Privacy
Who we are
legality is a Claude Code plugin and MCP server. We provide AI-first contract review under Indian law and scheduling for consultations with Bar Council of India verified advocates. Contact: an@flowblinq.com.
What we collect
- Account identity. Your email, name, and unique user ID, received from Clerk after you authenticate via Google.
- Contract text you submit. Processed in-memory for analysis. Stored only as a sha256 hash plus the character length. The plaintext is never persisted.
- Analysis findings. Severity, category, statute or case-law references, and clause excerpts. Stored against your user ID.
- Consultation context. Matter type, your matter summary, preferred times, the advocate you select, and the scheduled time after booking.
- Recommendations you submit. The advocate ID and your government ID hash. Government ID itself is never stored. Only its sha256 hash with a per-deployment salt.
- Operational metadata. Each tool call records a hash of the input, the duration, the outcome status, and the source IP for incident response.
What we do not collect
- Your government ID number in plaintext. Hashed at receive.
- Your contract text in plaintext. Hash plus length only.
- Payment card details. Payments are out-of-band for V0.
- Browsing data, cookies for tracking, or any third-party advertising identifiers. legality runs no ad tech.
How we use it
- To run the AI contract analysis and return findings to you in your Claude Code session.
- To match you to an advocate whose practice areas cover your matter type.
- To pre-fill the advocate booking URL with your name and email and a correlation token.
- To notify the advocate of your matter context after you book (a matter brief, delivered by email).
- To investigate operational incidents and detect abuse.
Sub-processors
Data crosses these third parties as part of the service:
- Anthropic. Receives the contract text you submit, returns the analysis. Anthropic does not train on enterprise API traffic.
- Clerk. Authentication identity. Receives your email and Google sign-in flow.
- Neon. Managed Postgres. Stores all persistent state described above.
- Vercel. Hosting for the legality MCP server and the claudelaw.ai booking instance.
- Cal.com (self-hosted on claudelaw.ai). Operated by us. Stores advocate availability, your booking after you submit, and the matter context if you choose to share it during booking.
- Resend. Delivers the matter brief email to the advocate after you book.
Where data lives
Neon Postgres regions: AWS us-east-1 for the production environment. Data does not leave the AWS US-East region except in transit to Anthropic (US) and Clerk (US) for processing as described above. We are exploring an India-region migration in line with DPDP Act guidance.
Retention
- Contract analysis findings: 1 year, then archived to aggregate-only metrics.
- Consultation records: indefinite while your account is active. Deleted on request.
- Recommendation entries: append-only. Revocation by court order is reflected as a status flag, but the signed payload is preserved.
- Operational audit log: 90 days, then aggregated.
- Razorpay payment records, when wired: 7 years (Indian tax law).
Your rights under the DPDP Act
- Access. Request a copy of the data we hold about you.
- Correction. Ask us to correct inaccurate data.
- Erasure. Ask us to delete your account and associated data. Recommendation signatures are preserved with your government ID hash; we cannot reverse-resolve them to you.
- Grievance. Reach the data protection officer at an@flowblinq.com. We respond within 7 business days.
Security
All data in transit uses TLS. All data at rest is encrypted at the storage layer (Neon, Vercel). Government ID is hashed before storage with a per-deployment salt. Bearer-token authentication on the MCP API uses RS256-signed JWTs verified against the upstream JWKS.
Changes
Updates to this policy are posted here with a new effective date. Material changes are emailed to active users.
Disclaimer
legality is not a law firm. The AI analysis pipeline produces general legal information, not legal advice. For binding legal advice, consult a Bar Council of India licensed advocate via the consultation flow.