This Privacy Policy describes how First Drafts, LLC (“First Drafts,” “we,” “our,” or “us”) collects, uses, and protects information obtained from users (“you” or “User”) of our website, artificial intelligence technologies, and related services (collectively, the “Online Services”). As a service provider to legal professionals, we understand the paramount importance of confidentiality and the sensitive nature of the information processed through our Online Services. Please read this Privacy Policy carefully to understand our practices regarding your information and our commitment to protecting it.

1. Personal Information We Collect

When you use our Online Services, we collect the following categories of information:

• Registration Data: Including your name, attorney licensure information (e.g., bar number), email address, mailing address, phone number, law firm affiliation (if provided), billing information, and account credentials. Some licensure information may be obtained from publicly available Bar or licensing databases to verify professional status.
• User Content: This includes all content you input into our system and the output generated by our artificial intelligence services specifically for you (collectively, “User Content”). User Content may include potentially sensitive or privileged legal information, document drafts, case details, client information, notes, and other content you create or process using our Online Services. We treat your User Content as strictly confidential and handle it with the highest level of security as described herein.
• Technical Data: Including IP address and associated general location data, browser type and version, device information, operating system, and usage data and analytics (e.g., features used, time spent on service – excluding the substance of your User Content).
• Payment Information: Such as credit card details or other payment method information required to process your subscription payments. This information is typically processed directly by our third-party payment processor.
• Communication Data: Any information you choose to provide when you communicate with us, such as when completing a form, participating in a survey, or contacting customer support.

2. How We Use Your Personal Information

We use the personal information we collect for the following purposes, grounded in our commitment to serving legal professionals responsibly:

• Provide, Maintain, and Improve Service Functionality: To operate the Online Services, authenticate users, process requests, and improve the core functionality and performance of the tools provided to you.
• Process Payments and Manage Accounts: To process your subscription payments, prevent transactional fraud, and manage your account settings and preferences.
• Maintain Confidentiality and Integrity of User Content: Your specific User Content (inputs and outputs) is treated as strictly confidential. We do not use your User Content to train our general AI models or the AI models of any third party. Your User Content is processed solely to provide the requested Online Services directly back to you within your secure account environment.
• Communicate with You: To send you essential technical notices, security alerts, service updates, and administrative messages related to your account and use of the Online Services.
• Provide Customer Support: To respond to your inquiries, troubleshoot technical issues, and provide assistance with using the Online Services.
• Analyze Service Usage: To understand how users interact with our Services. This helps us improve the functionality, usability, and performance of our Services for all users.
• Security and Fraud Prevention: To detect, investigate, and prevent fraudulent transactions, unauthorized access, and other illegal activities, and to protect our rights, property, and the security of our Online Services and users.
• Legal Compliance: To comply with our legal obligations, resolve disputes, and enforce our agreements (including our Terms of Service and this Privacy Policy).
• Other Purposes with Notice: To carry out any other purpose described to you at the time the information was collected, subject to your consent where required.

3. When We Share Your Information

We understand the critical importance of attorney-client privilege and work product doctrine. While First Drafts is not party to your attorney-client relationship, we treat your User Content as strictly confidential. We do not sell your personal information, including User Content. We do not share your User Content with third parties except under the limited circumstances described below (e.g., legally required disclosures or with essential service providers bound by confidentiality). We may share other personal information (such as Registration, Technical, or Payment Data) only in the following limited circumstances:

• With Essential Service Providers: We share information with vendors, service providers, contractors, and agents bound by strict confidentiality agreements that perform services essential to the operation of the Online Services for us. Examples include payment processing, secure cloud hosting (for data storage and processing), website analytics (using aggregated/anonymized data), and customer support platforms. These parties are only granted access to the minimum information necessary to perform their functions and are prohibited from using it for other purposes, particularly concerning any access to User Content which is highly restricted.

• For Legal Reasons: In response to a subpoena, court order, or other legal request for information, if we believe in good faith that disclosure is required by law, regulation, or rule, or is necessary to protect the safety, rights, or property of First Drafts, our users, or others. Our process for handling such requests is detailed below.

• Business Transfers: In connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business by another company, provided that the receiving party agrees to respect the confidentiality and security of your personal information, particularly User Content, consistent with this Privacy Policy.

• With Your Explicit Consent: With your express written consent or at your express written direction.

If we receive a subpoena, court order, or other legal request seeking access to your personal information (including User Content), we are committed to transparency and protecting your interests within the bounds of the law. We will: (1) promptly notify you of the request via the email address associated with your account, unless legally prohibited from doing so (e.g., by a court order); (2) provide you with a reasonable opportunity to seek a protective order or otherwise challenge the request before we respond; and (3) if legally compelled to disclose, we will only disclose the minimum information necessary to comply with the legal requirement.

4. Your Privacy Choices and Rights

We provide you with choices regarding your personal information:

• Access, Update, or Delete Your Information: You can typically access and update your account information (like contact details and billing info) by logging into your account settings. You may request deletion of your account and associated personal information by contacting us at privacy@firstdrafts.ai, subject to our data retention policy (Section E) and legal obligations.
• Opt Out of Marketing Communications: You may opt out of marketing-related emails by following the unsubscribe instructions in the email or contacting us at privacy@firstdrafts.ai. Please note that you may continue to receive essential service-related and administrative communications (e.g., regarding your subscription, security updates, or policy changes) even if you opt out of marketing emails.
• Cookies: Most web browsers are set to accept cookies by default. If you prefer, you can usually adjust your browser settings to remove or reject browser cookies. Please note that removing or rejecting cookies could affect the availability and functionality of our Online Services.
• Request Information About Our Data Practices: You may seek information about First Drafts’ data practices by contacting us at privacy@firstdrafts.ai.

5. Data Retention and Security 

We are committed to protecting the security and confidentiality of your information, especially your User Content. We implement industry-standard and appropriate technical and organizational security measures to protect your information. Specifically:

• AES-256 encryption (or stronger) for all non-public data at rest (including User Content) in secure, encrypted databases hosted in the United States;
• TLS 1.2+ encryption for all data in transit between your device and our servers;
• Strictly limiting access to personal information, particularly your confidential User Content, on a need-to-know basis to authorized personnel (such as specific engineers or support staff involved in maintaining system integrity, troubleshooting technical issues, or providing direct technical support at your request); and
• Regular internal security reviews and vulnerability assessments to proactively identify and address potential risks.

  For clarity, unencrypted non-public data at rest is generally limited to basic demographic data (like name, bar number, email) potentially obtained from publicly-available sources for licensure verification. All User Content is always encrypted at rest. All data, public or non-public, is encrypted under TLS 1.2+ standards when in transit. Consistent with our usage commitments (Section B), your User Content is never used for training general AI models.

All personnel with potential access to personal information are bound by strict confidentiality obligations and receive specialized training on handling sensitive legal information, data security best practices, and the importance of maintaining confidentiality consistent with the expectations of legal professionals. 

We retain your personal information, including User Content, for as long as your account is active or as needed to provide you with the Online Services. We generally retain your information for up to three (3) years following the termination of your subscription or your last use of our Online Services, whichever is later. This retention period may be shorter if you request earlier deletion (subject to legal obligations) or longer if required by law, for dispute resolution, or to enforce our agreements. Anonymized and aggregated usage data may be retained for longer periods for analytical purposes.

6. Data Breach Notification

We are committed to protecting your personal information using robust security measures as detailed in Section E. However, no method of transmission over the Internet or electronic storage is perfectly secure or impenetrable. While we strive to protect your personal information, we cannot guarantee absolute security against all threats. 

In the unlikely event of a data breach that compromises the security, confidentiality, or integrity of your personal information, we will notify you without undue delay, and where feasible, no later than seventy-two (72) hours after becoming aware of the breach, unless the breach is unlikely to result in a risk to your rights and freedoms.

We will notify you of a data breach via e-mail to the address associated with your account and a prominent notice on our website. In certain circumstances, we may delay notification if required by law enforcement authorities for the purposes of a legitimate investigation related to the breach. Our data breach notification will include:

• A description of the nature of the breach;
• The categories and approximate number of data records concerned;
• The name and contact details of our data protection officer or other contact point;
• A description of the likely consequences of the breach;
• A description of the measures taken or proposed to address the breach; and
• Recommended steps you can take to mitigate potential adverse effects.

7. Children’s Privacy

Our Online Services are exclusively for the use of licensed attorneys and legal professionals. They are not directed to, nor intended for use by, children under the age of 16. We do not knowingly collect personal information from children under 16. If we learn that we have inadvertently collected personal information from a child under 16 without verification of parental consent where required by law, we will take steps to delete that information as quickly as possible.

8. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. If we make any changes, we will notify you by:

• Posting the updated Privacy Policy on our website;
• Sending an e-mail with the updated Privacy Policy to the address associated with your account; and
• Providing notice through the Online Services. 

The date at the top of this Privacy Policy indicates when it was last updated. We encourage you to review this Privacy Policy regularly to stay informed about our information practices and the choices available to you.

9. California Privacy Rights

If you are a California resident, you may have additional rights under the California Consumer Privacy Act (CCPA) / California Privacy Rights Act (CPRA) and other state laws. These may include rights to know, delete, correct, and opt-out of the sale or sharing of personal information (though, as stated, we do not sell your personal information). For more information about these rights or to exercise them, please contact us using the information below.

10. International Users

The Online Services are hosted and operated in the United States and are primarily intended for attorneys practicing within the United States. If you access the Online Services from outside the United States (e.g., the European Economic Area (EEA), United Kingdom, or Switzerland), please be aware that your information will be transferred to, stored, and processed in the United States, where data protection laws may differ from those in your jurisdiction. By using our Online Services, you understand and consent to the transfer of your information to the United States and its processing in accordance with this Privacy Policy. For transfers from the EEA, UK, or Switzerland, First Drafts relies on appropriate data transfer mechanisms, such as standard contractual clauses approved by relevant authorities, to ensure adequate protection for your personal data.

11. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us. Our preferred method of contact is email.

First Drafts, LLC
Attn: Legal – Privacy 

512 East Delno Dr. 

Salt Lake City, UT 84107 

Email: privacy@firstdrafts.ai

‍