Privacy Policy

1. Information We Collect

We collect information you provide directly to us, including:

• Account information (name, email, firm name, role)
• Case and matter data you input into the platform
• Communications with our support team
• Usage data and interaction patterns within the platform

We also automatically collect certain technical information when you use our services, including IP address, browser type, and device information.

2. How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve our services
• Process transactions and send related information
• Send technical notices and support messages
• Respond to your comments and questions
• Analyze usage patterns to enhance user experience
• Protect against fraudulent or illegal activity

3. Data Security

We implement security measures that meet or exceed industry standards to protect your information:

• 256-bit AES encryption for data at rest and in transit
• SOC 2 Type II certified infrastructure
• Multi-tenant isolation with strict access controls
• Regular security audits and penetration testing
• Employee access limited on a need-to-know basis

4. Attorney-Client Privilege

We recognize the sacred nature of attorney-client communications. Our systems are architected from the ground up to preserve privilege. We do not access, review, or use the content of your legal documents or communications except as necessary to provide the services you request or as required by law. The specific technical and contractual measures we employ to protect privilege are documented internally and are available for disclosure pursuant to court order or as otherwise required by law.

5. Data Retention

We retain your information for as long as your account is active or as needed to provide you services. You may request deletion of your data at any time by contacting us. We will delete or anonymize your information within 30 days of such request, except where we are required to retain it by law.

6. Third-Party Services and AI Processing

We may share information with third-party service providers who perform services on our behalf. These providers are contractually obligated to protect your information and use it only for the purposes we specify.

AI-Assisted Analysis

Esquire AI uses AI technologies to power its legal analysis features, including evidence comprehension, relevance mapping, and document summarization. We go above and beyond prevailing standards to ensure that AI-assisted processing does not compromise the confidentiality of your data. Our safeguards include:

• All AI processing is conducted exclusively through enterprise service tiers with zero-data-retention guarantees
• No AI service provider retains, stores, or uses your inputs or outputs for model training or any purpose beyond fulfilling the immediate request
• Data is automatically classified by sensitivity level and routed to the appropriate processing tier -- the most sensitive classifications are restricted to infrastructure that ensures data never leaves your controlled environment
• Personally identifiable information is automatically redacted from prompts before any external transmission
• No original file attachments are transmitted to AI service providers; only extracted text, metadata, and structured prompts are processed
• All transmissions use TLS 1.3 encryption in transit

A complete list of AI service providers, their roles, and the specific contractual data-handling obligations applicable to each is maintained internally. This information is available for disclosure pursuant to court order, regulatory inquiry, or as otherwise required by law.

7. Zero-Data-Retention and Compliance

Esquire AI is designed to exceed current legal industry requirements for data protection in AI-assisted workflows. Every AI interaction involving your legal data is governed by the following commitments:

• No training on your data without explicit written consent
• No server-side retention of prompts or responses by any AI service provider
• No sharing of your data with third parties by any AI service provider
• Immutable, cryptographically verifiable audit logging of every AI interaction
• Sensitivity-based classification and routing on every request
• Automated PII redaction before any external processing
• Cryptographic hashing of all inputs and outputs for tamper detection

Our compliance architecture is defensible and fully auditable. Complete technical and contractual documentation of all data-handling measures is available for in camera review upon court order or as required by any applicable regulatory mandate.

8. Data Residency

Esquire AI supports configurable data residency to comply with jurisdictional requirements. AI processing can be restricted to specific geographic regions, including the United States, European Union, and Asia-Pacific. For the highest sensitivity classifications, all processing occurs entirely on infrastructure you control, providing complete data sovereignty.

Data residency settings are enforced at the infrastructure routing level and recorded in the audit trail for compliance verification.

9. AI Disclosure and Reproducibility

Esquire AI maintains a per-matter record of every instance of AI-assisted analysis. This record supports compliance with judicial standing orders and other mandates requiring disclosure of AI usage in legal proceedings. For each AI interaction, the record captures:

• Unique request identifier and timestamp
• Purpose and scope of the analysis
• Data classification level applied
• Cryptographic content hashes for tamper detection
• Model version identifiers for reproducibility

Court-ready AI disclosure statements can be generated from these records on demand. All AI-generated output is subject to attorney certification before it may be included in any filing or shared with any party.

10. Your Rights

Depending on your location, you may have certain rights regarding your personal information:

• Access to your personal data
• Correction of inaccurate data
• Deletion of your data
• Data portability
• Objection to certain processing

11. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date.