DueCounsel
Sign inGet started

Privacy Policy

Last updated: April 16, 2025

1. Overview

DueCounsel (“we”, “us”, “our”) is committed to protecting the privacy of law firms and their clients. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you use our Service. By using DueCounsel, you consent to this policy.

2. Information We Collect

We collect the following categories of information:

Account Information

Email address, firm name, display name, and hashed password when you register.

Document Content

Legal documents you upload for processing. These are stored securely in encrypted cloud storage, associated exclusively with your tenant (firm).

Usage Data

Page views, API calls, document processing counts, and feature usage for billing and product improvement.

Technical Data

IP address, browser type, device identifiers, and log data for security monitoring.

3. How We Use Your Information

  • To provide and operate the Service (document processing, deadline extraction, search).
  • To authenticate users and enforce multi-tenant data isolation.
  • To calculate and bill for usage-based subscription charges.
  • To send transactional emails (account confirmation, password reset).
  • To monitor for security incidents and prevent abuse.
  • To improve AI model accuracy using anonymized, aggregated metrics only — never your document content.

4. Multi-Tenant Data Isolation

Each law firm is assigned a unique tenant identifier. All documents, extractions, and AI search results are strictly scoped to your firm's tenant. No user can access another firm's data through the Service. Data isolation is enforced at every layer: API, database queries, and vector search indexes.

5. Data Sharing and Third Parties

We do not sell your data. We share data with third parties only as follows:
  • Cloud Infrastructure: AWS (S3 for document storage, SQS for processing queues). AWS is bound by a Data Processing Addendum.
  • AI Processing: Mistral AI for document OCR and embedding generation. Documents are sent to Mistral's API for processing; Mistral's data handling is governed by their terms.
  • Vector Database: Qdrant for semantic search indexing. Only text embeddings (numerical vectors), not raw document text, are stored in Qdrant.
  • Payment Processing: Stripe for billing. We do not store full card numbers.
  • Legal Requirements: We may disclose data if required by law, court order, or to protect rights and safety.

6. Data Retention

  • Account data is retained while your account is active and for 30 days after termination.
  • Documents and extracted deadlines are retained while your subscription is active.
  • You may request deletion of your data at any time by contacting us. Processing may take up to 30 days.
  • Audit logs are retained for 12 months for security purposes.

7. Security

We implement industry-standard security measures including:
  • Passwords stored as PBKDF2-SHA256 hashes with unique salts.
  • All data transmitted over TLS 1.2+.
  • Documents stored in encrypted S3 buckets (AES-256).
  • JWT-based authentication with short-lived tokens.
  • Access logs and anomaly detection.
No security system is impenetrable. If you discover a vulnerability, please disclose it responsibly to security@duecounsel.com.

8. Attorney-Client Privilege

We understand that documents uploaded may contain privileged communications. DueCounsel operates as a technology service provider to your firm. We do not access document content except as necessary to provide the Service. We recommend consulting your jurisdiction's ethics rules regarding cloud storage of client documents before use.

9. Cookies

We use essential session cookies and localStorage tokens (JWT) for authentication. We do not use advertising or cross-site tracking cookies. You may disable cookies in your browser settings, but this will prevent you from logging in.

10. Your Rights

Depending on your jurisdiction, you may have rights to:
  • Access a copy of data we hold about you.
  • Correct inaccurate account information.
  • Request deletion of your data.
  • Data portability (export your extractions as CSV or ICS).
  • Opt out of non-essential communications.
To exercise these rights, email privacy@duecounsel.com.

11. Children

The Service is not directed to individuals under 18. We do not knowingly collect personal information from minors.

12. Changes to This Policy

We will notify you of material changes via email or in-app notice at least 14 days before they take effect. Continued use of the Service after that date constitutes acceptance.

13. Contact

DueCounsel Privacy Team

privacy@duecounsel.com