Privacy Policy
Effective Date: January 15, 2025
Last Updated: January 15, 2025
VitaIQ Inc. ("VitaLaw", "we", "us", or "our") operates the defences.app website and legal research platform (the "Service"). We are committed to protecting your privacy and complying with the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial privacy legislation.
This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use our Service. By using defences.app, you consent to the practices described in this policy.
PIPEDA Compliance
This Privacy Policy adheres to the ten principles of PIPEDA:
- 1. Accountability
- 2. Identifying Purposes
- 3. Consent
- 4. Limiting Collection
- 5. Limiting Use, Disclosure, and Retention
- 6. Accuracy
- 7. Safeguards
- 8. Openness
- 9. Individual Access
- 10. Challenging Compliance
1. Information We Collect
1.1 Account Information
When you create an account, we collect:
- Full name
- Email address
- Password (encrypted using industry-standard hashing)
- Organization/firm name (optional)
- Professional status (lawyer, law student, legal professional)
- Subscription tier (Scholar, Advocate, or Magistrate)
1.2 Usage Information
We automatically collect:
- Search queries and search history
- Cases viewed, saved, and exported
- Folders and collections created
- AI analysis requests and results
- Feature usage patterns
- Session duration and frequency
1.3 Technical Information
We collect:
- IP address
- Browser type and version
- Device information (type, operating system)
- Firebase App Check tokens
- Cookie data and local storage
- Referrer URLs
- Time zone and language settings
1.4 Payment Information
Payment processing is handled by Stripe, a third-party payment processor. We do not store credit card numbers or banking information directly. We only retain:
- Stripe customer ID
- Subscription status and history
- Invoice records
- Last 4 digits of payment method (for reference)
2. How We Use Your Information
2.1 Primary Purposes
- Provide access to our legal research platform
- Process and manage your subscription
- Deliver AI-powered case analysis and search results
- Save and organize your research materials
- Send service-related communications
- Authenticate your identity and prevent fraud
2.2 Secondary Purposes
With your consent, we may use your information to:
- Send marketing communications about new features
- Conduct research to improve our AI algorithms
- Analyze usage patterns to enhance user experience
- Generate anonymized analytics and insights
- Invite participation in surveys or beta testing
3. AI and Machine Learning
Important Notice about AI Usage
We use Google Gemini AI to analyze legal cases and provide insights. Your queries and the AI's responses are processed but not used to train the AI model. AI-generated content may contain errors and should always be verified independently.
Our AI systems:
- Process your search queries to understand intent
- Analyze case law to provide summaries and insights
- Generate research recommendations
- Do NOT use your personal data to train models
- Do NOT share your queries with other users
4. Disclosure of Information
4.1 Third-Party Service Providers
We share information with trusted service providers:
- Google Cloud: Infrastructure and Gemini AI services
- Firebase: Authentication, database, and hosting
- Stripe: Payment processing
- Google Analytics: Website analytics (anonymized)
- PostgreSQL/Railway: Database hosting
4.2 Legal Requirements
We may disclose information when required by law, court order, or to protect rights, property, or safety. This includes responding to lawful requests from public authorities.
4.3 Business Transfers
In the event of a merger, acquisition, or asset sale, your information may be transferred. We will provide notice before your information becomes subject to a different privacy policy.
4.4 What We Never Do
- Sell your personal information to third parties
- Share your search queries with other users
- Use your research for competitive intelligence
- Disclose your saved cases without consent
5. Data Security
We implement comprehensive security measures:
- 256-bit SSL/TLS encryption for data in transit
- Encryption at rest for sensitive data
- Bcrypt hashing for password storage
- Firebase App Check to prevent abuse
- Regular security audits and updates
- Access controls and employee training
- Secure data centers with physical security
- Incident response and breach notification procedures
While we use industry-standard security measures, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security but commit to promptly notifying you of any breaches affecting your personal information.
6. Data Retention and Deletion
6.1 Retention Periods
- Account data: Retained while account is active
- Search history: 2 years (can be deleted by user)
- Saved cases: Until user deletes them
- Payment records: 7 years (tax requirements)
- Technical logs: 90 days
- Deleted account data: Removed within 30 days
6.2 Account Deletion
You can request account deletion at any time by contacting privacy@vitalaw.app. Upon deletion, we will remove your personal information within 30 days, except where retention is required by law.
7. Your Rights Under PIPEDA
You have the right to:
- Access: Request a copy of your personal information
- Correct: Update or correct inaccurate information
- Delete: Request deletion of your account and data
- Port: Receive your data in a portable format
- Withdraw consent: Opt-out of optional data uses
- Object: Challenge our use of your information
- Complain: File a complaint with the Privacy Commissioner
To exercise these rights, contact our Privacy Officer at privacy@vitalaw.app. We will respond within 30 days.
8. Cookies and Tracking Technologies
We use cookies and similar technologies for:
- Essential cookies: Authentication and security
- Functional cookies: Remember preferences
- Analytics cookies: Understand usage patterns
- Performance cookies: Monitor site performance
You can control cookies through your browser settings. Disabling essential cookies may limit functionality. For detailed information, see our Cookie Policy.
9. International Data Transfers
Our Service is designed for Canadian users and complies with Canadian privacy law. Some of our service providers may process data outside Canada (primarily in the United States). We ensure appropriate safeguards are in place, including contractual clauses requiring PIPEDA-equivalent protection.
10. Children's Privacy
Our Service is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If we discover a child under 18 has provided personal information, we will delete it immediately.
11. Important Legal Notice
Not Legal Advice
VitaLaw | Defences provides legal research tools and information. We do not provide legal advice. The Service is not a substitute for professional legal counsel. Users remain responsible for their professional and ethical obligations.
12. Updates to This Privacy Policy
We may update this Privacy Policy to reflect changes in our practices or legal requirements. Material changes will be notified via email or prominent notice on our Service. Continued use after changes constitutes acceptance.
13. Contact Our Privacy Officer
For privacy inquiries, requests, or complaints:
Privacy Officer
VitaIQ Inc.
Email: privacy@vitalaw.app
Support: support@vitalaw.app
Response time: Within 30 days
You also have the right to file a complaint with the Office of the Privacy Commissioner of Canada at www.priv.gc.ca.
14. Your Consent
By using VitaLaw | Defences, you consent to the collection, use, and disclosure of your personal information as described in this Privacy Policy. You may withdraw consent for optional uses at any time by contacting us.