Privacy
How we handle your firm's data.
What we collect, how long we keep it, where it lives, who it's shared with, and the rights your firm and your clients have.
Draft for review
The factual claims on this page are grounded in our architecture; the legal-binding language (governing law, breach notification SLAs, specific data subject rights workflow) is pending privacy-counsel review before this page becomes our authoritative privacy policy. For procurement, refer to our DPA.
What we collect
Three categories, each with a different retention rule.
- Meeting media
- Audio and video from your meeting. Streamed live to the transcription service and discarded. Never persisted to disk on our infrastructure, never stored by our transcription or bot subprocessor.
- Transcripts
- Text of what was said during the meeting. Stored encrypted at rest only when your firm operates in Mode B (Standard); discarded segment-by-segment in Mode A (No-storage). In Mode B, transcripts are automatically discarded once notes and tasks are finalized.
- Structured outputs
- Issues, deadlines, action items, drafted documents, attorney notes, time entries, audit log rows. Retained as the matter's meeting minutes for as long as the matter is open and your firm's retention policy requires.
- User identity
- Email, full name, organization. Stored by Auth0 (our identity provider) and mirrored in our user records. Used for authentication and audit attribution.
- Operational telemetry
- Anonymous performance metrics, error reports (with PII scrubbed). Used to operate the service. Never tied to a specific matter's content.
Retention schedule
Different data classes follow different rules.
| Data | Default retention | Notes |
|---|---|---|
| Audio & video | Never stored | Discarded as it streams; no recording on our side or the bot subprocessor's side. |
| Transcript (Mode A) | In-memory only | Each segment requires attorney confirmation before any persistence. |
| Transcript (Mode B) | Until finalization | Encrypted at rest; auto-discarded once notes/tasks are finalized by an attorney. |
| Notes, tasks, drafts | Lifetime of matter | Retained until the firm closes the matter and its retention period elapses. |
| Audit log | 7 years | Tamper-evident (per-row HMAC). Required for SOC 2 evidence and bar-complaint defense. |
| User identity | While active + 90 days | Deactivated accounts retain attribution in audit log without active-session capability. |
| Litigation hold | Until released | Suspends auto-discard. Release is itself audit-logged. |
Subprocessors
Third-party services that touch customer data on our behalf.
| Vendor | Role | Data category |
|---|---|---|
| Google Cloud Platform | Compute, database, storage, secret store, KMS | All customer data |
| Auth0 (Okta) | Identity provider | User identity (email, name, MFA factors) |
| Anthropic | LLM (Claude) for agent reasoning | Transcript content, matter context. No training; zero retention. |
| Deepgram | Speech-to-text transcription | Audio + transcribed text (stream-only) |
| Recall.ai | Meeting bot (when bot capture is active) | Audio + meeting metadata (stream-only mode) |
| Clio / MyCase / PracticePanther | PMS — per-firm opt-in | Matter metadata, time entries (only items the firm pushes) |
We maintain an authoritative subprocessor list with DPA references and review it quarterly. Customers can request the current version from our legal team.
Your firm's rights
Data the firm controls; data subject rights under GDPR / CCPA.
- Access — Your firm can export every artifact tied to a matter at any time, in machine- readable form.
- Correction — Attorney edits to extracted items, notes, and drafts overwrite the AI's original output while preserving both versions in the audit log.
- Erasure — Either a firm-initiated session deletion (from the Minutes view) or an individual data subject request triggers full erasure of the session's content from production and backup tiers. The audit log retains the fact of the deletion (not the deleted content).
- Portability — Exports include the full chain of provenance: source citations, attorney decisions, timestamps, and audit references. You can leave with your data and a verifiable record of what happened to it.
- Restriction & objection — Standard GDPR Art. 18 & 21 mechanisms apply. Specific workflow pending privacy-counsel review.
Contact
For privacy questions, data subject requests, or DPA execution, reach us via our contact page. We aim to respond within 5 business days; statutory response windows (GDPR Art. 12.3, CCPA §1798.130) are honored regardless of internal SLA.
Bring SophieScribe to your firm
Evaluate SophieScribe in a private, matter-scoped pilot.
Tell us a little about how your firm runs and we'll set up a walk through against your own meeting types. No recordings required, deployment options reviewed up front.
Confidentiality preserved · designed for privileged work