Home/Privacy Policy

Privacy Policy

Your privacy is important to us. This policy explains how we collect, use, and protect your personal information.

Last Updated: October 22, 2025

Quick Navigation:

What We CollectHow We Use DataData SharingYour RightsSecurityData Retention

v-Lawyer ("we," "us," or "our") operates the v-lawyer.ai website and mobile applications (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service. We are committed to protecting your privacy and complying with applicable data protection laws, including GDPR (General Data Protection Regulation) and CCPA (California Consumer Privacy Act).

1. Information We Collect

1.1 Account Information

When you create an account, we collect:

  • Email address (required for account creation)
  • Name (from OAuth providers or manually entered)
  • Phone number (optional)
  • Location/Jurisdiction (to provide location-specific legal guidance)
  • OAuth provider information (Apple, Google, LinkedIn, GitHub, or Microsoft)
  • Profile data (additional information from your OAuth provider)

1.2 Legal Case Information

To provide our AI-powered legal assistance, we collect:

  • Case descriptions and details about your legal issues
  • Conversation history with our AI assistant
  • Documents and evidence you upload (contracts, receipts, photos, videos, audio files)
  • Case category, status, and severity assessments
  • Action plans and step progress
  • Complaint letters and legal documents generated

1.3 Payment Information

  • Subscription tier (Free, Pro, or Max)
  • Billing period and subscription status
  • Payment processor IDs (Stripe customer ID, RevenueCat subscriber ID)
  • Note: We do NOT store credit card numbers or payment details. All payment processing is handled securely by Stripe and RevenueCat.

1.4 Usage Data

We automatically collect:

  • Feature usage statistics (number of triage sessions, action plans, complaints created)
  • Search queries and search results interactions
  • Storage usage (document and evidence storage in bytes)
  • AI token consumption (for cost tracking and optimization)
  • API request counts (for rate limiting)

1.5 Technical Data

  • IP address
  • Browser type and version
  • Device information (device type, operating system)
  • Request logs (paths, response codes, performance metrics)
  • Device tokens (for push notifications on mobile)
  • Cookies and local storage (for authentication and preferences)

2. How We Use Your Information

We use your information for the following purposes:

2.1 Provide and Improve Our Service

  • Deliver AI-powered legal consultation and case management
  • Generate action plans, complaints, and legal documents
  • Process and analyze uploaded documents (OCR, AI analysis)
  • Provide search functionality across legal case precedents
  • Improve our AI models and service quality

2.2 Account Management

  • Create and maintain your account
  • Authenticate your identity
  • Process payments and manage subscriptions
  • Enforce usage limits based on your subscription tier
  • Send service notifications and account updates

2.3 Communications

  • Send transactional emails (password resets, subscription confirmations)
  • Deliver push notifications about case updates and deadlines
  • Respond to your support requests
  • Send optional marketing communications (with your consent)

2.4 Security and Fraud Prevention

  • Monitor for suspicious activity and abuse
  • Enforce rate limits to prevent service overload
  • Investigate and respond to security incidents
  • Comply with legal obligations and court orders

2.5 Analytics and Research

  • Analyze usage patterns to improve features
  • Conduct A/B testing for product optimization
  • Track search queries to improve relevance
  • Generate aggregated, anonymized statistics

3. How We Share Your Information

We do NOT sell your personal information. We share data only in the following circumstances:

3.1 Service Providers

We share data with trusted third-party service providers who assist in operating our Service:

ServicePurposeData Shared
AWS S3 / Cloudflare R2File storageUploaded documents and evidence
OpenAIAI processingAnonymized case text and questions
StripePayment processingBilling information, transaction IDs
RevenueCatiOS subscriptionsUser ID, subscription status
SendGridEmail deliveryEmail addresses, notification content
Firebase (FCM)Push notificationsDevice tokens, notification messages
SentryError trackingError logs, stack traces (NO PII)
MixpanelProduct analyticsUser events, feature usage (UUID-based)

All service providers have signed Data Processing Agreements (DPAs) ensuring GDPR compliance.

3.2 Legal Compliance

We may disclose your information if required by law or in response to:

  • Court orders or subpoenas
  • Government or regulatory requests
  • Legal processes or law enforcement investigations
  • Protection of our rights, property, or safety

3.3 Business Transfers

If we undergo a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity. We will notify you of any such change.

4. Your Privacy Rights

GDPR Rights (European Users)
  • Right of Access: Request a copy of your personal data in JSON format.
    Settings → Privacy → Export My Data
  • Right to Erasure: Request deletion of your account and personal data.
    Settings → Privacy → Delete My Account
  • Right to Rectification: Update or correct your personal information in Account Settings.
  • Right to Data Portability: Receive your data in a machine-readable format.
  • Right to Restrict Processing: Request limitation of processing your data.
  • Right to Object: Object to processing based on legitimate interests.
CCPA Rights (California Users)
  • Right to Know: Know what personal information we collect, use, and share.
  • Right to Delete: Request deletion of your personal information.
  • Right to Opt-Out: We do NOT sell your personal information, so no opt-out is necessary.
  • Right to Non-Discrimination: We will not discriminate against you for exercising your rights.

4.1 How to Exercise Your Rights

You can exercise your privacy rights through:

We will respond to your request within 30 days as required by GDPR and CCPA.

5. Data Security

We implement industry-standard security measures to protect your information:

5.1 Encryption

  • In Transit: TLS 1.3 (HTTPS) encryption for all data transmission
  • At Rest: AES-256 encryption for sensitive data and file storage
  • Database: Encrypted database backups stored securely

5.2 Authentication & Access Control

  • JWT Tokens: Short-lived access tokens (15 minutes)
  • OAuth 2.0: Secure authentication with Apple, Google, LinkedIn, GitHub, Microsoft
  • Password Hashing: bcrypt algorithm for password protection
  • User Isolation: Strict access controls ensure users can only access their own data

5.3 Application Security

  • Rate Limiting: 100 requests/minute for general endpoints, 10 requests/minute for AI endpoints
  • CORS Protection: Cross-origin request security
  • Input Validation: All inputs validated to prevent injection attacks
  • Security Monitoring: Continuous monitoring for suspicious activity

5.4 Infrastructure Security

  • Hosted on secure, SOC 2 compliant cloud infrastructure
  • Regular security audits and penetration testing
  • Automated backups with encryption
  • Incident response plan and security team

Important: While we implement robust security measures, no system is 100% secure. You are responsible for keeping your account credentials confidential and notifying us immediately of any unauthorized access.

6. Data Retention

We retain your information for as long as necessary to provide our Service and comply with legal obligations:

6.1 Active Accounts

  • Account data: Retained while your account is active
  • Case data: Retained indefinitely (you can delete individual cases anytime)
  • Documents and evidence: Retained until you delete them or close your account

6.2 Deleted Accounts

  • Grace period: 30 days to recover your account after deletion
  • Immediate anonymization: Email changed to deleted_[user_id]@deleted.local, name to "Deleted User"
  • Permanent deletion: After 30 days, all personal data is permanently deleted
  • Financial records: Anonymized but retained for 7 years (legal requirement)

6.3 System Data

  • Application logs: 30 days
  • Error logs: 90 days
  • Audit logs: 7 years (for legal compliance)
  • Read notifications: 90 days (auto-deleted)

6.4 Automated Cleanup

We run automated data retention processes daily at 2 AM UTC to permanently delete accounts past the 30-day grace period and remove old system data per our retention policy.

7. Cookies and Tracking

7.1 Authentication Tokens

We use JWT (JSON Web Tokens) stored in your browser's local storage for authentication. These are not traditional cookies but serve a similar purpose:

  • Access Token: Valid for 15 minutes, used to authenticate API requests
  • Refresh Token: Valid for 30 days, used to obtain new access tokens

7.2 Analytics

  • Mixpanel: Product analytics (identified by UUID only, not personal information)
  • Search Analytics: Track search queries and interactions to improve relevance

7.3 Your Choices

You can clear your browser's local storage to remove authentication tokens, but this will log you out. Most browsers allow you to block or delete local storage data.

8. Children's Privacy

Our Service is not intended for children under 13 years of age (or 16 in the European Economic Area). We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at privacy@v-lawyer.ai, and we will delete such information immediately.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws different from those in your country. We ensure appropriate safeguards are in place to protect your information, including:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Data Processing Agreements (DPAs) with all service providers
  • Adherence to GDPR requirements for international transfers

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

  • Posting the new Privacy Policy on this page
  • Updating the "Last Updated" date at the top
  • Sending you an email notification (for significant changes)
  • Displaying a prominent notice in the app

Your continued use of the Service after changes become effective constitutes acceptance of the updated Privacy Policy.

11. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email: privacy@v-lawyer.ai

Data Protection Officer: dpo@v-lawyer.ai

Support: support@v-lawyer.ai

Legal Disclaimer: This Privacy Policy is provided for informational purposes and does not constitute legal advice. The Service provides AI-powered legal information and guidance, but does not replace professional legal counsel. For specific legal matters, please consult a licensed attorney.