Privacy Policy

How we handle your data.

Version 1.0.0 · Effective 2026-05-04 · Last updated 2026-05-07

1. Who we are & how to reach us

Agentic, Data & Source ("ADS", "we", "us") is operated by Agentic Agentic Enterprises (parent company; see agentic2x.ai). The website is adslaw.ai. ADS is not a law firm; nothing on this site is legal advice. See our UPL Disclaimer.

2. What we collect

2.1 Information you give us

• Account info — email, password (hashed by AWS Cognito), and any optional profile fields you fill in.
• Chat content — the questions you ask and the AI responses. Stored in DynamoDB with a default 90-day retention; you can delete sooner via your account settings.
• Document uploads — files you upload (per-user, encrypted at rest). Stored in S3 under your user prefix; only readable by you and platform processes acting on your behalf.
• Risk Management call recordings — when you book a Risk Mgmt session (Ask the Founder $19, Get Grilled $99), the call is recorded and archived in encrypted long-term storage (S3 Glacier Deep Archive) for up to seven (7) years. Recordings are retrieved only when you request your own session, ADS receives valid legal process, or ADS requires the recording to respond to a complaint or claim. Recordings are not transcribed by default. See the Risk Management acknowledgment for full terms.
• Payment info — collected and stored by Stripe (we never see your card number). We see a Stripe customer ID, your purchase history, and billing email.

2.2 Information we collect automatically

• Usage events — which features you use and at what frequency, captured via AWS CloudWatch RUM and our own server-side audit log.
• Technical telemetry — IP address, browser, approximate location, referring URL, time of access. Used for security, fraud prevention, and aggregate analytics.
• Cookies — a session ID for unauthenticated users (so we can meter free questions); auth tokens for signed-in users; CloudWatch RUM cookies. We do not use cross-site tracking cookies.

3. How we use it

• To answer your legal-research questions, draft documents, and provide guidance you ask for.
• To meter free-tier usage and process payments.
• To detect and respond to security threats (prompt injection, abuse).
• To maintain a legally-required audit trail of platform activity.
• To send transactional emails (purchase confirmations, password resets, transcripts).
• For aggregate analytics that help us improve the platform.

We do NOT use your chat content, document content, or phone transcripts to train AI models unless you explicitly opt in via your account settings. Default is OFF.

4. Who we share it with

We share only with these processors, only the data they need:

• Amazon Web Services — hosting, storage, AI inference (Bedrock), telephony (Connect)
• Stripe — payments
• Anthropic / Amazon — AI model providers (data processing per their published policies)

We do not sell your data and do not share it for advertising.

5. Your rights

Under GDPR (EU), CCPA/CPRA (California), and similar laws, you have the right to:

• Access & Portability — obtain a JSON copy of your data via GET /api/v1/me/export while signed in, or by emailing privacy@adslaw.ai.
• Rectification — correct inaccurate data through Settings → Profile, or by emailing privacy@adslaw.ai.
• Erasure ("right to be forgotten") — delete your account and chat history via POST /api/v1/me/delete, or Settings → Account → Delete account.
• Restriction of processing — request that we limit the processing of your data to storage only, by emailing privacy@adslaw.ai. We will action restriction requests within 30 days.
• Objection — object to processing based on legitimate interests (e.g., aggregate analytics, fraud detection) by emailing privacy@adslaw.ai.
• Withdraw consent — for any opt-in (such as training-data inclusion) at any time via Settings → Privacy.
• Lodge a complaint — with your local supervisory authority (EU/UK), or with the California Attorney General / California Privacy Protection Agency (US).
• Non-discrimination — we will not deny service, charge different prices, or provide a different level of service because you exercised a privacy right.

We respond to verifiable data-subject requests within 30 days. We may extend up to a further 60 days for complex requests with notice. There is no fee unless requests are manifestly unfounded or excessive.

6. Data retention

• Chat history: 90 days default (auto-deleted by DynamoDB TTL); you can delete sooner
• Documents you upload or generate: until you delete them
• Audit log: 7 years (legal-compliance retention; access restricted to security and compliance staff)
• Account info: while your account is active + 12 months after last activity, then deleted
• Payment records: as required by Stripe and applicable tax law (typically 7 years)

7. Security

We use industry-standard practices: encryption at rest (AES-256) and in transit (TLS 1.2+); least-privilege IAM; AWS WAF; immutable audit log with 7-year retention; per-user data isolation; password hashing managed by AWS Cognito.

Breach notification: in the event of a personal-data breach likely to result in risk to your rights, we will notify the relevant supervisory authority within 72 hours (GDPR Art. 33) and notify affected users without undue delay. Report security issues to security@adslaw.ai.

8. Children

ADS is not directed to children under 16. We do not knowingly collect data from anyone under 16.

9. International transfers

ADS is operated in the United States. If you access from outside the US, your data is transferred to and processed in the US. We rely on Standard Contractual Clauses where applicable for EU-origin data.

10. Changes to this policy

We will post material changes here and email registered users at least 30 days before they take effect.

11. Contact

Privacy & data-subject requests: privacy@adslaw.ai

Security incidents & vulnerability reports: security@adslaw.ai

General support: support@adslaw.ai