Privacy Policy

LawSignals ("we," "our," or "us") provides AI-powered legislative tracking services for legal professionals. This Privacy Policy describes how we collect, use, and protect your information when you use our platform.

We are committed to protecting the privacy of legal professionals. Our architecture is designed with privacy as a foundational principle, not an add-on.

Account Information

• Name, email address, and organization name (provided during registration via Clerk)
• Role within your organization (admin or member)
• Billing information (processed and stored by Stripe; we do not store payment details)

Usage Data

• Categories and keywords you create for bill tracking
• News source configurations
• Alert preferences and notification settings
• Watchlists and report configurations
• General usage analytics (page views, feature usage)

What We Do NOT Collect

• AI prompts or responses (BYOK queries go directly to your AI provider)
• AI API keys in plain text (encrypted with AES-256-GCM at rest)
• Client information or case details
• Full bill text (we link to official sources)

• Provide, maintain, and improve the LawSignals platform
• Match bills to your categories using keyword matching
• Send alerts and notifications based on your preferences
• Generate reports you request
• Process payments via Stripe
• Communicate about service updates and support
• Enforce plan limits and usage tracking

When you use AI features (summaries, news categorization, bill comparison), your queries are sent directly to your chosen AI provider (OpenAI, Google Gemini, or Anthropic Claude) using your own API key. LawSignals does not proxy, log, or store these AI interactions. Your API key is encrypted at rest using AES-256-GCM and is only decrypted when making API calls on your behalf.

We do not sell your personal information. We share data only with:

• Clerk: Authentication and user management
• Stripe: Payment processing
• Resend: Email delivery for alerts and notifications
• Vercel: Dashboard hosting and analytics
• Sentry: Error tracking and performance monitoring

We may also share data if required by law or to protect our rights.

• All data encrypted in transit (TLS 1.3) and at rest (AES-256)
• AI API keys encrypted with AES-256-GCM
• Role-based access control (RBAC) for all accounts
• SOC 2 Type II certified infrastructure
• All data stored in US-based data centers
• Automated daily backups with point-in-time recovery

• Legislative data (bills, status changes): retained indefinitely
• News articles: retained for 1 year
• Delivered alerts: retained for 90 days
• User activity logs: retained for 90 days
• Account data: retained while your account is active
• After cancellation: data accessible for 30 days, then deleted

You have the right to:

• Access your personal data
• Export your data in CSV, JSON, or PDF formats
• Request correction of inaccurate data
• Request deletion of your data (we do not keep hidden copies)
• Withdraw consent for non-essential processing
• Lodge a complaint with a supervisory authority

We use essential cookies for authentication (via Clerk) and session management. We use Vercel Analytics for basic, privacy-respecting usage analytics. We do not use third-party advertising cookies.

For privacy-related inquiries, contact us at support@lawsignals.com.