How we collect, use, protect, and handle your information.
Our commitment: Privacy isn't just a policy for us — it's the foundation of the product. LitigationVault.ai exists because people's AI conversations weren't private enough. We built the entire platform around the principle that your data belongs to you and your attorney, and no one else should ever see it.
LitigationVault.ai is a product created, owned, and operated by PatentVC | Trademarkia, a California professional corporation doing business as Trademarkia ("Company," "we," "our," or "us").
This Privacy Policy applies to the LitigationVault.ai website, platform, applications, and related services (collectively, the "Platform"). It does not apply to third-party websites, services, or AI providers linked from or integrated with the Platform, which have their own privacy policies.
We collect different types of information depending on how you interact with the Platform.
| Data Category | Examples | When Collected |
|---|---|---|
| Account information | Name, email, phone number, password (hashed) | Account creation |
| Professional credentials | Bar number, firm name, jurisdiction (attorneys only) | Law firm signup |
| Case information | Case type, jurisdiction, matter name | Onboarding, client invite |
| Payment information | Credit card or payment details | Subscription signup (processed by Stripe; we do not store card numbers) |
| Contact form submissions | Name, email, message content | Contact, support, or sales inquiries |
| Data Category | Examples | When Collected |
|---|---|---|
| AI conversations | Your queries to AI models and the AI's responses | When you use the vault |
| Uploaded documents | PDFs, images, Word files, emails, contracts | When you upload to your vault |
| Case timelines & notes | AI-generated or user-created timelines and notes | When you use case tools |
| Data Category | Examples | Purpose |
|---|---|---|
| Device & browser info | Browser type, OS, screen resolution, device type | Platform compatibility, security |
| IP address | Your IP address at time of access | Security, fraud prevention, approximate geolocation |
| Usage data | Pages visited, features used, session duration | Platform improvement, support |
| Audit log data | Timestamps, actions taken, model selected, review status | Privilege documentation, security |
Your vaulted communications receive the highest level of protection on the Platform. This includes every AI conversation, every document you upload, and every case note or timeline in your vault. These are treated as potentially attorney-client privileged materials.
Vaulted communications are:
We will access the contents of a vault only in the following limited circumstances:
Any access under these circumstances is logged in the immutable audit trail.
When you send a query to an AI model through the Platform, your query is transmitted to the selected AI provider's enterprise API for processing. Here is how each provider handles your data:
| Provider | Data Retention | Training Use | Human Review |
|---|---|---|---|
| Anthropic (Claude) | Zero Data Retention — data is not stored at rest after the API response is returned | Not used for training | Not subject to human review |
| OpenAI (ChatGPT) | Zero Data Retention — store=false enforced on all API calls | Not used for training (enterprise/API) | Not used for abuse monitoring (ZDR) |
| Google (Gemini) | Enterprise data processing agreement — data processed ephemerally | Not used for model improvement | Not subject to human review |
| Self-Hosted (Private) | Data never leaves your network | N/A | N/A |
These protections are established through enterprise agreements between PatentVC | Trademarkia and each AI provider. We continuously monitor provider terms and will notify users of any material changes that could affect data handling or privilege protections.
Important: The data handling practices described above are based on each provider's current enterprise API terms as of the effective date of this Policy. AI provider terms may change. We will update this Policy and notify affected users if any material change occurs.
| Purpose | Data Used | Legal Basis |
|---|---|---|
| Providing the Platform | Account info, vaulted content, usage data | Contract performance |
| Authentication & security | Email, password, MFA tokens, IP address | Contract performance, legitimate interest |
| Privilege documentation | Audit logs, timestamps, model metadata | Contract performance, legitimate interest |
| Billing & payments | Payment info (via Stripe), subscription data | Contract performance |
| Attorney review workflow | AI conversations, urgency flags, review status | Contract performance |
| Integration sync | Clio matters, time entries, calendar events | Contract performance (user-initiated) |
| Customer support | Contact form data, account info, usage data | Contract performance, legitimate interest |
| Platform improvement | Anonymized, aggregated usage patterns (never vault content) | Legitimate interest |
| Legal compliance | As required by applicable law | Legal obligation |
| Communications | Email address | Contract performance (transactional), consent (marketing) |
We believe this section is as important as what we do with your data. These are absolute commitments:
We share your information only in the following limited circumstances:
Your vaulted communications are accessible to your directing attorney. This is the core function of the Platform — attorney review is what establishes and maintains privilege. Your attorney can see your AI conversations, uploaded documents, and vault activity.
We use the following categories of service providers who may process your data on our behalf:
All service providers are bound by data processing agreements that prohibit them from using your data for their own purposes.
We may disclose information if required by law, regulation, court order, subpoena, or other legal process. We will:
If PatentVC | Trademarkia is involved in a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction. We will provide notice before your data is transferred and becomes subject to a different privacy policy. Your vault data will continue to be protected under the terms in effect at the time of the transfer.
We may share information with your explicit consent for purposes not covered by this Policy.
We implement comprehensive security measures to protect your data:
| Layer | Implementation |
|---|---|
| Encryption at rest | AES-256 with per-organization keys. Enterprise customers can use customer-managed keys (BYOK). |
| Encryption in transit | TLS 1.3 minimum on all connections, including to AI provider APIs. |
| Authentication | Multi-factor authentication (MFA) required for all accounts. TOTP, hardware security keys, and SMS backup supported. |
| Access control | Role-based access at the database level (PostgreSQL row-level security). Client and attorney roles are strictly separated. |
| Audit logging | Immutable, append-only, cryptographically signed audit trail. No administrator can modify or delete audit records. |
| Penetration testing | Annual third-party penetration testing, with remediation of all critical and high findings before production deployment. |
| Employee access | Platform employees do not have access to vault contents in the ordinary course of business. Access requires documented justification and is logged. |
| Infrastructure | VPC-isolated infrastructure. No public endpoints for data access. Network segmentation between tenants. |
| Certifications | SOC 2 Type I (target: 2026). SOC 2 Type II (target: 2027). FedRAMP pathway for government customers. |
No system is 100% secure. While we implement industry-leading security measures, we cannot guarantee absolute security. If we become aware of a data breach affecting your information, we will notify you and applicable authorities as required by law.
| Data Type | Retention Period | After Deletion |
|---|---|---|
| Account information | Duration of account + 90 days | Securely deleted |
| Vaulted communications | Duration of account + 90 days (export available) | Securely deleted unless retention required by law or attorney professional obligations |
| Uploaded documents | Duration of account + 90 days | Securely deleted |
| Audit logs | 7 years (or as required by law) | Retained for legal and compliance purposes |
| Payment records | As required by tax and financial regulations | Retained per legal requirements |
| Support inquiries | 3 years | Securely deleted |
| AI provider data | Zero — not retained by providers under ZDR agreements | N/A |
You may request a full export of your vaulted data at any time through your account settings or by contacting us. Exports are provided in standard formats (JSON, PDF) within 30 days of request.
We use cookies and similar technologies on the Platform:
Required for the Platform to function. These include authentication tokens, session identifiers, and security cookies (e.g., CSRF protection). You cannot opt out of essential cookies while using the Platform.
We may use analytics services to understand how people use the Platform in aggregate (e.g., which pages are visited most, where users encounter errors). Analytics cookies do not track vault content. You can opt out of analytics cookies through your browser settings or our cookie preferences panel.
Depending on your jurisdiction, you may have the following rights regarding your personal information:
To exercise any of these rights, contact us at customer.service@trademarkia.com. We will respond within 30 days (or sooner as required by applicable law). We may ask you to verify your identity before processing a request.
We will not discriminate against you for exercising your privacy rights.
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):
| CCPA Category | Collected | Sold | Shared for Ads |
|---|---|---|---|
| Identifiers (name, email, phone) | Yes | No | No |
| Financial information (payment data) | Yes (via Stripe) | No | No |
| Internet activity (usage data, IP address) | Yes | No | No |
| Professional information (bar number, firm) | Yes (attorneys) | No | No |
| Sensitive personal information (legal matter content) | Yes (vaulted content) | No | No |
To submit a CCPA request, contact us at customer.service@trademarkia.com or write to us at the address in Section 16. You may designate an authorized agent to make requests on your behalf.
The Platform is not intended for use by anyone under the age of 18. We do not knowingly collect personal information from children under 18. If we learn that we have collected personal information from a child under 18, we will delete it promptly. If you believe a child has provided us with personal information, please contact us at customer.service@trademarkia.com.
The Platform is operated from the United States. If you are accessing the Platform from outside the United States, your data will be transferred to and processed in the United States. By using the Platform, you consent to this transfer and processing.
If you are located in the European Economic Area (EEA), United Kingdom, or other jurisdiction with data protection laws, please note that U.S. data protection laws may not provide the same level of protection as your home jurisdiction. We implement appropriate safeguards (including encryption and access controls) to protect your data regardless of where it is processed.
If you are a data subject in the EEA or UK and have a complaint about our data practices, you have the right to lodge a complaint with your local data protection authority.
We may update this Privacy Policy from time to time. If we make material changes — particularly changes to how we handle vaulted communications, AI provider data handling, or data sharing practices — we will:
Your continued use of the Platform after the effective date of any changes constitutes your acceptance of the updated Privacy Policy. If you disagree with a material change, you may cancel your account and request an export of your data before the change takes effect.
If you have questions about this Privacy Policy, your data, or your privacy rights, contact us:
For CCPA requests, privacy rights exercises, or data export requests, please include "Privacy Request" in your subject line and provide sufficient information for us to verify your identity.
Thank you for trusting us with your data. We built LitigationVault.ai because we believe people deserve privacy when they use AI for their legal matters. This policy reflects that commitment. If anything here is unclear, please reach out — we're happy to explain.