Last updated: 08/04/2020
When you use or access the Everlaw website or service, or otherwise communicate with us, such as at our offices or events, we may collect, use, share and process information relating to you. Our privacy policies explain how we will collect, use, and maintain your personal information. They also describe your choices as well as your rights regarding the correction and removal of your personal information.
- Access or use the Everlaw e-discovery platform, the Storybuilder service, and other products, services and related applications offered by Everlaw (collectively our “Services“) as an authorized user under our customer’s Everlaw account (each a “Service User“); or
- Visit our websites (such as everlaw.com) that display a link to this Policy (our “Sites“), visit our social media pages; visit our offices; receive communications from us, including emails and phone calls; subscribe or contribute to our blog posts; or interact with, register for, attend and/or otherwise take part in our events, tutorials or webinars (including demonstrations of our Services) (we collectively refer to all of these activities as our “Marketing Activities” and each person as a “Visitor“).
Changing Our Policy
We may change this Policy from time to time. If we make any changes, we will notify you by revising the “Last Updated” date at the top of this Policy and, in some cases, we may provide you with additional notice (such as adding a statement to our Services or sending you an email notification).
If there are material changes to this Policy, we will notify you directly by email or by means of a notice on the Services prior to the change becoming effective. We encourage you to review our Policy whenever you access the Services to stay informed about our information practices and the ways that you can help protect your privacy.
If you are a Service User and do not wish your information to be subject to the revised Policy, you may deactivate your account with us by contacting firstname.lastname@example.org and stop using our Services. For further information about the privacy rights available to you, review the section titled Your Privacy Rights.
Who We Are
We are Everlaw, a company headquartered in the United States. We provide a cloud-based litigation platform, specializing in ediscovery support. Our services let legal professionals easily organize and search through millions of documents, videos, emails, and pictures exchanged between legal teams before trial. You can find out more about us and our Services here.
What Information We Collect
The information we collect depends on the context of your interactions with Everlaw and the choices you make (including your privacy settings), the products and features you use, your location and applicable law.
Information We Collect Via Our Services
In general, we provide our Services to our Service Users and collect personal information on their behalf. As a result, for much of the personal information we collect and process through the Services – such as the files and other content our customers upload to the Services – we act as a processor or service provider. This means it is primarily our customers that control what personal information we collect and process through our Services and how we use it.
Information You Provide To Us. If you are a Service User you (or your organization’s administrator) may provide certain personal information to us through the Services – for example, when you sign up for an Everlaw account to access and use the Services, create or modify your profile and account, participate in any interactive features of the Services, consult with customer support or send us an email or communicate with us in any way.
The personal information we collect may include:
- Business contact information (such as your name, job title, email address, mailing address, and phone number);
- Professional information (such as your employer’s name, company address and phone number);
- Marketing information (such as your contact preferences);
- Account credentials (such as your email or username and password when you sign-up for an account with us);
- Transactional information (including Services purchased or subscribed to and billing address); and
- Troubleshooting and support data (such as information about your account preferences or data you provide when you contact Everlaw for help, such as the solution you use, and other details that help us provide support. For example, contact or authentication data, the content of chats and other communications with Everlaw, and the solution you use related to your help inquiry).
Information We Collect Automatically. When you use or interact with the Services, we automatically collect or receive certain information through our Services (e.g., log files) and other technologies (such as cookies) about your device and usage of the Services (we call this “Platform Data“). In some (but not all) countries, including countries in the European Economic Area (“EEA“) and UK, this information is considered “personal data” under data protection laws. For further information please review the section Cookies and Similar Technologies below.
Platform Data may include:
- Log data, which is service-related, diagnostic, usage and performance information our servers automatically collect when you access or use our Services and which we record in log files. This log data may include Internet Protocol (IP) address, device information, browser type and settings and information about your activity in the Services (such as the date/timestamps associated with your usage, pages and files viewed, searches and other actions you take (for example, which features you use), information about the content you upload, download, share, or access while using the Services, and any actions taken in connection with the access and use of your content in the Services), device event information (such as system activity and hardware settings).
- Device data, such information about your computer, phone, tablet or other device you use to access the Services. This device data may include information such as your IP address (or proxy server), device and application identification numbers, location, browser type, hardware model, Internet service provider and/or mobile carrier, operating system and system configuration information.
Some of the data automatically collected within the Services, whether alone or in conjunction with other data, could be personally identifying to you. Please note that this data is primarily used for the purposes of identifying the uniqueness of a Service User logging on (as opposed to specific individuals), apart from where it is strictly required to identify an individual for security purposes or as required as part of our provision of the Services to our customers (where we act as a data processor).
Information We Collect via Marketing Activities
Information You Provide To Us. Our Site offers various ways to contact us, such as through form submissions, email or phone, to inquire about our company and Services. For example, when expressing an interest in obtaining information about Everlaw or our Services, subscribing to receive marketing communications or otherwise contacting us, we will collect personal information from you (such as business contact information you provide to us). We may also collect information from you when you participate in a survey, or interact with us in person at a tradeshow or event, or via a phone call with one of our sales representatives, or if you visit our offices (where you may be required to register as a Visitor and provide us with certain information).
The personal information we collect may include:
- Business contact information (such as your name, phone number, email address and country);
- Professional information (such as your job title, institution or company);
- Nature of your communication;
- Marketing information (such as your contact preferences); and
- Any information you choose to provide to us when completing any “free text” boxes in our forms.
Personal information may also be provided to us on your behalf by another Service User (such as the ultimate customer). If you ever communicate directly with us, we will maintain a record of those communications and responses.
The information we collect may include:
- Device data, such as your IP address, operating system, browser, device information, unique device identifiers, mobile network information, request information (speed, frequency, the site from which you linked to us (“referring page”), the name of the website you choose to visit immediately after ours (called the “exit page”), information about other websites you have recently visited and the web browser used (software used to browse the internet) including its type and language).
- Usage data, such as information about how you interact with our emails, Sites and other websites (such as the pages and files viewed, searches, operating system and system configuration information and date/time stamps associated with your usage).
Information We Collect From Other Sources. In order to enhance our ability to provide relevant marketing communications, offers and services to you and update our records, we may obtain information about you from other sources, such as public databases, joint marketing partners, social media platforms, as well as from other third parties. This information may include mailing addresses, job titles, email addresses, phone numbers, user behavior data, IP addresses, social media profiles, social media URLs and custom profiles, for purposes of targeted advertising, event promotion and optimizing our Sites, Services and Marketing Activities.
How We Use Information Collected
We use and process personal information we collect or receive, alone or in combination, for the following purposes and if you are resident in the EEA or UK, on the legal bases identified below:
- Providing our Sites and Services: In reliance on our legitimate interest, we process your personal information to operate and administer our Sites, and to provide, operate, monitor, and maintain the Services;
- Communicating with you about the Services: We process your personal information to enable you to access and use the Services that you request, including sending you technical notices, updates, security alerts, and support and administrative messages, in reliance on our legitimate interests in administering the Services and providing certain features;
- Providing necessary functionality: We process your personal information in reliance on our legitimate interest to provide you with the necessary functionality required during your use of our Sites and Services. To provide and deliver the services and features you request and process;
- Transactional considerations: We process your personal information to complete transactions, and send you related information, including purchase confirmations and invoices, to perform our contract with you and to the extent necessary in reliance on our legitimate interest;
- Handling contact and support requests: To perform our contract with you, or to the extent necessary for our legitimate interests in fulfilling your requests and communicating with you, we process your personal information to respond to your comments, questions, and requests, and provide customer service and support;
- Developing and improving our Marketing Activities and Services: We process your personal information to review and analyze trends, usage, and interactions with our Services, Sites and other Marketing Activities so that we can personalize and improve our Marketing Activities and the Services, and provide content and/or features that match your interests and preferences or otherwise customize our Marketing Activities and your experience on the Services. We do so to the extent it is necessary for our legitimate interest in developing and improving our Marketing Activities and Services and providing our Visitors and Service Users with more relevant content and service offerings, or where we seek your valid consent;
- Sending marketing communications: We will process your personal information for marketing purposes in accordance with your preferences, such as to communicate with you via email, SMS or telephone about services, features, surveys, newsletters, promotions, trainings, or events we think may be of interest to you and/or to provide other news or information about Everlaw and/or our select partners, in each case in reliance on our legitimate interest in conducting direct marketing or with your consent. Please see the Your Privacy Rights section below, to learn how you can control the processing of your personal information by Everlaw for marketing purposes;
- Promoting the security of our Sites and Services: To the extent necessary for our legitimate interests in promoting the safety and security of our Marketing Activities and Services, we use your personal information to investigate and prevent fraudulent transactions, unauthorized access to the Services, and other illegal activities;
- Compliance purposes: We will process your personal information for purposes of compliance with laws or regulations and to review compliance with applicable usage terms; and
- Other purposes: We will process your personal information for other purposes about which we notify you in advance, or for which we receive your consent.
How We Secure Information
We have adopted reasonable physical, technical and organizational safeguards against accidental, unauthorized or unlawful destruction, loss, alteration, disclosure, access, use or processing of information we collect. We also choose to undergo security testing by an independent, third-party auditor.
Everlaw has a SOC 2 Type 2 certification in Security, Availability, Confidentiality and Privacy, demonstrating that our system is designed and operates effectively to keep the personal data that we process secure. We have also been audited for compliance with HIPAA Privacy and Security Rules, providing independent assurance of compliance.
You may access your Product account information and our Product only through the use of an individual account via either an Everlaw user ID and password or an authorized single sign-on provider (“Account Credentials”). To protect the confidentiality of personal information and information, you must keep your Account Credentials confidential and not disclose it to any other person. Please advise us immediately if you believe your Account Credentials have been compromised in any way. In addition, always log out and close your browser when you finish your session. Please note that we will never ask you to disclose your password to us.If you have any questions about the security of your personal information, you can contact us at email@example.com.
Everlaw is headquartered in the United States and has offices, employees and service providers who operate around the globe. Therefore, as a global business, Everlaw processes, hosts and transfers personal information in different countries, including in the United States. These countries may have data protection laws that are different to the laws of your country.
Everlaw fully assesses the circumstances involving all cross-border data transfers and has appropriate safeguards in place to ensure that your personal information will remain protected in accordance with this Policy. Currently, Everlaw uses the European Commission’s Standard Contractual Clauses as the basis for Everlaw’s approach to global data privacy protection. These Standard Contractual Clauses provide appropriate safeguards with respect to the protection of the privacy and fundamental rights and freedoms of individuals and the exercise of the corresponding rights. Our Standard Contractual Clauses can be provided upon request. We have implemented similar appropriate safeguards where legally required with our third party service providers and partners and further details can be provided upon request.
Your Privacy Rights
Where we are acting as a data controller, and depending on your location and subject to applicable law, you may have the rights below with regard to the personal information we control about you. For all requests surrounding your personal information or questions about your rights per this Policy, please contact us at firstname.lastname@example.org, and we will respond promptly.
You can access, correct, update and delete your personal information by emailing us at email@example.com. If you are a Service User, you can also update, correct, or modify your account information at any time by logging into your Everlaw account or contacting us at firstname.lastname@example.org.
If you are a resident or a visitor from the EEA, UK or Switzerland, you can object to the processing of your personal information and ask us to restrict processing of your personal information or request portability of your personal information. To exercise these rights, please send an email to email@example.com.
Receiving Promotional and Other Communications
You may opt out of receiving marketing communications from us by either checking the relevant box on a communication consent form, by clicking the “unsubscribe” link in an email, or by emailing us with your specific request. If you are a Service User and opt out, we may still send you non-promotional communications, such as security alerts and notices related to your access to or use of the Services or those about your account or our ongoing business relations, or other non-marketing purposes.
Withdrawing Your Consent
If we have collected and processed your personal information with your consent, then you may withdraw your consent anytime. As required by applicable law, we will apply your preferences going forward, within a reasonable amount of time. Even where you withdraw your consent, we may still process your personal information for limited purposes, for example, to give effect to your request or to safeguard our business. In some circumstances, withdrawing your consent to our use or disclosure of your personal information will mean that you cannot use our Services. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal information conducted in reliance on lawful processing grounds other than consent.
Lodging a Complaint with a Supervisory Authority
You have the right to submit a complaint to a European Union (“EU”) supervisory authority if you believe that your personal information has been processed in a manner that is not compliant with the EU General Data Protection Regulation (“GDPR”). You also have the right to submit a complaint to an EU supervisory authority if Everlaw is unable to comply with your right of data portability or does not respond to your request within a timely manner.
If you are resident in the EEA and UK, the contact details for data protection authorities are available here. If you are resident in Switzerland, the contact details for the data protection authorities are available here.
How Long Do We Keep Your Personal Information?
We retain your personal information where we have an ongoing legitimate business need to do so and for a period of time consistent with the original purpose as described in this Policy. We determine the appropriate retention period for personal information on the basis of the amount, nature and sensitivity of your personal information processed, the potential risk of harm from unauthorized use or disclosure of your personal information and whether we can achieve the purposes of the processing through other means, as well as on the basis of applicable legal requirements (such as applicable statutes of limitation).
After expiration of the applicable retention periods, we will either delete or anonymize your personal information or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible. We will retain your personal information to comply with our legal obligations, resolve disputes, and enforce our agreements. We will retain your personal information for as long as your Everlaw Product account is active or as needed to provide you with the Services, but no longer than the period necessary to fulfill the purposes outlined in this Policy.
Under California law, California residents who have an established business relationship with Everlaw may choose to opt out of Everlaw’s disclosure of personal information about them to third parties for direct marketing purposes. If you choose to opt out at any time after granting approval, email firstname.lastname@example.org. In accordance with California Civil Code Section 1789.3, California resident users are entitled to know that they may file grievances and complaints with the California Department of Consumer Affairs, 400 R Street, STE 1080, Sacramento, CA 95814; or by phone at (916) 445-1254 or (800) 952-5210; or by email to email@example.com.
The California Consumer Privacy Act (“CCPA”) requires businesses to disclose whether they sell Personal Data (as defined in the CCPA). As a business covered by the CCPA, we do not sell Personal Data. We may share Personal Data with third parties or allow them to collect Personal Data from our Sites or Services if those third parties are authorized service providers or business partners who have agreed to our contractual limitations as to their retention, use, and disclosure of such Personal Data, or if you use our Services to interact with third parties or direct us to disclose your Personal Data to third parties.
California law requires that we detail the categories of Personal Data that we share or disclose for certain “business purposes,” such as disclosures to service providers that assist us with securing our services or marketing our products. We disclose the following categories of Personal Data for our business purposes:
- Customer records information
- Commercial information;
- Internet activity information;
- Professional and employment-related information; and
- Inferences drawn from any of the above information categories.
Our Policy Toward Children
In compliance with COPPA, the Children’s Online Privacy Protection Act, the Everlaw Service is not directed to individuals under 13. We do not knowingly collect personal information from children under 13. If you become aware that a child has provided us with personal information, please contact us at firstname.lastname@example.org. If we become aware that a child under 13 has provided us with personal information, we will take steps to delete such information. Please note, if you are under the age of 13, you may not use our website, products, or services.