Privacy Policy
Effective Date: February 5, 2026 | Last Updated: February 5, 2026
This Privacy Policy explains how BenchSlap LLC ("we," "us," "our") collects, uses, and protects your information when you use the BenchSlap platform ("Service"). By using the Service, you consent to the practices described herein.
Information We Collect
1.1 Account Information
When you create an account, we collect:
- Required: Email address, password (stored only in hashed form using PBKDF2 with 600,000 iterations)
- Optional: Display name, phone number (for two-factor authentication)
- Professional credentials: Utah State Bar number (for attorney verification, if provided)
- Organization information: Firm name, role (optional)
1.2 Documents and Case Materials
To provide our legal intelligence services, we process:
- Legal documents you upload to case silos (motions, oppositions, pleadings, exhibits)
- Text content submitted for citation verification, drafting, or analysis
- Case metadata including case numbers, court information, and party names
- Notes, annotations, and work product you create within the platform
- AI-generated responses and drafted documents
1.3 Usage Information
We automatically collect certain technical information:
- Device data: Browser type, operating system, device identifiers
- Log data: IP addresses, access times, pages viewed, referring URLs
- Feature usage: Which tools you use, frequency and patterns of use
- Performance data: Response times, error logs, crash reports
- Session data: Duration, timestamps, authentication events
1.4 Payment Information
Payment processing is handled by Stripe. We do NOT store complete credit card numbers. We receive only:
- Last 4 digits of card number (for display purposes)
- Card expiration date and type
- Billing address
- Transaction history and subscription status
Attorney-Client Privilege: We understand that materials you upload may be subject to attorney-client privilege or work product protection. We handle all such materials with appropriate confidentiality safeguards and do not disclose them except as required by law.
How We Use Your Information
| Purpose | Data Used | Legal Basis |
|---|---|---|
| Provide legal drafting and strategy services | Documents, queries, case context | Contract performance |
| Citation verification | Citation text, case references | Contract performance |
| Account management and authentication | Email, credentials, preferences | Contract performance |
| Billing and subscription management | Payment info, subscription tier | Contract performance |
| Security and fraud prevention | IP address, usage patterns, audit logs | Legitimate interest |
| Service improvement and analytics | Anonymized usage data | Legitimate interest |
| Customer support | Communications, account data | Contract performance |
| Legal compliance | As required by applicable law | Legal obligation |
We Do Not Sell Your Data: We will never sell, rent, or trade your personal information or document contents to third parties for their marketing or any other purposes. Your data is used solely to provide and improve our services.
Data Storage and Security
Our Security Measures
- Encryption at Rest: All documents stored in case silos are encrypted using AES-256
- Encryption in Transit: All data transmitted uses TLS 1.3 encryption
- Password Security: Passwords are hashed using PBKDF2 with 600,000 iterations per OWASP 2025 recommendations
- Session Security: HTTP-only, Secure, SameSite cookies with cryptographic tokens
- Access Control: Role-based permissions with complete silo isolation between users
- Audit Logging: All sensitive actions logged with IP addresses and timestamps
- Rate Limiting: Protection against brute force and denial-of-service attacks
- Regular Security Audits: Periodic penetration testing and vulnerability assessments
3.1 Infrastructure
Your data is stored on secure, enterprise-grade cloud infrastructure:
- Hosting: DigitalOcean production servers (US-based data centers)
- Database: DigitalOcean Managed PostgreSQL with automated backups
- File Storage: DigitalOcean Spaces with encryption at rest
- Caching: Redis with encrypted connections
3.2 Silo Isolation
Each case silo is cryptographically isolated. Documents in one silo cannot be accessed by other users or used in AI queries for other cases. This ensures complete separation of your matters.
3.3 Data Breach Notification
In the event of a data breach affecting your personal information, we will notify you within 72 hours via email and, if required by law, relevant regulatory authorities. We maintain incident response procedures to quickly identify, contain, and remediate any security incidents.
Third-Party Services
4.1 AI Processing Partners
To provide our legal intelligence features, we use AI services from select providers:
- Anthropic (Claude): Primary language model for document analysis, drafting, and verification
- Google (Gemini): Supplementary processing for commission verification and consensus analysis
- OpenAI (GPT): Additional processing for multi-model verification
Important privacy protections with our AI providers:
- Your data is processed solely to generate responses for your queries
- AI providers do NOT use your data to train their models (we use enterprise-tier APIs)
- All data transmission uses encrypted connections (TLS 1.3)
- We have data processing agreements in place with each provider
4.2 Legal Database Access
For citation verification, we query official court records and legal databases:
- Utah Courts public records (utcourts.gov)
- Utah State Legislature (le.utah.gov)
- CourtListener (Free Law Project)
- Caselaw Access Project (Harvard Law School)
These queries contain only citation information, not your full documents or identity.
4.3 Other Service Providers
- Email Services: Transactional email delivery for account notifications
- Payment Processing: Stripe for secure payment handling (PCI-DSS compliant)
- Error Monitoring: Anonymous error tracking for service reliability
Your Rights
5.1 Access and Portability
You have the right to:
- Access your personal information stored in our systems
- Download your documents and case materials at any time
- Export your data in standard, machine-readable formats (JSON, PDF)
- Request a copy of all personal data we hold about you
5.2 Correction
You may:
- Update or correct your account information at any time through Settings
- Modify or delete individual documents within your silos
- Request correction of any inaccurate personal information
5.3 Deletion
You have the right to:
- Delete individual documents or entire case silos
- Request deletion of your entire account and associated data
- Be forgotten - we will remove your data from our active systems
Some data may be retained as required by law or for legitimate business purposes (e.g., billing records for tax compliance).
5.4 Data Retention
| Data Type | Retention Period |
|---|---|
| Account information | Until account deletion + 30 days |
| Documents in silos | Until deleted by user or 30 days after account termination |
| AI conversation history | 90 days (for context continuity) |
| Audit logs | 2 years (security and compliance) |
| Payment records | 7 years (tax compliance) |
| Anonymized analytics | Indefinitely (cannot be linked to you) |
Exercise Your Rights: To exercise any of these rights, contact us at privacy@benchslap.pro. We will respond to your request within 30 days.
Cookies and Tracking
6.1 Essential Cookies Only
We use only essential cookies necessary for the Service to function:
- Session cookies: Maintain your authenticated session
- CSRF tokens: Protect against cross-site request forgery attacks
- Preference cookies: Remember your settings (theme, layout preferences)
6.2 What We Do NOT Do
- We do NOT use advertising or marketing cookies
- We do NOT use third-party tracking pixels or beacons
- We do NOT share browsing data with advertisers
- We do NOT build behavioral profiles for ad targeting
- We do NOT use Google Analytics or similar third-party tracking services
6.3 Analytics
We collect anonymized, aggregated analytics to improve our Service. This data cannot be used to identify individual users and includes only general usage patterns and performance metrics. You may opt out of analytics by contacting us.
Children's Privacy
BenchSlap is designed for legal professionals and is not intended for use by individuals under 18 years of age. We do not knowingly collect personal information from children. If we learn that we have collected information from a child under 18, we will delete that information promptly. If you believe a child has provided us with personal information, please contact us immediately.
International Data Transfers
The Service is operated from the United States. If you access from outside the US, your data will be transferred to and processed in the United States, which may have different data protection laws than your country of residence.
When we transfer your information internationally, we ensure appropriate safeguards are in place:
- Standard contractual clauses with service providers
- Data processing agreements that meet applicable legal requirements
- Encryption of data in transit and at rest
By using the Service, you consent to this transfer and processing of your data in the United States.
California Privacy Rights (CCPA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):
- Right to Know: You may request disclosure of the categories and specific pieces of personal information we have collected about you
- Right to Delete: You may request deletion of your personal information, subject to certain exceptions
- Right to Opt-Out: You may opt out of the sale of personal information (note: we do NOT sell personal information)
- Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights
To exercise these rights, contact privacy@benchslap.pro with "CCPA Request" in the subject line. We will verify your identity before processing your request.
Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make changes:
- We will post the updated policy on this page with a new effective date
- For material changes, we will send an email notification to registered users at least 30 days before the changes take effect
- We may display a prominent notice within the Service
Your continued use of the Service after any changes indicates your acceptance of the updated Privacy Policy. We encourage you to review this policy periodically.
Contact Us
If you have questions about this Privacy Policy, our data practices, or wish to exercise your privacy rights, please contact us:
BenchSlap Privacy Team
Privacy Inquiries: privacy@benchslap.pro
General Support: support@benchslap.pro
Security Concerns: security@benchslap.pro
BenchSlap LLC
Salt Lake City, Utah, United States
For urgent privacy concerns or suspected data breaches, please include "URGENT" in your email subject line. We aim to respond to all privacy inquiries within 30 days, and urgent matters within 72 hours.