Privacy Policy

Last Updated: November 26, 2024

At ChronoLex ("we," "our," or "us"), we understand that confidentiality is the bedrock of legal practice. This Privacy Policy outlines how we collect, use, secure, and protect the sensitive data entrusted to our AI-powered legal workstation platform.

1. Data Security & AI Model Training

This is our most critical commitment to you:

No Public Model Training

We do NOT use your client data, case files, or work product to train our public AI models. Your data remains isolated within your firm's dedicated environment. Any custom model fine-tuning performed for your firm ("Elite" tier) is exclusive to your workspace and is never shared with other clients or third parties.

Data Isolation

All client data is logically siloed. Case files uploaded to ChronoLex are accessible only to authorized users within your firm based on the role-based permissions you configure (e.g., Attorney vs. Paralegal seats).

2. Information We Collect

Case Data

We process documents you upload (e.g., medical records, deposition transcripts, pleadings) solely for the purpose of providing our services, such as generating chronologies, analyzing contradictions, and calculating settlement values.

Usage Data

We collect metadata regarding system usage (e.g., feature utilization, processing times) to optimize platform performance and billing. This data is aggregated and anonymized.

3. HIPAA & Regulatory Compliance

ChronoLex is designed to support compliance with the Health Insurance Portability and Accountability Act (HIPAA) for the handling of Protected Health Information (PHI). We execute Business Associate Agreements (BAA) with all eligible enterprise clients.

4. Data Protection Measures

• Encryption: All data is encrypted at rest using AES-256 standards and in transit using TLS 1.3.
• Access Control: We enforce Multi-Factor Authentication (2FA) for all user accounts.
• Audit Logs: Detailed logs of all data access and modifications are maintained for security auditing.

5. Data Retention & Deletion

You retain full ownership of your data. Upon case closure or subscription termination:

• You may export all work product and source files in standard formats (PDF, Word, JSON).
• We will permanently delete your data from our active servers within 30 days of termination, or immediately upon written request.

6. Third-Party Subprocessors

We partner with industry-leading infrastructure providers to deliver our services. All subprocessors are vetted for security compliance (SOC 2 Type II, ISO 27001):

• Cloud Infrastructure: AWS / Azure (Secure Hosting)
• AI Processing: Enterprise-grade LLM providers (via private, zero-retention APIs)

7. Contact Us

For privacy-related inquiries or to execute a Data Processing Addendum (DPA), please contact our Compliance Officer at privacy@chronolex.com.