Privacy Policy

1. Introduction

SolonAI ("we," "our," or "us") is committed to protecting your privacy and maintaining the confidentiality of your legal research. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our legal research and regulatory compliance analysis platform (the "Service").

By accessing or using the Service, you agree to this Privacy Policy. If you do not agree with this Privacy Policy, please do not access or use the Service.

2. Information We Collect

2.1 Information We Do NOT Collect or Retain

2.2 Information We Do Collect

We collect only the minimum information necessary to provide and maintain the Service:

Account Information

• Name and email address
• Company or organization name (for enterprise accounts)
• Account credentials (username and encrypted password)
• Account preferences and settings

Billing Information

• Billing address
• Payment method information (processed securely through our payment processor; we do not store full credit card numbers)
• Transaction history for accounting and tax compliance

Usage Metrics (Aggregated and Anonymized)

• Number of queries processed (count only, not content)
• Service response times and performance metrics
• Feature usage statistics
• Error logs for system diagnostics (no query content)

These metrics are aggregated and anonymized. They contain NO personally identifiable information and NO content from your research queries.

Technical Information

• IP address (for security and fraud prevention only)
• Browser type and version
• Device information
• Operating system
• Access times and dates

Cookies and Tracking Technologies

We use essential cookies to maintain your session and authentication. We do NOT use advertising cookies or third-party tracking cookies. You can control cookie preferences through your browser settings.

3. How We Use Your Information

We use the limited information we collect for the following purposes:

3.1 Service Delivery

• Processing your legal research queries in real-time
• Generating regulatory compliance analysis and legal memoranda
• Providing document analysis through Google Docs and Microsoft Word integrations
• Maintaining your account and user preferences
• Authenticating your access to the Service

3.2 Billing and Administration

• Processing subscription payments
• Sending billing invoices and receipts
• Managing enterprise account administration
• Complying with tax and accounting requirements

3.3 Service Improvement

• Analyzing aggregated usage patterns to improve performance
• Identifying and fixing technical issues
• Developing new features and capabilities
• Optimizing system response times

3.4 Communication

• Sending service-related announcements and updates
• Responding to your support requests
• Notifying you of changes to our Terms of Service or Privacy Policy
• Sending security alerts or account notifications

3.5 Security and Compliance

• Detecting and preventing fraud and security threats
• Complying with legal obligations and law enforcement requests
• Enforcing our Terms of Service
• Protecting the rights and safety of our users

4. How We Process Your Research Data

4.1 Real-Time Processing Only

When you submit a query:

1. Your request is received and held temporarily in memory
2. Our system processes your request using our proprietary algorithms
3. Results are generated and delivered to you
4. All query data, documents, and results are immediately purged from our systems
5. No research content is written to persistent storage at any point

4.2 Third-Party AI Processing

We use AI for natural language processing and analysis formatting. We adhere to the following:

• Zero data retention for your queries
• No use of your data for AI model training
• Processing only for real-time request fulfillment
• Enterprise-grade security and confidentiality protections

4.3 Document Integration Services

When you use our Google Docs or Microsoft Word integration:

• We access your documents only with your explicit authorization
• Documents are retrieved, processed, and analyzed in real-time
• No copies of your documents are retained on our servers
• Analysis results are delivered to you and then purged
• We use OAuth 2.0 for secure, temporary access authorization

5. Data Sharing and Disclosure

5.1 We Do Not Sell Your Information

We do NOT sell, rent, or trade your personal information or research data to third parties for any purpose.

5.2 Service Providers

We share limited information with trusted third-party service providers who assist us in operating the Service:

• Cloud Infrastructure: Microsoft Azure for hosting and data processing (subject to zero retention policy)
• AI Processing: Anthropic (Claude AI) for natural language processing (zero retention agreement)
• Payment Processing: Stripe or similar payment processors for billing (they receive only billing information)
• Email Services: For sending account-related communications

All service providers are bound by confidentiality obligations and are prohibited from using your information for any purpose other than providing services to us.

5.3 Legal Compliance

We may disclose your information if required to do so by law or in response to:

• Valid subpoenas, court orders, or legal process
• Law enforcement requests when legally required
• Protection of our legal rights or defense in litigation
• Prevention of fraud, security threats, or illegal activity

Due to our zero data retention policy, we typically have no research content or query data to disclose, even if legally required to do so.

5.4 Business Transfers

If SolonAI is involved in a merger, acquisition, or sale of assets, your account information may be transferred. We will notify you via email and/or prominent notice on our website of any such change and your options regarding your information.

6. Data Security

6.1 Security Measures

We implement industry-standard security measures to protect your information:

• Encryption: All data in transit is encrypted using TLS 1.3 or higher
• Access Controls: Strict role-based access controls and authentication requirements
• Infrastructure Security: Microsoft Azure's enterprise-grade security features
• Monitoring: 24/7 security monitoring and threat detection
• Incident Response: Documented procedures for security incident handling
• Regular Audits: Periodic security assessments and penetration testing

6.2 Zero Retention as a Security Feature

Our zero data retention policy is itself a critical security measure. By not storing your research queries or documents, we eliminate the risk of:

• Data breaches exposing confidential legal research
• Unauthorized access to client information
• Inadvertent disclosure of privileged communications
• Long-term data retention vulnerabilities

6.3 Your Responsibility

You are responsible for:

• Maintaining the confidentiality of your account credentials
• Using strong, unique passwords
• Notifying us immediately of any unauthorized access
• Securing your devices and networks
• Downloading and saving research results before ending your session

6.4 Limitations

While we implement robust security measures, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security of your information.

7. Data Retention and Deletion

7.1 Research Data (Zero Retention)

• Query Content: Immediately purged after processing (seconds)
• Uploaded Documents: Immediately purged after analysis delivery (seconds)
• Research Results: Available only during active session, then purged
• Processing Logs: No query content logged; only error codes for diagnostics

7.2 Account Data

• Active Accounts: Retained while your account is active
• Deleted Accounts: Account information deleted within 30 days of account closure
• Billing Records: Retained for 7 years for tax and accounting compliance
• Usage Metrics: Aggregated, anonymized data retained indefinitely for service improvement

7.3 Legal Hold

We may retain information longer if required by law, legal process, or to resolve disputes, even after account deletion.

8. Your Privacy Rights

8.1 General Rights

You have the following rights regarding your personal information:

• Access: Request a copy of your account information
• Correction: Update or correct inaccurate information
• Deletion: Request deletion of your account and associated data
• Export: Receive your account information in a portable format
• Objection: Object to certain processing of your information

8.2 California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

• Right to know what personal information we collect, use, and disclose
• Right to request deletion of your personal information
• Right to opt-out of the sale of personal information (we do not sell your information)
• Right to non-discrimination for exercising your CCPA rights

8.3 European Privacy Rights (GDPR)

If you are in the European Economic Area (EEA), you have rights under the General Data Protection Regulation (GDPR):

• Right of access to your personal data
• Right to rectification of inaccurate data
• Right to erasure ("right to be forgotten")
• Right to restrict processing
• Right to data portability
• Right to object to processing
• Right to withdraw consent at any time
• Right to lodge a complaint with a supervisory authority

8.4 Exercising Your Rights

To exercise any of these rights, contact us at support@solonai.com. We will respond to your request within 30 days (or as otherwise required by applicable law).

Note: Due to our zero data retention policy for research content, we typically have no query data, documents, or research results to provide or delete, as this information is already automatically purged.

9. International Data Transfers

SolonAI is based in the United States. If you access the Service from outside the United States, your information may be transferred to, stored, and processed in the United States or other countries where our service providers operate.

For users in the EEA, we rely on Standard Contractual Clauses approved by the European Commission for data transfers. We ensure that appropriate safeguards are in place to protect your information in accordance with applicable data protection laws.

10. Children's Privacy

The Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at support@solonai.com, and we will delete such information.

11. Do Not Track Signals

Some browsers have a "Do Not Track" feature that lets you tell websites that you do not want your online activities tracked. We do not currently respond to Do Not Track signals. However, we do not use third-party advertising or tracking cookies, so your browsing activity on our Service is not tracked for advertising purposes.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by:

• Posting the updated Privacy Policy on our website
• Updating the "Last Updated" date at the top of this policy
• Sending an email notification to your registered email address for material changes

Your continued use of the Service after the effective date of an updated Privacy Policy constitutes your acceptance of the changes. We encourage you to review this Privacy Policy periodically.

13. Contact Information

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:

For GDPR-Related Inquiries

If you are in the EEA and have concerns about our data processing practices, you may also contact your local data protection authority.

For CCPA-Related Inquiries

California residents may email support@solonai.com with "California Privacy Rights Request" in the subject line.

14. Additional Information for Legal Professionals

14.1 Attorney-Client Privilege

SolonAI is a tool, not a law firm. We do not have an attorney-client relationship with you or your clients. You remain responsible for:

• Maintaining attorney-client privilege with your clients
• Evaluating whether use of the Service is appropriate for privileged matters
• Complying with all professional responsibility obligations
• Making independent determinations regarding confidentiality

14.2 Work Product Doctrine

Research conducted through SolonAI may constitute attorney work product. Our zero data retention policy ensures that your work product is not retained by us, preserving your work product protections.

14.3 Professional Responsibility

You should evaluate the Service's privacy and security features in light of your professional obligations, including:

• ABA Model Rule 1.6 (Confidentiality of Information)
• ABA Model Rule 1.1 (Competence, including technology competence)
• State bar ethics opinions on cloud computing and legal technology
• Your jurisdiction's specific rules and guidance