Version: 2025-02-01
Last Updated: February 1, 2025
DOTT PRIVACY POLICY
Version: 2025-02-01
Effective Date: February 1, 2025
Dott ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our document review service and related technology platform (the "Service").
Please read this Privacy Policy carefully. By using the Service, you consent to the collection, use, and disclosure of your information as described in this Privacy Policy.
1. INFORMATION WE COLLECT
1.1 Personal Information You Provide
When you use the Service, we may collect the following personal information that you voluntarily provide:
(a) Contact Information: Name, email address, phone number, mailing address, and company name;
(b) Account Information: Username, password (stored in hashed form), and account preferences;
(c) Documents: Legal documents you submit for review, including contracts, agreements, and related materials;
(d) Communications: Messages, inquiries, and feedback you send to us;
(e) Payment Information: Billing address and payment method details (note: credit card numbers are processed by our payment processor, Stripe, and are not stored on our servers).
1.2 Consent Records
For legal compliance purposes, we collect and retain the following consent-related information:
(a) Timestamp of consent acceptance;
(b) IP address at time of consent;
(c) Browser user agent at time of consent;
(d) Version numbers of legal documents accepted (Terms of Service, Privacy Policy, Engagement Letter);
(e) Method of consent (web form, API submission, etc.).
1.3 Information Collected Automatically
When you access the Service, we automatically collect:
(a) Usage Data: API calls, endpoints accessed, request timestamps, response times, and error logs;
(b) Device Information: Browser type, operating system, device identifiers, and screen resolution;
(c) Log Data: IP addresses, access times, pages viewed, and referring URLs;
(d) Cookies and Similar Technologies: Session cookies, authentication tokens, and analytics cookies (see Section 7 below).
2. HOW WE USE YOUR INFORMATION
2.1 We use the information we collect for the following purposes:
(a) Service Delivery: To process your document submissions, facilitate attorney review, and deliver review memos to you;
(b) Attorney-Client Engagement: To connect you with the reviewing attorney and facilitate the limited-scope engagement described in the Engagement Letter;
(c) Communication: To respond to your inquiries, send service-related notifications, and provide customer support;
(d) Billing and Payments: To process payments, send invoices, and manage your account;
(e) Service Improvement: To analyze usage patterns (using anonymized, aggregated data only) and improve our technology and user experience;
(f) Legal Compliance: To comply with applicable laws, regulations, and legal processes, and to enforce our Terms of Service;
(g) Security: To detect, prevent, and respond to fraud, abuse, security incidents, and technical issues;
(h) API Analytics: For API users, to provide usage statistics, monitor rate limits, and generate billing reports.
2.2 We do NOT use your document content for:
- Training AI models (Anthropic, our AI provider, does not train on customer data);
- Marketing or advertising purposes;
- Selling or sharing with third parties for their own purposes.
3. INFORMATION SHARING AND DISCLOSURE
3.1 Sharing with the Reviewing Attorney
Your documents and personal information are shared with the reviewing attorney as necessary to provide the Service. The attorney is bound by professional confidentiality obligations under the New York Rules of Professional Conduct.
3.2 Service Providers
We share information with third-party service providers who assist us in operating the Service:
(a) Hosting and Infrastructure: Vercel (hosting), Supabase (database);
(b) AI Processing: Anthropic (Claude API for document analysis);
(c) Email Communications: Resend (transactional email delivery);
(d) Payment Processing: Stripe (payment transactions);
(e) File Storage: Vercel Blob (document storage).
All service providers are bound by data processing agreements that require them to protect your information and use it only for the purposes specified by us.
3.3 AI Processing Disclosure
Document text is sent to Anthropic's Claude API for AI-assisted analysis. Anthropic's data retention and usage policies apply to data processed through their API. We have selected Anthropic because they do not train their AI models on customer data submitted through their API.
3.4 We Do NOT Sell Your Information
We do NOT sell, rent, or trade your personal information to third parties. We do NOT share your personal information for advertising or marketing purposes.
3.5 Legal Disclosures
We may disclose your information if required by law, court order, subpoena, or government request, or if we believe disclosure is necessary to:
(a) Comply with legal obligations;
(b) Protect and defend our rights or property;
(c) Prevent fraud or illegal activity;
(d) Protect the safety of users or the public;
(e) Respond to an emergency.
3.6 Business Transfers
In the event of a merger, acquisition, reorganization, or sale of assets, your information may be transferred to the acquiring entity. We will provide notice before your information becomes subject to a different privacy policy.
4. DATA SECURITY
4.1 We implement appropriate technical and organizational measures to protect your information, including:
(a) Encryption: All data is encrypted in transit (TLS/HTTPS) and at rest;
(b) Access Controls: Role-based access controls limit who can access your data;
(c) Authentication: Strong authentication requirements for all system access;
(d) Monitoring: Continuous security monitoring and logging;
(e) Secure Development: Security-focused development practices and code review.
4.2 No Security Guarantee
While we strive to protect your information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee the absolute security of your information.
4.3 Breach Notification
In the event of a data breach that affects your personal information, we will notify you and applicable regulatory authorities as required by law.
5. DATA RETENTION
5.1 We retain your information for the following periods:
(a) Documents and Memos: 60 days from delivery, then permanently deleted;
(b) Consent Records: 7 years (for legal compliance and evidence of consent);
(c) API Logs: 1 year (for debugging, billing, and security purposes);
(d) Account Information: Until account deletion plus 30 days;
(e) Anonymized Analytics: Indefinitely (no personally identifiable information).
5.2 Upon expiration of the retention period, data is permanently deleted from our systems and cannot be recovered.
5.3 You may request earlier deletion of your data subject to our legal retention requirements (see Section 6).
6. YOUR RIGHTS AND CHOICES
6.1 You have the following rights regarding your personal information:
(a) Access: Request a copy of the personal information we hold about you;
(b) Correction: Request correction of inaccurate or incomplete information;
(c) Deletion: Request deletion of your personal information (subject to legal retention requirements);
(d) Portability: Request your data in a machine-readable format;
(e) Opt-Out: Opt out of non-essential communications.
6.2 To exercise any of these rights, contact us at privacy@dott.legal. We will respond within 30 days.
6.3 California Residents (CCPA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):
(a) Right to Know: What personal information we collect and how we use it;
(b) Right to Delete: Request deletion of your personal information;
(c) Right to Opt-Out of Sale: We do NOT sell personal information, so this right does not apply;
(d) Non-Discrimination: We will not discriminate against you for exercising your rights.
6.4 Other State Privacy Laws
Dott is a New York company and complies with New York's privacy regulations. We extend equivalent privacy rights to all users regardless of their state of residence, including rights provided under applicable state privacy laws (e.g., Virginia VCDPA, Colorado CPA, Connecticut CTDPA).
7. COOKIES AND TRACKING TECHNOLOGIES
7.1 We use the following types of cookies and similar technologies:
(a) Essential Cookies: Required for the Service to function (authentication, session management);
(b) Analytics Cookies: To understand how users interact with the Service (anonymized);
(c) Preference Cookies: To remember your settings and preferences.
7.2 You can control cookies through your browser settings. Disabling essential cookies may prevent you from using certain features of the Service.
7.3 We do NOT use cookies for advertising or cross-site tracking.
8. THIRD-PARTY SERVICES
8.1 The Service may contain links to third-party websites or integrate with third-party services. This Privacy Policy does not apply to those third parties.
8.2 We encourage you to review the privacy policies of any third-party services you access through or in connection with the Service.
8.3 Our primary third-party service providers and their privacy policies:
- Anthropic (AI processing): https://www.anthropic.com/privacy
- Vercel (hosting): https://vercel.com/legal/privacy-policy
- Supabase (database): https://supabase.com/privacy
- Resend (email): https://resend.com/legal/privacy-policy
- Stripe (payments): https://stripe.com/privacy
9. CHILDREN'S PRIVACY
9.1 The Service is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13.
9.2 If we learn that we have collected personal information from a child under 13, we will promptly delete that information.
9.3 If you believe we have collected information from a child under 13, please contact us at privacy@dott.legal.
10. INTERNATIONAL DATA TRANSFERS
10.1 The Service is operated from the United States. If you access the Service from outside the United States, your information will be transferred to and processed in the United States.
10.2 By using the Service, you consent to the transfer of your information to the United States, which may have different data protection laws than your country of residence.
11. CHANGES TO THIS PRIVACY POLICY
11.1 We may update this Privacy Policy from time to time. We will post the updated Privacy Policy on the Dott website and update the "Effective Date" above.
11.2 For material changes, we will provide notice via email to the address associated with your account at least thirty (30) days before the changes take effect.
11.3 API Users: Material changes to this Privacy Policy may require affirmative re-acceptance before continued use of the API.
11.4 Your continued use of the Service after any changes constitutes acceptance of the updated Privacy Policy.
12. CONTACT US
If you have questions about this Privacy Policy or our privacy practices, please contact us:
Privacy Inquiries:
Email: privacy@dott.legal
General Inquiries:
Email: nnamdi@dott.legal
Mailing Address:
Dott / Nnamdi Nwaezeapu PLLC
New York, NY
(Full registered address available upon request)
Data Protection Officer:
For data protection inquiries: privacy@dott.legal
We will respond to your inquiry within 30 days.