Privacy Policy

Last updated: March 2026

1. Information We Collect

We collect information you provide directly: account details (name, email, firm name), case documents uploaded for review, payment information (processed by Stripe), and communications through the platform.

We automatically collect: usage data, device information, IP addresses, and cookies necessary for authentication and security.

2. How We Use Your Information

  • Provide and improve the Service
  • Process payments and manage subscriptions
  • Match cases with qualified expert witnesses
  • Generate AI-assisted document analysis (summaries, chronologies, gap detection)
  • Send transactional emails and service notifications
  • Ensure platform security and prevent fraud

3. Data Security

We implement industry-standard security measures including encryption in transit (TLS) and at rest, row-level security policies, CSRF protection, rate limiting, and regular security audits. Access to production data is restricted and audited.

4. Data Sharing

We do not sell your personal information. We share data only with:

  • Expert witnesses assigned to your case (limited to case-relevant information)
  • Service providers: Stripe (payments), Supabase (database), Resend (email), Anthropic (AI processing), Vercel (hosting)
  • As required by law or legal process

5. AI Processing

Documents uploaded for case review are processed by AI models to generate summaries, chronologies, and analysis. This processing occurs in secure environments. AI outputs are tools to assist expert review and are not retained for model training.

6. Data Retention

Case data is retained for the duration of your account plus a reasonable period for legal compliance. You may request deletion of your data at any time, subject to legal retention requirements.

7. Your Rights

You have the right to: access your data, correct inaccuracies, request deletion, export your data, and opt out of non-essential communications. To exercise these rights, contact us at the address below.

8. HIPAA Compliance

For clients requiring HIPAA compliance, we offer Business Associate Agreements (BAAs). Contact us to establish a BAA before uploading protected health information.

9. Changes to This Policy

We may update this Privacy Policy periodically. Material changes will be communicated via email or in-app notification.

10. Contact

For privacy inquiries, contact privacy@expertsurgeon.com.