OurFirm.ai LogoOurFirm.ai
Back to Legal

PRIVACY POLICY

Ourfirm.ai, Inc.
Effective Date: October 23, 2025

1. INTRODUCTION

Ourfirm.ai, Inc. ("Ourfirm.ai," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you use our Services.

This Privacy Policy applies to information collected through:

  • Our website at https://ourfirm.ai
  • Our platform and services ("Services")
  • Communications with us

Important Distinction: This Privacy Policy covers our collection and use of information about you and your use of the Services. Our processing of Customer Data (data you upload or generate in the Services) is governed by our Data Processing Addendum and Security Addendum.

What We Collect vs. What We Don't:

  • We collect: Usage Data (how you use the platform - frequency, features used, session data)
  • We collect: Personal Information (your name, email, account details)
  • We do NOT collect or use: Customer Data for analytics, improvements, or AI training
  • We do NOT collect or use: Your prompts, documents, case files, or generated content for any purpose other than providing the Services to you

Usage Data Definition: "Usage Data" means information reflecting the access, interaction, or use of the Service by or on behalf of Customer including frequency, duration, volume, features, functions, visit, session, click through or click stream data, and statistical or other analysis, information, or data based on, or derivative works of, the foregoing. Usage Data does not include any Customer Data or Content.

2. INFORMATION WE COLLECT

2.1 Information You Provide

Account Information

When you create an account, we collect:

  • Name
  • Email address
  • Password (encrypted)
  • Organization name
  • Job title
  • Phone number (optional)

Billing Information

For paid subscriptions, we collect:

  • Billing address
  • Payment method information (processed by our payment processor)

Customer Data

Content, documents, and data you upload, input, or generate using the Services. See our Data Processing Addendum for details on how we process Customer Data.

Communications

Information you provide when you:

  • Contact support
  • Respond to surveys
  • Communicate with us via email or chat

2.2 Information Collected Automatically

Usage Data

We collect Usage Data to analyze platform performance and improve the Services. Usage Data includes:

  • Features and functions accessed
  • Pages viewed and navigation patterns
  • Time spent on the Services
  • Frequency and duration of sessions
  • Click-through and click-stream data
  • Statistical analysis and aggregated metrics

What Usage Data Does NOT Include:

  • ❌ Content of your documents or case files
  • ❌ Text of your prompts or AI-generated outputs
  • ❌ Any Customer Data or Content you upload or create
  • ❌ Substance of your legal work product

Device Information

  • IP address
  • Browser type and version
  • Operating system
  • Device identifiers
  • Referring URLs

Cookies and Similar Technologies

We use cookies, web beacons, and similar technologies to:

  • Maintain your session
  • Remember your preferences
  • Analyze usage patterns (Usage Data only)
  • Improve the Services

You can control cookies through your browser settings.

2.3 Information from Third Parties

Authentication Providers

If you use single sign-on (SSO), we receive information from your identity provider (e.g., Google Workspace, Microsoft Azure AD).

Payment Processors

Our payment processor provides us with transaction information but not your complete payment card details.

Public Sources

We may supplement information with publicly available data for business purposes (e.g., verifying organization information).

3. HOW WE USE INFORMATION

3.1 To Provide the Services

  • Create and manage your account
  • Authenticate users
  • Process payments
  • Provide AI-powered features
  • Store and retrieve Customer Data
  • Respond to your requests

Customer Data Use: Customer Data is used ONLY to provide the Services to you. We do not use Customer Data for any other purpose.

3.2 To Improve and Develop the Services

  • Analyze Usage Data to understand platform performance
  • Develop new features based on aggregate usage patterns
  • Optimize user interface and navigation
  • Conduct research and development
  • Test and optimize the Services

Usage Data Only: Service improvements are based solely on Usage Data (metadata about how the platform is used), never on Customer Data (your actual content, documents, or prompts).

3.3 To Communicate with You

  • Send service updates and announcements
  • Respond to support requests
  • Send security alerts
  • Provide customer service
  • Send marketing communications (with consent)

3.4 For Security and Safety

  • Detect and prevent fraud
  • Protect against security threats
  • Enforce our Terms of Service and Acceptable Use Policy
  • Comply with legal obligations
  • Protect our rights and property

3.5 For Legal Compliance

  • Respond to legal requests
  • Comply with applicable laws and regulations
  • Enforce our agreements
  • Protect against legal liability

4. HOW WE SHARE INFORMATION

We do not sell your personal information. We share information only as described below:

4.1 Service Providers and Subprocessors

We share information with third-party service providers who perform services on our behalf, including:

  • Cloud infrastructure providers (AWS)
  • AI model providers (OpenAI, Anthropic, Google, Cerebras)
  • Payment processors
  • Email service providers
  • Analytics providers
  • Customer support platforms

See our Subprocessor List for details on providers that process Customer Data.

4.2 Business Transfers

If we are involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, your information may be transferred as part of that transaction.

4.3 Legal Requirements

We may disclose information if required by law or in response to valid legal process:

  • Subpoenas
  • Court orders
  • Search warrants
  • Regulatory requests

See our Law Enforcement & Legal Requests Policy for details on how we handle government requests.

4.4 With Your Consent

We may share information for other purposes with your consent.

4.5 Aggregated Information

We may share aggregated or de-identified information that cannot reasonably be used to identify you.

5. AI AND MACHINE LEARNING

5.1 Use of AI

Our Services use large language models and other AI technologies to provide features like:

  • Document generation
  • Legal research assistance
  • Text analysis and summarization
  • Predictive suggestions

5.2 AI Training - What We Do NOT Do

Customer Data is NOT used to train AI models - period. We have contractual agreements with all our AI providers (OpenAI, Anthropic, Google, Cerebras) that strictly prohibit:

  • ❌ Using your prompts to train public AI models
  • ❌ Using your documents to train AI models
  • ❌ Using your generated content to train AI models
  • ❌ Using any Customer Data or Content to improve AI models
  • ❌ Sharing your Customer Data with AI providers for training purposes

5.3 Usage Data for Service Improvement

We may use anonymized, aggregated Usage Data to improve our Services, such as:

  • ✅ Understanding which features are most frequently used
  • ✅ Identifying navigation patterns to improve user interface
  • ✅ Analyzing session duration and frequency metrics
  • ✅ Optimizing platform performance

Important: This analysis uses only Usage Data (metadata about platform usage), never the substance of your Customer Data.

5.4 AI Limitations

5.4 AI Limitations

AI-generated content may contain errors or "hallucinations." You are responsible for reviewing and verifying all AI-generated content. See Section 6 of our Terms of Service for details.

6. DATA RETENTION

6.1 Account Information

We retain account information for as long as your account is active or as needed to provide Services.

6.2 Customer Data

We retain Customer Data for the duration of your subscription plus any period required by law or our backup retention policies. See our Data Processing Addendum for details.

6.3 After Termination

After account termination, we delete or anonymize your information within a commercially reasonable time, except as required by law or our legitimate interests (e.g., fraud prevention, dispute resolution).

6.4 Backups

Information in backups may persist for up to 90 days after deletion.

7. SECURITY

We implement technical and organizational measures to protect your information, including:

  • Encryption in transit (TLS 1.2+)
  • Encryption at rest (AES-256)
  • Multi-factor authentication
  • Access controls
  • Regular security assessments
  • Employee security training

See our Security Addendum for comprehensive details.

However, no system is 100% secure. You are responsible for maintaining the security of your account credentials.

8. YOUR RIGHTS AND CHOICES

8.1 Access and Correction

You may access and update your account information through account settings or by contacting us.

8.2 Data Portability

You may export your Customer Data at any time through the Services.

8.3 Deletion

You may request deletion of your account and information by contacting us. Some information may be retained as permitted by law.

8.4 Marketing Opt-Out

You may opt out of marketing communications by:

  • Clicking "unsubscribe" in emails
  • Adjusting email preferences in account settings
  • Contacting us at privacy@ourfirm.ai

You cannot opt out of service-related communications.

8.5 Cookies

You may control cookies through your browser settings, but this may affect functionality.

8.6 Do Not Track

Our Services do not respond to Do Not Track signals, as there is no industry standard for how to respond.

9. STATE-SPECIFIC PRIVACY RIGHTS

9.1 California Residents (CCPA/CPRA)

If you are a California resident, you have the following rights:

Right to Know: Request details about personal information we collect, use, and disclose.

Right to Delete: Request deletion of your personal information (subject to exceptions).

Right to Correct: Request correction of inaccurate personal information.

Right to Opt-Out of Sale/Sharing: We do not sell or share personal information as defined by the CCPA.

Right to Non-Discrimination: We will not discriminate against you for exercising your rights.

Sensitive Personal Information: We do not use or disclose sensitive personal information except as permitted by law.

To exercise these rights, email privacy@ourfirm.ai or call [PHONE NUMBER].

9.2 Other State Privacy Laws

If you reside in Virginia, Colorado, Connecticut, Utah, or other states with privacy laws, you may have similar rights. Contact us to exercise applicable rights.

9.3 Verification

We may require verification of your identity before responding to privacy requests. We will respond within the timeframes required by applicable law.

10. CHILDREN'S PRIVACY

The Services are not intended for individuals under 18. We do not knowingly collect information from children. If we learn we have collected information from a child, we will delete it promptly.

11. INTERNATIONAL DATA TRANSFERS

Our Services are provided from and primarily hosted in the United States. If you access the Services from outside the US, your information will be transferred to and processed in the US.

For US customers, our Data Processing Addendum confirms that processing occurs within the US.

For non-US customers, by using the Services, you consent to the transfer of information to the US and other countries where we or our service providers operate.

12. CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time. Material changes will be communicated by:

  • Posting the updated policy on our website
  • Sending email notification (for significant changes)
  • Displaying a notice in the Services

The "Effective Date" at the top indicates when the policy was last updated. Your continued use after changes take effect constitutes acceptance.

13. CONTACT US

For questions about this Privacy Policy or our privacy practices, contact:

Ourfirm.ai, Inc.
Privacy Team
Email: privacy@ourfirm.ai
Legal: legal@ourfirm.ai

For data subject requests (access, deletion, correction), email: privacy@ourfirm.ai with "Privacy Request" in the subject line.

Related Documents:

  • Terms of Service
  • Data Processing Addendum
  • Security Addendum
  • Acceptable Use Policy
  • Subprocessor List
  • Law Enforcement & Legal Requests Policy

Effective Date: October 23, 2025
Version: 1.0