Effective Date: March 28, 2026 | Version 1.0
Privacy Policy
Verilexa (“we,” “our,” or “us”) is committed to protecting the privacy and security of the data processed through our litigation intelligence platform. This Privacy Policy describes how we collect, use, store, and protect information when you use Verilexa.
1. Information We Collect
Account Information
When you register, we collect your name, email address, and authentication credentials managed through our authentication provider (Supabase Auth).
Case Data
You may upload documents, evidence, correspondence, and other case materials. This data is processed to provide litigation intelligence, including contradiction detection, evidence chain mapping, Brady analysis, suppression analysis, and readiness scoring.
Usage Data
We automatically collect information about how you interact with the platform, including pages visited, features used, timestamps, and session data. This data is used to improve the platform and ensure system reliability.
Audit Logs
All platform actions are logged for security, compliance, and accountability purposes. Audit logs capture event type, timestamp, user identifier, and relevant metadata. Personally identifiable information (PII) is automatically redacted from audit logs before storage.
2. How We Use Your Information
- Service Delivery: To provide litigation intelligence, AI-powered analysis, document processing, and case management features.
- Security: To detect, prevent, and respond to unauthorized access, fraud, and security incidents.
- Compliance: To comply with legal obligations, including HIPAA, state bar rules, and court orders.
- Improvement: To analyze usage patterns and improve platform functionality (using anonymized, aggregated data only).
- Communication: To send service-related notifications, security alerts, and (with your consent) product updates.
3. AI Processing
Verilexa uses artificial intelligence to analyze case materials and generate advisory intelligence. All AI outputs are marked with an immutable advisory label, confidence score, and source attribution. AI outputs are recommendations only and require attorney review before use in legal proceedings. Case data sent to AI providers is processed under data processing agreements and is not used to train third-party AI models.
4. Data Storage and Security
- Encryption in Transit: All data is transmitted over TLS 1.2+ with HSTS enforced.
- Encryption at Rest: Database encryption is managed by our infrastructure provider. OAuth integration tokens are encrypted using AES-256-GCM.
- Access Controls: Row-Level Security (RLS) policies ensure users can only access their own data. Application-level guards enforce transitive access control.
- Audit Logging: All data access events are logged with PII automatically redacted.
5. Data Sharing
We do not sell, rent, or trade your personal information or case data. We share data only in the following circumstances:
- Service Providers: With third-party vendors who process data on our behalf under contractual obligations (see Subprocessors below).
- Legal Requirements: When required by law, court order, or regulatory obligation.
- Security Incidents: When necessary to protect the rights, safety, or property of Verilexa or its users.
- With Your Consent: When you explicitly authorize data sharing.
6. Subprocessors
Verilexa uses the following categories of third-party service providers:
| Category | Purpose | Data Access |
|---|---|---|
| Cloud Infrastructure | Hosting and database services | All platform data |
| AI Providers | Natural language processing, analysis | Case text submitted for analysis |
| Payment Processing | Subscription billing | Billing information only |
| Email Service | Transactional email delivery | Email addresses and message content |
| Cache/Queue | Performance and job processing | Temporary operational data |
7. Data Retention
Data is retained in accordance with our Data Retention Policy. In summary:
- Active case data is retained for the duration of an active case.
- Closed case data is retained for 6 years per HIPAA and legal record requirements.
- Audit logs are retained for 6 years.
- Account data is deleted within 30 days of account closure.
8. Your Rights
You have the right to:
- Access your personal data and case materials at any time through the platform.
- Delete individual cases or request full account deletion.
- Export your case data.
- Receive notification of data breaches affecting your information.
- Opt out of non-essential communications.
9. HIPAA Compliance
Verilexa may process Protected Health Information (PHI) contained within case materials such as medical records, toxicology reports, and mental health evaluations. We maintain administrative, technical, and physical safeguards in compliance with the HIPAA Security Rule. Business Associate Agreements (BAAs) are maintained with applicable subprocessors.
10. Children's Privacy
Verilexa is designed for licensed attorneys and authorized legal professionals. We do not knowingly collect information from individuals under 18 years of age.
11. Changes to This Policy
We may update this Privacy Policy periodically. Changes are effective upon posting to this page. We will notify registered users of material changes via email.
12. Contact
For privacy-related inquiries, contact us at privacy@verilexa.com.