Privacy Policy

How we collect, use, and protect your data. Last updated: April 6, 2026.

block

No Data Selling

We never sell your data. We share it only with service providers who help operate the platform.

tune

You Control Retention

Retain documents indefinitely, wipe after review, or keep only structured data. Your choice.

model_training

No AI Training

Your invoice data is never used to train AI models. Anthropic processes it in real-time only.

cookie

Consent-Gated Tracking

No analytics or visitor identification runs without your explicit consent. Manage your choice on our cookies page.

1. Introduction

CounselAudit.ai ("we," "us," or "our") is committed to protecting the privacy and security of our users. This Privacy Policy describes how we collect, use, disclose, and safeguard information when you use our legal bill review platform and related services (the "Service").

2. Information We Collect

Account Information

When you create an account, we collect your name, email address, organization name, and role within your organization. Authentication is handled by our identity provider (Clerk).

Legal Billing Data

When you upload invoices, fee estimates, or outside counsel guidelines, we process and store this data to provide our services. This may include law firm names, timekeeper information, billing descriptions, amounts, matter details, and related correspondence.

Usage Data

We collect information about how you interact with the Service, including pages visited, features used, and actions taken. This is logged in our audit trail for compliance purposes.

Payment Information

When you subscribe to a paid plan, our payment processor (Stripe) collects your payment card details and billing address directly. CounselAudit.ai does not store or have access to full payment card numbers. We receive only a transaction reference, subscription status, plan type, and the last four digits of your card for display purposes.

3. How We Use Your Information

  • To provide and maintain the Service, including invoice parsing, guideline enforcement, and billing analysis
  • To process invoices using AI-powered analysis (see Section 6 below)
  • To manage your account and organization settings
  • To send invitation emails when you invite team members
  • To generate reports, track spend, and calculate savings
  • To communicate with you about service updates, security alerts, and support
  • To ensure security and prevent unauthorized access

4. Data Security

We implement industry-standard security measures to protect your data, including:

  • AES-256 encryption at rest and TLS 1.3 encryption in transit, provided by our infrastructure partners (Supabase, Vercel, Anthropic)
  • Multi-tenant data isolation with PostgreSQL row-level security policies
  • Authentication via Clerk with support for multi-factor authentication
  • Comprehensive audit logging of all user actions
  • Configurable data retention policies with secure deletion
  • Data hosted in US-East region (AWS infrastructure)

For a full description of our security controls and sub-processor certifications, visit our Security page.

5. Data Retention

You control how long we retain your billing documents. CounselAudit.ai offers configurable retention policies:

  • Retain — documents kept indefinitely
  • Wipe after review — source documents deleted after processing, structured data retained
  • Wipe, keep structured — source documents deleted, only parsed line items and metadata retained

You may request deletion of your account and all associated data at any time by contacting privacy@counselaudit.ai.

6. Artificial Intelligence & Automated Processing

CounselAudit.ai uses artificial intelligence to assist with:

  • Parsing uploaded invoices to extract line items, timekeepers, and amounts
  • Flagging potential billing guideline violations and anomalies
  • Drafting outside counsel guideline clause language
  • Generating review letters for outside counsel communication
  • Extracting rules from uploaded guideline documents

Important: AI-generated content is provided as a tool to assist human decision-making and should always be reviewed for accuracy. CounselAudit.ai is not a law firm and does not provide legal advice. All AI outputs are suggestions that require human review and approval before action is taken.

We use Anthropic's Claude API for AI processing. Anthropic does not use API inputs or outputs to train its models. Anthropic may retain API data for up to 30 days for Trust & Safety purposes, after which it is deleted. Enterprise customers can request Zero Data Retention (ZDR) through privacy@counselaudit.ai.

7. Data Sharing

We do not sell your data. We share data only with:

  • Service providers who assist in operating the Service (hosting, authentication, email delivery, AI processing, payment processing)
  • Within your organization — team members you invite can access shared organizational data based on their role permissions
  • Legal requirements — if required by law, subpoena, or government request

8. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Request deletion of your data
  • Export your data in a portable format
  • Opt out of certain data processing
  • Withdraw consent for data processing

To exercise any of these rights, contact privacy@counselaudit.ai.

9. Cookies, Analytics & Visitor Identification

The CounselAudit.ai application (app.counselaudit.com) uses essential cookies for authentication and session management.

Our public marketing website (www.counselaudit.com) loads the following third-party services only after you grant consent via our cookie banner:

  • Google Analytics 4 — aggregate site analytics with IP anonymization. Google Privacy Policy.
  • Apollo Website Visitors — identifies the company associated with visiting IP addresses for B2B sales follow-up. Company-level only on our current plan. Apollo Privacy Policy.
  • Instantly / Leadsy.ai Website Visitors — identifies US-based business visitors (name, work email, LinkedIn) for sales follow-up. Instantly Privacy Policy.

Legal basis: Legitimate interest in B2B prospecting, with consent recorded via the cookie banner. You can withdraw consent at any time on the cookies page.

For visitors in the EU/UK/Canada: No tracker fires until you click "Accept all" on the banner. Selecting "Analytics only" loads Google Analytics; "Reject all" loads nothing.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via email or an in-app notice. Continued use of the Service after changes constitutes acceptance.

11. Contact Us

If you have questions about this Privacy Policy or our data practices, contact us at:

CounselAudit Inc.
Email: privacy@counselaudit.ai
Support: support@counselaudit.ai