Privacy Policy for CG Legal Technologies, LLC

Effective Date: January 20, 2025
Last Updated: January 20, 2025

1. Introduction

Welcome to CG Legal Technologies, LLC (“CG Legal Tech,” “we,” “us,” “our”). We provide internet-based software solutions to law firms through various websites and solutions, including Irog.ai, GetLit.ai, BigTortSupport.ai, BigTort.Support, TortSupport.ai, and Tort.Support, (collectively, the “Services”). Our offerings enable secure document storage, SMS communication, and litigation support, among other functionalities.

We are firmly committed to protecting the privacy and confidentiality of all Personal Data processed through our Services. This Privacy Policy explains our practices regarding the collection, use, disclosure, and safeguarding of Personal Data. If you have any questions, please contact our privacy team at info@cglegaltech.com.

We have tried to make this policy as clear as possible. If anything is unclear, please email us at info@cglegaltech.com, and we will do our best to answer any questions or concerns you may have.

2. Definitions

To ensure clarity, here are some key terms used in this Policy:

• “Personal Data”: Data about a living individual that allows them to be identified (e.g., name, email address, telephone number, address, or other unique identifiers).
• “User” (or “Customer”): A law firm or its authorized representative(s) who uses our Services to manage legal matters, communicate with Litigants, and store case-related data.
• “Litigant”: A legal client of a law firm using CG Legal Tech software for legal and/or litigation matters, regardless of whether litigation has commenced.
• “Litigation Data”: Data relating to any claim or legal matter involving a Litigant that is stored or processed through CG Legal Tech software for the benefit of the associated law firm, whether or not litigation has been instituted.
• “Sub-Processors” (or “Service Providers”): Third-party entities engaged by us to process Personal Data on our behalf.
• “Usage Data”: Data collected automatically through the use of our Services or from the Service infrastructure itself (e.g., IP addresses, browser types, or duration of page visits).
• “Data Controller”: The entity (often the law firm) that determines the purposes for which and the manner in which any Personal Data is processed.
• “Data Processor”: The entity (CG Legal Tech) that processes Personal Data on behalf of the Data Controller under contractual instructions.

3. How We Collect Your Data

3.1 Personal Data

• User Information: We may collect information directly from our Users (law firms and their authorized staff), such as:
  • Name and Contact Details: Full name, email address, telephone number, mailing address.
  • Professional Details: Law firm name, bar admission details, payment information (e.g., credit card details), and related business information required to set up or maintain an account.
• Litigant Information: Law firms or Litigants may upload or enter Personal Data about Litigants and legal matters into our Services. This may include:
  • Legal Matter Details: Case number, claim information, litigation documents, medical or financial records, or other sensitive information relevant to a legal case.
  • Contact Details: Name, email, phone number, mailing address, and any other details required for communication purposes.

Note: If you fail to provide certain necessary Personal Data, you may be unable to use certain features of our Services effectively.

3.2 Sensitive Information

Law firms may upload sensitive or confidential data (e.g., health records, financial data, or personally identifiable information that could include minors or other vulnerable individuals). We process such data only upon lawful instructions from the law firm (as Data Controller).

3.3 Usage Data

We collect information on how the Services are accessed and used. Usage Data may include:

• IP Address
• Browser Type and Version
• Pages Visited and Time Spent on those pages
• Date and Time of access
• Unique Device Identifiers
• Other diagnostic or performance-related data

3.4 Cookies and Tracking

We use cookies and similar tracking technologies (e.g., pixels, beacons, scripts) to:

• Operate Our Services: Enable essential site functionalities and maintain sessions.
• Analyze: Gather data about site traffic and usage to improve performance.
• Preferences: Remember user preferences and settings (e.g., language, region).

You can configure your browser to refuse cookies or to alert you when cookies are being sent. If you do not accept cookies, some features of our Services may not function properly.

4. How We Use Your Data

We consider all Personal Data and Litigation Data that we collect or process to be strictly confidential. We will not sell or rent Personal Data to third parties. We use the data we collect for the following purposes:

4.1 Service Provision

• Software Functionality: Provide secure document storage, SMS communication tools, litigation support, and related functionalities to law firms.
• Subscription & Billing: Manage User subscriptions, process billing, and issue invoices or receipts.

4.2 Communication

• Account Updates: Notify Users of new features, account status changes, security alerts, or system updates.
• Case Communications: Enable SMS or email for the purpose of inquiries/reminders/notifications to Litigants on behalf of law firms, including, without limitation, to facilitate the completion of information forms, interrogatories, and the like, as well as to maintain up-to date contact between law firms and associated Litigants.
• Marketing & Announcements: Send optional information about new features or services. (You can opt out of marketing communications at any time.)

4.3 Customer Support

• Technical Assistance: Use contact details and support logs to troubleshoot issues.
• Training: Provide training resources for new features or platform updates.

4.4 Analysis and Development

• Product Improvement: Analyze usage patterns to enhance functionality, user experience, and security.
• Research & Development: Develop new features or services based on anonymized or aggregated data.

4.5 Human Resources (Where Applicable)

• Recruitment: If you apply for a position with CG Legal Tech, we may collect and process your data for evaluating your application.

4.6 Legal Basis for Processing (GDPR/UK GDPR)

Where the GDPR or UK GDPR applies, CG Legal Tech processes data under these lawful bases:

1. Consent: You have given us permission.
2. Legitimate Interests: Processing is needed for our legitimate business interests and not overridden by your rights.
3. Contractual Necessity: Where processing is necessary to perform a contract (e.g., providing the Services you subscribe to).
4. Legal Obligation: Where we are required by law to process data.

5. How Your Data Might Be Shared

We will only disclose Personal Data under the circumstances listed below:

5.1 Legal or Moral Requirement

• Comply with Law: Where necessary to comply with a legal obligation, valid legal request, court order, or government regulation.
• Prevention of Harm: In emergencies to prevent imminent harm, loss of life, or serious injury, if required by law.

5.2 Processors and Sub-Processors

We use third-party vendors (Sub-Processors) to help us operate our Services, such as:

• Cloud Hosting Providers (e.g., AWS)
• SMS Delivery Services (e.g., Twilio)
• Payment Gateways (e.g., Stripe)
• Email Service Providers (e.g., SendGrid)

These Sub-Processors only process Personal Data on our instructions and are contractually bound to maintain confidentiality and implement robust data protection measures.

Example List (Not Exhaustive):

• Amazon Web Services (Infrastructure)
• Twilio (SMS communication)
• Stripe (Payment processing)
• SendGrid or Mailchimp (Email delivery)

5.3 Corporate Transactions

In the event of a merger, acquisition, or asset sale, Personal Data may be transferred to relevant third parties involved in the transaction, subject to appropriate confidentiality protections.

5.4 International Data Transfers

Because we operate globally, Personal Data may be transferred and processed in jurisdictions different from your own. We take reasonable steps to ensure that data remains protected in accordance with this Policy and applicable laws, such as implementing Standard Contractual Clauses for EU/EEA data.

6. Keeping Your Data Secure

6.1 Security Precautions

We employ an extensive range of security measures designed to protect Personal Data from unauthorized access, alteration, or misuse. These include:

• Encryption of data at rest and in transit (e.g., TLS/SSL, AES-256)
• Access Controls restricting data to authorized personnel only
• Network Security measures, including firewalls and intrusion detection
• Regular Audits and security assessments

6.2 Your Role

• Account Credentials: You (the User) are responsible for safeguarding your account login information.
• Client Confidentiality: Law firms (Data Controllers) are responsible for ensuring they lawfully collect and upload Litigant data into our systems and respect all applicable data privacy regulations.

6.3 Protecting Litigant Data

We process Litigant data on behalf of the law firm (the Data Controller). CG Legal Tech functions as the Data Processor. We follow the instructions set forth by the law firm regarding how we handle Litigant data, subject to our legal and contractual obligations.

7. Links to Other Sites

Our Service may include links to third-party websites that are not operated by us (e.g., integrated tools, external resources). This Privacy Policy does not apply to such third-party sites. We strongly encourage you to review the privacy policies of any external sites you visit. CG Legal Tech is not responsible for the privacy practices or content of those third-party services.

8. How We Retain Your Data

We retain Personal Data only for as long as is necessary to fulfill the purposes outlined in this Policy or to comply with legal obligations, enforce legal agreements, and resolve disputes.

• Litigation Data: Stored as directed by the law firm or for a period consistent with regulatory/ethical requirements.
• Usage Data: Retained for analysis, security monitoring, and improvements for a shorter period unless a longer retention is necessary.
• Backups: We maintain backups for business continuity and disaster recovery, which may retain some data beyond active use.

9. Your Rights to Your Data

Depending on your location, you may have certain data protection rights, including:

• Right to Access: Request a copy of the Personal Data we hold about you.
• Right to Rectification: Correct any inaccuracies in your Personal Data.
• Right to Erasure: Request the deletion of your Personal Data (subject to legal or contractual exceptions).
• Right to Restrict Processing: Ask us to limit the use of your Personal Data in certain circumstances.
• Right to Data Portability: Obtain a copy of your Personal Data in a structured, commonly used format.
• Right to Withdraw Consent: For any processing based on consent, you may withdraw your consent at any time.
• Right to Object: Object to certain processing activities, such as direct marketing.

To exercise any of these rights, please email us at info@cglegaltech.com. We may require you to verify your identity prior to addressing your request.

Litigant Note: If you are a Litigant and wish to exercise your data rights, you may need to first contact the law firm (Data Controller) that uploaded your data, as CG Legal Tech processes data on the firm’s behalf.

10. Collection of IP Address & Device Information

When you access our website, applications, or services, we automatically collect certain information about your device and network, including:

• Internet Protocol (IP) Address
• Device Type (e.g., desktop, mobile, tablet)
• Operating System & Browser Type
• Unique Device Identifiers (e.g., device ID, browser fingerprint)
• Login Time & Location Data (approximated from IP address)

This collection is necessary to:

• Detect and prevent fraudulent activity, unauthorized access, and account takeovers.
• Compare login behavior to prior access patterns to determine if a device is safe.
• Ensure system security and integrity by blocking high-risk or unknown devices.
• Comply with legal and regulatory obligations.

11. Use and Retention of IP & Device Information

• We do not sell or share device information or IP addresses with third parties, except as required to process data for the benefit of the user and the user's law firm.
• Device information and IP addresses may be shared with trusted security and infrastructure providers strictly for fraud detection, security enforcement, and compliance purposes.
• Full device and IP data are not retained indefinitely—they are stored only as part of audit logs necessary for security monitoring and fraud prevention.
• When used for analytics or tracking, device data and IP addresses may be anonymized or truncated to remove personal identifiers.

12. No Opt-Out for IP & Device Information Collection

Because IP and device information collection is necessary for security, fraud prevention, and compliance, users cannot opt out of this collection while using our platform. If you do not agree to this collection, you must discontinue use of our services.

13. User Rights & Compliance

• California Residents (CCPA/CPRA): We do not sell or share device or IP data for marketing purposes. Users may request access to their data, but collection remains necessary for security purposes.
• GDPR (for EU users, if applicable): IP and device data are processed under legitimate interest for security and service functionality.

Children’s Privacy (COPPA): We do not knowingly collect or store device or IP information from children under 13 years old without parental consent.

14. Changes to This Policy

We may periodically update this Privacy Policy to reflect changes in our practices, technologies, or legal obligations. We will post the revised Policy on our website with the “Last Updated” date at the top. Your continued use of our Services after such changes take effect signifies your acceptance of the revised terms.

15. How to Contact Us

If you have any questions, concerns, or complaints regarding this Policy or our data practices, please contact us at:

CG Legal Technologies, LLC
3217 Atlantic Blvd.
Jacksonville, FL 32207
Email: info@cglegaltech.com

We will strive to address and resolve your inquiry promptly. If you are not satisfied with our response, you may have the right to contact your local data protection authority.

Appendix 1: For Individuals Based in the United States

CCPA / CPRA (California)

• Categories of Personal Information Collected: Identifiers (name, email), internet activity (IP address, browsing history), geolocation data, and professional information.
• Purpose of Collection: To provide our legal tech services, maintain user accounts, secure platform functionality, and communicate about product updates.
• Your Rights: California residents may have the right to know what personal information we collect, to request deletion or correction of personal information, to opt-out of “sales” (we do not sell Personal Data), and to not be discriminated against for exercising these rights.
• Contact: To exercise your California privacy rights, please email info@cglegaltech.com.

HIPAA

To the extent CG Legal Tech may handle data considered Protected Health Information (“PHI”) under HIPAA, even though we are not subject to HIPAA, we voluntarily adhere to the same HIPAA’s requirements for safeguarding PHI as if we were a Business Associate.

Appendix 2: For Individuals Based in the UK, EEA, and Switzerland

• Lawful Bases: We rely on consent, contractual necessity, legitimate interests, or legal obligations to process data.
• International Transfers: We may transfer Personal Data outside the EEA under approved mechanisms (e.g., Standard Contractual Clauses).
• Supervisory Authority: You have the right to lodge a complaint with your local data protection authority if you believe our processing infringes GDPR.
• Withdrawal of Consent: You can withdraw any consent you have provided to us at any time by emailing info@cglegaltech.com.

Appendix 3: For Individuals Based in Canada

• PIPEDA: We comply with the Personal Information Protection and Electronic Documents Act, which includes obligations to safeguard personal data and honor data access and correction rights.
• Complaints: You may file a complaint with the Office of the Privacy Commissioner of Canada if you are unsatisfied with our response to any data protection inquiry.

Appendix 4: For Individuals Based in Australia

• Privacy Act 1988: We handle your personal information in accordance with the Australian Privacy Principles (APPs).
• Exemptions: Certain exemptions under the Privacy Act 1988 may apply (e.g., employee records).
• Complaints: If you are not satisfied with how we handle your data, you may contact the Office of the Australian Information Commissioner (OAIC).

Appendix 5: For Individuals Based in South Africa

• POPIA: We comply with the Protection of Personal Information Act, 2013 (POPIA), which sets conditions for the lawful processing of personal information.
• Your Rights: You have the right to request deletion, correction, or restriction of processing, and the right to lodge a complaint with the Information Regulator of South Africa if you believe your data has been mishandled.

Thank you for choosing CG Legal Tech. We value your privacy and strive to maintain the highest standards of data protection. If you have any questions about this Privacy Policy, please do not hesitate to contact us at info@cglegaltech.com.