Privacy Policy

At Redwell Technologies, Inc. ("Redwell", "we", "us", or "our"), we understand that as a legal professional, you entrust us with highly sensitive and confidential information. This Privacy Policy explains how we collect, use, protect, and handle your information when you use our legal practice management platform.

1. Our Commitment to Legal Professionals

We recognize the unique privacy requirements of the legal profession, including:

• Attorney-client privilege protection
• Work product confidentiality
• Professional ethics obligations
• Regulatory compliance requirements

Our privacy practices are designed to meet or exceed these professional standards and help you maintain compliance with your ethical and legal obligations.

2. Information We Collect

2.1 Information You Provide

When you register for and use Redwell, you may provide:

• Account Information: Name, email address, law firm name, bar number, billing information, and contact details
• Practice Information: Practice areas, jurisdiction, firm size, and team member information
• Client Matter Data: Case information, client details, documents, communications, time entries, and billing records
• Financial Information: Trust account details, payment information, and financial transactions (processed securely through our payment partners)

2.2 Information Collected Automatically

When you use our Service, we automatically collect:

• Usage Data: Features accessed, actions taken, time spent, and frequency of use
• Device Information: IP address, browser type, operating system, device identifiers
• Log Data: Access times, pages viewed, errors encountered, and system performance metrics
• Cookies and Tracking: Session cookies, preference cookies, and analytics cookies (see our Cookie Policy)

2.3 Information from Third Parties

We may receive information from:

• Bar associations (for verification purposes)
• Payment processors (transaction confirmations)
• Integration partners (calendar, email, document services)
• Public databases (for conflict checking features)

3. How We Use Your Information

3.1 Service Provision

• Provide and maintain the Redwell platform
• Process transactions and manage subscriptions
• Enable features like conflict checking and deadline calculation
• Generate reports and analytics for your practice
• Provide customer support and training

3.2 Service Improvement

• Analyze usage patterns to improve features
• Develop new functionality based on user needs
• Optimize performance and user experience
• Conduct research and development

3.3 Communication

• Send service updates and security alerts
• Provide deadline reminders and notifications
• Share product updates and new features (with opt-out option)
• Respond to inquiries and support requests

3.4 Legal and Compliance

• Comply with legal obligations and court orders
• Enforce our Terms of Service
• Protect rights, safety, and property
• Prevent fraud and abuse

4. How We Protect Your Information

4.1 Security Measures

We implement comprehensive security measures including:

• Encryption: 256-bit AES encryption for data at rest and TLS 1.3 for data in transit
• Access Controls: Role-based access, multi-factor authentication, and session management
• Infrastructure: SOC 2 Type II certified data centers with 24/7 monitoring
• Security Audits: Regular penetration testing and vulnerability assessments
• Employee Training: Mandatory security and privacy training for all personnel
• Incident Response: Comprehensive incident response plan with breach notification procedures

4.2 Data Isolation

Each law firm's data is logically separated using database-level isolation, ensuring your data cannot be accessed by other firms using our platform.

4.3 Backup and Recovery

We maintain encrypted backups in geographically distributed locations with point-in-time recovery capabilities to protect against data loss.

5. Information Sharing and Disclosure

5.1 We Do Not Sell Your Information

We never sell, rent, or trade your personal information or client data to third parties for marketing or any other purposes.

5.2 Limited Sharing Scenarios

We may share information only in these limited circumstances:

• Service Providers: With vendors who help us operate the Service (e.g., hosting, payment processing) under strict confidentiality agreements
• Legal Requirements: When required by law, subpoena, or court order, with notice to you when permitted
• Protection of Rights: To protect our rights, safety, or property, or that of our users or the public
• Business Transfers: In connection with a merger, acquisition, or sale of assets (with notice to you)
• With Your Consent: When you explicitly authorize us to share information

5.3 Attorney-Client Privilege

We acknowledge that much of the information in our system may be protected by attorney-client privilege. We will assert privilege on your behalf if we receive legal process seeking your client data, unless prohibited by law from doing so.

6. Your Rights and Controls

6.1 Access and Correction

You can access and update your information through your account settings or by contacting support. We will respond to requests within 30 days.

6.2 Data Export

You can export your data at any time in standard formats (CSV, PDF, JSON) through the platform's export features.

6.3 Deletion

You may request deletion of your account and associated data. We will delete your information within 90 days, except where retention is required by law or necessary for legal defense.

6.4 Opt-Out Rights

• Marketing Communications: Unsubscribe via email links or account settings
• Analytics: Opt-out of analytics tracking through cookie preferences
• Product Updates: Manage notification preferences in account settings

6.5 Additional Rights (Where Applicable)

Depending on your location, you may have additional rights including:

• Right to data portability
• Right to restrict processing
• Right to object to processing
• Right to withdraw consent
• Right to lodge a complaint with supervisory authorities

7. Data Retention

7.1 Active Accounts

We retain your data as long as your account is active and as necessary to provide our services.

7.2 Post-Termination

After account termination, we retain data for 90 days to allow for data recovery and export. After this period, data is permanently deleted unless longer retention is required for:

• Legal obligations or litigation holds
• Audit or compliance requirements
• Enforcement of our agreements

7.3 Anonymized Data

We may retain anonymized, aggregated data indefinitely for analytics and service improvement purposes.

8. International Data Transfers

Our primary data centers are located in the United States. If you access our Service from outside the U.S., your information may be transferred to and processed in the U.S. We ensure appropriate safeguards are in place for international transfers, including:

• Standard Contractual Clauses approved by the European Commission
• Compliance with Privacy Shield principles (where applicable)
• Additional contractual protections as required by local law

9. Compliance with Privacy Laws

9.1 GDPR Compliance (European Union)

For users in the EU, we comply with the General Data Protection Regulation, including:

• Lawful basis for processing (contract performance, legitimate interests, consent)
• Data minimization and purpose limitation
• Privacy by design and default
• Data Protection Impact Assessments where required
• Appointment of a Data Protection Officer

9.2 CCPA Compliance (California)

For California residents, we comply with the California Consumer Privacy Act, providing:

• Right to know what information is collected
• Right to delete personal information
• Right to opt-out of sale (we do not sell data)
• Right to non-discrimination

9.3 Other Jurisdictions

We comply with applicable privacy laws in all jurisdictions where we operate, including state bar association rules regarding client confidentiality.

10. Children's Privacy

Our Service is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If we learn we have collected information from a child under 18, we will delete it immediately.

11. Third-Party Services

Our Service may integrate with third-party services you choose to connect, such as:

• Email providers (Gmail, Outlook)
• Calendar services (Google Calendar, Outlook Calendar)
• Document storage (Dropbox, Box, Google Drive)
• Payment processors (Stripe, LawPay)
• Accounting software (QuickBooks, Xero)

These integrations are optional and require your explicit authorization. Third-party services have their own privacy policies, which we encourage you to review.

12. Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your experience. For detailed information, please see our Cookie Policy.

• Essential Cookies: Required for Service functionality
• Performance Cookies: Help us understand usage patterns
• Preference Cookies: Remember your settings and preferences
• Analytics Cookies: Provide insights for Service improvement

13. Security Breach Notification

In the unlikely event of a security breach affecting your personal information or client data, we will:

• Notify you within 72 hours of discovery (or as required by applicable law)
• Provide details about the nature and scope of the breach
• Describe measures taken to address the breach
• Offer appropriate remediation (e.g., credit monitoring if applicable)
• Cooperate with regulatory authorities as required

14. Updates to This Policy

We may update this Privacy Policy to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes via email or through the Service at least 30 days before they become effective. Your continued use after changes constitutes acceptance of the updated policy.

15. Contact Us

For privacy-related questions, requests, or concerns, please contact our Privacy Team:

For EU residents, you may also contact our EU Representative:
Email: eu-privacy@redwell.law

16. Specific State Privacy Rights

California Residents

Under California Civil Code Section 1798.83, California residents may request information about disclosure of personal information to third parties for marketing purposes. We do not share personal information for third-party marketing.

Nevada Residents

Nevada residents may opt-out of the sale of personal information. We do not sell personal information, but you may register your preference by emailing privacy@redwell.law.