PRIVACY POLICY

1. INTRODUCTION

BearisterAI, LLC ("Company," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our BearisterAI platform ("Service"). This policy applies to all users of our AI-powered legal research and practice guide platform.

By using our Service, you consent to the data practices described in this Privacy Policy. If you do not agree with this Privacy Policy, please do not access or use our Service.

2. INFORMATION WE COLLECT

2.1 Information You Provide Directly

We collect information you voluntarily provide to us, including:

Account Information:

• Name, email address, and contact information
• Professional credentials (bar admission, law school enrollment)
• Billing and payment information
• Profile preferences and settings

Content You Upload:

• Legal documents and case files
• Research queries and requests
• Communication with our support team
• Feedback and survey responses

2.2 Information Collected Automatically

When you use our Service, we automatically collect:

Usage Data:

• Pages visited, features used, and time spent on the platform
• Search queries and interaction patterns with AI assistant
• Device information (browser type, operating system, IP address)
• Log files and technical data for system operation and security

Essential Cookies:

• Authentication cookies to maintain your login session
• Preference cookies to remember your settings
• Security cookies to protect against fraud
• We do not currently use analytics or marketing cookies

2.3 Information from Third Parties

We may receive information from:

• Stripe for payment processing and billing purposes
• Professional licensing verification services
• CourtListener API and Free Law Project for legal case data (planned integration)
• Security providers for fraud prevention

3. HOW WE USE YOUR INFORMATION

We use your information for the following purposes:

3.1 Service Provision

• Provide and operate the BearisterAI platform
• Process AI-powered legal research requests
• Generate practice guides and educational content
• Maintain user accounts and subscription services
• Process payments and manage billing

3.2 AI Processing and Improvement

• Train and improve our AI models and algorithms
• Provide personalized responses and recommendations
• Analyze usage patterns to enhance service quality
• Develop new features and capabilities

3.3 Communication and Support

• Respond to your inquiries and provide customer support
• Send service-related notifications and updates
• Communicate about account status and billing matters
• Provide security alerts and important notices

3.4 Legal and Business Operations

• Comply with legal obligations and regulatory requirements
• Protect against fraud, abuse, and security threats
• Enforce our Terms and Conditions
• Conduct business analytics and research

4. AI DATA PROCESSING AND THIRD-PARTY SERVICES

4.1 Mistral Integration

Our Service uses Mistral's API and other AI services. When you interact with our AI assistant:

• Your queries and uploaded content may be processed by Mistral
• Mistral's data usage policies apply to this processing
• We implement measures to protect confidential information
• You should review Mistral's privacy policy for their data handling practices

4.2 Other Third-Party Services

We use the following third-party services:

• Render: Cloud hosting and infrastructure services
• Vercel: Web application deployment and hosting
• Stripe: Payment processing and billing management
• Mistral: AI processing through Mistral API
• CourtListener API/Free Law Project: Legal case database access (planned integration)
• Security and fraud prevention tools

4.3 Data Minimization

We strive to minimize data sharing with third parties by:

• Only sharing data necessary for service operation
• Implementing data protection measures where possible
• Regularly reviewing third-party data practices
• Providing you with control over sensitive information sharing

5. INFORMATION SHARING AND DISCLOSURE

5.1 We Do Not Sell Your Personal Information

We do not sell, rent, or trade your personal information to third parties for marketing purposes.

5.2 Limited Sharing Circumstances

We may share your information only in the following circumstances:

• Service Providers: With trusted third-party service providers who assist in operating our platform, subject to confidentiality agreements.
• Legal Requirements: When required by law, court order, or regulatory authority, or to protect our legal rights and safety.
• Business Transfers: In connection with a merger, acquisition, or sale of business assets, with appropriate data protection measures.
• Consent: With your explicit consent for specific purposes not covered in this policy.
• Emergency Situations: To protect the safety and security of users or the public when legally permitted.

5.3 Aggregate and De-identified Data

We may share aggregate, de-identified, or anonymized data that cannot reasonably identify you for research, analytics, or business purposes.

6. DATA SECURITY

6.1 Security Measures

We implement industry-standard security measures including:

• Encryption of data in transit and at rest
• Access controls and authentication requirements
• Regular security audits and vulnerability assessments
• Employee training on data protection practices
• Incident response and breach notification procedures

6.2 Limitations

Despite our security measures:

• No system is completely secure from all threats
• Internet transmission carries inherent risks
• You are responsible for maintaining account security
• We cannot guarantee absolute security of your information

6.3 Confidential Information Handling

For sensitive legal information:

• We recommend avoiding upload of highly privileged content
• Consider using generic examples rather than specific case details
• You control what information you choose to share
• We provide tools to delete uploaded content

7. DATA RETENTION

7.1 Retention Periods

We retain your information for the following periods:

• Account Data: During active subscription and for up to 2 years after account closure for business records and legal compliance.
• Uploaded Content: Files you upload are automatically deleted after 30 days for security and storage management. You may manually delete files at any time before the automatic deletion period.
• Usage Data: Typically retained for 2-3 years for analytics and service improvement.
• Communication Records: Retained for 3-7 years for customer service and legal purposes.

7.2 Data Deletion

You may request deletion of your personal data, subject to:

• Legal retention requirements
• Ongoing disputes or investigations
• Technical limitations in de-identification
• Legitimate business interests in aggregate data

8. YOUR PRIVACY RIGHTS

8.1 Access and Control

You have the right to:

• Access and review your personal information
• Update or correct inaccurate information
• Delete uploaded content and files
• Download your data in a portable format (feature planned for future release)
• Close your account and request data deletion

Beta Platform Notice: As BearisterAI is currently in beta, some user control features including data download/export functionality are under development and will be available in future updates.

8.2 Communication Preferences

You may control:

• Marketing and promotional communications
• Service-related notifications (limited opt-out)
• Newsletter and update subscriptions
• Cookie and tracking preferences

8.3 California Privacy Rights (CCPA)

California residents have additional rights including:

• Right to know what personal information is collected
• Right to delete personal information
• Right to opt-out of personal information sales (we don't sell data)
• Right to non-discrimination for exercising privacy rights

8.4 European Privacy Rights (GDPR)

If you're in the European Union, you have rights including:

• Right of access and portability
• Right to rectification and erasure
• Right to restrict processing
• Right to object to processing
• Right to withdraw consent

9. INTERNATIONAL DATA TRANSFERS

9.1 Data Location

Your data may be processed and stored in:

• United States, primarily in Oregon through Render hosting services
• Vercel's hosting infrastructure within the United States
• Stripe's secure payment processing infrastructure
• Mistral's servers for AI processing
• CourtListener/Free Law Project servers for legal database access (planned integration)

9.2 Transfer Safeguards

For international transfers, we implement:

• Standard contractual clauses
• Adequacy decisions where available
• Additional security measures as required
• Regular review of transfer mechanisms

10. CHILDREN'S PRIVACY

Our Service is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children under 18. If we become aware of such collection, we will take steps to delete the information promptly.

11. CHANGES TO THIS PRIVACY POLICY

11.1 Policy Updates

We may update this Privacy Policy periodically to reflect:

• Changes in our data practices
• New legal requirements
• Service enhancements and new features
• User feedback and best practices

11.2 Notification of Changes

We will notify you of material changes through:

• Email notification to your registered address
• Prominent notice on our platform
• Updated "Last Modified" date at the top of this policy
• At least 30 days advance notice for significant changes

11.3 Continued Use

Your continued use of the Service after changes take effect constitutes acceptance of the updated Privacy Policy.

12. CONTACT INFORMATION

12.1 Privacy Questions

For questions about this Privacy Policy or our data practices, contact:

12.2 Data Protection Officer

For GDPR-related inquiries, you may contact our Data Protection Officer at the same contact information above.

12.3 Regulatory Authorities

You have the right to lodge complaints with relevant data protection authorities in your jurisdiction if you believe we have violated your privacy rights.