TWINCOUNSEL PRIVACY POLICY

Last Updated: December 10, 2025

TwinCounsel Inc. ("we") understands that for lawyers, confidentiality is not just a preference—it is an ethical obligation. This Privacy Policy describes how we handle your data and, crucially, how we separate your client's secrets from our AI training.

1. Information We Collect

1.1 Integration Data (Email, Drive, Calendar)

To provide the Service, we require access to your connected accounts (e.g., Google Workspace, Microsoft 365). We access:

  • Communications: Email headers, bodies, and attachments to identify tasks and deadlines.
  • Files: Documents stored in Google Drive, OneDrive, or SharePoint relevant to an active matter.
  • Calendar: Events and schedules to check for conflicts and schedule court dates.

Note: We do not store a permanent mirror of your full cloud storage. We store extracted structured data (the "Matter Graph") necessary to power the automation.

1.2 Usage Data

We collect technical logs regarding your interaction with the platform (e.g., latency, error rates, features used) to maintain system stability.

2. How We Use Your Data

2.1 Service Delivery

We use your data to:

  • Identify tasks, deadlines, and conflicts.
  • Generate draft documents (subpoenas, emails, filings).
  • Create the "Audit Trail" linking facts to sources.

2.2 AI Personalization vs. Training (Crucial Distinction)

We distinguish between Personalization and Global Training:

PERSONALIZATION (YES): We do use your feedback (e.g., when you edit a draft) to improve the models for your specific workspace. This helps the AI learn your writing style and preferences.

GLOBAL TRAINING (NO): We DO NOT use your Confidential Client Information or User Content to train, fine-tune, or improve foundational AI models shared with other customers. Your client's data will never "leak" into a competitor's draft.

3. Data Retention

  • Active Matters: We retain the Matter Graph for as long as the matter is marked "Active."
  • Closed Matters: Upon closure, we retain the Matter Graph for 30 days to facilitate your export of an Audit Report. After 30 days, the data is permanently deleted from our active servers.
  • System Logs: Anonymized system logs are retained for up to 12 months for security analysis.

4. Data Sharing & Sub-Processors

We do not sell your data. We share data only with:

  • LLM Providers (e.g., OpenAI, Anthropic): We transmit data to these providers solely for the purpose of generating inference (responses). We utilize "Zero-Data Retention" (ZDR) or enterprise agreements where available to ensure they do not train on your inputs.
  • Cloud Infrastructure: AWS/GCP for hosting.

5. Security

We implement industry-standard security measures, including encryption in transit (TLS 1.2+) and at rest (AES-256). However, no method of transmission over the Internet is 100% secure.

6. API Disclosures (Google & Microsoft)

6.1 Google API Disclosure

TwinCounsel's use and transfer to any other app of information received from Google APIs will adhere to Google API Services User Data Policy, including the Limited Use requirements.

6.2 Microsoft Graph API Disclosure

TwinCounsel's use of information received from Microsoft Graph APIs will adhere to the Microsoft Publisher Agreement and applicable data usage policies. We process Microsoft user data solely to provide the user-facing features of the TwinCounsel application.

7. Your Rights

You have the right to:

  • Access your personal information
  • Correct inaccuracies in your data
  • Request deletion of your data
  • Export your data in a machine-readable format
  • Object to certain types of data processing

8. State Privacy Rights

8.1 California (CCPA/CPRA)

California residents have additional rights including the right to know what personal information is collected, the right to delete personal information, and the right to non-discrimination for exercising privacy rights.

8.2 Other States (Virginia, Connecticut, Colorado)

Residents of Virginia, Connecticut, and Colorado have similar rights to access, correct, delete, and port their personal information, as well as opt out of certain data processing activities.

9. International Users

If you access the Service from outside the United States, your information may be transferred to and processed in the United States. For users in the European Economic Area, our legal basis for processing includes contract performance, legitimate interests, legal compliance, and your consent where required.

10. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes by posting the updated Policy on our website and sending email notification for significant changes.

11. Contact Us

For privacy concerns or to request a data export:

Email: privacy@twincounsel.com
Address: TwinCounsel, Inc., 84 W Santa Clara Street, 7th Floor, San Jose, CA 95113

Response Time: We will respond to privacy requests within 30 days (or as required by applicable law).

*For questions about this Privacy Policy or our privacy practices, please contact us using the information above.*