PP
Introduction
Welcome to Founderlaw.ai ("we," "our," or "us"). We are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website and AI-powered legal document platform.
By using Founderlaw.ai, you agree to the collection and use of information in accordance with this policy.
Information We Collect
Personal Information
We collect information that you provide directly to us, including:
Account Information: Email address, name, company name, and authentication credentials
Profile Information: Business details, industry, company size, and role
Contact Information: Phone number, billing address, and communication preferences
Payment Information: Credit card details, billing information (processed securely through third-party payment processors)
Document and Usage Data
Document Content: Information you input when creating legal documents, including business terms, party details, and contract specifications
Usage Data: How you interact with our platform, features used, documents created, and time spent on the platform
AI Interaction Data: Questions asked to our AI legal assistant, prompts used, and customization preferences
Automatically Collected Information
Device Information: IP address, browser type, operating system, device identifiers
Log Data: Access times, pages viewed, links clicked, and other diagnostic data
Cookies and Tracking Technologies: Information collected through cookies, web beacons, and similar technologies
How We Use Your Information
We use the collected information for the following purposes:
Service Delivery
Generate customized legal documents based on your inputs
Provide AI-powered contract analysis, summaries, and risk assessments
Enable document collaboration, editing, and e-signing features
Deliver customer support and respond to your inquiries
Platform Improvement
Improve and optimize our AI models and document templates
Develop new features and enhance user experience
Conduct research and analytics to understand usage patterns
Ensure platform security and prevent fraudulent activity
Marketing Communications
If you are in the UK, we will only send you marketing communications if:
You have given us consent to do so, or
We have a legitimate interest (such as contacting existing customers about similar services) and you have not opted out
You can opt out of marketing communications at any time by:
Clicking the "unsubscribe" link in any marketing email
Updating your preferences in your account settings
Contacting us at privacy@founderlaw.ai
Even if you opt out of marketing, we will still send you essential service-related communications (such as account notifications, security alerts, and legal updates).
Legal and Compliance
Comply with legal obligations and regulations
Enforce our Terms of Service and other agreements
Protect our rights, property, and safety, and that of our users
Respond to legal requests and prevent illegal activities
AI and Data Processing
How Our AI Uses Your Data
Our AI processes your inputs to generate customized legal documents
Document content is analyzed to provide summaries, clause extraction, and risk assessments
Conversation data with our AI legal assistant is used to improve response accuracy
We may use anonymized and aggregated data to train and improve our AI models
Data Security in AI Processing
Your document content is encrypted during transmission (using TLS 1.2 or higher) and storage (using AES-256 encryption)
We implement strict access controls to limit who can view your data
AI processing occurs in secure, UK GDPR-compliant environments
We do not sell your document content or personal information to third parties
We conduct regular Data Protection Impact Assessments (DPIAs) for AI processing activities
Information Sharing and Disclosure
We may share your information in the following circumstances:
With Your Consent
We will share information when you explicitly authorize us to do so, such as when collaborating with team members on documents.
Service Providers
We work with third-party service providers who perform services on our behalf, including:
Cloud hosting providers
Payment processors
Email service providers
Analytics providers
Customer support tools
These providers have access only to the information necessary to perform their functions and are obligated to protect your data.
Legal Requirements
We may disclose your information if required by law, regulation, legal process, or governmental request, or when we believe disclosure is necessary to:
Comply with legal obligations
Protect our rights or property
Prevent fraud or security issues
Protect the safety of our users or the public
Business Transfers
In the event of a merger, acquisition, reorganization, or sale of assets, your information may be transferred as part of that transaction.
Aggregated or Anonymized Data
We may share aggregated or anonymized information that cannot reasonably be used to identify you for research, marketing, or analytics purposes.
Data Security
We implement appropriate technical and organizational security measures to protect your information, including:
Encryption of data in transit and at rest using industry-standard protocols (SSL/TLS)
Regular security audits and vulnerability assessments
Access controls and authentication mechanisms
Secure data centers with physical security measures
Employee training on data protection and confidentiality
Incident response procedures for data breaches
However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.
Data Retention
We retain your information for as long as necessary to:
Provide our services and maintain your account
Comply with UK legal obligations (including tax, accounting, and regulatory requirements)
Resolve disputes and enforce our agreements
Protect our legal rights and defend against claims
Specific Retention Periods
Account Information: Retained while your account is active, plus 6 years after account closure (to comply with UK limitation periods and tax requirements)
Financial Records: Retained for at least 6 years after the transaction (as required by HMRC and UK tax law)
Document Content:
Active documents: Retained while your account is active
Deleted documents: Permanently deleted within 30 days of deletion request
Backup copies: May persist in backup systems for up to 90 days
Marketing Communications: Until you withdraw consent or 3 years from last engagement
Legal and Compliance Records: As required by UK law, typically 6-7 years
When retention is no longer necessary, we will securely delete or anonymize your personal data in accordance with our data retention schedule and UK GDPR requirements.
Your Rights and Choices
Depending on your location, you may have the following rights:
Access and Portability
Request access to the personal information we hold about you
Receive a copy of your data in a structured, commonly used format
Correction and Update
Correct inaccurate or incomplete personal information
Update your account information at any time through your profile settings
Deletion
Request deletion of your personal information (subject to legal retention requirements)
Delete your account and associated data
Restriction and Objection
Restrict or object to certain processing of your information
Opt out of marketing communications at any time
Withdrawal of Consent
Withdraw consent for data processing where we rely on consent as the legal basis
To exercise these rights, please contact us at [privacy@founderlaw.ai]. We will respond to your request within 30 days.
Third-Party Links and Services
Our platform may contain links to third-party websites or services. We are not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies before providing any personal information.
Children's Privacy
Founderlaw.ai is intended for use by businesses and individuals aged 18 and over. We do not knowingly collect or process personal data from children under 18 years of age.
If we become aware that we have inadvertently collected personal data from a child under 18, we will take immediate steps to delete that information from our systems.
If you believe we have collected information from a child under 18, please contact us immediately at privacy@founderlaw.ai.
International Data Transfers
As a UK-based company, we primarily process data within the United Kingdom. However, your information may occasionally be transferred to and processed in other countries, including:
EEA Countries: We may use service providers located in the European Economic Area
Other Countries: Some of our service providers (such as cloud hosting or analytics providers) may be located outside the UK and EEA
Safeguards for International Transfers
When we transfer your personal data outside the UK, we ensure appropriate safeguards are in place:
Adequacy Decisions: We transfer data to countries that the UK government has determined provide adequate data protection (such as EEA countries under the UK's adequacy regulations)
Standard Contractual Clauses (SCCs): We use UK-approved International Data Transfer Agreements (IDTAs) or Standard Contractual Clauses with service providers in other countries
Additional Security Measures: We implement supplementary measures such as encryption and access controls to protect data during international transfers
Your Consent: In some cases, we may request your explicit consent for specific international transfers
You can request more information about the safeguards we use for international transfers by contacting us at privacy@founderlaw.ai.
UK Data Protection Rights
As a UK-based company, we comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. If you are in the United Kingdom, you have the following rights:
Legal Basis for Processing
We process your personal data based on the following lawful bases:
Contract Performance (Article 6(1)(b)): To provide our services, generate legal documents, and fulfill our contractual obligations to you
Legitimate Interests (Article 6(1)(f)): To improve our platform, ensure security, prevent fraud, and conduct business analytics (where your interests don't override ours)
Consent (Article 6(1)(a)): For marketing communications, non-essential cookies, and certain AI training purposes
Legal Obligations (Article 6(1)(c)): To comply with UK laws, regulations, and legal processes
Your UK GDPR Rights
You have the following rights under UK data protection law:
Right of Access (Subject Access Request): Obtain confirmation that we process your personal data and receive a copy of it
Right to Rectification: Correct inaccurate or incomplete personal data
Right to Erasure ('Right to be Forgotten'): Request deletion of your personal data in certain circumstances
Right to Restriction of Processing: Limit how we use your personal data in specific situations
Right to Data Portability: Receive your personal data in a structured, machine-readable format and transmit it to another controller
Right to Object: Object to processing based on legitimate interests or for direct marketing purposes
Rights Related to Automated Decision-Making: Not be subject to decisions based solely on automated processing that produce legal or similarly significant effects
Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent
How to Exercise Your Rights
To exercise any of these rights, please contact us at privacy@founderlaw.ai or write to our Data Protection Officer at the address below. We will respond to your request within one month, though this may be extended by two months for complex requests.
Right to Complain
If you are unhappy with how we handle your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):
Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Telephone: 0303 123 1113
Website: www.ico.org.uk
International Users
European Economic Area (EEA) and Switzerland
If you are located in the EEA or Switzerland, your data protection rights are governed by the equivalent GDPR provisions in your jurisdiction. The rights outlined in the UK Data Protection Rights section above apply to you as well.
United States and Other Jurisdictions
If you are located outside the UK, EEA, or Switzerland, you may have different privacy rights under your local laws. We will comply with applicable data protection requirements in your jurisdiction.
For California residents: While we are UK-based, if you are a California resident, you may have rights under the California Consumer Privacy Act (CCPA). Please contact us at privacy@founderlaw.ai for information about your California privacy rights.
Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by:
Posting the updated policy on our website with a revised "Last Updated" date
Sending an email notification to your registered email address
Displaying a prominent notice on our platform
Your continued use of Founderlaw.ai after such changes constitutes acceptance of the updated policy.
Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
Registered Office: [Insert UK Registered Address]
Company Registration Number: [Insert Companies House Number]
Email: privacy@founderlaw.ai
Data Protection Officer: [Insert DPO Name and Contact if applicable]
ICO Registration Number: [Insert ICO Registration Number]
For specific privacy requests or to exercise your rights under UK GDPR, please submit a detailed request to privacy@founderlaw.ai. We will respond within one month of receiving your request (this may be extended by up to two months for complex requests, and we will inform you of any extension).