Privacy Policy
Effective date: January 1, 2025 · Last updated: May 14, 2025
Overview
LegalGEN, Inc. ("LegalGEN," "we," "us," or "our") operates the LegalGEN platform, which provides estate planning intake, document generation, and client conversion tools for licensed attorneys ("Attorney Users") and their clients ("End Clients").
This Privacy Policy explains how we collect, use, disclose, and protect information when you use our platform, website, and services. By using LegalGEN, you agree to the practices described in this policy.
Important distinction: LegalGEN operates as a technology service provider to attorneys. When attorneys use LegalGEN to collect client intake data, that data is controlled by the attorney — not by LegalGEN. See Attorney & Client Data for details.
Information We Collect
Information you provide directly
When you create a LegalGEN account, we collect:
- Name, email address, and password
- Law firm name, bar number, and state of licensure
- Billing information (processed via Stripe — we do not store payment card numbers)
- Profile and firm branding materials you upload
- Communications you send to us (support requests, feedback, demo inquiries)
Information collected automatically
When you use our platform, we automatically collect:
- Log data: IP address, browser type, pages visited, timestamps, and referring URLs
- Device information: hardware model, operating system, and browser version
- Usage data: features used, actions taken, error logs, and performance data
- Cookies and similar tracking technologies (see Cookies section)
Information from third parties
We may receive information about you from practice management systems you connect to LegalGEN (Clio, MyCase, WealthCounsel) as part of the integration setup, limited to what is necessary for the integration to function.
How We Use Information
We use information we collect to:
- Provide and improve the platform — operate, maintain, and enhance LegalGEN features and services
- Process transactions — handle subscription billing and payments via Stripe
- Provide customer support — respond to questions, resolve issues, and assist with onboarding
- Send service communications — account notifications, feature updates, and security alerts
- Send marketing communications — with your consent, we may send newsletters and product updates (you can unsubscribe at any time)
- Ensure platform security — detect, investigate, and prevent fraud, abuse, and unauthorized access
- Comply with legal obligations — respond to legal process and enforce our terms
- Analytics and improvement — analyze aggregate usage patterns to improve the platform (using anonymized or aggregated data only)
We do not sell your personal information to third parties. We do not use attorney account data or client intake data for advertising purposes.
How We Share Information
| Recipient | What is shared | Purpose |
|---|---|---|
| Stripe | Billing information | Payment processing |
| Amazon Web Services | Platform data (encrypted) | Cloud infrastructure |
| Practice management systems | Intake data (at attorney's direction) | Integration functionality |
| Analytics providers | Anonymized usage data | Platform improvement |
| Legal authorities | As required by law | Legal compliance |
We do not share personal information with any third party for their own marketing or advertising purposes.
Attorney & Client Data
LegalGEN as data processor
When an attorney uses LegalGEN to collect client intake information, LegalGEN processes that data on behalf of the attorney. In this context:
- The attorney is the data controller — they determine how client data is collected and used
- LegalGEN is the data processor — we process data only as directed by the attorney
- Client data is processed solely to provide the intake, document generation, and delivery services the attorney has contracted for
What we do with client intake data
- We store client intake data securely and make it available to the attorney through the portal
- We use intake data to generate documents as directed by the attorney
- We do not use client intake data for AI training across customers
- We do not share client intake data with any third party except as directed by the attorney or required by law
- We do not use client intake data for advertising or marketing purposes
Attorney obligations
Attorneys using LegalGEN are responsible for ensuring they have appropriate consent to collect and process client data through the platform, consistent with applicable bar rules, state privacy laws, and professional responsibility obligations. See our Attorney Ethics & Compliance guide for guidance.
Data Retention
We retain information for as long as necessary to provide our services and comply with legal obligations:
- Attorney account data: Retained for the duration of the subscription plus 7 years after termination (for legal and tax compliance)
- Client intake data: Retained per the attorney's configuration settings. Attorneys can delete client intake data at any time through the attorney portal
- Billing records: Retained for 7 years for tax and financial compliance
- Log data: Retained for 12 months, then deleted or anonymized
Security
We implement industry-standard security measures to protect your information:
- All data transmitted between your browser and LegalGEN is encrypted via TLS 1.3
- Data at rest is encrypted using AES-256 encryption
- Access to production systems is restricted to authorized personnel with multi-factor authentication
- We conduct regular security audits and penetration testing
- Our infrastructure is hosted on AWS in US-based data centers with SOC 2 Type II certification
No security system is impenetrable. In the event of a data breach that affects your information, we will notify you as required by applicable law.
Your Rights
Depending on your location, you may have the following rights regarding your personal information:
- Access: Request a copy of the personal information we hold about you
- Correction: Request correction of inaccurate or incomplete information
- Deletion: Request deletion of your personal information (subject to legal retention requirements)
- Portability: Request your data in a machine-readable format
- Objection: Object to certain processing of your information
- Withdrawal of consent: Withdraw consent for marketing communications at any time
To exercise any of these rights, contact us at privacy@legalgen.com. We will respond within 30 days.
Cookies
We use cookies and similar technologies to operate and improve the LegalGEN platform. We use:
- Essential cookies: Required for the platform to function. Cannot be disabled.
- Performance cookies: Help us understand how the platform is used (anonymized analytics).
- Preference cookies: Remember your settings and preferences.
You can manage cookie preferences through the cookie banner on our website or through your browser settings. Disabling non-essential cookies does not affect your ability to use the platform.
Children's Privacy
LegalGEN is a professional legal technology platform designed for licensed attorneys. We do not knowingly collect personal information from individuals under 18 years of age. If we become aware that we have collected information from a minor, we will delete it promptly.
Note: Young Adult Package workflows may collect information about individuals under 18 (e.g., for young adult POA packages involving minor-age dependents). This data is collected by the attorney for professional purposes and handled in accordance with the Attorney & Client Data section above.
Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email (to the address on your account) and post a notice in the attorney portal at least 30 days before the changes take effect. Your continued use of LegalGEN after the effective date constitutes acceptance of the updated policy.
The current version of this policy is always available at legalgen.com/legal/privacy.
Privacy questions or requests?
Contact our Privacy Officer:
Email: privacy@legalgen.com
Mail: LegalGEN, Inc. · Attn: Privacy Officer · [Address] · United States
For data deletion requests, please include your account email address and a description of the data you'd like deleted. We will confirm receipt within 5 business days and complete the request within 30 days.