Privacy Policy

Account Information. When you create a Barristr account, we collect your name, email address, firm name, phone number, and billing information. This information is necessary to provide the service and process payments.

Firm and Practice Data. The data you enter into Barristr — including client records, matter details, documents, billing entries, calendar events, and communications — is stored on your behalf. You own this data entirely. We access it only as needed to provide the service.

Usage Analytics. We collect anonymized usage data such as page views, feature usage patterns, session duration, and device type. This helps us understand how the platform is used so we can improve it. Usage analytics are never linked to specific client records or case data.

Log Data. Our servers automatically record information including your IP address, browser type, operating system, referring URLs, and timestamps. This data is used for security monitoring, debugging, and service reliability.

Barristr is hosted on Amazon Web Services (AWS) infrastructure. All data is encrypted at rest using AES-256 encryption and in transit using TLS 1.2 or higher.

We operate a multi-tenant architecture with strict tenant isolation. Your firm’s data is logically separated from every other firm’s data. No other tenant can access, view, or interact with your information under any circumstances.

We maintain regular automated backups and have disaster recovery procedures in place. Access to production systems is restricted to authorized personnel and is logged and audited.

Barristr offers AI-powered features (such as document drafting assistance and matter summarization) that use OpenAI’s GPT-4o model. We want to be completely transparent about how your data interacts with these features.

Your firm’s data is never used to train AI models. When AI features process your data, the interaction is ephemeral. Your data is sent to the model for processing and the response is returned to you. It is not retained by the model provider for training or any other purpose.

Your data is never shared across tenants. AI features operate exclusively within your firm’s data boundary. One firm’s data is never visible to, referenced by, or combined with another firm’s data — including in AI processing.

You may disable AI features at any time from your firm’s settings without affecting any other functionality of the platform.

We use cookies and similar technologies for the following purposes:

• Essential cookies that maintain your session and authentication state. These are required for the platform to function.
• Analytics cookies that help us understand usage patterns and improve the product. These collect anonymized data only.

We do not use advertising cookies or sell data to third-party advertisers. We do not engage in cross-site tracking.

We use a limited number of third-party services to operate Barristr. Each is selected for its security posture and compliance standards:

• Amazon Web Services (AWS) — cloud infrastructure and hosting.
• Stripe — payment processing. Barristr does not store your full credit card number. All payment data is handled directly by Stripe, which is PCI DSS Level 1 certified.
• OpenAI — AI feature processing. Data sent to OpenAI is governed by our data processing agreement and is not used for model training.

We do not sell, rent, or share your personal information or firm data with any third party for marketing purposes.

We retain your data for as long as your account is active. If you cancel your subscription, we retain your data for 90 days to allow for reactivation or export, after which it is permanently deleted from our systems, including backups.

You may request a full export of your data at any time from within the platform. Exported data is provided in standard, portable formats.

You may request immediate deletion of your data through our contact page. We will process deletion requests within 30 days.

Depending on your jurisdiction, you may have the following rights regarding your personal data:

• Right to Access — request a copy of the personal data we hold about you.
• Right to Correction — request that we correct inaccurate or incomplete personal data.
• Right to Deletion — request that we delete your personal data, subject to legal retention requirements.
• Right to Portability — request your data in a structured, machine-readable format.
• Right to Opt Out — opt out of the sale of personal information. Note: Barristr does not sell personal information.

These rights apply under the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and similar privacy laws. To exercise any of these rights, visit our contact page.

We will respond to all rights requests within 30 days. We will never discriminate against you for exercising your privacy rights.

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or through a prominent notice within the platform at least 30 days before the changes take effect.

Continued use of Barristr after changes are posted constitutes acceptance of the updated policy.

If you have questions about this Privacy Policy or our data practices, reach out through our contact page.

Contact us →