Privacy Policy

1. Introduction

BenchWise AI, Inc. ("we," "us," "our") operates Intake Pro, a lead generation and client intake management platform for law firms. This Privacy Policy explains how we collect, use, disclose, and protect information about you when you use our Service.

By using Intake Pro, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with our policies and practices, do not use our Service.

2. Information We Collect

2.1 Information You Provide

• Account Information: Name, email address, password, phone number, firm name
• Profile Information: Professional details, bar number, practice areas
• Payment Information: Billing address, payment method (processed by Stripe)
• Lead Information: Names, contact details, and case information of potential clients
• Communications: Support requests, feedback, and correspondence with us

2.2 Information Collected Automatically

• Usage Data: Pages visited, features used, actions taken within the Service
• Device Information: IP address, browser type, operating system, device identifiers
• Cookies and Tracking: Session cookies, preference cookies, analytics cookies
• Widget Analytics: Visitor interactions, chat transcripts, conversion metrics
• Log Data: Server logs, error reports, performance metrics

2.3 Information from Third Parties

• BenchWise Consumer Platform: User research history and engagement data (with consent)
• OAuth Providers: Basic profile information when signing in with Google
• Payment Processors: Transaction confirmations and subscription status from Stripe

3. How We Use Information

3.1 To Provide and Improve Our Service

• Process and manage lead intake for your law firm
• Provide AI-powered chat assistance to website visitors
• Generate analytics and insights about lead quality and conversion
• Customize and optimize the Service based on usage patterns
• Develop new features and functionality

3.2 To Communicate with You

• Send lead notifications and alerts
• Provide customer support and respond to inquiries
• Send service updates, security alerts, and administrative messages
• Marketing communications (with your consent, where required)

3.3 For Business Operations

• Process payments and manage subscriptions
• Detect, prevent, and address fraud and abuse
• Monitor and analyze trends, usage, and activities
• Comply with legal obligations and enforce our Terms of Service

4. How We Share Information

We do not sell, rent, or trade your personal information. We share information only in the following circumstances:

4.1 With Your Consent

We share information when you explicitly authorize us to do so, such as when connecting with third-party services.

4.2 Within Your Organization

Information is shared among authorized users within your law firm account.

4.3 With Service Providers

• Stripe: Payment processing and subscription management
• OpenAI: AI-powered chat responses (anonymized)
• Supabase: Database hosting and authentication
• Email Providers: Transactional email delivery
• Analytics Providers: Usage analytics and performance monitoring

4.4 For Legal Reasons

We may disclose information if required by law, court order, or government request, or if necessary to:

• Comply with legal obligations
• Protect our rights, property, or safety
• Prevent fraud or illegal activities
• Respond to emergency situations

4.5 Business Transfers

In the event of a merger, acquisition, or sale of assets, information may be transferred to the successor entity.

5. Data Security

We implement appropriate technical and organizational measures to protect your information:

• Encryption of data in transit (TLS/SSL) and at rest
• Regular security audits and vulnerability assessments
• Access controls and authentication mechanisms
• Employee training on data protection and security
• Incident response procedures

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

6. Data Retention

We retain information for as long as necessary to provide our Service and fulfill the purposes described in this Privacy Policy:

• Account Information: Retained while your account is active
• Lead Data: Retained according to your firm's retention settings
• Transaction Records: Retained for 7 years for tax and accounting purposes
• Analytics Data: Aggregated and anonymized after 24 months
• Deleted Account Data: Removed within 30 days of account deletion

7. Your Rights and Choices

7.1 Access and Update

You can access and update your account information through your dashboard settings.

7.2 Data Portability

You can export your lead data in common formats (CSV, JSON) through the dashboard.

7.3 Deletion

You can request deletion of your account and associated data by contacting support.

7.4 Communication Preferences

You can opt-out of marketing communications through the unsubscribe link in emails or account settings.

7.5 Cookie Management

You can control cookies through your browser settings. Note that disabling cookies may affect functionality.

8. California Privacy Rights (CCPA)

California residents have additional rights under the California Consumer Privacy Act (CCPA):

• Right to Know: Request information about data collection and sharing practices
• Right to Delete: Request deletion of personal information
• Right to Opt-Out: Opt-out of the sale of personal information (we do not sell data)
• Right to Non-Discrimination: Equal service regardless of exercising privacy rights

To exercise these rights, contact us at privacy@benchwise.ai.

9. European Privacy Rights (GDPR)

If you are in the European Economic Area, you have rights under the General Data Protection Regulation (GDPR):

• Legal Basis: We process data based on consent, contract fulfillment, or legitimate interests
• Data Subject Rights: Access, rectification, erasure, restriction, portability, and objection
• Supervisory Authority: Right to lodge complaints with data protection authorities
• International Transfers: We use standard contractual clauses for data transfers outside the EEA

10. Children's Privacy

Our Service is not directed to individuals under 18. We do not knowingly collect personal information from children. If we become aware that we have collected information from a child under 18, we will take steps to delete that information.

11. International Data Transfers

Your information may be transferred to and processed in countries other than your own. These countries may have different data protection laws. We ensure appropriate safeguards are in place for such transfers, including standard contractual clauses and adequacy decisions.

12. Third-Party Links

Our Service may contain links to third-party websites. We are not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

• Posting the new Privacy Policy on this page
• Updating the "Effective Date" at the top
• Sending an email notification for significant changes

Your continued use of the Service after changes constitutes acceptance of the updated Privacy Policy.

14. Data Protection Officer

For privacy-related inquiries or to exercise your rights, contact our Data Protection Officer:

15. Special Considerations for Law Firms

15.1 Attorney-Client Privilege

We understand the importance of attorney-client privilege. Our systems are designed to maintain the confidentiality of communications. We do not access client communications except as necessary to provide the Service or as required by law.

15.2 Ethics Compliance

Our Service is designed to help law firms comply with professional ethics rules regarding client intake, conflicts checking, and data security. However, ultimate responsibility for ethics compliance remains with the law firm.

15.3 Data Ownership

Law firms retain ownership of all client data entered into the system. We act as a data processor on behalf of the law firm and will not use client data for any purpose other than providing the Service.