Privacy Policy

1. Introduction

VeriLex AI (“VeriLex,” “we,” “us”) provides AI‑powered legal automation tools to solo attorneys and small firms. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you access verilex.ai and related applications or services (the “Platform”).

2. Scope

This policy applies to all visitors, wait‑list subscribers, beta testers, and customers worldwide. It is designed to comply with, among others:

• EU General Data Protection Regulation (GDPR)
• California Consumer Privacy & Rights Acts (CCPA/CPRA)
• ePrivacy Directive (EU Cookies Law)

3. Information We Collect

• Account & Contact Data — name, firm, email address, password hashes.
• Usage Data — log files, device/browser metadata, pages visited, feature interactions (captured only after consent).
• Client Content — documents or text you upload for processing (encrypted at rest).
• Billing Data — handled by Stripe; we never store full card details.

4. Cookies & Tracking

We use first‑party cookies to:

• Maintain secure sessions (Supabase Auth).
• Remember your cookie‑consent choice (cookie_consent).
• Collect aggregated analytics only after you consent.

Withdraw consent anytime by clearing cookies or adjusting preferences in our banner.

5. How We Use Your Data

• Provide, operate, and improve the Platform.
• Send transactional emails (e.g., wait‑list confirmation).
• Respond to inquiries and support requests.
• Protect against fraud, abuse, and unauthorized access.
• Comply with legal obligations and enforce our Terms of Use.

6. Legal Bases (GDPR)

• Contract — processing necessary to deliver agreed services.
• Consent — wait‑list marketing e‑mails and optional analytics.
• Legitimate Interest — platform security and product improvement.

7. Data Retention

Account data is stored until you request deletion or 12 months after inactivity, whichever comes first. Beta‑uploaded documents are auto‑deleted 30 days after processing unless you opt to retain them.

8. Security Measures

• TLS 1.3 encryption in transit; AES‑256 encryption at rest.
• Role‑based access controls with Supabase Row‑Level Security.
• Quarterly penetration tests; SOC 2 Type II audit in progress.

9. Your Rights

Depending on your jurisdiction, you may have the right to access, correct, delete, or port your personal data, and to object to certain processing. Submit requests to privacy@verilex.ai.

10. Third‑Party Services

We share data only with processors that meet our security standards:

• Supabase (database & auth, USA)
• Vercel (hosting, USA)
• Stripe (global payments)
• Postmark (transactional e‑mail)

We do not sell data or share it for advertising.

11. International Transfers

Data may be processed outside your country. Where required, we rely on EU Standard Contractual Clauses (SCCs) or other adequacy mechanisms.

12. Children’s Privacy

VeriLex AI is not directed to individuals under 18. We do not knowingly collect data from minors. If you believe a minor has provided data, contact us for deletion.

13. Policy Updates

We may amend this policy to reflect legal or operational changes. Material updates will be e‑mailed to account holders or highlighted on this page; the “Effective Date” above will change accordingly.

14. Contact

Questions or requests? Write to privacy@verilex.ai or VeriLex AI LLC, 123 Peachtree St NE Suite 400, Atlanta, GA 30303 USA.