TWINCOUNSEL PRIVACY POLICY

1. INTRODUCTION

TwinCounsel, Inc. ("TwinCounsel," "we," "us," or "our") is committed to protecting your privacy and maintaining the confidentiality of your information. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you use our AI-powered paralegal service ("Service").

This Policy applies to all users of the TwinCounsel service, including attorneys, paralegals, and other legal professionals.

2. INFORMATION WE COLLECT

2.1 Information You Provide Directly

• Account registration information (name, email, firm details)
• Professional credentials and licensing information
• Email content and attachments when you use our Service
• Calendar information and scheduling data
• Legal documents and work product
• Communications with our support team
• Feedback and survey responses

2.2 Information Collected Automatically

• Log data (IP addresses, browser type, operating system)
• Device information and identifiers
• Usage patterns and feature utilization
• Service performance metrics
• Email metadata (timestamps, sender/receiver information)

2.3 Information from Third Parties

• Email service provider data (when you grant access)
• Calendar application data
• Practice management system data (with your permission)
• Professional directory information for verification
• Third-party integration services (including Composio and similar platforms)

2.4 Cookies and Tracking Technologies

• Session cookies for authentication and functionality
• Analytics cookies to understand usage patterns
• Performance cookies to optimize service delivery
• Preference cookies to remember your settings
• Third-party cookies from integrated services

3. HOW WE USE YOUR INFORMATION

3.1 Primary Service Functions

• Providing AI-powered document preparation and review
• Managing legal matters and deadlines
• Automating workflows and task prioritization
• Generating insights about your practice patterns
• Facilitating email-based task delegation

3.2 Service Improvement and Development

• Training and improving our AI models and algorithms
• Developing new features and capabilities
• Analyzing usage patterns to enhance user experience
• Creating anonymized benchmarks and insights
• Conducting research to advance legal technology

3.3 Business Operations

• Communicating with you about the Service
• Providing customer support and technical assistance
• Sending service updates and important notices
• Processing pilot program applications
• Ensuring compliance with legal and regulatory requirements

3.4 Analytics and Performance Optimization

• Analyzing service usage to improve AI model performance
• Monitoring system performance and reliability
• Generating anonymized usage statistics and benchmarks
• Optimizing user interface and workflow efficiency
• Measuring feature adoption and effectiveness

3.5 Marketing and Communications

• Sending service updates and feature announcements (opt-out available)
• Providing pilot program communications and support
• Sharing relevant legal technology insights and best practices
• Conducting user research and feedback collection
• Protecting against fraud, abuse, and security threats
• Enforcing our Terms of Service
• Complying with legal obligations and court orders
• Protecting our rights and property

4. LEGAL PROFESSIONAL PROTECTIONS

4.1 Attorney-Client Privilege
We recognize and respect attorney-client privilege and work-product protections. Our systems are designed to maintain these protections throughout our data processing.

4.2 Professional Confidentiality
We understand that legal professionals have ethical obligations regarding client confidentiality. Our Service is designed to support, not compromise, these obligations.

4.3 Bar Association Compliance
Our data handling practices are designed to comply with state bar association requirements regarding confidentiality and technology use.

5. AI TRAINING AND MODEL DEVELOPMENT

5.1 Internal AI Training Only
Your data is used solely for training TwinCounsel's internal AI models. We do NOT share your data with third-party AI providers for training purposes.

5.2 Privacy-Preserving Techniques
We employ privacy-preserving methods such as:

• Data anonymization and de-identification
• Federated learning approaches where applicable
• Differential privacy techniques
• Secure aggregation methods

5.3 Model Improvement
AI training helps us:

• Improve accuracy and relevance of document generation
• Better understand legal workflow patterns
• Enhance context understanding and preferences
• Reduce errors and improve quality control

6. INFORMATION SHARING AND DISCLOSURE

6.1 We DO NOT Sell Your Information
We do not sell, rent, or trade your personal information or legal data to third parties.

6.2 Limited Sharing Scenarios
We may share information only in these limited circumstances:

• Service Providers: With trusted vendors who assist in providing the Service (under strict confidentiality agreements)
• Legal Requirements: When required by law, court order, or regulatory authority
• Safety and Security: To protect against fraud, abuse, or threats to safety
• Business Transfers: In connection with a merger, acquisition, or sale of assets (with appropriate protections)
• Your Consent: When you explicitly authorize sharing

6.3 Anonymized Data
We may share anonymized, aggregated data that cannot identify you or your clients for research, benchmarking, or industry insights.

7. DATA SECURITY

7.1 Security Measures

• Encryption in transit (TLS 1.3+) and at rest (AES-256)
• Multi-factor authentication requirements
• Regular security audits and penetration testing
• Access controls and least-privilege principles
• Secure development practices and code reviews
• Employee security training and background checks

7.2 Data Location

Your data is processed and stored in secure facilities within the United States.

7.3 Incident Response

We maintain an incident response plan and will notify you promptly of any security breaches that may affect your data.

7.4 No Absolute Security

While we implement strong security measures, no system is completely secure. You acknowledge the inherent risks in electronic data transmission and storage.

8. DATA RETENTION

8.1 Retention Periods

• Account data: Retained while your account is active
• Email and document data: Retained to provide ongoing service and AI improvements
• Usage logs: Typically retained for 2 years
• Support communications: Retained for 3 years

8.2 Deletion Upon Request

You may request deletion of your data at any time. We will delete your data within 30 days unless we have a legal obligation to retain it.

8.3 Automatic Deletion

Data is automatically deleted 90 days after account termination unless you request earlier deletion.

9. YOUR RIGHTS AND CHOICES

9.1 Access and Portability

• Access your personal information
• Export your data in a machine-readable format
• Receive copies of documents created through the Service

9.2 Correction and Updates

You may update or correct your account information at any time through your account settings.

9.3 Deletion Rights

You may request deletion of your account and associated data. Some information may be retained as required by law.

9.4 Communication Preferences

You may opt out of non-essential communications, though we may still send service-related notifications.

9.5 Data Processing Objections

You may object to certain types of data processing, though this may affect our ability to provide the Service.

10. CALIFORNIA PRIVACY RIGHTS (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act:

10.1 Right to Know

You may request information about the categories and specific pieces of personal information we collect.

10.2 Right to Delete

You may request deletion of your personal information, subject to certain exceptions.

10.3 Right to Non-Discrimination

We will not discriminate against you for exercising your privacy rights.

10.4 Authorized Agent Requests

You may designate an authorized agent to make requests on your behalf.

To exercise these rights, contact us at privacy@twincounsel.com.

11. INTERNATIONAL USERS

11.1 Data Transfers

If you access the Service from outside the United States, your information may be transferred to and processed in the United States.

11.2 Legal Basis for Processing (GDPR)

For users in the European Economic Area, our legal basis for processing includes:

• Contract performance
• Legitimate interests in providing and improving the Service
• Legal compliance requirements
• Your consent (where required)

12. COOKIES AND TRACKING TECHNOLOGIES

12.1 Cookie Usage

• Maintain user sessions and authentication
• Remember your preferences and settings
• Analyze website usage and performance
• Provide personalized user experience
• Enable third-party integrations and functionality

12.2 Types of Cookies

• Essential Cookies: Required for basic website functionality and cannot be disabled
• Analytics Cookies: Help us understand how users interact with our Service (can be disabled)
• Preference Cookies: Remember your settings and choices (can be disabled)
• Third-Party Cookies: From integrated services like email providers and analytics tools

12.3 Cookie Management

You can control cookies through your browser settings. Disabling certain cookies may limit Service functionality. For more information about cookies and how to manage them, visit your browser's help section.

12.4 Third-Party Analytics

We use the following analytics services to understand Service usage:

• Google Analytics: Tracks website usage, user behavior, and performance metrics
• Heap Analytics: Provides detailed user interaction analysis and product optimization insights

These services may collect data about your visits to our and other websites. You can opt out of Google Analytics using their browser add-on or contact us regarding Heap Analytics opt-out.

13. LEGAL INDUSTRY SPECIFIC PROTECTIONS

The Service is not intended for individuals under 18 years old. We do not knowingly collect personal information from children under 18.

16. THIRD-PARTY SERVICES

The Service may integrate with third-party applications (email providers, calendar services, Composio, etc.). This Policy does not cover third-party privacy practices. Please review their privacy policies.

17. ADDITIONAL STATE PRIVACY RIGHTS

17.1 Virginia (VCDPA), Connecticut (CTDPA), Colorado (CPA)

• Right to access personal information
• Right to correct inaccuracies
• Right to delete personal information
• Right to data portability
• Right to opt out of certain data processing

17.2 Exercising Additional Rights

To exercise these rights, contact us at privacy@twincounsel.com with your state of residence and specific request.

18. CHANGES TO THIS POLICY

We may update this Privacy Policy periodically. We will notify you of material changes by:

• Posting the updated Policy on our website
• Sending email notification for significant changes
• Providing in-service notifications

Continued use of the Service after changes constitutes acceptance of the updated Policy.

19. CONTACT INFORMATION

Privacy Questions and Requests:
Email: privacy@twincounsel.com
Address: TwinCounsel, Inc., 84 W Santa Clara Street, 7th Floor, San Jose, CA 95113

Response Time:
We will respond to privacy requests within 30 days (or as required by applicable law).

20. EFFECTIVE DATE AND UPDATES

This Privacy Policy is effective as of May 1, 2025 and was last updated on May 31, 2025.