CounselAudit.aiSign In

Privacy Policy

Last updated: March 28, 2026

1. Introduction

CounselAudit.ai ("we," "us," or "our") is committed to protecting the privacy and security of our users. This Privacy Policy describes how we collect, use, disclose, and safeguard information when you use our legal bill review platform and related services (the "Service").

2. Information We Collect

Account Information

When you create an account, we collect your name, email address, organization name, and role within your organization. Authentication is handled by our identity provider (Clerk).

Legal Billing Data

When you upload invoices, fee estimates, or outside counsel guidelines, we process and store this data to provide our services. This may include law firm names, timekeeper information, billing descriptions, amounts, matter details, and related correspondence.

Usage Data

We collect information about how you interact with the Service, including pages visited, features used, and actions taken. This is logged in our audit trail for compliance purposes.

Payment Information

When you subscribe to a paid plan, our payment processor (Stripe) collects your payment card details and billing address directly. CounselAudit.ai does not store or have access to full payment card numbers. We receive only a transaction reference, subscription status, plan type, and the last four digits of your card for display purposes.

3. How We Use Your Information

  • To provide and maintain the Service, including invoice parsing, guideline enforcement, and billing analysis
  • To process invoices using AI-powered analysis (see Section 6 below)
  • To manage your account and organization settings
  • To send invitation emails when you invite team members
  • To generate reports, track spend, and calculate savings
  • To communicate with you about service updates, security alerts, and support
  • To ensure security and prevent unauthorized access

4. Data Security

We implement industry-standard security measures to protect your data, including:

  • Encryption at rest and in transit, provided by our infrastructure partners (Supabase, Vercel, Anthropic) at the platform level
  • Multi-tenant data isolation with row-level security policies
  • Authentication via Clerk with support for multi-factor authentication
  • Comprehensive audit logging of all user actions
  • Configurable data retention policies with secure deletion
  • Data hosted in US-East region (AWS infrastructure)

5. Data Retention

You control how long we retain your billing documents. CounselAudit.ai offers configurable retention policies:

  • Retain— documents kept indefinitely
  • Wipe after review— source documents deleted after processing, structured data retained
  • Wipe, keep structured— source documents deleted, only parsed line items and metadata retained

You may request deletion of your account and all associated data at any time by contacting privacy@counselaudit.ai.

6. Artificial Intelligence & Automated Processing

CounselAudit.ai uses artificial intelligence to assist with:

  • Parsing uploaded invoices to extract line items, timekeepers, and amounts
  • Flagging potential billing guideline violations and anomalies
  • Drafting outside counsel guideline clause language
  • Generating review letters for outside counsel communication
  • Extracting rules from uploaded guideline documents

Important: AI-generated content is provided as a tool to assist human decision-making and should always be reviewed for accuracy. CounselAudit.ai is not a law firm and does not provide legal advice. All AI outputs are suggestions that require human review and approval before action is taken.

Invoice data sent to AI models for parsing is processed in real-time and is not used to train AI models. We use Anthropic's Claude API for AI processing, which does not retain or learn from customer data.

7. Data Sharing

We do not sell your data. We share data only with:

  • Service providers who assist in operating the Service (hosting, authentication, email delivery, AI processing, payment processing)
  • Within your organization— team members you invite can access shared organizational data based on their role permissions
  • Legal requirements— if required by law, subpoena, or government request

8. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Request deletion of your data
  • Export your data in a portable format
  • Opt out of certain data processing
  • Withdraw consent for data processing

To exercise any of these rights, contact privacy@counselaudit.ai.

9. Cookies

We use essential cookies required for authentication and session management. We do not use advertising or tracking cookies.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via email or an in-app notice. Continued use of the Service after changes constitutes acceptance.

11. Contact Us

If you have questions about this Privacy Policy or our data practices, contact us at:

CounselAudit.ai
Email: privacy@counselaudit.ai
Support: support@counselaudit.ai