Legal

Privacy Policy

Last updated: February 21, 2026

Our core principle: Your documents stay in YOUR Google Drive or OneDrive. We never store, copy, or retain your court filings, case files, or client documents on our servers. CourtFlow AI processes your data in transit and stores only metadata (case names, deadlines, analysis summaries) in our encrypted database.

1. Information We Collect

Account Information

When you sign up, we collect your name, email address, and profile picture through Google OAuth or Microsoft Azure AD authentication. We also collect your firm name, bar number, phone number, and practice areas during onboarding.

Email Metadata

When you connect your Gmail or Outlook account, CourtFlow reads emails from your configured court e-service sender address (e.g., eservice@myflcourtaccess.com). We process the email subject, sender, date, and body to identify court filings. Email content is processed in transit and not permanently stored — only our AI-generated analysis summary is retained.

Document Analysis Data

Court document PDFs are sent to Google Gemini for AI analysis. The analysis results (summaries, extracted deadlines, case classifications) are stored in our database. The PDF documents themselves are filed directly to your Google Drive or OneDrive and are never stored on CourtFlow servers.

Usage Data

We collect standard usage information including pages visited, features used, browser type, and IP address to improve our service and diagnose issues.

2. How We Use Your Information

  • To provide the CourtFlow AI service — processing court emails, analyzing documents, tracking deadlines, and generating briefings
  • To authenticate you and manage your account and team
  • To send you service-related communications (daily briefings, deadline alerts, system notifications)
  • To improve our AI analysis accuracy and service reliability
  • To enforce our terms of service and protect against misuse

3. Third-Party Services

CourtFlow AI integrates with the following third-party services:

  • Google Workspace APIs — Gmail (email reading/sending), Google Drive (document storage), Google Calendar (deadline events). Governed by Google's API Services User Data Policy.
  • Microsoft Graph API — Outlook (email reading/sending), OneDrive (document storage). Governed by Microsoft's API Terms of Use.
  • Google Gemini AI — Document analysis and natural language processing. Document content is sent to Gemini for processing and is subject to Google's AI data usage policies.
  • Supabase — Database hosting (PostgreSQL). All data encrypted at rest.
  • Vercel — Application hosting and serverless function execution.

We do not sell, rent, or share your personal information with third parties for marketing purposes.

4. Data Storage & Security

Our database is hosted on Supabase with encryption at rest and in transit (TLS 1.3). Authentication tokens are encrypted using industry-standard JWT with rotating secrets. API routes are protected by rate limiting and role-based access controls.

Your court documents and case files are stored exclusively in your own Google Drive or OneDrive account. CourtFlow does not maintain copies of these files. If you disconnect CourtFlow, your files remain in your Drive exactly as they are.

5. Data Retention

  • Account data: Retained while your account is active. Deleted within 30 days of account closure.
  • Email analysis summaries: Retained while your account is active.
  • Deleted items: Soft-deleted items are permanently removed after 30 days.
  • Activity logs: Retained for 12 months for audit and troubleshooting purposes.

6. Your Rights

You have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your account and associated data
  • Revoke OAuth access at any time from your Google or Microsoft account settings
  • Export your data in a machine-readable format
  • Opt out of non-essential communications

To exercise any of these rights, contact us at privacy@courtflow.ai.

7. Attorney-Client Privilege

CourtFlow AI is a tool for managing court documents and does not create an attorney-client relationship. We take the confidentiality of legal communications seriously. Our systems are designed to minimize data exposure — documents are processed in transit and stored only in your own cloud storage. However, you are responsible for ensuring your use of CourtFlow complies with your jurisdiction's rules of professional conduct regarding client data and cloud storage.

8. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of material changes via email or through the application. Continued use of CourtFlow after changes constitutes acceptance of the updated policy.

Questions?

If you have questions about this privacy policy or how we handle your data, contact us at privacy@courtflow.ai.