Privacy Policy
Last updated: placeholder · Effective: placeholder
What we collect
- Account info: name, email, password hash.
- Intake data: every field you fill in to describe your situation — sender info, recipient info, narrative details, demands.
- Payment metadata: handled by Stripe; we store only the transaction ID and amount, not your card.
- Letter content + PDFs: stored privately in our object store.
Who sees it
- You.
- The reviewing attorney assigned to your case.
- Our infrastructure subprocessors: Supabase (database, auth, storage), Resend (transactional email), Stripe (payments), and Anthropic (letter drafting). Attorney signing is handled inside CeaseFire using private signature storage and audit records.
- Nobody else. We don't sell your data. We don't use it for ad targeting.
How long we keep it
We retain case files for seven (7) years from the date of last activity. This matches the typical statute-of-limitations window for matters of this nature. After that, we delete or anonymize. You can request earlier deletion at any time by emailing hello@hereby.legal; some records may persist if required by law.
Cookies + analytics
Essential cookies keep you logged in and protect forms (session + CSRF tokens); these are always on because the site can't function without them. No third-party advertising cookies, ever.
We use privacy-friendly product analytics (Vercel Analytics + Speed Insights). These are cookieless — they set no tracking cookies, do not follow you across sites, and do not build advertising profiles. They collect only aggregate, non-identifying usage: page paths visited, referrer, device/browser type, country (derived, not stored as a full IP), and page-performance timings. We use this solely to improve the product — we never sell it.
Because nothing here identifies you or tracks you across sites, there's no consent banner to manage. If we ever add a tracker that needs consent, we'll ask first and update this page.
Your rights
Depending on where you live, you have the right to access, correct, delete, or export your data. Email us and we'll handle it within 30 days.
Security
Data in transit is encrypted with TLS. Data at rest is encrypted at the provider level. Access to production data is limited to operators with a business need. We log every administrative action.
Contact
Privacy questions: privacy@hereby.legal.