Privacy Policy
Last updated: placeholder · Effective: placeholder
What we collect
- Account info: name, email, password hash.
- Intake data: every field you fill in to describe your situation — sender info, recipient info, narrative details, demands.
- Payment metadata: handled by Stripe; we store only the transaction ID and amount, not your card.
- Letter content + PDFs: stored privately in our object store.
Who sees it
- You.
- The reviewing attorney assigned to your case.
- Our infrastructure subprocessors: Supabase (database, auth, storage), Resend (transactional email), Stripe (payments), and Anthropic (letter drafting). Attorney signing is handled inside CeaseFire using private signature storage and audit records.
- Nobody else. We don't sell your data. We don't use it for ad targeting.
How long we keep it
We retain case files for seven (7) years from the date of last activity. This matches the typical statute-of-limitations window for matters of this nature. After that, we delete or anonymize. You can request earlier deletion at any time by emailing hello@hereby.legal; some records may persist if required by law.
Cookies + analytics
Essential cookies keep you logged in and protect forms (session + CSRF tokens); these are always on because the site can't function without them. No third-party advertising cookies, ever.
Product analytics (Vercel Analytics + Speed Insights) are off until you opt in via the consent banner. When enabled, they collect aggregate, non-identifying usage: page paths visited, referrer, device/browser type, country (derived, not stored as a full IP), and page-performance timings. We use this only to improve the product — we do not sell it or build advertising profiles.
Opt out / change your mind: choose “Decline” on the banner, or clear the analytics_consent cookie in your browser to be re-asked. Declining fully prevents the analytics scripts from loading.
Your rights
Depending on where you live, you have the right to access, correct, delete, or export your data. Email us and we'll handle it within 30 days.
Security
Data in transit is encrypted with TLS. Data at rest is encrypted at the provider level. Access to production data is limited to operators with a business need. We log every administrative action.
Contact
Privacy questions: privacy@hereby.legal.