Privacy Policy

1. Introduction

Starboard Labs LLC ("we," "us," or "our") operates the Atticus AI platform ("Service"). This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our Service.

2. Information We Collect

2.1 Account Information

• Name and email address
• Professional information you provide
• Payment information (processed through Stripe — we do not store card details)
• Communication records from support interactions

2.2 Usage Information

• AI queries and conversations
• Documents created with the AI Editor
• Technical data (IP addresses, browser information, system logs)

2.3 Document Storage

• Documents you upload to secure storage
• File metadata (names, upload dates)
• AI-generated analysis and research results

3. How We Use Your Information

• Provide our AI-powered legal research and document services
• Process and store your documents securely
• Maintain your account and process payments
• Provide customer support
• Send service-related notifications
• Monitor system security and prevent unauthorized access
• Comply with legal obligations

4. Information Sharing

4.1 Service Providers

• Amazon Web Services (AWS): Cloud infrastructure with signed Business Associate Agreement
• AWS Bedrock: AI processing with HIPAA-compliant BAA — your data is never used to train AI models
• Stripe: Payment processing (PCI DSS compliant)

4.2 Legal Requirements

We may disclose information when required by law:

• Court orders and subpoenas
• Regulatory investigations
• Law enforcement requests with proper legal authority

4.3 No Cross-Client Sharing

We never share data between different users. Each user's data remains completely isolated.

5. Data Security

• Encryption: All data encrypted at rest (AES-256) and in transit (TLS 1.3)
• Access Controls: Only you can access your data — our team cannot read your documents
• Infrastructure: US-based AWS data centers with SOC 2 compliance
• HIPAA Compliance: Business Associate Agreement with AWS for PHI protection
• Zero AI Training: Your data is never used to train or improve AI models

6. Data Retention and Deletion

6.1 Retention Periods

• Account and conversation data: Retained for 6 years for HIPAA compliance, deletable upon request
• Stored documents: Retained until you delete them, or 6 years after account closure
• Audit logs: 6 years as required by HIPAA
• Payment records: 7 years for tax compliance (managed by Stripe)
• Technical logs: 90 days for security purposes

6.2 Your Control

• Delete conversations and documents through the platform
• Request account deletion: email [email protected]
• Request data export: email [email protected]

We respond to all privacy requests within 45 days.

7. Your Privacy Rights

7.1 All Users

• Access and review your personal data
• Correct inaccurate information
• Request deletion of your data
• Export your data in a portable format
• Opt out of marketing communications

7.2 California Residents (CCPA/CPRA)

California residents have additional rights:

• Right to Know: Request disclosure of data we've collected (twice per 12 months)
• Right to Delete: Request deletion, subject to legal retention requirements
• Right to Correct: Request correction of inaccurate data
• Right to Non-Discrimination: We won't penalize you for exercising rights

7.3 Other State Privacy Rights

Residents of Virginia (CDPA), Colorado (CPA), Connecticut (CTDPA), Utah (UCPA), and other states with privacy laws have similar rights. Contact [email protected] to exercise your rights.

8. We Do Not Sell Your Data

9. Sensitive Personal Information

Legal documents you upload may contain sensitive information (financial data, health information, private communications). We use this information only to provide the Atticus service — never for marketing, advertising, or AI training.

Under California law (CPRA), you have the right to limit use of sensitive personal information. Because we only use it to provide the service, there are no additional uses to limit.

10. Automated Processing

Atticus uses AI to analyze documents and generate legal research. These AI outputs are tools to assist your work — they do not make decisions on your behalf. You retain full control over how to use or disregard any AI-generated content. No automated decisions are made that produce legal effects or similarly significant effects on you without human review.

11. Cookies and Tracking

We use only essential authentication cookies required for the service to function. We do not use third-party cookies, tracking pixels, or analytics services that track behavior across websites.

12. International Data

Atticus operates within the United States only. All data is processed and stored in AWS US-based data centers.

13. Children's Privacy

Atticus is not intended for users under 18 years of age. We do not knowingly collect personal information from minors.

14. Data Breach Notification

In the event of a data breach involving your personal information, we will:

• Notify you within 72 hours of discovery
• Notify state authorities as required by law
• Provide details on what happened and what we're doing
• Offer appropriate remediation

15. Policy Updates

We may update this Privacy Policy to reflect changes in our practices or legal requirements. We will notify users of material changes via email at least 30 days before changes take effect. Continued use after updates constitutes acceptance.

16. Contact Us