Privacy Policy

2.1 Personal Information

We collect the following personal information:

• Account Information: Name, email address, professional credentials
• Payment Information: Billing details processed through Stripe (we do not store payment card information)
• Professional Verification: Information provided during our manual verification process
• Communication Records: Support emails and correspondence

2.2 Usage Information

• Service Usage: AI queries, document analysis requests, and system interactions
• Technical Data: IP addresses, browser information, and system performance logs
• Conversation History: AI interactions and analysis results (user-deletable)

2.3 Document Data

• Uploaded Documents: Legal documents temporarily processed for AI analysis
• Document Metadata: File names, upload timestamps, and processing results
• Analysis Results: AI-generated summaries, research, and legal analysis

Important: Documents are processed but not permanently stored. Document management features are planned for future releases.

3.1 Service Provision

• Provide AI-powered legal analysis and research tools
• Process and analyze uploaded legal documents
• Maintain user accounts and authentication
• Process payments through Stripe
• Provide customer support and training

3.2 Communication

• Send service-related notifications and updates
• Provide customer support and technical assistance
• Send marketing communications (with consent)
• Notify users of policy changes and service updates

3.3 System Operations

• Monitor system performance and reliability
• Ensure data security and prevent unauthorized access
• Comply with legal obligations and regulatory requirements
• Improve service quality and user experience

4.1 Service Providers

We share information with trusted third-party service providers:

• Amazon Web Services (AWS): Cloud infrastructure with signed Business Associate Agreement (BAA)
• Stripe: Payment processing (PCI DSS compliant)
• EmailJS: Email communication services
• AWS Bedrock: AI model access with HIPAA-compliant BAA

4.2 Legal Requirements

We may disclose information when required by law:

• Court orders and subpoenas
• Regulatory investigations
• Law enforcement requests with proper legal authority
• Emergency situations involving immediate physical harm

4.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, user information may be transferred to the acquiring entity with equivalent privacy protections.

4.4 No Cross-Client Sharing

Important: We never share client data between different law firms or users. Each client's data remains completely isolated.

5.1 Security Measures

• Encryption: AWS-provided encryption at rest and in transit
• Access Controls: Restricted access to authorized personnel only
• Infrastructure Security: AWS SOC 2 compliant infrastructure
• HIPAA Compliance: Business Associate Agreement with AWS ensuring PHI protection
• Regular Monitoring: Continuous security monitoring and threat detection

5.2 AI Model Security

• No Training Data: Your data is never used to train, fine-tune, or improve AI models
• Temporary Processing: Documents are processed in memory and not permanently stored
• Secure APIs: All AI processing through HIPAA-compliant AWS Bedrock services

6.1 Retention Period

• Account Information: Retained for 7 years in compliance with legal requirements
• Conversation History: Retained until user deletion or account termination
• Document Processing: Documents processed temporarily and not stored long-term
• Payment Records: Retained per Stripe's data retention policies

6.2 User Control

• Conversation Deletion: Users can delete individual conversations through the platform
• Account Deletion: Users can request account deletion by emailing [email protected]
• Data Portability: Users can request copies of their data
• Processing Restriction: Users can request limitation of data processing

7.1 Access Rights

• Review your account information and usage history
• Request copies of your personal data
• Update or correct inaccurate information
• Request deletion of your account and associated data

7.2 Communication Preferences

• Opt out of marketing communications
• Control service notification preferences
• Update contact information and preferences

7.3 California Privacy Rights (CCPA)

California residents have additional rights:

• Right to Know: Information about data collection and use
• Right to Delete: Request deletion of personal information
• Right to Opt-Out: We do not sell personal information
• Non-Discrimination: No penalties for exercising privacy rights

10.1 Legal Professional Focus

While not required, Atticus is designed for legal professionals including attorneys, paralegals, legal clerks, and legal assistants. Our security measures and data handling practices are designed to support professional legal work.

10.2 Attorney-Client Privilege

We implement measures to help preserve attorney-client privilege:

• Complete data isolation between different law firms
• No cross-contamination of client information
• Secure processing of potentially privileged communications
• HIPAA-compliant handling of protected health information

12.1 AWS Services

Our infrastructure is provided by Amazon Web Services under a signed Business Associate Agreement ensuring HIPAA compliance and data protection.

12.2 Payment Processing

Stripe processes all payments. Please review Stripe's privacy policy for information about their data handling practices.

12.3 Email Services

EmailJS facilitates our email communications. We do not share personal information beyond what's necessary for service delivery.