Privacy Policy
Effective July 11, 2026
1. What we collect
Account and firm information you provide: firm name, your name, practice areas, standards, firm knowledge entries, and configuration.
Data from connected services, only with your explicit authorization: if you connect QuickBooks Online, we access accounting data (such as profit-and-loss summaries, accounts-receivable aging, and company information) through Intuit's APIs to power the Service's financial briefings.
Usage data: interactions with the Service used to operate, secure, and improve it.
2. How we use it
Solely to provide the Service: generating briefings, staff work product, recommendations, and reports for your firm. Content you provide may be processed by our AI model providers (for example, via Vercel AI Gateway to Anthropic models) as necessary to generate responses; we do not permit our model providers to train on your firm's data.
We do not sell your data. We do not share it with third parties except service providers necessary to operate the platform (hosting, database, AI inference), each bound to use it only on our behalf.
3. QuickBooks Online data
Connecting QuickBooks is optional and initiated by you through Intuit's authorization flow. We store the OAuth tokens needed to maintain the connection and financial summary snapshots used in your dashboards. We access only the accounting scope you authorize. You can disconnect at any time from Settings or from Intuit's connected-apps page, which stops all further access; you may also request deletion of stored snapshots at any time.
4. Text messaging (SMS)
If you consent to receive text messages from a firm using the Service (verbally on a call, through the firm's website chat, or by texting the firm first), those messages are one-to-one, service-related communications from that firm. Message frequency varies; message and data rates may apply; reply STOP to opt out at any time or HELP for assistance.
No mobile information will be shared with third parties or affiliates for marketing or promotional purposes. Text messaging originator opt-in data and consent are not shared with any third parties, except as necessary to deliver the messages or as required by law. See our SMS Terms & Consent page for full details.
5. Storage and security
Data is stored with our infrastructure providers (Vercel; Neon serverless Postgres) in the United States, encrypted in transit. Access to firm data is restricted to the subscribing firm's authenticated users. No method of transmission or storage is perfectly secure; we work to protect your information consistent with industry practice.
6. Confidentiality expectations for law firms
We designed the Service around law firm confidentiality duties. You control what firm knowledge you provide. Do not upload information subject to confidentiality obligations you have not satisfied; the Service does not require client-identifying information to operate.
7. Retention and deletion
We retain firm data while your account is active. Upon account closure or request, we delete firm data within 30 days, except as required for legal compliance. Email support@lawstaff.ai for deletion requests.
8. Changes and contact
We may update this policy; material changes will be announced through the Service. Questions: support@lawstaff.ai.