Privacy Policy
This policy explains what personal data AnoLawg collects, why we collect it, who we share it with, how long we keep it, and your rights to access, correct, and delete it. It applies to every part of anolawg.com and to the CRM, Client Portal, public profile directory, and Webmaster Portal.
Who we are
AnoLawg is operated by AnoLawg LLC (“AnoLawg”, “we”, or “us”), an Ohio limited liability company. For CRM firm data — matters, contacts, bills, messages entered by a firm or its clients — the firm is the data controller and AnoLawg is the processor. For your AnoLawg account credentials, billing records on our side, public profiles, and service telemetry, AnoLawg is the controller.
Data we collect, by user type
What we collect depends on which side of the platform you use. Each section below lists the specific categories of personal data associated with that user type.
CRM users (firm attorneys and staff)
Your firm is the data controller for matter, contact, and billing data you enter. AnoLawg is the processor. We handle your own account data (name, email, login credentials) as controller.
| Category | Examples | Source |
|---|---|---|
| Account identifiers | Name, work email, hashed password, authentication role, professional title, assigned firm. | Provided at signup / by firm admin. |
| Firm operating data | Matters, contacts, calendar events, tasks, communications, billable time entries, expenses, invoices, trust-ledger entries. | Entered by the firm; the firm is the data controller. |
| Billing identifiers | Stripe customer ID, subscription status, seat count, invoice history. Card numbers are held only by Stripe. | Stripe Checkout / Customer Portal. |
| Service telemetry | IP address, user-agent, timestamps of sign-in and privileged actions, error reports, operational performance telemetry, page-view/performance analytics, and local feature-test identifiers. | Automatic where required for security, abuse prevention, and reliability; optional analytics/feature-test measurement is tied to consent or local-only bucketing. |
| Linked-mailbox integration (optional) | If you link your Microsoft or Google account, we store encrypted OAuth access and refresh tokens. When you send email through AnoLawg, we call Microsoft Graph or the Gmail API as you — the message leaves from your own mailbox and appears in your Sent folder. AnoLawg logs the send metadata (recipients, subject, timestamp, matter link) and, when sent from matter communications, retains the message body in the firm's communication history. | Your explicit OAuth consent; revocable at any time in your Microsoft or Google account settings. |
| Linked-drive integration (optional) | If you link OneDrive or Google Drive, AnoLawg auto-creates a per-matter folder in your drive and can attach, list, or upload files on your behalf. We store only pointers (file ID, web URL, file name, size) — never the file contents. Uploads from your browser and the Client Portal transit directly to Microsoft or Google; file bytes do not pass through AnoLawg servers. | Your explicit OAuth consent. Google Drive storage uses drive.file for files you pick or AnoLawg creates, and drive.readonly so a firm admin can browse and choose Shared Drives or folders during setup. |
| Linked-calendar integration (optional) | If you link a Microsoft Outlook or Google Calendar work calendar, AnoLawg stores encrypted OAuth access and refresh tokens and syncs event details such as title, time, recurrence, attendees, location, description, reminders, and provider event IDs so events can appear in both AnoLawg and the connected calendar. | Your explicit OAuth consent; revocable in AnoLawg calendar settings or in your Microsoft or Google account settings. |
| Provider import uploads (optional) | If a firm owner or admin uploads a supported provider export for import dry-run, AnoLawg parses the CSV/ZIP contents, stores raw extracted CSV text temporarily, and generates import reports so the firm can review mappings before applying any import. | Uploaded by the firm owner or admin. |
Non-CRM attorneys and expert witnesses
Public profile holders — whether on the free claim tier or a paid upgrade. We are the controller for your profile and verification records. Paid-tier billing is processed by Stripe.
| Category | Examples | Source |
|---|---|---|
| Profile information | Display name, headline, bio, locations, practice areas or specialties, languages, website, public email/phone (paid tier), profile picture (paid tier). | You or — for pre-seeded profiles — public bar/directory data you may claim. |
| Verification records | Evidence submitted to claim a profile, manual review notes, decision metadata. (When we later add a third-party identity-verification provider for Verified badges, we will update this policy and the subprocessor list before enabling it.) | You, at claim/verification. |
| Referral activity | Referrals sent to your profile, your accept/decline status, timestamps. CRM-user identifying details are sanitized for free-tier recipients. | CRM users initiating referrals. |
| Billing identifiers (paid tier only) | Stripe customer ID, subscription status, invoice history. Card numbers held only by Stripe. | Stripe Checkout / Customer Portal. |
Clients (firm's clients using the Client Portal)
Your firm is the controller for bills, matter communications, and messages. AnoLawg is the processor. We are the controller for your account credentials and payment records stored on our side.
| Category | Examples | Source |
|---|---|---|
| Account identifiers | Name, email, hashed password. | You, via the signup or invite link from your firm. |
| Matter access | The specific matters your firm has granted you access to, plus your bills, payment history, and messages with the case team. | The firm grants you access; bill and message content originates with the firm. |
| Payments | Payment records (amount, date, last 4, bill paid). Card data is held only by Stripe. | Stripe Connect when you pay a bill. |
| Documents you upload | Files you upload through the Client Portal (signed forms, evidence, records). These transit directly from your browser to your firm's OneDrive or Google Drive — AnoLawg never stores a copy. We retain only a pointer (provider file ID, file name, upload timestamp, which matter it belongs to) so you and your firm's matter team can find it again. | You, via the Client Portal upload tool; stored in your firm's cloud drive. |
Webmasters (internal)
Platform staff accounts. MFA is mandatory. Every privileged action is audited.
| Category | Examples | Source |
|---|---|---|
| Account & MFA | Name, email, TOTP/WebAuthn enrollment records, MFA step-up timestamps. | Provisioned internally; MFA required. |
| Audit records | Every impersonation, billing override, data export, and permission change is logged immutably with actor, target, and reason. | Automatic — required for accountability. |
How we use your data
We process personal data only for purposes you would reasonably expect, each with a lawful basis under GDPR / UK GDPR and documented under US state privacy laws.
Provide and secure the service
Authenticate you, route requests, prevent abuse, deliver the features you or your firm subscribe to.
Legal basis: Contract performance · Legitimate interest in security.
Process firm and client data on behalf of firms
Store and operate on matters, contacts, bills, documents, and messages so firms can run their practice and clients can pay bills and communicate.
Legal basis: Processor acting on controller (firm) instructions.
Billing and fraud prevention
Charge subscription fees, collect bill payments via Stripe Connect, reconcile invoices, prevent payment fraud and chargebacks.
Legal basis: Contract performance · Legal obligation.
Safety, legal, and incident response
Investigate abuse reports, comply with lawful requests, notify affected parties of security incidents within statutory timelines.
Legal basis: Legal obligation · Legitimate interest.
Transactional communications
Account verification, password resets, billing receipts, referral notifications, system status. These are not marketing.
Legal basis: Contract performance.
Third-party integration on your behalf
When you link your Microsoft or Google account, we call Microsoft Graph or Google APIs as you — using the OAuth tokens you explicitly granted — to send email from your mailbox, browse firm storage locations during setup, create matter folders in your drive, attach files to matters, or sync calendar events. We never access these providers without an active user-granted token, and the scope of access is limited to what you approved at consent.
Legal basis: Contract performance · Explicit consent (OAuth grant).
Measure and improve AnoLawg
Understand page performance, product usage, referral flows, billing-flow outcomes, and feature-test results so we can diagnose issues and improve user-facing features. Browser analytics, UTM attribution cookies, Vercel Analytics / Speed Insights, and PostHog browser or server analytics events are tied to analytics consent where that consent applies.
Legal basis: Legitimate interest · Consent where required by law.
We do not sell your data. We do not share personal data with third-party advertisers, brokers, or for cross-context behavioral advertising. We do not use firm or client data to train public AI models.
Third parties & subprocessors
We use vetted service providers to deliver AnoLawg. Each is bound by a written agreement limiting use of your data to the purposes below. We will update this list and notify firms in advance of any material additions.
| Provider | Purpose | Data categories | Location |
|---|---|---|---|
| Vercel | Application hosting, edge network, serverless compute, analytics infrastructure, and private/public object storage through Vercel Blob. | All request-path data (encrypted in transit), generated invoice PDFs, firm export ZIPs, public profile pictures, page-view/performance telemetry, and related object-storage metadata. | United States; Vercel regional edges worldwide. |
| Neon | Managed Postgres — primary database and backups. | All persisted records (encrypted at rest). Client-portal chat payloads are additionally end-to-end encrypted where the encrypted client-portal channel state is active. | United States. |
| Stripe | Subscription billing for CRM and paid profile plans; Stripe Connect for client bill payments to firms. | Customer identifiers, subscription/invoice state, payment tokens. Card numbers never touch AnoLawg servers. | United States; Stripe is PCI DSS Level 1. |
| Resend | Transactional email delivery (verification, receipts, notifications). | Recipient email, subject, template variables. | United States. |
| Stream (GetStream.io) | Real-time messaging infrastructure for the Client Portal. | Chat messages and metadata such as channel ID and participant IDs. Where client-portal end-to-end encryption is active, message text is replaced with an encrypted placeholder and ciphertext payloads are stored for authorized recipients. | United States; EU data-residency available on request. |
| Sentry | Error monitoring and performance telemetry. | Exception traces, URL paths, request metadata, internal user ID, and performance events. Sentry's default PII capture is disabled in configuration. | United States / European Union. |
| Vercel Analytics · Speed Insights | Aggregated, privacy-preserving web analytics when analytics consent is present. | Page views, referrer, coarse geography. No cross-site tracking. | United States. |
| PostHog | Product analytics, consent-gated server-side event capture, and feature-flag / A-B testing support when configured. | Usage events, profile and firm identifiers, referral and billing-flow events, feature-test identifiers, and event metadata. No ad targeting. | United States / European Union, depending on configured PostHog host. |
| Microsoft (Graph API) — opt-in, per user | Outbound email from the user's own Microsoft 365 / Outlook mailbox (Mail.Send), user-owned OneDrive storage for matter folders and client-portal uploads (Files.ReadWrite), and optional Outlook Calendar two-way event sync (Calendars.ReadWrite). Invoked only when the user has actively linked their Microsoft account for that feature. | OAuth access + refresh tokens stored encrypted on AnoLawg. Email recipients / subject / body sent to Microsoft at send time; matter-communication sends may also retain the body in AnoLawg's firm communication records. File contents transferred directly from user browser to Microsoft (upload sessions) — bytes do not pass through AnoLawg. Calendar event details are exchanged with Microsoft only for users who connect calendar sync. | Microsoft cloud regions per user's tenant (commonly United States or European Union). |
| Google (Gmail API · Drive API · Calendar API) — opt-in, per user | Outbound email from the user's own Gmail mailbox (gmail.send), user-owned Google Drive storage for matter folders and client-portal uploads (drive.file for AnoLawg-created or user-picked files, plus drive.readonly for Shared Drive and folder selection), and optional Google Calendar two-way event sync (calendar.events). Invoked only when the user has actively linked their Google account for that feature. | OAuth access + refresh tokens stored encrypted on AnoLawg. Email recipients / subject / body sent to Google at send time; matter-communication sends may also retain the body in AnoLawg's firm communication records. File contents transferred directly from user browser to Google (resumable uploads) — bytes do not pass through AnoLawg. Calendar event details are exchanged with Google only for users who connect calendar sync. | Google cloud regions per user's account (commonly United States or European Union). |
Documents: AnoLawg is a passthrough
Unlike most legal-practice tools, AnoLawg does not store customer matter documents.When a firm, attorney, or client uploads a matter document through AnoLawg, the file is transmitted directly from the uploading browser to the firm’s own OneDrive or Google Drive using a short-lived, pre-authenticated upload URL we generate on the provider’s behalf. The file bytes do not traverse AnoLawg servers, are never written to AnoLawg databases or backups, and are never cached.
What AnoLawg does keep is a pointer: the file’s ID in your provider’s system, the file name, the size, the upload timestamp, the uploader’s user account, and which matter it belongs to. That pointer is what lets you find the document again inside the AnoLawg UI and click through to open it in your drive.
Downloads use the same passthrough model in reverse — AnoLawg generates a short-lived signed URL from your provider and the browser fetches the file directly. Bytes do not pass through AnoLawg on the way out either.
If you revoke AnoLawg’s access to your drive (from Microsoft or Google’s account-security page), the files remain in your drive untouched, but the pointers in AnoLawg become dead links until you reconnect. If you delete a document record in AnoLawg, we unlink it — the underlying file in your drive is not affected.
Google API Services — Limited Use disclosure
AnoLawg’s use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:
- We use Gmail, Google Drive, and Google Calendar data only to provide the user-facing features the user has explicitly connected their account for — sending email from the user’s own mailbox, browsing Shared Drives or folders during document-storage setup, and creating or attaching files the user has picked or that AnoLawg created, or syncing calendar events the user chooses to connect.
- When a user sends a Gmail message from matter communications, AnoLawg may retain the message body in the firm’s communication record so the firm can preserve its matter history.
- We do not use Gmail, Drive, or Calendar data to serve advertising.
- We do not sell, transfer, or share Gmail, Drive, or Calendar data to any third party, except as necessary to provide and secure the service (e.g., our hosting and database providers), to comply with applicable law, or as part of a merger, acquisition, or sale of assets with successor obligations to honor this policy.
- We do not allow humans to read Gmail, Drive, or Calendar data except (a) with the user’s explicit consent for user support, (b) for security purposes such as investigating abuse, (c) to comply with applicable law, or (d) where the data has been aggregated and anonymized for internal operations.
The same disclosures apply to Microsoft Graph data (Mail.Send, Files.ReadWrite, Calendars.ReadWrite) by policy, even though Microsoft does not require this language.
How long we keep it
We keep personal data only as long as we need it for the purposes above, or as required by law.
For the full per-table schedule (sessions, login events, audit log, messages, bills, email logs, invites, and deleted-user residue), see our internal data retention policy.
| Category | Retention period |
|---|---|
| Active account data (all user types) | For as long as the account is active. |
| Firm matter and billing records | Retained on the firm's instruction. Firms can export their data through AnoLawg. Firm deletion requests are handled subject to legal-hold rules, tax/audit retention, active disputes, and dependency-safe deletion processing. |
| Session records | 7 days from last activity; revoked immediately on logout. |
| Audit log (webmaster + firm admin actions) | 7 years — required for accountability and legal defensibility. |
| Stripe billing records | 7 years, consistent with US and EU tax and accounting retention rules. |
| Backups | Encrypted point-in-time backups retained up to 30 days; deleted records fall out of backups within that window. |
| Closed / deleted account | Access is disabled at closure. Identifiable data is deleted or anonymized when no longer needed for legal retention, firm instructions, security, support, active disputes, or dependency-safe deletion processing. |
| OAuth tokens (Microsoft / Google linkage) | Retained encrypted while your link is active. Deleted immediately when you unlink the account, when the provider reports the token as revoked (invalid_grant), or within 30 days of account closure — whichever comes first. |
| External-drive pointers (Matter.externalFolderId, Document.externalId) | Retained as long as the matter or document record exists in AnoLawg. AnoLawg never deletes the underlying folder or file in your OneDrive / Google Drive — if you unlink the drive, the pointer becomes a dead link but the file remains in your drive. |
| Email-send audit records | Transactional delivery logs retain recipient, subject, template/status metadata, and timestamps for deliverability and legal-notice proof. Matter communication records for outbound Microsoft/Gmail messages may also retain the message body and are retained with the firm's matter records. |
| Provider import raw uploads and reports | Raw extracted provider-import CSV contents are retained temporarily for up to 7 days; import reports are retained for up to 90 days unless deleted earlier as part of firm deletion processing. |
| Generated files in AnoLawg object storage | Private bill PDF links expire after 30 days. Firm export ZIPs are retained for 7 days after generation. Public profile pictures remain until replaced, removed, or the profile is deleted. |
| Calendar sync records | Retained while the event exists in AnoLawg and the calendar sync link remains active, subject to the firm's matter-retention instructions. Provider OAuth tokens are deleted immediately when the user disconnects calendar sync. |
Privileged communications
Messages exchanged in a matter’s Client Portal channel (firm-to-client) and messages exchanged in an accepted referral channel (CRM sender to recipient attorney or expert) are treated by AnoLawg as attorney-client privileged by default. Each channel carries a privileged metadata flag, and the ClientMessage database table mirrors the same flag on every stored message. Colleague DMs and informal group chats are not flagged as privileged unless the conversation is matter-scoped.
The flag constrains AnoLawg’s own access in two ways:
- Webmaster impersonation. An AnoLawg webmaster can impersonate a firm user for support and incident response under the controls described in the security page. Impersonation into a privileged channel additionally requires a written reason beyond the standard impersonation reason, plus an attached legal-review flag in the audit record. Sessions that do not satisfy both requirements are rejected at the chat layer.
- Firm-scoped message exports. Exports initiated by a webmaster or firm admin redact rows where
privileged = trueunless the export is accompanied by an explicit client-consent record naming the matter and scope.
Every impersonation and every export writes an immutable audit row containing the actor, the target, the stated reason, and the legal-review flag when applicable. Firm admins can request a copy of the audit records that touched their firm’s data.
Your rights
Depending on where you live, you have some or all of the following rights. We will respond to verified requests within 30 days (or the shorter period your local law requires).
Access a copy
Request a copy of the personal data we hold about you. CRM users can also ask their firm admin for an export.
Correct or update
Fix inaccurate or incomplete data directly in your account settings, or by emailing us.
Delete
Request deletion of your personal data, subject to legal retention obligations (tax, audit, active disputes) we must honor.
Portability
Receive your data in a portable, machine-readable format (JSON or CSV).
Object / restrict
Object to or restrict specific processing activities that rely on legitimate interest.
Lodge a complaint
EEA/UK residents can complain to their local supervisory authority. US state residents may have analogous rights under CCPA/CPRA, VCDPA, CTDPA, and similar statutes.
To exercise any of these rights, email privacy@anolawg.com. We may ask you to verify your identity before we act on the request. If you use an authorized agent, we will require written proof of authorization and may verify the request directly with you. You may appeal a denial by replying to our response; we will respond to appeals within 45 days.
State-specific privacy rights (United States)
AnoLawg is offered to residents of every U.S. state. The following state laws create additional or overlapping rights for their residents. These rights are in addition to the core rights listed above, and we honor them for the states that have enacted a comprehensive privacy statute in force as of the version date of this policy.
California (CCPA / CPRA)
Right to know, access, delete, correct, and portability; right to opt out of "sale" or "sharing" for cross-context behavioral advertising (we do not sell or share in that sense); right to limit the use and disclosure of sensitive personal information to what is necessary to provide the service; right to non-discrimination for exercising these rights. Complaints may be filed with the California Privacy Protection Agency. We do not use sensitive personal information for purposes outside those disclosed here. We do not knowingly sell or share the personal information of consumers under 16.
Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Utah (UCPA), Texas (TDPSA), Oregon (OCPA), Montana (MCDPA), Iowa (ICDPA), Tennessee (TIPA), Indiana (ICDPA), Delaware (DPDPA), New Hampshire (NHPA), New Jersey (NJDPA), Kentucky (KCDPA), Maryland (MODPA), Minnesota (MCDPA), Nebraska (NDPA), and Rhode Island (RIDPA)
Right to confirm processing, access, correct, delete, and receive a portable copy of personal data. Right to opt out of targeted advertising, sale of personal data, and profiling in furtherance of decisions that produce legal or similarly significant effects. We do not engage in any of these activities; exercising these opt-outs therefore has no practical effect on our processing, but you may still submit a request and we will confirm our status in writing. Where required, we obtain opt-in consent before processing sensitive data (as defined by each statute).
Nevada (SB 220)
Right to opt out of the sale of "covered information" as defined by Nevada law. We do not sell covered information.
All other states
Residents of states without a comprehensive privacy statute can still exercise the core rights listed above. We apply a single high-water-mark standard across the United States rather than varying our practices by state.
To exercise any state-specific right, email privacy@anolawg.com and identify the state whose law you are invoking.
International transfers
AnoLawg is operated from the United States. If you access the service from the EEA, the UK, or elsewhere, your data will be transferred to the US and may be processed by subprocessors located in other countries. We rely on Standard Contractual Clauses (2021/914/EU) and the UK Addendum, together with supplementary technical safeguards, as the transfer mechanism. A copy of the applicable SCCs is available on request.
Children
AnoLawg is not directed to children under 16, and children may not create accounts unless their firm or legal representative has authorized access. Firms may enter information about minors as part of client, contact, matter, document, billing, or communication records; for that firm-controlled matter data, the firm is the controller and AnoLawg acts as processor. If you believe a child has created an unauthorized AnoLawg account or provided personal data directly to us outside firm-controlled matter records, please contact us and we will address it.
Security
Detailed controls — encryption, authentication, penetration testing, incident response — are described on our security page. No system is perfectly secure, but we apply layered, least-privilege controls and meaningful audit logging so that incidents are detected and contained quickly.
OAuth access and refresh tokens for linked Microsoft and Google accounts are encrypted at rest using authenticated symmetric encryption with a deploy-time OAuth encryption key; plaintext tokens exist only in server memory for the duration of an API call. Passwords are hashed with scrypt. TOTP / WebAuthn secrets for webmaster MFA are encrypted under a separate per-deploy key.
Changes to this policy
When we make material changes, we update the version stamp at the top and — for firms and paid profile holders — notify the account owner by email at least 14 days in advance. Continued use of the service after the effective date means you accept the updated policy.
Contact
Privacy questions, access requests, or complaints: privacy@anolawg.com.
Security reports: security@anolawg.com.
AnoLawg LLC190 N. Union Street, Ste. 201Akron, OH 44304United States