Privacy Policy

Effective Date: [Insert Date]

LexBrief ("we", "us", or "our") is committed to protecting the privacy and confidentiality of our users ("you", "your", or the "User"). As a platform built exclusively for legal professionals, we understand the critical importance of attorney-client privilege, data security, and compliance with legal hold obligations.

This Privacy Policy explains how we collect, use, process, and protect your information when you use the LexBrief Microsoft Word add-in, Playbook Studio web dashboard, and related services (collectively, the "Services").

1. Our "Zero-Retention" Commitment

The core of our data architecture is a strict Zero-Retention Strategy regarding your client documents.

• No Document Storage: LexBrief databases do not store the original text of the contracts or documents you analyze using our Word add-in.
• Metadata Only: We only log metadata necessary to provide service analytics and ROI calculations (e.g., riskCount, timeSavedMs, document names for audit logs, and matter IDs).
• LLM API Partners: When your text is sent to our AI providers (such as Anthropic Claude), it is processed under strict Enterprise Zero-Data Retention agreements. Your data is processed in memory to generate the JSON response, is not used to train any AI models, and is discarded immediately after the inference request is completed.

2. Information We Collect

While we do not store your contract text, we do collect information necessary to operate, maintain, and bill for the Services:

A. Account and Authentication Data

• We use Microsoft 365 Single Sign-On (SSO) via NextAuth.js for seamless authentication. We collect your basic profile information (name, email address, organization) provided by your Microsoft account.

B. User-Generated Content (Playbooks)

• Playbook Studio: We store the structured rules, tiers, fallback positions, and configurations you create within the Playbook Studio. These rules belong to your organization and are stored securely in our PostgreSQL database (hosted via Supabase/Neon).

C. Usage and Telemetry Data

• We collect analytics on how you use the Services to calculate ROI and billable hours saved (e.g., number of revisions applied, usage frequency).
• We collect technical diagnostic data to monitor the health of the application, such as latency metrics or edge function execution times.

3. How We Use Your Information

We use the collected information solely to:

• Provide, maintain, and improve the Services.
• Authenticate your access and enforce authorization policies.
• Calculate usage-based billing and display ROI metrics in your Dashboard.
• Provide customer support and troubleshoot technical issues (e.g., "Locator Fail" debugging).
• Send administrative messages, updates, and security alerts.

4. How We Share Your Information

We do not sell your personal data. We only share information with third parties in the following limited circumstances:

• Subprocessors: We use trusted third-party service providers for hosting (Vercel), database infrastructure (Neon/Supabase), payment processing (Stripe), and AI inference (Anthropic). All subprocessors are bound by strict confidentiality and data protection agreements.
• Legal Requirements: If required by law, subpoena, or valid legal process, we may disclose your information. However, because we do not store document contents, we cannot produce your contract text to legal authorities.

5. Data Security

We implement enterprise-grade security measures to protect your data, including:

• HTTPS/TLS encryption for all data in transit between your Microsoft Word client and our Next.js Edge APIs.
• Logical separation of tenant data in our databases to ensure Playbooks and Audit Logs are isolated by Organization.

6. Your Rights and Choices

Depending on your jurisdiction, you may have the right to access, correct, or delete the personal data we hold about you. You or your Organization's administrator can manage your Playbooks and account settings via the Playbook Studio dashboard.

7. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any significant changes by posting the new policy in the Services.

8. Contact Us

If you have any questions or concerns regarding this Privacy Policy or our data security practices, please contact our Data Protection Officer at:

Email: [Insert Contact Email]
Address: [Insert Company Address]