Privacy Policy

• Account information: name, email address, password (hashed), firm name, role, and profile preferences you provide during signup or in settings.
• Case data: matter names, case numbers, jurisdictions, parties, deadlines, discovery items, settlement figures, notes, and any documents you upload.
• Authentication data: if you sign in with Google, we receive your name, email address, and Google profile ID via the OAuth scopes you approve. We do not request access to Gmail, Drive, or Calendar content beyond what you explicitly connect.
• Billing data: processed by our payment provider (Stripe). We store subscription status and the last 4 digits of your card; we do not store full card numbers.
• Usage data: log entries, IP address, browser type, pages viewed, and feature interactions used to improve the product and detect abuse.

• Operate, maintain, and improve LitTrack features.
• Compute deadlines, generate AI-powered case summaries, send reminders, and deliver other functionality you request.
• Authenticate users and protect accounts from unauthorized access.
• Process subscription payments and send billing-related communications.
• Send transactional email (account confirmation, password reset, daily digest). You may unsubscribe from non-essential email at any time.
• Comply with legal obligations and enforce our Terms of Service.

Case data is stored in encrypted Postgres databases hosted on Lovable Cloud (powered by Supabase) in U.S. regions. Access is protected by row-level security policies that scope every query to the authenticated user and their firm. Data in transit is encrypted with TLS 1.2+. Internal employee access is limited to what is required to operate or support the service.

No system is perfectly secure. You are responsible for keeping your password confidential and for promptly notifying us of any suspected unauthorized access.

We share the minimum data necessary with the following processors:

• Lovable Cloud / Supabase — database, authentication, file storage.
• Google — OAuth sign-in and (if you connect it) Calendar sync.
• Stripe — subscription billing and payment processing.
• AI providers (Google Gemini, OpenAI) — used to generate case summaries and parse complaint documents. Inputs are sent only when you trigger an AI feature; we do not allow these providers to train models on your data.

You may access, correct, export, or delete your personal data at any time from your account settings or by contacting us. Where applicable law (GDPR, CCPA, etc.) grants additional rights, we will honor them. Closing your account removes your data from production systems within 30 days; encrypted backups are purged on a rolling 90-day cycle.

We retain account and case data for as long as your account is active. Audit logs and deadline-history records may be retained longer to support malpractice-defense evidentiary needs. You can request earlier deletion of specific records.

LitTrack is not directed to anyone under 18. We do not knowingly collect personal information from children.

We may update this Policy from time to time. Material changes will be announced in the app or via email at least 14 days before they take effect.

Questions or requests? Email privacy@littrack.co.