Your continued use of the Platform after any changes to this Privacy Policy constitutes your acceptance of those changes.

Thank you for reading our Privacy Policy. We are dedicated to protecting your personal information and upholding your privacy rights. If you have any questions or feedback regarding this Policy, please do not hesitate to Contact Us.

Signed

/s/ Troy Doucet

May 8, 2025