OurFirm.ai

Legal document

PRIVACY POLICY

How we collect, use, and protect your data
Effective Date
February 17, 2026

1. INTRODUCTION

Ourfirm.ai, Inc. ("Ourfirm.ai," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you use our Services.

This Privacy Policy applies to information collected through:

  • Communications with us
  • Our platform and services ("Services")
  • Our website at https://ourfirm.ai

Important Distinction: This Privacy Policy covers our collection and use of information about you and your use of the Services. Our processing of Customer Data (data you upload or generate in the Services) is governed by our Data Processing Addendum and Security Addendum.

What We Collect vs. What We Don't:

  • ❌ We do NOT collect or use: Your prompts, documents, case files, or generated content for any purpose other than providing the Services to you
  • ❌ We do NOT collect or use: Customer Data for content, analytics, improvements, or AI training
  • ✅ We collect: Personal Information (your name, email, account details)
  • ✅ We collect: Usage Data (how you use the platform - frequency, features used, session data)

Usage Data Definition: "Usage Data" means information reflecting the access, interaction, or use of the Service by or on behalf of Customer including frequency, duration, volume, features, functions, visit, session, click through or click stream data, and statistical or other analysis, information, or data based on, or derivative works of, the foregoing. Usage Data does not include any Customer Data or Content.

2. INFORMATION WE COLLECT

2.1 Information You Provide

Account Information

When you create an account, we collect:

  • Phone number (optional)
  • Job title
  • Organization name
  • Password (encrypted)
  • Email address
  • Name

Billing Information

For paid subscriptions, we collect:

  • Payment method information (processed by our payment processor)
  • Billing address

Customer Data

Content, documents, and data you upload, input, or generate using the Services. See our Data Processing Addendum for details on how we process Customer Data.

Communications

Information you provide when you:

  • Communicate with us via email or chat
  • Respond to surveys
  • Contact support

2.2 Information Collected Automatically

Usage Data

We collect Usage Data to analyze platform performance and improve the Services. Usage Data includes:

  • Statistical analysis and aggregated metrics
  • Click-through and click-stream data
  • Frequency and duration of sessions
  • Time spent on the Services
  • Pages viewed and navigation patterns
  • Features and functions accessed

What Usage Data Does NOT Include:

  • ❌ Substance of your legal work product
  • ❌ Any Customer Data or Content you upload or create
  • ❌ Text of your prompts or AI-generated outputs
  • ❌ Content of your documents or case files

Device Information

  • Referring URLs
  • Device identifiers
  • Operating system
  • Browser type and version
  • IP address

Cookies and Similar Technologies

We use cookies, web beacons, and similar technologies to:

  • Improve the Services
  • Analyze usage patterns (Usage Data only)
  • Remember your preferences
  • Maintain your session

You can control cookies through your browser settings.

2.3 Information from Third Parties

Authentication Providers

If you use single sign-on (SSO), we receive information from your identity provider (e.g., Google Workspace, Microsoft Azure AD).

Payment Processors

Our payment processor provides us with transaction information but not your complete payment card details.

Public Sources

We may supplement information with publicly available data for business purposes (e.g., verifying organization information).

3. HOW WE USE INFORMATION

3.1 To Provide the Services

  • Respond to your requests
  • Store and retrieve Customer Data
  • Provide AI-powered features
  • Process payments
  • Authenticate users
  • Create and manage your account

Customer Data Use: Customer Data is used ONLY to provide the Services to you. We do not use Customer Data for any other purpose.

No Customer Data Access. We do not access Customer Data except (a) at your direction (for example, when you provide specific materials to support for troubleshooting) or (b) to comply with law.

3.2 To Improve and Develop the Services

  • Test and optimize the Services
  • Conduct research and development
  • Optimize user interface and navigation
  • Develop new features based on aggregate usage patterns
  • Analyze Usage Data to understand platform performance

Usage Data Only: Service improvements are based solely on Usage Data (metadata about how the platform is used), never on Customer Data (your actual content, documents, or prompts).

3.3 To Communicate with You

  • Send marketing communications (with consent)
  • Provide customer service
  • Send security alerts
  • Respond to support requests
  • Send service updates and announcements

3.4 For Security and Safety

  • Protect our rights and property
  • Comply with legal obligations
  • Enforce our Terms of Service and Acceptable Use Policy
  • Protect against security threats
  • Detect and prevent fraud
  • Protect against legal liability
  • Enforce our agreements
  • Comply with applicable laws and regulations
  • Respond to legal requests

4. HOW WE SHARE INFORMATION

We do not sell your personal information. We share information only as described below:

4.1 Service Providers and Subprocessors

We share information with third-party service providers who perform services on our behalf, including:

  • Customer support platforms
  • Analytics providers
  • Email service providers
  • Payment processors
  • AI model providers (OpenAI, Anthropic, Google, Cerebras)
  • Cloud infrastructure providers (AWS)

Our subprocessors, including AI providers, process Customer Data only to provide the Services and, for AI providers, solely for inference. See our Subprocessor List for details on providers that process Customer Data.

4.2 Business Transfers

If we are involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, your information may be transferred as part of that transaction.

We may disclose information if required by law or in response to valid legal process:

  • Regulatory requests
  • Search warrants
  • Court orders
  • Subpoenas

See our Law Enforcement & Legal Requests Policy for details on how we handle government requests.

We may share information for other purposes with your consent.

4.5 Aggregated Information

We may share aggregated or de-identified information that cannot reasonably be used to identify you.

5. AI AND MACHINE LEARNING

Inference-only processing. When you use AI features, your Customer Data is sent to our AI providers solely to perform the requested task and return the output to you ("inference"). We do not permit our AI providers to use Customer Data to train or improve their models.

5.1 Use of AI

Our Services use large language models and other AI technologies to provide features like:

  • Predictive suggestions
  • Text analysis and summarization
  • Legal research assistance
  • Document generation

5.2 AI Training - What We Do NOT Do

Customer Data is NOT used to train AI models - period. We have contractual agreements with all our AI providers (OpenAI, Anthropic, Google, Cerebras) that strictly prohibit:

  • ❌ Sharing your Customer Data with AI providers for training purposes
  • ❌ Using any Customer Data or Content to improve AI models
  • ❌ Using your generated content to train AI models
  • ❌ Using your documents to train AI models
  • ❌ Using your prompts to train public AI models

5.3 Usage Data for Service Improvement

We may use anonymized, aggregated Usage Data to improve our Services, such as:

  • ✅ Optimizing platform performance
  • ✅ Analyzing session duration and frequency metrics
  • ✅ Identifying navigation patterns to improve user interface
  • ✅ Understanding which features are most frequently used

Important: This analysis uses only Usage Data (metadata about platform usage), never the substance of your Customer Data.

5.4 AI Limitations

AI-generated content may contain errors or "hallucinations." You are responsible for reviewing and verifying all AI-generated content. See Section 6 of our Terms of Service for details.

6. DATA RETENTION

6.1 Account Information

We retain account information for as long as your account is active or as needed to provide Services.

6.2 Customer Data

We retain Customer Data for the duration of your subscription plus any period required by law or our backup retention policies. See our Data Processing Addendum for details.

6.3 After Termination

After account termination, we delete or anonymize your information within a commercially reasonable time, except as required by law or our legitimate interests (e.g., fraud prevention, dispute resolution).

6.4 Backups

Information in backups may persist for up to 90 days after deletion.

7. SECURITY

We implement technical and organizational measures to protect your information, including:

  • Employee security training
  • Regular security assessments
  • Access controls
  • Multi-factor authentication
  • Encryption at rest (AES-256)
  • Encryption in transit (TLS 1.2+)

See our Security Addendum for comprehensive details.

However, no system is 100% secure. You are responsible for maintaining the security of your account credentials.

8. YOUR RIGHTS AND CHOICES

8.1 Access and Correction

You may access and update your account information through account settings or by contacting us.

8.2 Data Portability

You may export your Customer Data at any time through the Services.

8.3 Deletion

You may request deletion of your account and information by contacting us. Some information may be retained as permitted by law.

8.4 Marketing Opt-Out

You may opt out of marketing communications by:

  • Contacting us at privacy@ourfirm.ai
  • Adjusting email preferences in account settings
  • Clicking "unsubscribe" in emails

You cannot opt out of service-related communications.

8.5 Cookies

You may control cookies through your browser settings, but this may affect functionality.

8.6 Do Not Track

Our Services do not respond to Do Not Track signals, as there is no industry standard for how to respond.

9. STATE-SPECIFIC PRIVACY RIGHTS

If you are a California resident, you have the following rights:

Right to Know: Request details about personal information we collect, use, and disclose.

Right to Delete: Request deletion of your personal information (subject to exceptions).

Right to Correct: Request correction of inaccurate personal information.

Right to Opt-Out of Sale/Sharing: We do not sell or share personal information as defined by the CCPA.

Right to Non-Discrimination: We will not discriminate against you for exercising your rights.

Sensitive Personal Information: We do not use or disclose sensitive personal information except as permitted by law.

To exercise these rights, email privacy@ourfirm.ai.

9.2 Other State Privacy Laws

If you reside in Virginia, Colorado, Connecticut, Utah, or other states with privacy laws, you may have similar rights. Contact us to exercise applicable rights.

9.3 Verification

We may require verification of your identity before responding to privacy requests. We will respond within the timeframes required by applicable law.

10. CHILDREN'S PRIVACY

The Services are not intended for individuals under 18. We do not knowingly collect information from children. If we learn we have collected information from a child, we will delete it promptly.

11. INTERNATIONAL DATA TRANSFERS

Our Services are provided from and primarily hosted in the United States. If you access the Services from outside the US, your information will be transferred to and processed in the US.

For US customers, our Data Processing Addendum confirms that processing occurs within the US.

For non-US customers, by using the Services, you consent to the transfer of information to the US and other countries where we or our service providers operate.

12. CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time. Material changes will be communicated by:

  • Displaying a notice in the Services
  • Sending email notification (for significant changes)
  • Posting the updated policy on our website

The "Effective Date" at the top indicates when the policy was last updated. Your continued use after changes take effect constitutes acceptance.

13. CONTACT US

For questions about this Privacy Policy or our privacy practices, contact:

13. CONTACT US

Company
Ourfirm.ai, Inc.
Privacy Team Email
privacy@ourfirm.ai

For data subject requests (access, deletion, correction), email: privacy@ourfirm.ai with "Privacy Request" in the subject line.

Version history
VersionEffective DateSummaryAuthorApprover
2.02.17.26Version 2.0Ashton ChirukaAndrew Mancilla
1.010.23.25Version 1.0Damien MaillardAndrew Mancilla

Security First

Request Demo

Enterprise MSA and onboarding support available