Privacy Policy

IdaMil™ LLC (“IdaMil,” “we,” “us,” or “our”) operates Digital Paralegal™, an AI-powered legal technology platform. This Privacy Policy explains how we collect, use, disclose, and protect your information when you use our Service. We are committed to protecting the privacy and confidentiality of legal professionals and their clients.

1. Information We Collect

1.1 Information You Provide

• Account Information: Name, email address, firm name, bar number (optional), jurisdiction, and role within your organization.
• Payment Information: Billing address, payment method details. Payment processing is handled by Stripe; we do not store full credit card numbers on our servers.
• Legal Content: Documents, research queries, matter details, and other materials you upload to or create within the Service (“Legal Content”).
• Communications: Messages you send to us for support, feedback, or other inquiries.

1.2 Information Collected Automatically

• Usage Data: Features used, AI calls made, pages visited, time spent, and interaction patterns within the Service.
• Device and Connection Data: IP address, browser type, operating system, device identifiers, and general geolocation (city/state level).
• Log Data: Server logs including access times, error logs, and referring URLs.
• Cookies and Similar Technologies: Essential cookies for session management and authentication. We do not use advertising or tracking cookies.

2. How We Use Your Information

We use collected information for the following purposes:

• Service Delivery: To provide, maintain, and improve the Digital Paralegal™ platform, including AI-powered research, document drafting, citation verification, and other features.
• AI Processing: Legal Content is processed by our AI systems, including third-party AI models (Anthropic Claude), solely to generate the outputs you request. See Section 5 for details on AI data handling.
• Account Management: To manage your account, process payments, and communicate about your subscription.
• Security and Fraud Prevention: To detect, prevent, and respond to security incidents, fraud, and abuse.
• Service Improvement: To analyze usage patterns (in aggregate and anonymized form) to improve features, performance, and user experience.
• Legal Compliance: To comply with applicable laws, regulations, and legal processes.
• Communications: To send service-related notices, updates, and, with your consent, product announcements.

3. How We Share Your Information

We do not sell your personal information. We share information only in these limited circumstances:

We may also disclose information: (a) to comply with applicable law, regulation, or valid legal process; (b) to protect the rights, property, or safety of IdaMil™, our users, or the public; or (c) in connection with a merger, acquisition, or sale of assets, with notice to affected users.

4. Legal Content and Attorney-Client Privilege

We recognize the critical importance of attorney-client privilege and work product protections. Our commitments:

• Legal Content is treated as confidential at all times.
• We access Legal Content only as necessary to provide the Service, respond to support requests with your authorization, or comply with valid legal process.
• We implement technical safeguards to maintain the confidentiality of Legal Content, including encryption in transit (TLS 1.2+) and at rest (AES-256), role-based access controls, and audit logging.
• We do not use Legal Content to train AI models. Anthropic’s API terms prohibit using API inputs for model training.
• We will promptly notify you if we receive legal process seeking disclosure of your Legal Content, unless prohibited by law from doing so.

5. AI-Specific Data Practices

Transparency regarding AI data handling is essential for legal professionals:

• No Model Training: Your Legal Content and queries are never used to train, fine-tune, or improve the underlying AI models. We use Anthropic’s API, which contractually prohibits using customer inputs for model training.
• Transient Processing: AI queries are processed in real time and are not stored by the AI provider beyond the duration needed to generate a response.
• Prompt Architecture: We use system-level prompts and guardrails to instruct AI models to handle legal content appropriately, but cannot guarantee that AI models will never produce unexpected outputs.
• Writing DNA Profiles: If you enable Writing DNA, the system analyzes your writing patterns (sentence structure, vocabulary, formality level) to create a style profile stored in your account. This profile is used only to customize AI Outputs for your account and is deleted upon account termination.

6. Data Security

We implement industry-standard security measures including:

• Encryption in transit (TLS 1.2+) and at rest (AES-256);
• Row-level security in our database ensuring firm-level data isolation;
• Role-based access controls within multi-user accounts;
• Regular security assessments and penetration testing;
• Employee access limited to those with a business need, subject to confidentiality obligations;
• Incident response procedures with notification within 72 hours of discovery of a breach affecting your data.

7. Data Retention

We retain your data as follows:

• Account Information: Retained while your account is active and for 90 days after account closure.
• Legal Content: Retained while your account is active. Upon account termination, Legal Content is queued for deletion within 30 days, with permanent deletion from backups within 90 days.
• Usage Data: Retained in identifiable form for up to 24 months, then aggregated and anonymized.
• Payment Records: Retained as required by tax and financial regulations (typically 7 years).

You may request export of your data at any time through your account settings or by contacting us.

8. Your Privacy Rights

Depending on your jurisdiction, you may have the following rights:

• Access: Request a copy of the personal information we hold about you.
• Correction: Request correction of inaccurate personal information.
• Deletion: Request deletion of your personal information, subject to legal retention requirements.
• Portability: Request your data in a structured, commonly used, machine-readable format.
• Opt-Out of Sale: We do not sell personal information, but you may exercise this right as a precaution.
• Non-Discrimination: We will not discriminate against you for exercising your privacy rights.

To exercise any of these rights, contact us at customer.service@idamil.com with the subject line “Privacy Rights Request.” We will respond within 45 days (or as required by applicable law).

9. State-Specific Privacy Rights

Virginia Consumer Data Protection Act (VCDPA)

Virginia residents have the right to access, correct, delete, and obtain a portable copy of their personal data, and to opt out of the processing of personal data for targeted advertising, sale, or profiling. We do not engage in any of these activities. To exercise your rights or appeal a decision, contact us at customer.service@idamil.com.

California Consumer Privacy Act (CCPA/CPRA)

California residents have additional rights under the CCPA as amended by the CPRA, including the right to know what personal information is collected, the right to delete, the right to opt out of the sale or sharing of personal information, and the right to limit the use of sensitive personal information. We do not sell or share personal information for cross-context behavioral advertising. To exercise your rights, contact us at customer.service@idamil.com.

Other State Privacy Laws

We comply with applicable state privacy laws including those of Colorado (CPA), Connecticut (CTDPA), Utah (UCPA), Texas (TDPSA), Oregon (OCPA), Montana (MCDPA), and other states as their laws take effect. Residents of these states may exercise applicable rights by contacting us.

10. Cookies and Tracking

We use only essential cookies necessary for the operation of the Service (session management, authentication, security). We do not use advertising cookies, tracking pixels, or third-party analytics cookies that track you across websites. You may configure your browser to refuse cookies, but this may impair Service functionality.

11. Children’s Privacy

The Service is designed for legal professionals and is not intended for use by anyone under the age of 18. We do not knowingly collect personal information from individuals under 18. If we learn that we have collected information from a minor, we will delete it promptly.

12. International Data Transfers

The Service is operated in the United States. If you access the Service from outside the United States, your information will be transferred to and processed in the United States. By using the Service, you consent to this transfer. We implement appropriate safeguards for any international data transfers as required by applicable law.

13. Third-Party Links

The Service may contain links to third-party websites or services (such as court filing systems, bar association resources, or legal databases). We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing any information.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on the Service and, for material changes that affect how we handle Legal Content, by email to your registered address at least 30 days before the changes take effect.

15. Data Protection Officer

For privacy-related inquiries, concerns, or complaints, contact our Data Protection Officer:

IdaMil™ LLC
Attn: Data Protection Officer
Email: customer.service@idamil.com
Subject Line: “Privacy Inquiry”

16. Contact Information

For general questions about this Privacy Policy, contact us at:

IdaMil™ LLC
Email: customer.service@idamil.com
Subject Line: “Privacy Policy Inquiry”