Privacy Policy

1. Introduction and Scope

At NexLaw INC (“NexLaw,” “we,” “us,” or “our”), protecting your privacy is our top priority. This Privacy Policy describes how we collect, use, process, and disclose your personal information and your rights regarding that information.

This Policy Applies To:

· Our AI legal assistant platform and related services (the “Service”)

· NexLaw.ai and related websites (the “Site”)

· Marketing activities, events, webinars, and educational sessions

· Customer support interactions

· Office visits and communications

This Policy Does NOT Apply To:

· Customer Data: Legal documents and case materials you upload (we process this only to provide Services to you)

· Third-Party Services: External websites, applications, or integrations (governed by their own privacy policies)

Key Definitions:

· Personal Information: Information that identifies, relates to, or can be linked to you

· Customer Data: Legal documents and materials uploaded by customers

· Service-Generated Data: Technical information from your use of our Services

· Account Information: Data used to create and manage your account

2. Information We Collect

Information You Provide Directly

Account Information:

· Name, job title, email address, phone number

· Employer information and professional details

· Login credentials and billing information

· Communication preferences and settings

Customer Data:

· Legal documents, case materials, research queries

· Legal briefs, contracts, and related content

· Important: We do NOT use Customer Data to train our AI models

Support and Communication Data:

· Support tickets, chat logs, and correspondence

· Marketing form submissions and survey responses

· Event participation and webinar attendance

· Phone call recordings for quality assurance

Information We Collect Automatically

Service-Generated Data:

· IP address, browser type, and device information

· Pages visited, features used, and usage patterns

· Log files, diagnostic data, and performance metrics

· Search queries and AI interaction logs

Device Information:

· Operating system, hardware specifications

· Mobile device identifiers and network information

· Geographic location data (general, from IP address)

Cookies and Tracking:

· Cookie IDs, session identifiers, tracking pixels

· Website analytics and advertising interaction data

· Browser fingerprinting and behavioral data

Information from Third Parties

· Professional databases and business directories

· Marketing partners and data providers

· Social media platforms (when you interact with our content)

· Third-party integrations (Google Workspace, Microsoft Office)

· Business partners and referral sources

3. How We Use Your Information

Service Operation:

· Provide, maintain, and improve our AI legal assistant Services

· Process legal research queries and generate insights

· Manage accounts, billing, and customer support

· Ensure security and prevent fraud or abuse

Communication:

· Send service notifications and account updates

· Provide customer support and respond to inquiries

· Deliver marketing communications (with opt-out options)

· Facilitate training and educational programs

Business Operations:

· Conduct analytics to improve Services

· Process payments and handle administrative matters

· Comply with legal obligations and regulations

· Protect our rights and enforce agreements

Marketing and Development:

· Promote our Services and new features

· Conduct market research and surveys

· Organize events and educational content

· Develop business opportunities and partnerships

Legal Basis for Processing:

· Contract: To provide Services you’ve requested

· Legitimate Interest: For business operations, security, and improvement

· Legal Compliance: To meet regulatory requirements

· Consent: For marketing and optional features

4. How We Share Your Information

We do not sell your personal information. We may share information in these specific circumstances:

Service Providers:

· Cloud hosting (AWS, Google Cloud) and infrastructure services

· Payment processing and billing services

· Analytics providers (Google Analytics) and customer support tools

· Marketing platforms and communication services

· All bound by strict confidentiality and data protection agreements

Legal and Protection:

· Government requests and court orders

· Law enforcement cooperation when required by law

· Protection of our rights, property, and user safety

· Fraud prevention and security threat response

Business Operations:

· Corporate affiliates and subsidiaries

· Business partners for joint services or referrals

· Professional advisors (legal, accounting, consulting)

Business Transfers:

· Mergers, acquisitions, or asset sales

· Corporate restructuring or bankruptcy proceedings

· We’ll provide advance notice of such transfers

With Your Consent:

· Any other sharing you explicitly authorize

· Public forums or community features you choose to use

5. Cookies and Tracking Technologies

Types of Cookies:

Strictly Necessary: Essential for Service functionality, security, and authentication

Analytics: Help us understand usage patterns (Google Analytics, internal monitoring) · Opt-out: Google Analytics Opt-out

Functional: Remember preferences and enhance user experience

Marketing: Enable targeted advertising and measure campaign effectiveness

· Third-party partners: LinkedIn, Google Ads, social media platforms

Your Cookie Choices:

· Browser settings to block or delete cookies · Industry opt-out tools: NAI, DAA

· Google Ads Settings and social media advertising preferences

· Our cookie preference center (when available)

Do Not Track: We recognize Global Privacy Control (GPC) signals for applicable users

6. Data Security and Retention

Security Measures:

· Encryption in transit (TLS 1.2+) and at rest

· Secure cloud infrastructure with AWS and certified providers

· Multi-factor authentication and role-based access controls

· Regular security assessments and penetration testing

· Staff training and incident response procedures

Data Retention Periods:

· Account Information: Duration of relationship plus 7 years

· Customer Data: Per customer settings and legal requirements

· Usage Logs: 12-24 months for analytics and security

· Support Data: 2-3 years for quality assurance

· Marketing Data: Until opt-out or account closure

· Legal Data: 7 years or as required by law

Secure Deletion: When retention periods expire, we securely delete or anonymize information using approved methods.

7. International Transfers and Data Privacy Framework

NexLaw operates globally and may transfer your information to countries outside your location, including the United States.

Transfer Safeguards:

· EU-US Data Privacy Framework: We participate in the EU-US, UK-US, and Swiss-US Data Privacy Frameworks

· Standard Contractual Clauses: EU-approved SCCs for EEA/UK/Switzerland transfers

· Adequacy Decisions: Transfers to countries with adequate protection

· Contractual Protections: Data protection requirements for all international transfers

Government Access: Information may be accessible to authorities in processing countries, subject to local laws.

8. Your Privacy Rights

Universal Rights (All Users)

· Access: Request copies of your Personal Information

· Correction: Update inaccurate or incomplete information

· Deletion: Request removal of your information (subject to legal limits)

· Account Control: Manage settings directly through your account

Enhanced Rights by Region

California Residents (CCPA/CPRA):

· Right to Know: Detailed information about data collection and sharing

· Right to Delete: Request deletion of Personal Information

· Right to Correct: Fix inaccurate information

· Right to Opt-Out: Stop “sale” or “sharing” for advertising

· Right to Limit: Restrict use of sensitive Personal Information

· Non-Discrimination: No penalties for exercising rights

European Users (GDPR):

· Rectification: Correct inaccurate data

· Erasure: “Right to be forgotten” in specific circumstances

· Restrict Processing: Limit how we process your information

· Data Portability: Receive data in structured format

· Object: Stop processing for legitimate interests or marketing

· Automated Decision-Making: Rights regarding AI processing

How to Exercise Rights

Contact Methods:

· Email: info@nexlaw.ai

Response Time: 30-45 days (may extend for complex requests) Verification: We may require identity verification for your protection Authorized Agents: You may designate agents with proper authorization

9. Specialized Topics

Use of Artificial Intelligence

Our AI Services: We use AI to analyze legal documents, provide research insights, and assist with legal tasks.

Data Protection:

· Customer Data is NOT used to train general AI models

· AI models trained only on public legal information and licensed datasets

· Human oversight for all AI-assisted business decisions

· Compliance with data protection regulations

Your AI Rights:

· Request information about automated decision-making

· Object to certain AI processing

· Request human review where legally required

Marketing Communications

Types: Service updates, product announcements, educational content, event invitations

Opt-Out Methods:

· Contact info@nexlaw.ai

Legal Basis: Legitimate interest for existing customers, consent for new marketing

Children’s Privacy

Our Services are not intended for individuals under 18. We do not knowingly collect children’s information. Contact us immediately at info@nexlaw.ai if you believe we have collected a child’s information.

Third-Party Links and Integrations

Our Services may link to or integrate with third-party services (Google Workspace, legal databases, etc.). Those services have their own privacy policies. We recommend reviewing them before use.

Business Transfers

In mergers, acquisitions, or asset sales, your information may be transferred. We’ll provide advance notice and ensure the acquiring entity honors this Privacy Policy.

10. Regional Information, Updates, and Contact

California-Specific Information

Categories of Information Collected (Last 12 Months):

· Identifiers (name, email, IP address)

· Commercial information (billing, transaction data)

· Internet activity (usage patterns, browsing history)

· Professional information (job title, employer)

· Geolocation data (general, from IP)

· Inferences (preferences, characteristics)

“Sharing” for Advertising: We may share identifiers and internet activity data with advertising partners for targeted marketing. Opt-out via info@nexlaw.ai or GPC signals.

Business Purposes: Service provision, communication, analytics, marketing, legal compliance, security

European Information

Data Controller: NexLaw AI, Inc.

Other Jurisdictions

We comply with privacy laws in Canada (PIPEDA), Australia (Privacy Act), and other applicable jurisdictions.

Policy Updates

We may update this Privacy Policy to reflect Service changes, legal requirements, or industry developments. Material changes will be communicated via:

· Email notifications (30 days advance notice)

· Website banners and in-Service notifications

· Updated policy with clear change indicators

Continued use after changes constitutes acceptance of updated terms.

Contact Information

Primary Contacts: · General Privacy: info@nexlaw.ai

· Website: www.nexlaw.ai

Complaints and Appeals

If unsatisfied with our privacy practices contact us at info@nexlaw.ai

Document Information:

· Effective Date: August 8, 2025

· Version: 2.0

This Privacy Policy represents our commitment to transparency and compliance with privacy laws worldwide. We continuously review and improve our privacy practices to protect your information