Skip to content
LawGPT
Privacy Policy

Privacy Policy.

This policy explains what information we collect, why, and what we do with it. For the technical story on how your matter content is protected, see the Security page.

Last updated: May 12, 2026

1. Who this applies to

This policy describes how LawGPT LLC ("LawGPT", "we", "us") handles personal information when you visit lawgpt.com, create an account at app.lawgpt.com, or communicate with us. It does not describe how your firm (the customer) handles personal information of its own clients; your firm is the controller of that data, and we are the processor.

2. What we collect

Account information

When you sign up, we collect your email address and name. If you sign in with a provider such as Google, we also collect the minimum profile information returned by that provider. We do not collect a password when you use social sign-in.

Usage information

We log operational information about product use: which pages were viewed, which actions were taken (for example, "uploaded a document", not the document itself), when errors occurred, and which browser and device type generated the request. This lets us keep the product working and find bugs.

Customer content

Documents, matters, tags, notes, chat threads, and anything else you create inside a workspace are customer content. We process customer content on your behalf under our Data Processing Agreement (see DPA). We do not use customer content to train AI models, and we do not access it unless you ask us to (for example, during support).

3. How we use information

  • To provide, maintain, and improve the product
  • To communicate with you about your account and updates
  • To detect and prevent abuse and security incidents
  • To comply with legal obligations

4. How we share information

We use a small number of vetted subprocessors to run the service. The current list is:

  • Microsoft Azure — cloud hosting, database, and AI inference (United States regions)
  • Auth0 by Okta — authentication and identity
  • Stripe — subscription billing and payment processing
  • Sentry — error monitoring
  • LaunchDarkly — feature flag delivery

We never sell personal information. We disclose information to law enforcement only in response to valid legal process, and wherever possible we notify the affected customer first. We will give at least 30 days' advance notice before adding or replacing a subprocessor; customers may object on reasonable grounds.

5. International transfers

Production data is stored in U.S. regions by default. If your organization has residency requirements, email hello@lawgpt.com.

6. Your rights

Depending on where you live, you may have rights under privacy laws (such as GDPR or the California Consumer Privacy Act) to access, correct, export, or delete personal information we hold about you. Email privacy@lawgpt.com and we will respond within the timeframes required by law.

7. Security

The Security page is the plain-English version of how we protect data: workspace isolation, role-based access, no training on your content, and an honest list of compliance items we do not yet have.

8. Retention

Account information and customer content are retained while your account is active, including after a subscription is canceled — your data stays in place so you can export it or reactivate the subscription. Permanent deletion happens when an owner deletes the workspace from workspace settings, or when you ask us in writing to delete the account. Deletion of primary storage is immediate and irreversible. Encrypted backups are overwritten in the ordinary course of operations.

9. Changes to this policy

We will update this policy when practices change. If the changes are material, we will notify you by email to the account owner and through a banner in the product before they take effect.

10. Contact

LawGPT LLC, 7000 Bahia Beach Blvd, Rio Grande, PR 00745, United States. Privacy questions: privacy@lawgpt.com.