Privacy Policy

Firmtalk Data Insights (“Firmtalk,” “we,” “our,” or “us”) provides a legal operations platform for modern law firms. This Privacy Policy applies to firmtalk.ai and any product, service, or communication that links to this policy.

For questions about this policy or any of our data practices, contact us at hello@firmtalk.ai.

We collect information in three ways:

Information you provide. When you contact us, request a demo, or sign up for an account, you may share your name, work email address, phone number, company or firm name, role, and any message you send us.

Information collected automatically. When you visit our website, we automatically collect your IP address, device and browser type, operating system, referring URLs, pages viewed, and timestamps. We use cookies and similar technologies to enable core site functionality, remember preferences, and measure traffic.

Information from integrations. If you use Firmtalk with Microsoft 365, Google Workspace, or other services, we process the data required to deliver the integration you’ve asked for, in accordance with your firm’s configuration.

We use information to:

• Operate, secure, and improve our website and services.
• Respond to contact requests, demo enquiries, and support questions.
• Send you service updates, product announcements, and other communications you’ve opted into.
• Analyse aggregate usage to understand how our product is used and where it can be improved.
• Meet legal, regulatory, and contractual obligations.

We do not sell your personal information, and we do not share it with third parties for their own marketing purposes.

We do not use Customer Data to train artificial-intelligence or machine-learning models for our benefit or for the benefit of any third party. Where the product uses third-party AI providers to deliver a feature you have asked for, we contract for terms that prohibit those providers from using your data to train their models.

We do not sell, license or otherwise make Customer Data available to AI companies for training, evaluation or benchmarking.

The list of AI and other subprocessors we use to deliver the platform is published at firmtalk.ai/subprocessors.

Customer data is stored on enterprise-grade cloud infrastructure with encryption in transit and at rest. Where your firm elects tenancy-resident storage (for example, within your own Microsoft 365 tenancy), the data remains under your control and subject to your tenancy’s security posture.

We operate on a principle of least privilege: access to production systems is restricted, audited, and reviewed regularly. We are aligned with SOC 2 and ISO 27001 control frameworks and are undergoing formal certification tracks for both.

We share information only with service providers that help us operate the business (for example, cloud hosting, analytics, email delivery, and payments). These providers are bound by confidentiality obligations and may use your information only to provide services to us.

We may disclose information if required by law, to protect our rights, or in connection with a corporate transaction such as a merger, acquisition, or sale of assets. If ownership of the business changes, we will notify affected customers.

We use a small set of third-party service providers to host the website, send transactional email, prevent abuse, and operate the platform. Each subprocessor is bound by confidentiality, security and data-protection obligations. The current list is published at firmtalk.ai/subprocessors. We will provide reasonable advance notice of material changes to that list.

Depending on where you live, you may have rights under the Digital Personal Data Protection Act, 2023 (India), the GDPR, the UK GDPR, or comparable laws. These rights can include:

• Access a copy of the personal information we hold about you.
• Correct information that is inaccurate or out of date.
• Erase information we hold about you, subject to legal retention obligations.
• Port a copy of your information in a machine-readable format.
• Withdraw consent at any time where we rely on consent to process your information. Withdrawal does not affect processing carried out before withdrawal.
• Object to or restrict certain uses, including direct marketing.
• Complain to the Data Protection Board (India) or the equivalent supervisory authority in your country.

To exercise any of these rights, email hello@firmtalk.ai. We will respond within the timelines required by applicable law and confirm what action we have taken.

For grievances or queries relating to the processing of your personal data under the Digital Personal Data Protection Act, 2023, you may contact our designated Grievance Officer:

Grievance Officer, Firmtalk
Email: grievance@firmtalk.ai
Postal: Firmtalk Data Insights, Mumbai, Maharashtra, India

We acknowledge grievances within 72 hours of receipt and aim to resolve them within the period prescribed by applicable law. If you are not satisfied with our response, you may escalate to the Data Protection Board of India.

In the event of a personal-data breach that is likely to result in a risk to your rights, we will notify affected individuals and the relevant supervisory authority without undue delay, in line with the timelines required by the Digital Personal Data Protection Act, 2023 and other applicable laws. Notice will describe the nature of the breach, the categories of data involved, the likely consequences, and the measures we have taken or propose to take in response.

We use cookies that are strictly necessary for the site to function, plus a small set of analytics cookies that help us understand how the site is used. You can disable non-essential cookies at any time through your browser settings.

We retain personal information only for as long as it is needed to deliver our services, comply with legal obligations, resolve disputes, and enforce our agreements. Indicative retention periods:

• Contact-form submissions: 24 months in our support mailbox, then archived or deleted.
• Demo and sales enquiries: the longer of 36 months or the life of the related opportunity.
• Account & Customer Data: retained for the duration of your contract and deleted or returned within 90 days of termination, unless a longer period is required by law.
• Backups: rotated on a 35-day cycle.
• Server and security logs: 12 months.
• Cookie / analytics data: see the “Cookies” section.

When information is no longer needed, we delete or anonymise it. Aggregate, anonymised data may be retained indefinitely for product analytics and benchmarking.

Firmtalk operates globally. Information may be processed in countries outside your own. Where we transfer personal data internationally, we rely on appropriate safeguards, including Standard Contractual Clauses, to protect it.

Firmtalk is a business-to-business service not directed at children. We do not knowingly collect personal information from anyone under 16.

We may update this policy to reflect changes to our practices, our services, or applicable law. When we do, we’ll revise the “last updated” date at the top of this page and, for material changes, notify affected users directly.