Privacy Policy

Last Updated: October 30, 2025

1. Introduction

CourtPilot ("Company," "we," "us," or "our") operates the CourtPilot service ("Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website and use our application.

We are committed to protecting your privacy and ensuring you have a positive experience on our platform. If you have questions about this Privacy Policy, please contact us at privacy@courtpilot.co.uk.

2. Information We Collect

2.1 Information You Provide Directly

  • Account Information: Name, email address, password, and profile details
  • Case Information: Details about your legal claim, including parties, amounts, dates, and case description
  • Documents: PDFs, images, and other files you upload for analysis
  • Communication: Messages, feedback, and support requests you send us
  • Payment Information: Processed securely through third-party payment providers (we do not store credit card details)

2.2 Information Collected Automatically

  • Usage Data: Pages visited, time spent, clicks, searches, and features used
  • Device Information: Browser type, operating system, device model, IP address, and unique device identifiers
  • Location Data: Approximate geographic location (city/country level) based on IP address
  • Cookies & Tracking: Through cookies, pixels, and similar technologies (see Cookie Policy)

2.3 Third-Party Data Collection

  • Google Analytics 4: Collects usage, device, and location data to measure platform performance
  • Google Tag Manager: Manages analytics and marketing pixels across our platform
  • Stripe/Payment Providers: Collect transaction data for payment processing
  • Sentry/Error Monitoring: Collects error logs and crash reports to improve platform stability

3. How We Use Your Information

  • Service Delivery: Creating and managing your account, processing cases, generating documents
  • AI Analysis: Analyzing documents and cases to provide legal insights and recommendations
  • Communication: Sending transactional emails (confirmations, password resets) and product updates
  • Platform Improvement: Understanding user behavior to enhance features, fix bugs, and optimize performance
  • Compliance & Security: Detecting fraud, enforcing terms, preventing abuse, and maintaining audit trails
  • Legal Obligations: Responding to court orders, law enforcement requests, or regulatory requirements
  • Marketing (with consent): Sending newsletters or promotional content only if you've opted in

4. Data Security & Encryption

We implement industry-leading security measures to protect your information:

  • AES-256-GCM Encryption: All sensitive data encrypted at rest
  • TLS 1.3: All data in transit encrypted with modern cryptographic protocols
  • Hardware Security Modules (HSMs): Encryption keys protected with hardware-level security
  • PII Tokenization: Personally identifiable information masked and tokenized to prevent unauthorized access
  • Role-Based Access Control (RBAC): Staff access limited to necessary information
  • Audit Logging: All data access tracked and logged for compliance
  • Virus Scanning: Documents scanned with ClamAV before processing
  • Secure Storage: Documents stored in Cloudflare R2 with encryption

While we maintain strong security practices, no system is 100% secure. Please use unique, strong passwords and enable two-factor authentication if available.

5. Legal Data & Case Information

Your case information is treated with the highest level of confidentiality:

  • Chain of Custody: All document uploads and modifications are tracked with timestamps and user attribution
  • No Unsecured Logging: Case details and sensitive information are never logged in plain text
  • Legal Professional Privilege: Case information is treated as confidential and is not shared with third parties except as required by law
  • Data Retention: Case data is retained as long as your account is active. Upon deletion, all data is securely destroyed
  • No AI Training: Your case data is NOT used to train AI models or improve general systems

6. Third-Party Tools & Services

6.1 Google Analytics 4 & Google Tag Manager

We use Google Analytics 4 to measure website traffic and user behavior (page views, time on site, conversions). Google Tag Manager manages the deployment of these tracking pixels.

  • Data Collected: Usage patterns, device type, browser, location
  • Privacy: Google Analytics data is anonymized and cannot be linked to individuals
  • GDPR Compliance: Data processing agreements are in place with Google
  • Opt-Out: You can disable Google Analytics with the Google Analytics Opt-Out Browser Extension
  • Privacy Policy: See Google's Privacy Policy at https://policies.google.com/privacy

6.2 Payment Processing (Stripe)

Payment information is processed securely by Stripe. We do not store or have access to your full credit card details.

  • PCI DSS Compliance: Stripe is fully PCI-DSS Level 1 certified
  • Data Sharing: We receive only a transaction ID and confirmation of payment

6.3 Error Monitoring (Sentry)

We use Sentry to track errors and crashes. This helps us identify and fix issues quickly.

  • Data Collected: Error messages, stack traces, device/browser information
  • PII Redaction: We filter out case details and sensitive information from error reports

6.4 Email Service (Resend)

Transactional emails (password resets, confirmations) are sent via Resend, which complies with email privacy standards.

7. Your GDPR Rights (EU/UK Users)

If you are located in the EU, UK, or other jurisdictions with similar laws, you have the following rights:

  • Right to Access: Request a copy of all personal data we hold about you
  • Right to Rectification: Correct inaccurate or incomplete data
  • Right to Erasure ("Right to be Forgotten"): Request deletion of your data, subject to legal obligations
  • Right to Restrict Processing: Limit how we use your data
  • Right to Data Portability: Receive your data in a portable format
  • Right to Object: Object to specific uses of your data (e.g., marketing)
  • Right to Lodge a Complaint: Contact your local data protection authority (e.g., ICO in the UK)

To exercise any of these rights, contact us at privacy@courtpilot.co.uk with "GDPR Request" in the subject line. We will respond within 30 days.

8. Data Retention

  • Account Data: Retained as long as your account is active. Deleted upon account termination.
  • Case Information: Retained for compliance and legal purposes (court orders may require retention for 6-7 years)
  • Analytics Data: Google Analytics data retained for 26 months by default
  • Audit Logs: Kept for 12 months for security and compliance purposes

9. Children's Privacy

Our Service is not intended for individuals under 18 years old. We do not knowingly collect data from children. If we learn that a child has provided personal information, we will delete it immediately.

10. International Data Transfers

Our servers are located in the US. By using our Service, you consent to the transfer of your information to the United States, which may have different data protection laws than your home country. We implement Standard Contractual Clauses and other safeguards to ensure adequate protection.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via email or a prominent notice on our website. Your continued use of the Service after changes constitutes acceptance of the updated policy.

12. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us at:

CourtPilot

Email: privacy@courtpilot.co.uk

Subject: "Privacy Policy Inquiry"

Trust & Responsible AI

Terms of Service

Cookie Policy