Data Handling

LawyerGPT is built with privacy and compliance at its core. This section outlines how we collect, process, store, and retain your data when you interact with our API.

Data Collection

When you interact with the LawyerGPT API, the following types of data may be collected:

No personally identifiable information (PII) is required unless you explicitly include it in your queries.

Model Training & Retention

By default, none of your data is used for model training or fine-tuning. All user inputs and outputs are treated as confidential and are not logged persistently beyond the duration of the request, unless you have opted in to logging.

You can configure this via the log parameter in each API call:

{
  "question": "Explain the difference between a contract and a MoU.",
  "log": false
}

Storage & Encryption

• In-transit: All API communications are encrypted using TLS 1.3

• At-rest: Temporary request logs (if enabled) are encrypted using AES-256

• Data is stored only in ISO/IEC 27001-compliant data centers (currently EU and US regions)

Retention Policy

You may request immediate deletion of all logs associated with your API key at any time via our admin panel or support.

Legal Compliance

LawyerGPT complies with:

• GDPR (General Data Protection Regulation)

• CCPA (California Consumer Privacy Act)

• ePrivacy Directive

• SOC 2 Type II security framework

Data Access & Portability

You may request:

• A log history export (if logging was enabled)

• A summary of data usage per API key

• Immediate deletion of all stored data under your account

To make a request, contact [email protected] with your API key and registered email.