← Back to Atticus

Privacy Policy

Last updated: March 18, 2026

1. Who We Are

Atticus is a legal practice management platform operated by [Company Name] (“Atticus”, “we”, “our”). We are based in Canada and operate in compliance with the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial privacy laws including Quebec Law 25.

2. Data Residency

All customer data — including documents, transcripts, and client records — is stored exclusively on servers located in Canada (AWS ca-central-1, Montreal). Your client data never leaves Canadian jurisdiction.

3. What We Collect

  • Account information: name, email address, firm name, provided during registration via Clerk
  • Documents and files you upload for processing
  • Client records, matters, notes, and deadlines you create in the platform
  • Usage metadata: login timestamps, feature access logs for security and debugging
  • Payment information: processed by Stripe; we do not store card numbers

4. AI Processing

Atticus uses AI services to process your documents:

  • Anthropic Claude API — for summarization, entity extraction, and chat. Anthropic does not use API customer data for model training under their usage policies.
  • OpenAI Whisper API — for audio transcription. OpenAI does not use API data for training under their zero-data-retention policy.
  • Voyage AI — for generating document embeddings used in semantic search. Data is transmitted under a data processing agreement prohibiting training use.

None of your client data is used to train AI models by Atticus or any of its AI sub-processors.

5. How We Use Your Data

We use your data solely to:

  • Deliver the Atticus service as described
  • Process payments and manage your subscription
  • Communicate service updates, security notices, and billing information
  • Investigate security incidents and resolve technical issues

We do not sell, rent, or share your data with third parties for marketing purposes.

6. Security

  • All data is encrypted at-rest (AES-256) and in-transit (TLS 1.2+)
  • Access controls limit data access to service delivery purposes only
  • We conduct periodic security reviews

7. Data Retention and Deletion

Your data is retained for the duration of your subscription and for a period of 90 days following cancellation. You may request immediate deletion of your account and all associated data by contacting us at privacy@getatticus.ca. Documents are permanently deleted from all storage including backups within 30 days of a deletion request.

8. Breach Notification

In the event of a data breach that creates a real risk of significant harm, we will notify affected users and the Office of the Privacy Commissioner of Canada as required under PIPEDA. Quebec-based users will receive notification within 72 hours as required by Law 25.

9. Your Rights

Under PIPEDA and applicable law, you have the right to:

  • Access the personal information we hold about you
  • Correct inaccurate information
  • Withdraw consent and request deletion of your data
  • Lodge a complaint with the Office of the Privacy Commissioner

To exercise these rights, contact us at privacy@getatticus.ca.

10. Contact

Privacy inquiries: privacy@getatticus.ca