Request a demo

Legal

Privacy Policy

This Privacy Policy describes how LegalSpire, Inc. ("we," "our," or "LegalSpire") collects, uses, and shares information about you when you visit legalspire.example or use the LegalSpire product. It also describes our specific commitments around client matter content and AI inference, which we treat as the most sensitive category of data we process.

Information we collect

  • Account information: name, email, phone, firm name and size, jurisdiction, role.
  • Matter content: documents, contacts, time entries, ledger entries, and other content you upload to the product. This is your firm's content; we are a processor.
  • Usage data: log files, IP address, device + browser type, pages viewed, actions taken in the product.
  • Cookies: session cookies for authentication, plus a small set of first-party analytics cookies. We do not use cross-site tracking pixels.

How we use information

We use account and usage data to operate, secure, and improve the product, respond to support requests, and bill customers. We use matter content only to provide the product to you — including running AI inference against it on your behalf.

AI inference and your matter content

This is the section most lawyers care about, so we'll be explicit.

  • Matter content is never used to train shared AI models. Period.
  • When you query LegalSpire AI, the relevant chunks of your matter content are retrieved from your tenant and sent to a model inference provider operating under a zero-retention agreement.
  • Model inference providers we use (currently Anthropic, OpenAI Azure, and Google Vertex) are contractually bound to retain inputs and outputs for no more than is required to return a response, and not to train on your data.
  • Enterprise customers may pin AI inference to a single provider, region, or a dedicated VPC instance — and can elect on-premises deployment of supported open-source models.

How we share information

We do not sell personal information. We share data only as follows:

  • With sub-processors (cloud hosting, email, payments, model inference) under written agreements. A current sub-processor list is maintained at legalspire.example/subprocessors.
  • When you direct us to (e.g., to send a document to an e-signature provider, or to push data to an integration you've authorized).
  • If required by law, subject to a process designed to protect attorney-client privilege — we notify the customer before disclosure unless legally prohibited.

Your choices and rights

You can export, delete, or correct your data at any time from the product. EU/UK customers have GDPR rights to access, rectify, erase, restrict, and port their data; California customers have CCPA/CPRA equivalents. Email privacy@legalspire.example to exercise them.

Security

We maintain SOC 2 Type II, encrypt data at rest with AES-256 and in transit with TLS 1.3, support customer-managed keys on Practice + AI and Enterprise, and run a public bug bounty. Our security overview lives at legalspire.example/security.

Terms of service summary

LegalSpire is a processor for matter content you upload. Our standard Master Subscription Agreement governs use; a Data Processing Addendum (GDPR) and Business Associate Agreement (HIPAA, on request) are available. Full agreements at legalspire.example/terms.

Changes to this policy

We will notify customers of material changes by email at least 30 days before they take effect. The "last updated" date below reflects the latest non-material edit.

Last updated: May 1, 2026