Effective Date: March 28, 2026  |  Version 1.0

Privacy Policy

Verilexa (“we,” “our,” or “us”) is committed to protecting the privacy and security of the data processed through our litigation intelligence platform. This Privacy Policy describes how we collect, use, store, and protect information when you use Verilexa.

1. Information We Collect

Account Information

When you register, we collect your name, email address, and authentication credentials managed through our authentication provider (Supabase Auth).

Case Data

You may upload documents, evidence, correspondence, and other case materials. This data is processed to provide litigation intelligence, including contradiction detection, evidence chain mapping, Brady analysis, suppression analysis, and readiness scoring.

Usage Data

We automatically collect information about how you interact with the platform, including pages visited, features used, timestamps, and session data. This data is used to improve the platform and ensure system reliability.

Audit Logs

All platform actions are logged for security, compliance, and accountability purposes. Audit logs capture event type, timestamp, user identifier, and relevant metadata. Personally identifiable information (PII) is automatically redacted from audit logs before storage.

2. How We Use Your Information

  • Service Delivery: To provide litigation intelligence, AI-powered analysis, document processing, and case management features.
  • Security: To detect, prevent, and respond to unauthorized access, fraud, and security incidents.
  • Compliance: To comply with legal obligations, including HIPAA, state bar rules, and court orders.
  • Improvement: To analyze usage patterns and improve platform functionality (using anonymized, aggregated data only).
  • Communication: To send service-related notifications, security alerts, and (with your consent) product updates.

3. AI Processing

Verilexa uses artificial intelligence to analyze case materials and generate advisory intelligence. All AI outputs are marked with an immutable advisory label, confidence score, and source attribution. AI outputs are recommendations only and require attorney review before use in legal proceedings. Case data sent to AI providers is processed under data processing agreements and is not used to train third-party AI models.

4. Data Storage and Security

  • Encryption in Transit: All data is transmitted over TLS 1.2+ with HSTS enforced.
  • Encryption at Rest: Database encryption is managed by our infrastructure provider. OAuth integration tokens are encrypted using AES-256-GCM.
  • Access Controls: Row-Level Security (RLS) policies ensure users can only access their own data. Application-level guards enforce transitive access control.
  • Audit Logging: All data access events are logged with PII automatically redacted.

5. Data Sharing

We do not sell, rent, or trade your personal information or case data. We share data only in the following circumstances:

  • Service Providers: With third-party vendors who process data on our behalf under contractual obligations (see Subprocessors below).
  • Legal Requirements: When required by law, court order, or regulatory obligation.
  • Security Incidents: When necessary to protect the rights, safety, or property of Verilexa or its users.
  • With Your Consent: When you explicitly authorize data sharing.

6. Subprocessors

Verilexa uses the following categories of third-party service providers:

CategoryPurposeData Access
Cloud InfrastructureHosting and database servicesAll platform data
AI ProvidersNatural language processing, analysisCase text submitted for analysis
Payment ProcessingSubscription billingBilling information only
Email ServiceTransactional email deliveryEmail addresses and message content
Cache/QueuePerformance and job processingTemporary operational data

7. Data Retention

Data is retained in accordance with our Data Retention Policy. In summary:

  • Active case data is retained for the duration of an active case.
  • Closed case data is retained for 6 years per HIPAA and legal record requirements.
  • Audit logs are retained for 6 years.
  • Account data is deleted within 30 days of account closure.

8. Your Rights

You have the right to:

  • Access your personal data and case materials at any time through the platform.
  • Delete individual cases or request full account deletion.
  • Export your case data.
  • Receive notification of data breaches affecting your information.
  • Opt out of non-essential communications.

9. HIPAA Compliance

Verilexa may process Protected Health Information (PHI) contained within case materials such as medical records, toxicology reports, and mental health evaluations. We maintain administrative, technical, and physical safeguards in compliance with the HIPAA Security Rule. Business Associate Agreements (BAAs) are maintained with applicable subprocessors.

10. Children's Privacy

Verilexa is designed for licensed attorneys and authorized legal professionals. We do not knowingly collect information from individuals under 18 years of age.

11. Changes to This Policy

We may update this Privacy Policy periodically. Changes are effective upon posting to this page. We will notify registered users of material changes via email.

12. Contact

For privacy-related inquiries, contact us at privacy@verilexa.com.