Last Updated: May 8, 2025
Introduction
www.ai.law Corp. (“we,” “us,”
or “our”) operates a U.S.-based AI document-generation web
platform (the “Platform”). We are committed to protecting your
privacy. This Privacy Policy explains how we collect, use, store, and share
your personal information, and outlines your rights under applicable privacy
laws. We comply with U.S. privacy laws (including California’s Consumer Privacy
Rights Act (CPRA) and other state laws in Virginia, Colorado, Connecticut, and
Utah) and, as we may serve individuals in the European Economic Area (“EEA”)
and United Kingdom (“UK”), we also incorporate principles of
the EU/UK General Data Protection Regulation (“GDPR”).
By using our Platform, you agree to the collection and use
of information in accordance with this Privacy Policy. If you do not agree,
please do not use the Platform. This Policy applies to our website and online
services (no mobile apps) and not to any third-party websites or services that
we do not control.
Note for Legal Professionals and Their Clients: If
you use our Platform as an attorney or on behalf of another individual, you are
responsible for ensuring you have the right to provide any personal information
about others. In such cases, we treat that data as described in this Policy and
in accordance with our agreements with you. When we process personal data on
behalf of a business client (for example, a law firm), we act as a
“service provider” or “processor” to that client, and that
client is responsible for compliance with relevant privacy laws as the
“data controller.”
Information We Collect
We collect personal information (“personal
data”) that you provide to us directly and information that we collect
automatically when you use the Platform. The types of information we may
collect include:
- Information
You Provide Directly: When you create an account or use our services,
you may provide personal details such as your name, email address, phone
number, and account login credentials. You also input information into the
Platform when generating documents (e.g., details about your legal case,
names and contact information of parties involved, and other content you
choose to provide). This may include sensitive personal information
if you voluntarily include it (for example, health-related information,
financial details, or other sensitive data relevant to a legal matter). We
only collect such sensitive information if you choose to provide it, and
we handle it with special care (see Data Security below). - Payment
Information: If you make a purchase or subscription on our Platform,
you may provide payment information. Payments are processed by our
third-party payment processor; we do not store your full credit card
numbers. We may retain basic transaction information (e.g., billing name,
payment method, and amount) for record-keeping purposes. - Communications:
If you contact us for support or feedback, we collect the information you
provide in those communications (such as your contact details and the
content of your messages). If you request assistance with a document, our
support staff may temporarily access your document content with your
permission to help resolve your issue. - Automatically
Collected Data: When you use our website, we automatically collect
certain information about your device and usage:
- Usage
and Device Information: We collect data such as your IP address,
browser type, device type, operating system, referring URLs, pages
viewed, and the dates/times of access. We also log your interactions with
the Platform (e.g., features used, errors encountered) to help us understand
usage patterns and improve performance. - Cookies
and Tracking Technologies: We use cookies and similar technologies to
remember your preferences, authenticate your login, and gather
information about how you interact with our site. For example, we may use
cookies to keep you logged in and analytics tools to collect information about
user interactions (see Cookies and Tracking below for details and
your choices).
Categories of Personal Information (CPRA): For
California residents, the following categories of personal information have
been collected from users in the past 12 months (as defined by California law):
- Identifiers:
e.g., name, email address, IP address. - Customer
Records Information: Contact details and account credentials. - Protected
Class Characteristics: (Only if you choose to provide this in your
document content, such as health information or demographic details
relevant to a case.) - Commercial
Information: Transaction records (e.g., subscription purchases). - Internet
or Network Activity: Browsing or usage data on our Platform. - Geolocation
Data: Approximate location (e.g., derived from your IP address). - Professional
or Employment Information: If you provide it (for example, your law
firm name or job title). - Sensitive
Personal Information: Account login credentials, and any sensitive
data you choose to include in your documents (such as health or legal
information).
We collect these categories of information directly from you
and through automated means as you use the Platform.
How We Use Your Information
We use personal information for the following purposes:
- To
Provide and Improve Our Services: We process your information to
operate the Platform’s core functionality. This includes generating
documents based on the information you input, maintaining your account,
and storing your documents for your convenience. We may analyze usage
trends and feedback to improve our AI document-generation algorithms, add
new features, and enhance the user experience. - To
Communicate with You: We use contact information (like your email and
phone number) to send service-related communications. These include
confirmations of document generation, updates about changes to our
Platform or policies, and responses to your inquiries or support requests.
If you have opted in, we may also send newsletters or marketing
communications about new features or services; you can unsubscribe from
these at any time. - Customer
Support: If you reach out for help, we will use the information you
provide (and may access your document content with your permission) to
assist you and resolve issues. Our staff access to user content is very
limited and only granted for customer support or troubleshooting with your
consent and under strict confidentiality. - Legal
and Compliance: We may process and retain personal data to comply with
applicable laws, regulations, and legal obligations. For example, we may
use your information to fulfill tax and accounting requirements, to verify
your identity where required by law, or to respond to lawful requests by
public authorities (such as court orders or government inquiries). - Security
and Fraud Prevention: We use information (such as device identifiers
and usage patterns) to maintain the security of the Platform and detect
and prevent fraud, unauthorized access, and abuse of our services. This
includes using automated systems and manual review of activities that
appear suspicious or may violate our Terms of Service. - Analytics
and Product Development: We analyze how users interact with our
Platform (e.g., which features are used most or where users encounter
errors) to understand performance and improve our offerings. This may
involve creating aggregated, de-identified statistics that do not identify
any individual. We do not use any personal information you provide
in your documents to profile you for marketing; any analysis of document
content to improve our AI is done in a manner that does not identify
specific individuals. - Advertising
and Marketing (with Consent/Opt-Out): We may use cookies and
third-party tools to help deliver relevant advertisements about our
services on our site or elsewhere, and to measure the effectiveness of our
marketing campaigns. For example, we might use an advertising network that
uses cookies to track that you visited our site, so we can later show you
an ad for our Platform on other websites. These activities may be
considered targeted advertising. We will only engage in such advertising
practices in compliance with applicable laws – for instance, by obtaining
opt-in consent where required or providing you the opportunity to opt out
(see Cookies and Tracking for how to control advertising cookies).
We will not use personal information for purposes
incompatible with those listed above without your consent. If we need to
process your information for a new purpose, we will notify you or seek your
permission as required.
How We Share Your Information
We do not sell your personal information to third
parties, and we do not share your personal information with third parties for
their own marketing purposes without your explicit consent. We only disclose
your information in the following circumstances:
- Service
Providers and Contractors: We share personal information with trusted
third-party companies and individuals who perform services on our behalf
and under our instructions (these are our “service providers”
under laws like CPRA, or “processors” under GDPR). For example,
this includes cloud hosting providers (to store data and run our
Platform), IT support and security service providers, email and
communication tools, payment processors, and AI technology partners that
assist in document generation. These parties are contractually obligated
to protect your information, to use it only for the services we specify,
and to comply with applicable privacy requirements (for instance, they
must not use your data for their own purposes and must meet the standards
of laws like CPRA and GDPR). - Business
Transfers: If we are involved in a corporate transaction such as a
merger, acquisition, investment financing, reorganization, bankruptcy, or
sale of company assets, your information may be disclosed to the parties
involved (e.g., to lawyers, auditors, potential buyers) as part of that
process. We will ensure that any party receiving your personal data as
part of such a transaction is bound to keep it confidential and use it
only for the purposes of evaluating or completing the transaction (or as
otherwise legally required). - Legal
Obligations and Protection of Rights: We may disclose personal
information when required by law or when we believe in good faith that
such disclosure is necessary to: (i) comply with a legal obligation,
investigation, or lawful request (for example, a subpoena, court order, or
government demand); (ii) protect and defend our rights, property, or
safety, or that of our users or others; (iii) enforce our Terms of Service
or other agreements; or (iv) detect, prevent, or address fraud, security,
or technical issues. - With
Your Consent or At Your Direction: We will share your personal
information with third parties if you specifically request or consent to
us doing so. For example, if you choose to integrate our Platform with
another service or ask us to collaborate with another professional (such
as your attorney or colleague) on your behalf, we will share data as
needed with your permission. We may also publish user testimonials or case
studies that include personal information only with your explicit
consent. - Advertising
and Analytics Partners: As part of our use of cookies and tracking
tools, we may allow certain third-party analytics and advertising partners
to collect identifiers and internet/activity information about users
through our site for the purposes of analytics and targeted advertising
(see Cookies and Tracking below). For instance, we use analytics
providers like Google Analytics to understand website traffic, and we
might work with advertising networks to show our ads on other sites to
people who have visited our Platform. These third parties may use cookies
or similar technologies to collect data about your interactions over time
and across different websites. Where required by law, we will obtain your
consent for this kind of data sharing. In all cases, you can opt out of or
limit such data collection and sharing as described in the Cookies and
Tracking section and Your Rights and Choices sections of this
Policy.
No Sale of Personal Data: In the last 12 months, we
have not sold any personal data, and we do not share personal data for
cross-context behavioral advertising without your consent. If this ever
changes, we will update this Policy and provide the required notices and
opt-out mechanisms so you can exercise your rights.
Cookies and Tracking Technologies
Our Platform uses cookies, pixels, and similar tracking
technologies to provide functionality, analyze usage, and support marketing
efforts. A cookie is a small text file that a website stores on your
device which allows the site to recognize your device and remember information
(like user preferences or login status). Pixels (also known as web
beacons) are tiny images or code snippets that can track actions such as
opening an email or visiting a webpage. We use these technologies in the
following ways:
- Necessary
Cookies: These cookies are essential for the operation of our website
and services. They enable core functionality such as user authentication,
security (e.g., keeping your session secure), and network management. For
example, when you log in, we set a cookie to maintain your session. You
cannot opt out of these required cookies, as our service cannot function
properly without them. - Functional
& Preference Cookies: These cookies remember your preferences and
settings to enhance your experience. For instance, they might recall your
preferred language or other customizations so you don’t have to set them
every time. While you can disable these cookies via your browser settings,
doing so may make some features of the Platform less efficient or
unavailable. - Analytics
Cookies: We use analytics tools (like Google Analytics) that set
cookies to collect information about how users navigate and use the
Platform. This data (such as which pages are visited, how long users stay,
and any errors encountered) helps us improve the content and performance
of our services. The information collected via analytics cookies is
aggregated and does not directly identify you. If you prefer not to be
included in Google Analytics measurements, you can install the Google Analytics Opt-out
Browser Add-on, or use the cookie preference tools described below. - Advertising
Cookies: With your consent, we and certain third parties may use
cookies and similar trackers to collect information about your browsing
activities on our site and other sites, in order to provide you with
targeted advertisements for our services. For example, if you visit our
Platform, a cookie may remember that you showed interest, and then enable
us to display our ads to you on other websites. These cookies also help us
measure the effectiveness of our ad campaigns. We will not set advertising
cookies or trackers unless you have had an opportunity to opt out or
(where required by law) you have opted in.
Your Choices for Cookies: When you first visit our
site, you will see a cookie notice or banner that allows you to accept or
adjust your cookie settings. You can change your preferences at any time by
using our cookie management tool (if available) or by adjusting your browser settings.
Most web browsers provide options to refuse new cookies, delete existing
cookies, or notify you when a cookie is being set. Please note that blocking or
deleting certain cookies (especially the necessary ones) may affect the
functionality of our Platform.
If you wish to opt out of targeted advertising cookies
specifically, you can also use industry-provided opt-out tools. For example,
you can visit the Network
Advertising Initiative’s opt-out page or the Digital Advertising Alliance’s Consumer
Choice page to opt out of many advertising networks’ cookies. Additionally,
if you enable a browser signal such as the Global Privacy Control (GPC),
which is a mechanism that communicates your desire to opt out of the sale or
sharing of personal information, our site will honor it as an opt-out request
for cookies that involve sharing your data for targeted advertising.
Do Not Track: “Do Not Track” (DNT) is a
setting in some web browsers that signals a preference to disable tracking
across sites. Currently, our Platform does not respond to DNT signals
specifically. However, as noted above, we do respond to the Global Privacy
Control for California residents as a valid opt-out of cookie-based data
sharing. We continue to monitor developments around DNT and may update our
practices if an industry standard emerges.
Data Retention
We retain personal information for as long as necessary to
fulfill the purposes outlined in this Policy, unless a longer retention
period is required or permitted by law. In general:
- Account
Information and User Content: We keep your account information and any
documents or data you have stored on the Platform for as long as your
account is active. You have the ability to delete specific documents or
information at any time through your account settings. If you delete information
or close your account, we will remove or anonymize your personal data
within a reasonable time, except as noted below. - Transaction
Records: If you have made payments or engaged in transactions through
the Platform, we may retain certain records (like invoices, payment
history, and related communications) as needed for legitimate business
purposes and as required by law. For example, for tax and accounting
reasons we might keep billing records for a number of years as mandated by
regulations. - Backup
and Log Data: Due to the way our data backup systems work, copies of
your personal data (especially content you provided) might persist in
encrypted backups for a short period (e.g., a few weeks) after you delete
it from our live systems, until those backups are securely overwritten. We
also maintain server logs and audit trails for security monitoring; these
logs may include some personal identifiers (like IP addresses or account
IDs) and are retained only as long as necessary for those security and
audit purposes. - Legal
Obligations and Dispute Resolution: We may retain information if
needed to comply with our legal obligations or for handling disputes. For
instance, if we deactivated your account due to a violation or if we are
addressing a legal claim involving your use of the Platform, we might
preserve relevant data until the issue is resolved. In such cases, the
data will be stored securely and isolated from routine use.
Once the applicable retention period has passed, we will
either delete your personal information or de-identify it (so it can no longer
be linked to you). If we convert data to an anonymized form (removing or
irreversibly hashing personal identifiers), we may use that information for
analytics, research, or improvements indefinitely without further notice to
you.
Data Security
We take the security of your personal information very
seriously and implement a range of administrative, technical, and physical
safeguards to protect against unauthorized access or disclosure. Our security
measures include:
- Encryption:
We use encryption technology to protect data in transit and at rest. When
data is sent to our Platform (for example, when you log in or upload
information), it is encrypted using Transport Layer Security (TLS).
Likewise, sensitive data stored on our servers is encrypted. This means
that your document content and personal details are encoded such that they
cannot be read by unauthorized parties. - Access
Controls: Access to personal data within our organization is limited
to personnel who need that information to perform their job duties.
For example, customer support or engineering staff will only access your
data when necessary to assist you or maintain the service, and even then,
only with appropriate authorization. All employees undergo training on
privacy and data protection. We also implement measures like two-factor
authentication and strict password policies for our systems to prevent
unauthorized access. - Security
Certifications and Practices: Our Platform and internal practices
adhere to industry standards for security. We undergo security audits for
a SOC 2 (Service Organization Control 2) compliant program, which
means we have formal controls and processes in place for data security,
availability, and confidentiality. Additionally, although our service is
not primarily a healthcare service, we follow HIPAA-aligned
security practices for any health-related data that users might input
(e.g., encryption, strict access controls, audit logging) to ensure a high
level of protection for sensitive information. - Monitoring
and Testing: We employ tools and services to monitor our systems for
vulnerabilities, unusual access patterns, and potential threats. This
includes firewalls, intrusion detection systems, anti-malware scanning,
and routine penetration testing by security professionals. We quickly
address any vulnerabilities identified, and we continually update our
infrastructure and practices to respond to new security threats. - Incident
Response: We have an incident response plan in place for handling any
data security breach or incident. If a security breach were to occur, we
will promptly investigate and take steps to mitigate the issue. In the
unlikely event that a data breach results in unauthorized access to
personal information, we will notify affected users and relevant
authorities as required by law, and provide information on steps we are
taking and recommendations for you to protect yourself.
Despite all these precautions, it’s important to note that
no method of transmission over the Internet or method of electronic storage is
100% secure. We cannot guarantee absolute security of your data. You can
help protect your account by using a strong, unique password, keeping it
confidential, and notifying us immediately if you suspect any unauthorized
access to your account or any security vulnerability. We will also notify you
of any unauthorized access or breach affecting your personal information, as
required by applicable laws.
International Data Transfers
We are headquartered in the United States. If you are
accessing the Platform from outside the U.S. (for example, from the EEA or UK),
please be aware that your personal information will likely be transferred to
and stored on servers in the United States or other jurisdictions where our
service providers are located. These countries may not have the same level of
data protection laws as your home jurisdiction.
However, we take steps to ensure that appropriate safeguards
are in place when we transfer personal data internationally. In particular, for
personal data transferred from the EEA, UK, or Switzerland to the U.S. (or
other countries), we rely on approved legal mechanisms to ensure an adequate
level of protection. These mechanisms may include the European Commission’s
Standard Contractual Clauses (“SCCs”), which are contractual
commitments between parties transferring data, obligating them to protect the
data to EU standards. We also may rely on your explicit consent for certain
cross-border transfers where that consent is obtained and valid.
By using our services or providing us with information, you
acknowledge the transfer of your personal data to the United States and other
jurisdictions as described in this Policy. We will always protect your
information as described here, wherever it is processed. If you have questions
about our international data transfer practices or want more information about
the safeguards in place, you can contact us as described in Contact Us
below.
Children’s Privacy
Our Platform is not intended for children under 13 years
of age, and we do not knowingly collect personal information from children
under 13. If you are under 13, do not use or provide any information on this
Platform. If we discover that we have inadvertently collected personal
information from a child under 13, we will promptly delete such information
from our records.
If you are between 13 and 18 years old, you may use the
Platform only with involvement of a parent or guardian. We encourage parents
and guardians to be aware of and supervise the online activities of their
minors.
If you believe that we might have any information from or
about a child under 13 (or the relevant minimum age in your jurisdiction),
please contact us so that we can take appropriate action.
California Privacy Rights
If you are a resident of California, you have specific
rights under the California Consumer Privacy Act (CCPA) as amended by the
California Privacy Rights Act (CPRA). These rights are summarized below, and
this section of our Policy is intended to comply with Cal. Civ. Code § 1798.100
et seq.:
- Right
to Know (Categories and Specific Pieces of Information): You have the
right to request that we disclose the personal information we have
collected about you over the past 12 months. This includes the categories
of personal information, the categories of sources from which the
information was collected, the business or commercial purpose for
collecting (or sharing) the information, and the categories of third
parties with whom we share personal information. You can also request the specific
pieces of personal information we have about you (this is sometimes
called the right to access). - Right
to Delete: You have the right to request that we delete personal
information we have collected from you. Once we receive and verify your
request, we will delete (and direct our service providers to delete) your
personal information from our records, unless an exception applies. For
example, we may retain information needed to complete a transaction you
requested, to detect security incidents, to comply with a legal
obligation, or other purposes permitted by law. - Right
to Correct: You have the right to request that we correct inaccuracies
in the personal information we maintain about you. If you become aware
that any information we have is incorrect, please let us know. Upon
verifying your request, we will correct (and instruct our
processors/service providers to correct) your information as you direct. - Right
to Opt-Out of Sale or Sharing: You have the right to opt out of the
sale of your personal information, or the sharing of your personal
information for cross-context behavioral advertising. As noted earlier, we
do not sell personal information, and we only share information for
targeted advertising with consent. If we ever engage in practices that
fall under “selling” or “sharing” as defined by
California law, we will provide a clear way for you to exercise this right
(such as a “Do Not Sell or Share My Personal Information” link
on our homepage). You may also send an opt-out request to us at any time
(see Submitting Requests below). - Right
to Limit Use of Sensitive Personal Information: You have the right to
direct us to limit the use and disclosure of your sensitive personal
information if we use it for purposes beyond what is necessary to
provide the services. However, we only use sensitive personal information
that you provide (like document content or account credentials) for the
core services you’ve requested (or for security, anti-fraud, and
compliance, which are purposes allowed by law). We do not use or disclose
sensitive information for purposes like profiling or targeted advertising.
Therefore, at this time, we do not offer a separate opt-out mechanism for
limiting use of sensitive information, because we do not use your
sensitive data for unintended secondary purposes. - Right
of Non-Discrimination: We will not discriminate against you for
exercising any of your rights under the CCPA/CPRA. This means that if you
exercise your privacy rights, we will not deny you our services, charge
you a different price, or provide you with a lower quality of service just
because you made a privacy request. (However, please note that if your
request involves us deleting or not using certain information, we may not
be able to provide services that rely on that information. For instance,
if you ask us to delete your account data, you will no longer be able to
use the account.)
Submitting Requests (California): If you are a
California resident and wish to exercise any of the rights described above, you
or your authorized agent can submit a request to us by contacting [email protected]
with the subject line “California Privacy Rights Request,” and
specifying which right you seek to exercise. Alternatively, you may call our
toll-free privacy request line at 1-614-279-9035 (if available) or use
any online web form we provide for CCPA requests.
When you submit a request, please provide sufficient
information that allows us to verify you are the person about whom we have
collected personal information (or an authorized representative of that
person). Verification: To protect your privacy, we will take steps to
verify your identity before fulfilling your request. For example, we may ask
you to confirm certain account details or respond to an email from the address
associated with your account. If an authorized agent is making the request on
your behalf, we will require proof of the agent’s authority (such as a signed
permission from you or power of attorney) and will still verify your identity
directly.
We will respond to your verified request within 45 days as
required by California law (or inform you in writing if we need more time, up
to an additional 45 days). If we decline any part of your request, we will
explain the reason in our response.
Shine the Light: Separately from CCPA, California’s
“Shine the Light” law (Civil Code § 1798.83) allows California residents to
request information about certain types of personal information a business has
disclosed to third parties for direct marketing purposes in the preceding year.
We do not share personal information with third parties for their own
direct marketing purposes without your consent. Therefore, we do not maintain a
list of such disclosures. If you have questions about our direct marketing
practices, you can contact us at [email protected].
Privacy Rights in Other U.S. States (Virginia, Colorado,
Connecticut, Utah)
Several other U.S. states have enacted privacy laws that
grant residents rights over their personal data. If you are a resident of Virginia,
Colorado, Connecticut, or Utah (and, to the extent applicable, other
states with similar privacy laws), you may have the following rights:
- Right
to Access: You can request confirmation of whether we are processing
your personal data, and access to such personal data. - Right
to Obtain a Copy (Data Portability): You may request a copy of the
personal data you provided to us, in a portable and readily usable format,
so that you can transfer it to another service or controller, where
technically feasible. - Right
to Correct: You can ask us to correct inaccuracies in the personal
data we hold about you, taking into account the nature of the data and the
purposes of processing. - Right
to Delete: You can request that we delete personal data that we have
collected from you or obtained about you. As with the California right to
delete, there may be exceptions (for instance, if the data is needed to
complete a transaction you requested, to comply with law, to exercise or
defend legal claims, or for certain internal uses). - Right
to Opt Out of Targeted Advertising, Sales, or Profiling: You have the
right to opt out of:
- Targeted
Advertising: We have described above how we may use cookies for
targeted advertising of our own services. You can opt out of this
processing (for example, by using the cookie preferences on our site or
contacting us to register an opt-out). - Sale
of Personal Data: Our business does not sell personal data in
exchange for monetary compensation. If the definition of “sale”
under your state law includes other types of sharing, we similarly honor
opt-out requests and, as of now, we do not engage in such sharing without
consent. - Profiling
in Furtherance of Decisions with Legal or Similar Effects: You have
the right to opt out of any processing of personal data that constitutes
profiling to make decisions that produce legal or similarly significant
effects. Our Platform does not make autonomous decisions that impact your
legal rights; the AI-generated documents are based on your input and are
under your control. We do not engage in automated processing that
produces legal effects on you without human involvement. Therefore, this
opt-out is not applicable to our services at this time.
- Right
to Appeal: If we decline to take action on a request you make
regarding your personal data, you have the right to appeal our decision.
When we respond to your request, we will provide instructions on how you
can appeal if you are dissatisfied with the outcome. If your appeal is
ultimately denied, and you believe we have not respected your rights, you
may contact your state’s Attorney General to submit a complaint.
Exercising Your State Privacy Rights: To exercise the
rights above, please contact us at [email protected] and indicate that you
are a resident of Virginia, Colorado, Connecticut, Utah, or another applicable
state, and specify your request. For example, you can say “Virginia Data
Request – Access” in the subject line, and in the email, detail your request.
Just as with California requests, we will need to verify your identity (and/or
authority, if you are an authorized agent) before processing the request, to
ensure we are protecting your data from unauthorized access or deletion.
We will respond within the timeframe required by your state
law (generally within 45 days). If an extension is needed, we will inform you.
Any information we provide in response will be specific to you (or general to
our data practices if it’s a broader inquiry). Note that these state laws may
have some differences; for instance, Virginia, Colorado, Connecticut, and Utah
all require opt-in consent for processing sensitive personal data (such
as data about health, race, ethnicity, precise geolocation, etc.). By using our
Platform and inputting any sensitive information, you are giving us consent to
process that information for the purpose of providing our service. You can
withdraw that consent at any time by removing such information and/or
contacting us to delete it.
GDPR and UK Data Protection Rights
If you are located in the EEA (European Economic Area) or
the UK, you have additional rights under the GDPR (and the UK’s equivalent law)
regarding your personal data. In GDPR terms, www.ai.law Corp. is the Data
Controller of personal data you provide through the Platform (except in
cases where we act as a processor for a business client, as noted in the
Introduction). This section explains how we lawfully process your data and the
rights you have as a Data Subject under GDPR/UK law.
Lawful Bases for Processing
We will only collect and process your personal data when we
have a valid legal basis to do so under GDPR. The legal bases we rely on
include:
- Contractual
Necessity (Art. 6(1)(b)): We process personal data to provide our
services as agreed in our Terms of Service with you. For example, we need
to use your personal details and document inputs to generate the legal
documents you request and to perform our contract with you as a user of
the Platform. - Consent
(Art. 6(1)(a)): We rely on your consent in certain situations. For
instance, if you voluntarily input sensitive personal data (what
GDPR refers to as “special category data,” such as information
about health, biometric data, or racial/ethnic origin) into the Platform
as part of your document content, we treat that as you consenting to our
processing of that information for the purpose of providing the service to
you. Similarly, we will ask for your consent to send you marketing emails
(if you are an EU/UK user) and for the use of any non-essential cookies or
trackers on our site. You have the right to withdraw consent at any time,
as described below. - Legitimate
Interests (Art. 6(1)(f)): We may process your data as necessary for
our legitimate interests, provided those interests are not overridden by
your rights and interests. Our legitimate interests include improving and
securing our Platform, communicating with you about product updates or
services you might be interested in (where not overridden by your
marketing preferences), preventing fraud, and conducting analytics (in a
privacy-friendly way). When we rely on legitimate interests, we conduct a
balancing test to ensure our interest isn’t outweighed by your privacy
rights. We do not use this basis to process sensitive data or to
engage in activities that people would not reasonably expect from an AI
document service. - Legal
Obligation (Art. 6(1)(c)): In some cases, we need to process or retain
personal data to comply with a law or legal requirement. For example, we
might keep records to satisfy financial reporting laws, or disclose
information if required by a court order. - Protection
of Vital Interests (Art. 6(1)(d)) or Public Interest (Art. 6(1)(e)): These
bases are less likely to apply, but if processing your data were necessary
to protect someone’s life, or for a task in the public interest, we could
rely on those provisions. (For completeness, we mention them, but our
typical operations do not involve these bases.)
Additionally, GDPR has specific rules for processing
“special category” sensitive data. We will only process such data if
you have given explicit consent (Art. 9(2)(a)) or if it’s necessary for the
establishment, exercise, or defense of legal claims (Art. 9(2)(f)), since our
service might be used in a legal context.
If we ever need to use your personal data for a new purpose
that is not compatible with the original purposes, we will inform you and, if
required, seek your consent or provide an opportunity to opt out.
Your Data Subject Rights
Under the GDPR (and UK data protection law), you have the
following rights regarding your personal data:
- Right
of Access: You have the right to obtain confirmation as to whether or
not we are processing personal data about you. If we are, you can request
access to the personal data (commonly known as a “data subject access
request”). This allows you to receive a copy of the personal data we
hold about you and to check that we are processing it lawfully. - Right
to Rectification: You have the right to request correction of any
incomplete or inaccurate data that we hold about you. We want to make sure
your information is correct and up-to-date. If you realize that any
information in your account or in the documents we store is incorrect, you
can correct some of it through your account settings, or you can contact
us to request correction. - Right
to Erasure: This is sometimes called the “right to be
forgotten.” You have the right to ask us to delete or remove personal
data when there is no good reason for us to continue processing it. For
example, if you cancel your account and ask us to delete all information,
we will do so (aside from data we are required to keep for legal reasons,
as explained in Data Retention). You also have the right to request
deletion or removal of your data if you have exercised your right to
object to processing (see below) or if we unlawfully processed your data
or must erase it to comply with law. Note that there are exemptions – for instance,
we might retain certain information if needed for freedom of expression,
legal claims, or compliance with a legal obligation – but we will inform
you if any such exemption applies. - Right
to Restrict Processing: You have the right to request that we suspend
the processing of your personal data in certain scenarios. You might ask
us to restrict processing if: (i) you contest the accuracy of the data
(until we can verify its accuracy); (ii) the processing is unlawful but
you don’t want us to delete the data; (iii) we no longer need the data,
but you want us to keep it for the establishment, exercise, or defense of
legal claims; or (iv) you have objected to our use of your data (when
relying on legitimate interests) and we are considering whether our
reasons for processing override your rights. - Right
to Data Portability: You have the right to obtain your personal data
that you provided to us, in a structured, commonly used, machine-readable
format, and to transfer (or have us transfer) that data to another
controller where technically feasible. This right only applies to
information you have provided to us, when the processing is based on your
consent or our contract with you, and when processing is carried out by
automated means. In practice, if you need a copy of the information you’ve
put into our Platform (such as the content of your legal documents or your
account details), we will provide that to you electronically upon request. - Right
to Object: You have the right to object to the processing of your
personal data in certain circumstances:
- Direct
Marketing: You can object at any time to the processing of your
personal data for direct marketing purposes. If you object, we will stop
processing your personal data for such purposes immediately. (Note: We
only send marketing communications with your consent as mentioned, but
you always have the right to opt out and we will honor that.) - Legitimate
Interests: If we are processing your data based on our legitimate
interests, you also have the right to object to that processing. However,
we may continue processing if we have compelling legitimate grounds that
override your rights and freedoms or if the processing is needed for
legal claims. If you do object to processing based on legitimate
interest, please explain your situation so we can assess whether there is
an overriding need to keep processing your data.
- Rights
Related to Automated Decision-Making: You have the right not to be
subject to a decision solely based on automated processing (including
profiling) which produces legal effects concerning you or similarly
significantly affects you, unless it is necessary for entering into or
performing a contract between you and us, is authorized by law, or is
based on your explicit consent. Note: Our Platform does not make
any decisions about you with legal or significant effects without human
involvement. The AI simply assists in generating document text based on
your input; it does not make judgments about your rights or status.
Therefore, this right is more relevant to other contexts and is not
applicable in any impactful way to our services at this time. - Right
to Withdraw Consent: If we are processing your personal data based on
your consent, you have the right to withdraw that consent at any time. For
example, if you consented to receive marketing emails, you can opt out via
the unsubscribe link in those emails or by contacting us. If you consented
to our use of certain cookies, you can change your cookie settings to
withdraw that consent. Withdrawing consent will not affect the lawfulness
of any processing we conducted prior to your withdrawal, and it won’t
affect processing under other legal bases. - Right
to Complain: If you believe we have infringed your data protection
rights, you have the right to lodge a complaint with a supervisory
authority. If you are in the EU, you can contact the data protection
authority in the country where you live, where you work, or where you
believe the breach may have occurred. In the UK, you can file a complaint
with the Information Commissioner’s Office (ICO). We would, however,
appreciate the chance to address your concerns directly before you do
this, so we encourage you to contact us first if possible.
Exercising Your GDPR/UK Rights: You may contact us at
[email protected] to exercise
any of the rights listed above. Please describe your request with sufficient
detail for us to understand and respond. We will need to verify your identity
(for example, by confirming information we have on file or asking for
identification) before releasing or deleting personal data, to ensure we
protect your privacy and that of others. We will respond to your request within
one month of receipt, or inform you if we need additional time (we can extend
the period by two further months for complex or multiple requests, as allowed
by GDPR). We will not charge a fee for fulfilling your request unless it is
excessive or unfounded, in which case we will explain the situation and why a
fee may apply.
Contact Us
If you have any questions, concerns, or requests regarding
this Privacy Policy or our data practices, please contact us using one of the
methods below. We will respond as promptly as we can.
- Email:
[email protected] - Mail:
www.ai.law Corp., Attn: Privacy Team, 485 Metro Place South, Suite 300,
Dublin, OH 43017, USA
We take your privacy inquiries seriously. If you contact us
to exercise a privacy right, please make sure to mention which right you are
concerned with and provide any relevant information (such as your state or
country of residence, if applicable), so we can more efficiently route your
request.
Changes to This Privacy Policy
We may update this Privacy Policy from time to time to
reflect changes in our practices, technologies, legal requirements, or for
other operational reasons. When we make updates, we will revise the “Last
Updated” date at the top of this Policy. If we make significant changes,
we may also provide additional notice (such as adding a prominent statement on
our website or sending you an email notification).
We encourage you to review this Policy periodically to stay
informed about how we protect your personal information. Your continued use
of the Platform after any changes to this Privacy Policy constitutes your
acceptance of those changes.
Thank you for reading our Privacy Policy. We are dedicated
to protecting your personal information and upholding your privacy rights. If
you have any questions or feedback regarding this Policy, please do not
hesitate to Contact Us.
Signed
/s/ Troy Doucet
May 8, 2025
