Privacy Policy

Overview

The Legal Research Assistant ("we", "our", "the Service") is operated by Byzantium. We take the privacy and security of your legal information seriously. This policy explains how we collect, use, store, and protect your personal information in compliance with Alberta's Personal Information Protection Act (PIPA) and the Personal Information Protection and Electronic Documents Act (PIPEDA).

1. Information We Collect

Account Information

• Email address and password (hashed, never stored in plain text)

Case Information

• Case descriptions and facts you provide through the intake wizard
• Names and addresses of parties (plaintiffs and defendants)
• Dates relevant to your case (incident, discovery, filing, service)
• Stage progress notes and completed actions
• Chat messages with the AI assistant
• Generated legal documents

Technical Information

• Session identifiers (cookies) for authentication
• CSRF tokens for security

We do not collect analytics, tracking data, or usage telemetry.

2. How We Use Your Information

Your information is used solely to:

• Generate AI assessments of your legal situation
• Produce court documents based on your case data
• Calculate limitation periods and procedural deadlines
• Provide stage-specific guidance through the AI chatbot
• Send deadline notification emails (if configured)

We do not sell, rent, or share your personal information with third parties.

3. AI Processing

Your case data is processed by AI language models (Claude by Anthropic, Gemini by Google) to generate assessments, guidance, and document content. These services process your data according to their business API terms, which prohibit using customer data for model training.

Case law research uses the CanLII API (Canadian Legal Information Institute) for metadata lookups. Source: CanLII.

4. Data Security

• Encryption at rest: All case data, assessments, stage progress, and chat messages are encrypted using Fernet (AES-128-CBC + HMAC-SHA256) before storage.
• Password security: Passwords are hashed using bcrypt and never stored in plain text.
• Session security: HTTP-only cookies with SameSite protection. CSRF tokens validated on all state-changing requests.
• CDN integrity: All third-party scripts loaded with Subresource Integrity (SRI) hashes.
• Canadian hosting: Data is stored on servers located in Canada.

5. Data Retention

• Account data is retained for the life of the account.
• Case data is retained as long as the case exists in your account.
• Generated documents are stored on the server until you delete the case or your account.

You may request deletion of your data at any time (see Section 7).

6. Data Sharing

We share data only with:

• AI service providers (Anthropic, Google) for assessment and document generation, under their business API terms
• CanLII for case law metadata lookups

We do not share data with advertisers, data brokers, or any other third parties.

7. Your Rights (PIPA / PIPEDA)

Under Alberta's PIPA and federal PIPEDA, you have the right to:

• Access: Request a copy of your personal information.
• Correction: Request correction of inaccurate information.
• Deletion: Request deletion of your personal information and account.
• Withdraw consent: Withdraw consent for data processing at any time (this may limit service functionality).
• Complaint: File a complaint with the Office of the Information and Privacy Commissioner of Alberta.

To exercise any of these rights, contact us at the email address below. We will respond within 30 days.

8. Cookies

We use a single essential cookie to maintain your authenticated session. We do not use advertising, analytics, or tracking cookies.

9. Children

This service is not intended for use by individuals under 18 years of age. We do not knowingly collect personal information from minors.

10. Changes to This Policy

We may update this privacy policy from time to time. Changes will be posted on this page with an updated revision date. Continued use of the service after changes constitutes acceptance of the revised policy.

11. Contact

For privacy inquiries, data access requests, or complaints:
Email: privacy@byzantiumai.com