Privacy Policy

Last updated: 08/04/2020

When you use or access the Everlaw website or service, or otherwise communicate with us, such as at our offices or events, we may collect, use, share and process information relating to you. Our privacy policies explain how we will collect, use, and maintain your personal information. They also describe your choices as well as your rights regarding the correction and removal of your personal information.

Overview

Everlaw, Inc. (“Everlaw”, “we“, “us” or “our“) is committed to protecting the privacy and security of the personal information we process about you. This Privacy Policy (the “Policy“) explains who we are, how we collect, use, store, and share personal information about you and how you can exercise your privacy rights. This Policy applies to the processing of personal information by us in the usual course of business, including when you:

  • Access or use the Everlaw e-discovery platform, the Storybuilder service, and other products, services and related applications offered by Everlaw (collectively our “Services“) as an authorized user under our customer’s Everlaw account (each a “Service User“); or
  • Visit our websites (such as everlaw.com) that display a link to this Policy (our “Sites“), visit our social media pages; visit our offices; receive communications from us, including emails and phone calls; subscribe or contribute to our blog posts; or interact with, register for, attend and/or otherwise take part in our events, tutorials or webinars (including demonstrations of our Services) (we collectively refer to all of these activities as our “Marketing Activities” and each person as a “Visitor“).

Changing Our Policy

We may change this Policy from time to time. If we make any changes, we will notify you by revising the “Last Updated” date at the top of this Policy and, in some cases, we may provide you with additional notice (such as adding a statement to our Services or sending you an email notification).

If there are material changes to this Policy, we will notify you directly by email or by means of a notice on the Services prior to the change becoming effective. We encourage you to review our Policy whenever you access the Services to stay informed about our information practices and the ways that you can help protect your privacy.

If you are a Service User and do not wish your information to be subject to the revised Policy, you may deactivate your account with us by contacting privacy@everlaw.com and stop using our Services. For further information about the privacy rights available to you, review the section titled Your Privacy Rights.

Who We Are

We are Everlaw, a company headquartered in the United States. We provide a cloud-based litigation platform, specializing in ediscovery support. Our services let legal professionals easily organize and search through millions of documents, videos, emails, and pictures exchanged between legal teams before trial. You can find out more about us and our Services here.

What Information We Collect

The information we collect depends on the context of your interactions with Everlaw and the choices you make (including your privacy settings), the products and features you use, your location and applicable law.  

Information We Collect Via Our Services 

In general, we provide our Services to our Service Users and collect personal information on their behalf. As a result, for much of the personal information we collect and process through the Services – such as the files and other content our customers upload to the Services – we act as a processor or service provider. This means it is primarily our customers that control what personal information we collect and process through our Services and how we use it.

This Policy does not apply to the personal information that we process as a processor or service provider on behalf of our customers in the course of providing our Services. Therefore, if you have any privacy-related questions about the practices or choices the relevant customer has made to share your information with us or any other third party, you should contact the relevant customer or review their privacy policy. 

Information You Provide To Us. If you are a Service User you (or your organization’s administrator) may provide certain personal information to us through the Services – for example, when you sign up for an Everlaw account to access and use the Services, create or modify your profile and account, participate in any interactive features of the Services, consult with customer support or send us an email or communicate with us in any way.

The personal information we collect may include:

  • Business contact information (such as your name, job title, email address, mailing address, and phone number);
  • Professional information (such as your employer’s name, company address and phone number);
  • Marketing information (such as your contact preferences);
  • Account credentials (such as your email or username and password when you sign-up for an account with us);
  • Transactional information (including Services purchased or subscribed to and billing address); and
  • Troubleshooting and support data (such as information about your account preferences or data you provide when you contact Everlaw for help, such as the solution you use, and other details that help us provide support. For example, contact or authentication data, the content of chats and other communications with Everlaw, and the solution you use related to your help inquiry).

Information We Collect Automatically. When you use or interact with the Services, we automatically collect or receive certain information through our Services (e.g., log files) and other technologies (such as cookies) about your device and usage of the Services (we call this “Platform Data“). In some (but not all) countries, including countries in the European Economic Area (“EEA“) and UK, this information is considered “personal data” under data protection laws. For further information please review the section Cookies and Similar Technologies below.

Platform Data may include:

  • Log data, which is service-related, diagnostic, usage and performance information our servers automatically collect when you access or use our Services and which we record in log files. This log data may include Internet Protocol (IP) address, device information, browser type and settings and information about your activity in the Services (such as the date/timestamps associated with your usage, pages and files viewed, searches and other actions you take (for example, which features you use), information about the content you upload, download, share, or access while using the Services, and any actions taken in connection with the access and use of your content in the Services), device event information (such as system activity and hardware settings).
  • Device data, such information about your computer, phone, tablet or other device you use to access the Services. This device data may include information such as your IP address (or proxy server), device and application identification numbers, location, browser type, hardware model, Internet service provider and/or mobile carrier, operating system and system configuration information.

Some of the data automatically collected within the Services, whether alone or in conjunction with other data, could be personally identifying to you. Please note that this data is primarily used for the purposes of identifying the uniqueness of a Service User logging on (as opposed to specific individuals), apart from where it is strictly required to identify an individual for security purposes or as required as part of our provision of the Services to our customers (where we act as a data processor).

Information We Collect via Marketing Activities 

Information You Provide To Us. Our Site offers various ways to contact us, such as through form submissions, email or phone, to inquire about our company and Services. For example, when expressing an interest in obtaining information about Everlaw or our Services, subscribing to receive marketing communications or otherwise contacting us, we will collect personal information from you (such as business contact information you provide to us). We may also collect information from you when you participate in a survey, or interact with us in person at a tradeshow or event, or via a phone call with one of our sales representatives, or if you visit our offices (where you may be required to register as a Visitor and provide us with certain information).

The personal information we collect may include:

  • Business contact information (such as your name, phone number, email address and country);
  • Professional information (such as your job title, institution or company);
  • Nature of your communication;
  • Marketing information (such as your contact preferences); and
  • Any information you choose to provide to us when completing any “free text” boxes in our forms.

Personal information may also be provided to us on your behalf by another Service User (such as the ultimate customer). If you ever communicate directly with us, we will maintain a record of those communications and responses.

Information We Collect Automatically. When you visit our Sites or interact with our emails, like most websites, we use cookies and similar technologies such as web beacons, tags and JavaScript, alone or in conjunction with cookies, to automatically collect certain technical information from your browser or device. In some countries, including countries in the EEA and UK, this information is considered “personal data” under data protection laws.

The information we collect may include:

  • Device data, such as your IP address, operating system, browser, device information, unique device identifiers, mobile network information, request information (speed, frequency, the site from which you linked to us (“referring page”), the name of the website you choose to visit immediately after ours (called the “exit page”), information about other websites you have recently visited and the web browser used (software used to browse the internet) including its type and language).
  • Usage data, such as information about how you interact with our emails, Sites and other websites (such as the pages and files viewed, searches, operating system and system configuration information and date/time stamps associated with your usage).

This information is used to analyze overall trends, to help us provide and improve our Marketing Activities and to guarantee their security and continued proper functioning. For further information about our use of cookies and similar tracking technologies in connection with our Marketing Activities please see the section Cookies and Similar Technologies below.

Information We Collect From Other Sources. In order to enhance our ability to provide relevant marketing communications, offers and services to you and update our records, we may obtain information about you from other sources, such as public databases, joint marketing partners, social media platforms, as well as from other third parties. This information may include mailing addresses, job titles, email addresses, phone numbers, user behavior data, IP addresses, social media profiles, social media URLs and custom profiles, for purposes of targeted advertising, event promotion and optimizing our Sites, Services and Marketing Activities.

Social Media Features

Our Sites may use social media features, such as the Facebook “Like” button, the “Tweet” button and other sharing widgets (“Social Media Features”). You may be given the option by such Social Media Features to post information about your activities on a website to a profile page of yours that is provided by a third party social media network in order to share with others within your network. Social Media Features are either hosted by the respective social media network or hosted directly on our website. To the extent the Social Media Features are hosted by the respective social media networks and you click through to these from our website, the latter may receive information showing that you have visited our website. If you are logged in to your social media account, it is possible that the respective social media network can link your visit to our websites with your social media profile. Your interactions with Social Media Features are governed by the privacy policies of the companies providing the relevant Social Media Features.

Cookies and Similar Technologies

Cookies are small text files placed on your device to store data that can be recalled by a web server in the domain that placed the cookie.

In connection with our Services and Sites, we may make use of first or third party cookies (whether session or persistent cookies) and similar technologies, for such things as session management, account access/authentication, to recognize returning Service Users, for storing and honoring Service User’s preferences and settings, combating fraud, maintaining and monitoring the infrastructure of the Services, ensuring security protections, analyzing how our Sites and Services perform and other analytics purposes, and fulfilling other legitimate purposes as further described in this Policy (such as fixing issues with and improving our Services and related Service User experience).

We also use analytics cookies to better understand how our Sites and Services are being used by tracking how you interact with our Sites and the Services and where you click.

We also use third parties to serve advertisements on other websites that may be of interest to you, based on information collected about your use of our Sites and other websites. To do so, these companies may place or recognize a unique cookie or similar on your browser. They may also employ technology that is used to measure and track the effectiveness of advertisements. This can be accomplished by the use of cookies or web beacons to collect information about your visits to our Sites and other sites in order to provide relevant advertisements about goods and services of potential interest to you.

You can use controls in your internet browser to limit how the websites you visit are able to use cookies and to withdraw your consent by clearing or blocking cookies. Information about the procedure to follow in order to enable or disable cookies can be found on your Internet browser provider’s website via your help screen.  You may wish to refer to Managing Cookies, How to Enable & Disable a Cookie for information on commonly used browsers.  Please be aware that if cookies are disabled, not all features of the Sites or Services may operate as intended.

Third Party Analytics: We use cookies served by analytics service providers (e.g. Google Analytics) to collect limited data directly from Service Users browsers to enable us to better understand your use of the Services, including making use of demographics and interests reports services of such service providers.

A Note about Do Not Track. Some browsers offer a “do not track” (“DNT”) option. Because no common industry or legal standard for DNT has been adopted by industry groups, technology companies, or regulators, we do not respond to DNT signals. We will make efforts to continue to monitor developments around DNT browser technology and the implementation of a standard.

How We Use Information Collected

We use and process personal information we collect or receive, alone or in combination, for the following purposes and if you are resident in the EEA or UK, on the legal bases identified below:

  • Providing our Sites and Services: In reliance on our legitimate interest, we process your personal information to operate and administer our Sites, and to provide, operate, monitor, and maintain the Services;
  • Communicating with you about the Services: We process your personal information to enable you to access and use the Services that you request, including sending you technical notices, updates, security alerts, and support and administrative messages, in reliance on our legitimate interests in administering the Services and providing certain features;
  • Providing necessary functionality: We process your personal information in reliance on our legitimate interest to provide you with the necessary functionality required during your use of our Sites and Services. To provide and deliver the services and features you request and process;
  • Transactional considerations: We process your personal information to complete transactions, and send you related information, including purchase confirmations and invoices, to perform our contract with you and to the extent necessary in reliance on our legitimate interest;
  • Handling contact and support requests: To perform our contract with you, or to the extent necessary for our legitimate interests in fulfilling your requests and communicating with you, we process your personal information to respond to your comments, questions, and requests, and provide customer service and support;
  • Developing and improving our Marketing Activities and Services: We process your personal information to review and analyze trends, usage, and interactions with our Services, Sites and other Marketing Activities so that we can personalize and improve our Marketing Activities and the Services, and provide content and/or features that match your interests and preferences or otherwise customize our Marketing Activities and your experience on the Services. We do so to the extent it is necessary for our legitimate interest in developing and improving our Marketing Activities and Services and providing our Visitors and Service Users with more relevant content and service offerings, or where we seek your valid consent;
  • Sending marketing communications: We will process your personal information for marketing purposes in accordance with your preferences, such as to communicate with you via email, SMS or telephone about services, features, surveys, newsletters, promotions, trainings, or events we think may be of interest to you and/or to provide other news or information about Everlaw and/or our select partners, in each case in reliance on our legitimate interest in conducting direct marketing or with your consent. Please see the Your Privacy Rights section below, to learn how you can control the processing of your personal information by Everlaw for marketing purposes;
  • Promoting the security of our Sites and Services: To the extent necessary for our legitimate interests in promoting the safety and security of our Marketing Activities and Services, we use your personal information to investigate and prevent fraudulent transactions, unauthorized access to the Services, and other illegal activities;
  • Compliance purposes: We will process your personal information for purposes of compliance with laws or regulations and to review compliance with applicable usage terms; and
  • Other purposes: We will process your personal information for other purposes about which we notify you in advance, or for which we receive your consent.

What Information We Share or Disclose to Others

We will not share your personal information with any third parties except as described in this Policy and if you are a Service User, as defined in an agreement with us in connection with the Services (including a Data Processing Addendum, as applicable). Parties with whom we may share your personal information, pursuant to any applicable agreements, include:

Third-Party Service Providers

We may share your information with third-party service providers who are working on our behalf and require access to your information to carry out that work. Examples include billing and payment service providers (to authorize, record, settle and clear transactions); cloud hosting providers (to provide data storage and processing services); communications providers (to process new queries and to manage our emails); corporate services (to facilitate business operations and communications) and analytics companies to perform analysis on our Marketing Activities and Services. These service providers are authorized to use your personal information only as necessary to provide services to Everlaw.

Compliance with Laws

We may disclose your information to a third party: (a) if we believe that disclosure is reasonably necessary to comply with any applicable law or regulation; (b) if we are required by law to comply with a legal process, or government request; (c) to enforce our agreements and policies; (d) to protect the security or integrity of our Sites and Services; (e) to protect Everlaw, our customers, or the public from harm or illegal activities; (f) to respond to an emergency which we believe in good faith requires us to disclose information to assist in preventing the death or serious bodily injury of any person; or (g) as otherwise directed by you.

Business Transfers

We may share or transfer your information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company. Your personal information may be part of the transferred assets. Data processing for this purpose is a legitimate business interest. You may be notified thereafter of any such change in ownership or control. In these instances we will inform the buyer to use your information only as disclosed in this Policy.

Advertising Partners

We may partner with third party advertising networks, exchanges and social media platforms (e.g., LinkedIn) to display advertising on our Sites or to manage and service advertising on other sites and we may share personal information with them for this purpose. Please see the Cookies and Similar Technologies section above, including information about how you can turn off tracking technologies.

Anonymized Statistical Data

We may also share aggregated, anonymized statistical information with third parties that does not identify you. For example, in an ongoing effort to better understand and serve the users of our Services and Marketing Activities, we may conduct research on customer demographics, interests and behavior based on the personal information, interviews, and other data provided to us. This research may be compiled and analyzed on an aggregated and anonymized basis, and we may share this data with our agents and business partners. This aggregated and anonymized information does not identify you personally. We may also disclose aggregated, anonymized user statistics in order to describe the Services to current and prospective business partners, and to other third parties for other lawful purposes.

Consent

We may share your information with any other person or entity with your consent to the disclosure.

How We Secure Information

We have adopted reasonable physical, technical and organizational safeguards against accidental, unauthorized or unlawful destruction, loss, alteration, disclosure, access, use or processing of information we collect. We also choose to undergo security testing by an independent, third-party auditor.

Everlaw has a SOC 2 Type 2 certification in Security, Availability, Confidentiality and Privacy, demonstrating that our system is designed and operates effectively to keep the personal data that we process secure. We have also been audited for compliance with HIPAA Privacy and Security Rules, providing independent assurance of compliance.

You may access your Product account information and our Product only through the use of an individual account via either an Everlaw user ID and password or an authorized single sign-on provider (“Account Credentials”). To protect the confidentiality of personal information and information, you must keep your Account Credentials confidential and not disclose it to any other person. Please advise us immediately if you believe your Account Credentials  have been compromised in any way. In addition, always log out and close your browser when you finish your session. Please note that we will never ask you to disclose your password to us.If you have any questions about the security of your personal information, you can contact us at security@everlaw.com.

Data Transfers

Everlaw is headquartered in the United States and has offices, employees and service providers who operate around the globe. Therefore, as a global business, Everlaw processes, hosts and transfers personal information in different countries, including in the United States. These countries may have data protection laws that are different to the laws of your country.

Everlaw fully assesses the circumstances involving all cross-border data transfers and has appropriate safeguards in place to ensure that your personal information will remain protected in accordance with this Policy. Currently, Everlaw uses the European Commission’s Standard Contractual Clauses as the basis for Everlaw’s approach to global data privacy protection. These Standard Contractual Clauses provide appropriate safeguards with respect to the protection of the privacy and fundamental rights and freedoms of individuals and the exercise of the corresponding rights. Our Standard Contractual Clauses can be provided upon request. We have implemented similar appropriate safeguards where legally required with our third party service providers and partners and further details can be provided upon request.

Your Privacy Rights

Where we are acting as a data controller, and depending on your location and subject to applicable law, you may have the rights below with regard to the personal information we control about you. For all requests surrounding your personal information or questions about your rights per this Policy, please contact us at privacy@everlaw.com, and we will respond promptly.

You can access, correct, update and delete your personal information by emailing us at privacy@everlaw.com. If you are a Service User, you can also update, correct, or modify your account information at any time by logging into your Everlaw account or contacting us at support@everlaw.com.

If you are a resident or a visitor from the EEA, UK or Switzerland, you can object to the processing of your personal information and ask us to restrict processing of your personal information or request portability of your personal information. To exercise these rights, please send an email to privacy@everlaw.com.

Receiving Promotional and Other Communications

You may opt out of receiving marketing communications from us by either checking the relevant box on a communication consent form, by clicking the “unsubscribe” link in an email, or by emailing us with your specific request. If you are a Service User and opt out, we may still send you non-promotional communications, such as security alerts and notices related to your access to or use of the Services or those about your account or our ongoing business relations, or other non-marketing purposes.

Withdrawing Your Consent

If we have collected and processed your personal information with your consent, then you may withdraw your consent anytime. As required by applicable law, we will apply your preferences going forward, within a reasonable amount of time. Even where you withdraw your consent, we may still process your personal information for limited purposes, for example, to give effect to your request or to safeguard our business. In some circumstances, withdrawing your consent to our use or disclosure of your personal information will mean that you cannot use our Services. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal information conducted in reliance on lawful processing grounds other than consent.

Lodging a Complaint with a Supervisory Authority

You have the right to submit a complaint to a European Union (“EU”) supervisory authority if you believe that your personal information has been processed in a manner that is not compliant with the EU General Data Protection Regulation (“GDPR”). You also have the right to submit a complaint to an EU supervisory authority if Everlaw is unable to comply with your right of data portability or does not respond to your request within a timely manner.

If you are resident in the EEA and UK, the contact details for data protection authorities are available here.  If you are resident in Switzerland, the contact details for the data protection authorities are available here.

How Long Do We Keep Your Personal Information?

We retain your personal information where we have an ongoing legitimate business need to do so and for a period of time consistent with the original purpose as described in this Policy. We determine the appropriate retention period for personal information on the basis of the amount, nature and sensitivity of your personal information processed, the potential risk of harm from unauthorized use or disclosure of your personal information and whether we can achieve the purposes of the processing through other means, as well as on the basis of applicable legal requirements (such as applicable statutes of limitation).

After expiration of the applicable retention periods, we will either delete or anonymize your personal information or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible. We will retain your personal information to comply with our legal obligations, resolve disputes, and enforce our agreements. We will retain your personal information for as long as your Everlaw Product account is active or as needed to provide you with the Services, but no longer than the period necessary to fulfill the purposes outlined in this Policy.

California Residents

Under California law, California residents who have an established business relationship with Everlaw may choose to opt out of Everlaw’s disclosure of personal information about them to third parties for direct marketing purposes. If you choose to opt out at any time after granting approval, email privacy@everlaw.com. In accordance with California Civil Code Section 1789.3, California resident users are entitled to know that they may file grievances and complaints with the California Department of Consumer Affairs, 400 R Street, STE 1080, Sacramento, CA 95814; or by phone at (916) 445-1254 or (800) 952-5210; or by email to dca@dca.ca.gov.

The California Consumer Privacy Act (“CCPA”) requires businesses to disclose whether they sell Personal Data (as defined in the CCPA). As a business covered by the CCPA, we do not sell Personal Data. We may share Personal Data with third parties or allow them to collect Personal Data from our Sites or Services if those third parties are authorized service providers or business partners who have agreed to our contractual limitations as to their retention, use, and disclosure of such Personal Data, or if you use our Services to interact with third parties or direct us to disclose your Personal Data to third parties.

California law requires that we detail the categories of Personal Data that we share or disclose for certain “business purposes,” such as disclosures to service providers that assist us with securing our services or marketing our products. We disclose the following categories of Personal Data for our business purposes:

  • Identifiers;
  • Customer records information
  • Commercial information;
  • Internet activity information;
  • Professional and employment-related information; and
  • Inferences drawn from any of the above information categories.

Our Policy Toward Children

In compliance with COPPA, the Children’s Online Privacy Protection Act, the Everlaw Service is not directed to individuals under 13. We do not knowingly collect personal information from children under 13. If you become aware that a child has provided us with personal information, please contact us at privacy@everlaw.com. If we become aware that a child under 13 has provided us with personal information, we will take steps to delete such information. Please note, if you are under the age of 13, you may not use our website, products, or services.

Contact Us

If you have any questions about this Policy, please contact privacy@everlaw.com or:

Everlaw, Inc.

Attn: Lisa Hawke, VP Security and Compliance
2101 Webster Street, Ste 1500
Oakland, California 94612
United States
contact@everlaw.com 
0800 068 9249