Privacy Policy

Last Updated: 12/4/2025

1. Information We Collect

1.1 Information You Provide

  • Legal questions and queries you submit
  • Chat messages and conversation history
  • Documents you upload for analysis (processed locally when possible)
  • Account information if you create an account
  • Feedback and support communications

1.2 Automatically Collected Information

  • Usage patterns and interaction data
  • Device information and browser type
  • IP address and general location
  • Session duration and feature usage
  • Error logs and performance metrics

2. How We Use Your Information

  • Provide legal information and guidance through Carta AI
  • Improve our services and develop new features
  • Maintain conversation history for context
  • Analyze usage patterns to enhance user experience
  • Comply with legal obligations and prevent misuse
  • Communicate with you about service updates

3. AI Processing and Third-Party Services

Important: We use multiple AI services to power Carta AI, including Google AI and OpenAI.

3.1 Google AI Services (Gemini)

  • Your text queries are processed by Google's AI models (Gemini)
  • Google's AI Terms of Service apply: https://policies.google.com/terms
  • We do not store your conversations on Google's servers beyond processing
  • Google may use aggregated, anonymized data to improve their AI models
  • Used for generating legal information and document templates

3.2 OpenAI Services (ChatGPT/Whisper)

  • Your voice recordings are processed by OpenAI's Whisper API for transcription
  • OpenAI's Terms of Use and Privacy Policy apply: https://openai.com/policies/
  • Voice data is processed securely and not stored permanently by OpenAI
  • OpenAI may use data to improve their models in accordance with their policies
  • Voice transcription is only available on desktop/laptop devices

3.3 Data Processing Safeguards

Privacy Protection: We implement additional safeguards when processing your data through third-party AI services.

  • Sensitive information should not be included in queries or voice recordings
  • We do not share personally identifiable information with AI providers
  • All data transmission is encrypted and secure
  • We regularly review our AI providers' privacy practices
  • You can opt out of voice features if you prefer not to use OpenAI services

4. Data Storage and Security

  • Conversations are stored securely in our database for context
  • We use industry-standard encryption for data transmission
  • Access to your data is restricted to authorized personnel only
  • We regularly audit our security practices
  • Data is backed up securely and retained according to our retention policy

5. Data Sharing and Disclosure

We do not sell, rent, or trade your personal information. We may share information only in these limited circumstances:

  • With your explicit consent
  • To comply with legal obligations or court orders
  • To protect our rights, property, or safety
  • In connection with a business transfer or merger
  • With service providers who assist in our operations (under strict confidentiality)

6. Your Rights and Choices

  • Access: Request a copy of your personal data
  • Correction: Update or correct inaccurate information
  • Deletion: Request deletion of your data (subject to legal requirements)
  • Portability: Receive your data in a machine-readable format
  • Objection: Object to certain processing activities
  • Restriction: Request limitation of processing

7. International Data Transfers

Your information may be processed in countries other than your own. We ensure appropriate safeguards are in place for international transfers, including:

  • Standard contractual clauses approved by relevant authorities
  • Adequacy decisions by data protection authorities
  • Other legally recognized transfer mechanisms

8. Data Retention

  • Conversation history: Retained for service improvement and context
  • Account information: Retained while your account is active
  • Usage analytics: Retained in aggregated form for business purposes
  • Legal compliance: Retained as required by applicable laws
  • You may request deletion of your data at any time

9. Cookies and Tracking

  • We use essential cookies for site functionality
  • Analytics cookies help us understand usage patterns
  • You can control cookie preferences in your browser
  • Some features may not work properly without cookies

10. Children's Privacy

Our service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact us immediately.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last Updated" date. Your continued use of our service after changes become effective constitutes acceptance of the updated policy.

12. Contact Information

If you have questions about this Privacy Policy or our data practices, please contact us at:

Email: privacy@opuslaw.org

Subject Line: Privacy Policy Inquiry

Note: This privacy policy is designed to comply with GDPR, CCPA, and other major privacy regulations. However, specific legal requirements may vary by jurisdiction.