Privacy Policy

1. Introduction

Welcome to VerdictFlow ("we," "our," or "us"). We are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our legal case management platform and related services (collectively, the "Service").

By accessing or using VerdictFlow, you agree to the terms of this Privacy Policy. If you do not agree with our policies and practices, please do not use our Service.

2. Information We Collect

2.1 Information You Provide to Us

• Account Information: Name, email address, phone number, firm name, and password when you create an account
• Profile Information: Professional information, practice areas, bar admissions, and other details you add to your profile
• Lead and Case Data: Information about leads, cases, clients, and matters you manage through the Service
• Communications: Messages, emails, and other communications you send through or to our Service
• Payment Information: Billing details and payment card information (processed securely through our payment processor)
• Support Requests: Information you provide when contacting customer support

2.2 Information We Collect Automatically

• Usage Data: Pages visited, features used, time spent, and interaction patterns
• Device Information: IP address, browser type, operating system, device identifiers
• Log Data: Server logs, error reports, and diagnostic information
• Cookies and Tracking: We use cookies and similar technologies to enhance your experience

2.3 Information from Third-Party Integrations

When you connect third-party services to VerdictFlow, we may collect:

• Email Data (Gmail, Outlook): Email messages, metadata, sender/recipient information, and attachments when you authorize email integration
• Calendar Data (Google Calendar, Outlook Calendar): Calendar events, attendees, locations, and event details
• CRM Data (HubSpot, Clio): Contact information, deal data, and case information
• Marketing Data (Google Ads, Facebook Ads): Campaign performance, ad spend, and conversion data
• Phone System Data (RingCentral, Aloware): Call logs, recordings, SMS messages, and voicemails

Important: We only access data from these services that you explicitly authorize. You can revoke access at any time through your account settings.

3. How We Use Your Information

We use the information we collect to:

• Provide the Service: Enable core features like lead management, case tracking, and communication logging
• Process Transactions: Handle billing, payments, and subscription management
• Communicate with You: Send service updates, security alerts, and support messages
• Improve the Service: Analyze usage patterns, fix bugs, and develop new features
• Ensure Security: Detect fraud, prevent abuse, and protect user accounts
• Comply with Legal Obligations: Respond to legal requests and enforce our terms
• Marketing (with consent): Send promotional emails about new features and updates (you can opt out)

4. How We Share Your Information

We do not sell your personal information. We may share your information in the following circumstances:

4.1 With Your Consent

We share information when you explicitly authorize us to do so, such as when connecting third-party integrations.

4.2 Service Providers

We share information with trusted third-party service providers who help us operate the Service:

• Hosting and Infrastructure: Cloud hosting providers (e.g., AWS, Vercel)
• Database Services: Supabase for secure data storage
• Payment Processing: Stripe or similar payment processors
• Email Services: Transactional email providers
• Analytics: Usage analytics and monitoring tools
• Customer Support: Help desk and support ticket systems

These providers are contractually obligated to protect your information and use it only for the purposes we specify.

4.3 Team Members

If you're part of a team account, certain information (leads, cases, communications) may be visible to other team members based on their role and permissions.

4.4 Legal Requirements

We may disclose information if required by law, court order, or government request, or to:

• Comply with legal obligations
• Protect our rights, property, or safety
• Prevent fraud or security threats
• Enforce our Terms of Service

4.5 Business Transfers

If VerdictFlow is involved in a merger, acquisition, or sale of assets, your information may be transferred. We will notify you before your information becomes subject to a different privacy policy.

5. Data Security

We implement industry-standard security measures to protect your information:

• Encryption: All data is encrypted in transit (TLS/SSL) and at rest
• Access Controls: Role-based access and authentication requirements
• Secure Infrastructure: Hosted on secure, compliant cloud platforms
• Regular Audits: Security assessments and vulnerability testing
• Employee Training: Staff trained on data protection best practices
• Incident Response: Procedures for detecting and responding to security incidents

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

6. Data Retention

We retain your information for as long as necessary to:

• Provide the Service to you
• Comply with legal obligations
• Resolve disputes and enforce agreements
• Maintain business records

When you delete your account, we will delete or anonymize your personal information within 90 days, except where we're required to retain it for legal or regulatory purposes.

7. Your Rights and Choices

7.1 Access and Portability

You can access and export your data at any time through your account settings.

7.2 Correction and Updates

You can update your account information and profile details directly in the Service.

7.3 Deletion

You can request deletion of your account and associated data by contacting us at privacy@verdictflow.com.

7.4 Marketing Communications

You can opt out of promotional emails by clicking "unsubscribe" in any marketing email or updating your preferences in account settings.

7.5 Third-Party Integrations

You can disconnect any third-party integration (Gmail, Outlook, etc.) at any time through Settings → Integrations.

7.6 Cookies

You can control cookies through your browser settings, but some features may not work properly if you disable cookies.

7.7 Additional Rights (GDPR, CCPA)

If you're in the EU, EEA, UK, or California, you may have additional rights:

• Right to know what personal information we collect and how we use it
• Right to request deletion of your personal information
• Right to opt out of sale of personal information (we don't sell your data)
• Right to non-discrimination for exercising your privacy rights
• Right to data portability
• Right to object to processing

To exercise these rights, contact us at privacy@verdictflow.com.

8. Children's Privacy

VerdictFlow is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately at privacy@verdictflow.com.

9. International Data Transfers

VerdictFlow is based in the United States. If you access the Service from outside the U.S., your information may be transferred to, stored, and processed in the United States or other countries where our service providers operate.

We ensure appropriate safeguards are in place for international data transfers, including:

• Standard contractual clauses approved by the European Commission
• Compliance with applicable data protection laws
• Security measures to protect data in transit and at rest

10. Third-Party Links and Services

The Service may contain links to third-party websites or integrate with third-party services (Gmail, Outlook, etc.). We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing any information to them.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

• Posting the updated policy on our website
• Updating the "Last Updated" date at the top
• Sending an email notification for significant changes
• Displaying an in-app notification

Your continued use of the Service after changes become effective constitutes acceptance of the updated Privacy Policy.

12. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

13. Specific Disclosures for Integrations

13.1 Google Services (Gmail, Calendar)

VerdictFlow's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Specifically:

• We only access Gmail and Calendar data you explicitly authorize
• Data is used solely to provide lead management and communication tracking features
• We do not use Gmail or Calendar data for advertising purposes
• We do not allow humans to read your email or calendar data except as necessary to provide the Service or comply with legal obligations
• You can revoke access at any time through Settings → Integrations

13.2 Microsoft Services (Outlook, Calendar)

When you connect Microsoft services, we access only the data necessary to provide our Service. You can manage permissions through your Microsoft account settings.

13.3 Other Integrations

For CRM, marketing, and phone system integrations, we only access data you authorize and use it solely to provide VerdictFlow's features.

14. California Privacy Rights (CCPA)

If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA):

• Right to Know: Request disclosure of personal information we collect, use, and share
• Right to Delete: Request deletion of your personal information
• Right to Opt-Out: Opt out of sale of personal information (we don't sell your data)
• Right to Non-Discrimination: We won't discriminate against you for exercising your rights

To exercise these rights, email us at privacy@verdictflow.com with "California Privacy Rights" in the subject line.

15. European Privacy Rights (GDPR)

If you are in the European Economic Area, UK, or Switzerland, you have rights under the General Data Protection Regulation (GDPR):

• Right of Access: Obtain confirmation of whether we process your data and access to it
• Right to Rectification: Correct inaccurate personal data
• Right to Erasure: Request deletion of your personal data
• Right to Restrict Processing: Limit how we use your data
• Right to Data Portability: Receive your data in a structured format
• Right to Object: Object to processing of your personal data
• Right to Withdraw Consent: Withdraw consent for data processing
• Right to Lodge a Complaint: File a complaint with your local data protection authority

To exercise these rights, contact us at privacy@verdictflow.com.