LeanLaw
Privacy Policy

Last Update: 8-20-2024

UserFirst Software, Inc., dba LeanLaw (“LeanLaw”, “we,” “us,” and “our”) owns and operates the LeanLaw mobile application (the “App”) and the website located at https://www.leanlaw.co (the “Site“) through which it provides a cloud-based legal timekeeping and billing software (the App and the Site are collectively referred to herein as the “Platform”).

We are committed to respecting and protecting your privacy. This privacy policy (“Privacy Policy”) describes our privacy practices in connection with our Services (as defined below), including the personal information we collect about you, how we use your personal information, who we may disclose your personal information to, your choices and rights with respect to the personal information we collect about you, and our contact information

By using the term “personal information” in this Privacy Policy, we mean information from or about you that can be used to uniquely contact, identify, or locate you.

If you reside in the United Kingdom (“UK”), Switzerland or the European Economic Area (“EEA”), please see the “EU/UK Specific Terms” section at the end of this Policy for additional terms and rights that apply to you.   Please note, however, that regardless of where you reside, you authorize us to transfer, store, and use your personal information in the United States, and any other country where we operate. In some of these countries, the privacy and data protection laws and rules regarding when government authorities may access data may vary from those in the country where you live. Learn more about our data transfer operations in the “International Transfer” section below. If you do not agree to the transfer, storage and use of your information in the United States, and any other country where we operate, please do not use the Platform or Services.

SCOPE

This Privacy Policy applies to your use of the Platform, the services, features, functionality, and tools we provide through the Platform (together with the Platform, collectively the “Services), as well as when you contact us, use our social media pages, or otherwise interact with us and the Services. 

Our Privacy Policy does not apply to services offered by other companies (e.g., QuickBooks), including products or sites that may be displayed to you, or other sites linked from our Platform and/or Services. Our Privacy Policy does not cover the information practices of other companies and organizations who advertise our Platform/Services, and who may use cookies, pixel tags and other technologies to serve and offer relevant ads.

If you have any questions regarding how we process your personal information, please contact us at [email protected]

CHANGES TO THIS PRIVACY POLICY

From time to time, we may change or update this Privacy Policy. We reserve the right to make changes or updates at any time. If we make material changes that meaningfully impact the way we process your personal information, we will notify you by posting a notice on the Platform, by sending you an e-mail, or by other means consistent with applicable law.

You can see when this Privacy Policy was last updated by checking the “Last Updated” date at the top of this Privacy Policy.  Please review this Privacy Policy periodically to stay informed about how LeanLaw protects your privacy.

INFORMATION WE COLLECT ABOUT YOU

As described in more detail below, we collect personal information about you from a variety of sources, including directly from you when you provide it to us, from third party sources, and automatically when you access or use the Platform and Services.  

Information We Collect Directly From You

We collect information that you provide directly to us when you access or use the Platform or Services, request a demo, start a Subscription, set up a user account, request support, or otherwise communicate with us.  Such information includes your name, email address, phone number, mailing address, payment information, (i.e., credit card number and billing address or other payment method information), and login credentials (i.e., user name and password).    

Information We Collect From Third Parties 

LeanLaw obtains information from third party providers in order to improve the accuracy of our customer database, increase our understanding of our customers, or to identify potential customers. For example, we get updated addresses from the National Change of Address (NCOA) service to ensure we have the correct contact information for our customers.

We use a single sign-on services that allows you to sign into your account using your third-party login credentials such as your Google or Microsoft accounts. When you use such services, we collect your name, email address, and if applicable, firm name from such third party.

LeanLaw also collects information from third parties where you have provided authorization or consent for us to access information from your account with such third party.  For example, we access accounting information from your QuickBooks Online account (which is required for our Platform to function).  We may also access your email or calendar from your Microsoft 365 account if you enable such features.  

If you have any questions regarding personal information that we collect from third parties, please contact us at [email protected].  

Information We Collect Automatically

We and our third-party service providers automatically collect information, including Personal Information, from and about you.  Such information may include:

  • Device Information. Information about your device(s) including IP address, log information, error messages, device type, and unique device identifiers. 
  • Usage Data. Information that your browser or device automatically sends to us when you use the Platform and/or Services, including pages and content viewed, the Services and features interacted with and actions taken, browser type, the dates and times of access, and computer/internet connection.
  • Location information. Information such as time zone setting and location, device motion information, other geolocation information.
  • Communication interaction data.  Information from email providers, communication providers and social networks, such as your interactions with our email or other communications, click-throughs, date/time stamps, and your preferences and consent in receiving electronic communications. 
  • Session recordings. Recording your sessions/chat bots when interacting with our Services. 
  • Cookies/Tracking Technologies: Like must websites, mobile apps, and online services, cookies and other tracking technologies are used on our Platform. See the Cookies/Tracking Technologies section below for more information regarding how Cookies are used on our Platform to collect information from and about you.

COOKIES/TRACKING TECHNOLOGIES

We use cookies and other tracking technologies on our Platform to recognize you and customize your and other users’ experience. We and third-party companies may use these technologies whenever you visit our Platform or use our Services.

Cookies.

A “cookie” is a piece of information sent to your browser by a website you visit. It lets the website remember what you do and any settings you choose (e.g., login information). Cookies make your experience more convenient and personalized.  

Cookies set by us on the Platform are called “first party cookies”. We may also allow our business partners and other third-party companies to set cookies on our Platform which are called third-party cookies.  Third-party cookies enable third party features or functionality to be provided on or through the Platform (e.g., analytics).  Such third-parties can recognize your device when it visits our Platform as well as when you visit other websites.  

We use first party and third party cookies for several reasons. Some cookies are required for technical reasons in order for our Platform to operate and to provide you the Services, and we refer to these as “essential” cookies.  Essential cookies are used to allow you to log into the Platform and help the content you request load quickly. 

Other non-essential cookies allow us to collect information regarding your interactions with the Platform and our Services to customize your experience and remember choices you make when you use our Services, such as remembering your login details. The purpose of these cookies is to provide you with a more personal experience and to avoid you having to reenter your preferences every time you visit our Services.

We may use also use first party and third-party non-essential cookies to enable us to track and target the interests of our users to enhance the experience.  Third parties serve non-essential cookies through our Platform and Services for advertising, analytics, and other purposes.  Such non-essential cookies are used to collect information about traffic to our Platform and how users interact with our Services, such as the number of visitors to our Platform, the referring websites, the pages visited on our Services, and other similar information.  Non-essential cookies are also used on our Platform to help us to promote and market our Services.

You have the right to decide whether to accept or reject cookies. You can set or amend your web browser controls to accept or refuse cookies. Each browser is different, so you should check your browser’s Help menu to learn how to change your cookie preferences. However, please note that if you reject or block cookies from the Services, the Services may not function as intended. For example, you will not be able to remain logged into your Account, and therefore, you would have to log in during each page transition. 

Session-Replay Technologies. 

We utilize session replay technologies, such as Sentry, on our Platform to collect information regarding your behavior on the Platform and Services. Session replay technology allows us to record and playback your interactions with our Platform, such as mouse movements, clicks, and keystrokes. This enables us to gain valuable insights into how you navigate our Platform, identify areas for improvement, and help troubleshooting in case of problems. The information captured through session replay technology is used for various purposes, including, to enhance your browsing experience, improve the functionality of our Platform and Services, and to identify and address any technical issues or errors that may arise during your use of the Platform. 

Push Notifications.  

If you downloaded the App on your mobile device to access our Services, as part of your use, we may ask if you would like to receive push notifications, which may include alerts and notifications, badges, banners, and sounds on your mobile device. You may choose to stop receiving push notifications at any time by changing the settings on your mobile device. 

Third-Party Tracking Technologies.  

We and our business partners may also use other technologies to track your use on our Platform and Services, such as clear gifs (a.k.a. web beacons), pixels, and other third-party tracking technologies to that help us better manage the Platform and Services by informing us what content is effective and to gauge the effectiveness of certain communications.

Please be advised, however, that our business partners and other third-party’s use of information collected via third party cookies and tracking technologies is beyond the scope of this Privacy Policy. Third parties use such information for advertising, analytics, and other purposes.  

HOW WE USE YOUR INFORMATION 

We and our third-party service providers use the information, including personal information, collected from and about you for the following purposes:

  • Operating and providing the Platform and Services;
  • Providing demonstrations;
  • Administering, managing, and providing your subscriptions and accounts;
  • Managing and processing payments;
  • To identify products, services, and offers you may be interested in based on your transactions and interactions with us.
  • Personalizing and improving our Platform, Services, your experience, and our business. 
  • Communicating with you, including responding to inquiries or requests for information, as well as sharing updates with you and for customer service-related purposes.
  • Security purposes, including monitoring, risk assessment, addressing integrity and security issues, identity verification, and fraud and crime prevention and detection.
  • Promotional, marketing, and advertising related purposes.
  • Other business purposes, including, without limitation, administrative, planning, marketing, research and development, analytics, quality control, investigating complaints, and dispute resolution.
  • Complying with legal obligations, law enforcement, and legal processes, and to protect our rights, privacy, safety or property, and/or that of our customers, business partners, service providers, or other third parties.
  • Otherwise as described at the time of collection and/or accordance with your consent.

HOW WE SHARE YOUR INFORMATION 

We may share and disclose your personal information to other companies or entities as follows:

  • Affiliates, subsidiaries and business partners for the purposes set out in this Privacy Policy. 
  • Service providers who provide a variety of services on our behalf and in connection with our Platform and provision of Services, including, hosting, communications, development, administrative, and marketing. We contractually require our service providers to hold, use, and disclose your personal information in accordance with this Privacy Policy and applicable privacy laws and regulations.
  • Professional advisors, such as lawyers, auditors, bankers, and insurers, in the course of the professional services they render to us. 
  • Law enforcement, in response to a subpoena or court order, or for other legal purposes such as to establish or exercise our legal rights, to assert or defend against legal claims, or if we believe such disclosure is necessary to investigate, prevent, or take other action regarding actual or suspected illegal or fraudulent activities or potential threats to the physical safety or well-being of any user or other person.
  • Third parties in connection with a merger, asset sale, financing, investment, liquidation, bankruptcy, or dissolution during the course of such transaction.  In any such transactions, your personal information is a company asset that may be sold or transferred to third parties.  
  • In de-identified and/or aggregated form for any other purpose as permitted by applicable law—provided that such information is not readily re-identifiable. 

If you are an authorized user of the Platform through your law firm or other business for whom you work, we will share your personal information with your firm, which has the ability to review and manage your use of the Platform and Services under your firm’s subscription.

YOUR CHOICES AND RIGHTS

We provide you with the following rights to manage the privacy of your personal information:

  • Updates. You may edit and update certain personal information at any time by changing it in your Account profile.
  • Cookies and other Tracking Technologies. Your browser or device can allow you to opt-out of data collection from cookies or similar tacking technologies by setting your browser to refuse all or some of the web technologies employed on our Site.  The ‘Help’ feature on most browsers will tell you how to prevent your browser from accepting new Cookies, how to have the browser notify you when you receive a new Cookie, how to block Cookies, and when Cookies will expire. If you block all Cookies on your browser, neither we nor third parties will transfer Cookies to your browser.  Please note that your experience using the Platform and Services might be degraded, or certain functionalities may not work, if you opt-out to such collection.  For more details on cookies, please visit https://allaboutcookies.org/
  • Marketing Communication. To update your marketing communication preferences, you can go to your Account settings or contact us as set forth below in the “Contact Us” section. You may also unsubscribe using the link found at the bottom of all marketing and promotional emails you receive from us.

Depending on where you live, you may also other rights with respect to your personal information. Please see the EU/UK Specific Terms section below to learn more about such additional rights.

OPT-IN/OPT-OUT POLICY

By providing an email address via the Platform or Services, you agree that we may contact you in the event of a change in this Privacy Policy, to provide you with any Service related notices, or to provide you with information about our events, invitations, or related educational information.

For purposes of this Privacy Policy, “opt-in” is generally defined as any affirmative action by you to submit or receive information, as the case may be.

We currently provide the following opt-out opportunities:

  • At any time, you can follow a link provided in offers, newsletters or other email messages (except for Service related communications) received from us or our partners to unsubscribe from such communications.
  • You can contact us at [email protected] to opt-out of your subscription auto renewing and/or to opt-out of our right per your consent under the terms of this Privacy Policy to share your personal information.

Notwithstanding anything else in this Privacy Policy, please note that we always reserve the right to contact you in the event of a change in this Privacy Policy, or to provide you with any Service related notices.

DATA SECURITY AND RETENTION

Security.

We protect your personal information that is under our control using reasonable and appropriate physical, technical, and administrative security measures to reduce the risks of loss, misuse, unauthorized access, disclosure, and alteration, including, without limitation, encryption, firewalls, and Secure Socket Layer software (SSL) or hypertext transfer protocol secure (HTTPS). However, we cannot completely ensure or guarantee that unauthorized access, disclosure, hacking, data loss, or other breach will never occur. 

In the event of a breach, we will take reasonable steps to investigate the situation and, where appropriate, notify affected individuals as required by applicable laws and regulations. 

You remain responsible for protecting your username and password and for the security of information you transmit to the Platform over the Internet.

Retention.

We will keep and retain your personal information for as long as we have a relationship with you or in accordance with applicable data retention policies. Thereafter, we retain your personal information as is reasonably necessary to comply with our legal obligations (including law enforcement requests), meet regulatory requirements, resolve disputes, maintain security, prevent fraud and abuse, enforce our Terms of Use and/or in accordance with our data retention policy.  We decide how long we need Personal Information on a case-by-case basis, which means we may keep different information for different periods. Thereafter, we will destroy or de-identify and/or anonymize personal information.

Upon your written request we will delete personal information stored by us, except as otherwise necessary for the above specified purposes.

INTERNATIONAL TRANSFERS

We process and store your personal information in the United States and in any other country where LeanLaw or our business partners and service providers operate facilities in accordance with and as permitted by applicable laws and regulations. Some of these countries may have data protection laws that are different from the laws of your country (and, in some cases, may not be as protective).

When we transfer, store, or process personal information outside of your jurisdiction (including to or in the United States, as described above), we take appropriate safeguards to require that your personal information remain protected in accordance with this Privacy Policy and applicable law.

CHILDREN

Our Platform and Services are directed to and intended for adults. We do not accept children under 18 as clients or knowingly collect personal information from them.  If you believe we may have collected personal information from a child under 18, please contact us.

EU/UK SPECIFIC TERMS

If you are located in the European Economic Area (“EEA”) or the United Kingdom (“UK”), the EU General Data Protection Regulation (“EU GDPR”) and the UK’s Data Protection Act 2018 (“UK GDPR”) (collectively referred to herein as the “GDPR”) provide you with additional rights regarding our collection and use of your “personal data” as set forth below.

Personal Data.

The GDPR defines “personal data as any data that identifies or can identify a particular unique user or device, including, name, address, mobile device identifiers, precise location data, IP, cookie identifiers, and biometric data, among others.

Legal Basis for Processing Your Personal Data.

We collect and process your personal data only where we have lawful basis for doing so under the GDPR. Our legal basis for collecting and using the personal information described in this Privacy Policy depends on the type of personal information and the specific context in which we collect it.  We collect personal information from you on the following legal bases:

  • We have your consent to do so;
  • We have a contract with you and it is necessary to process your personal information to perform our contract with you, including to provide you with Platform and Services, bill and process payments for your subscription, and operate our business; 
  • The processing is in our legitimate business interests, such as operating our businesses, improving and developing the Platform and our Services, communicating with you, marketing our offerings and services and personalizing your experience, enhancement of our cybersecurity, and to detect and prevent illegal activities such as fraud; and/or
  • To comply with legal requirements, including applicable laws and regulations.

LeanLaw weighs the necessity of our processing your personal information for our legitimate business interests against your privacy and confidentiality interests, including taking into account your reasonable expectations, the impact of processing, and any safeguards which are or could be put in place. In all circumstances, we will limit such processing for our legitimate business interest to what is necessary for its purposes and maintain robust safeguards to ensure that your privacy is protected and to ensure that our legitimate interests are not overridden by your interests or fundamental rights and freedoms.

Personal Data Transfers.

LeanLaw is based in the United States, and the Platform and our Services are controlled and operated by us and our third-party provides from the United States. We send information we collect from you to our secure services in the U.S. where we store and process it in accordance with this Privacy Policy.  

When we transfer personal data outside of the EEA, or UK, or to countries the EU has deemed as having inadequate protections, we take steps to make sure that appropriate safeguards are in place to protect your personal data, including, but not limited to, making such transfers in accordance with the European Commission approved Standard Contractual Clauses. In these Standard Contractual Clauses, we make commitments with respect to the privacy and security of such personal data. For more information on the Standard Contractual Clauses, please visithttps://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en

Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA or UK.

Your Personal Data Rights.

In addition to the choices and rights set forth above, the GDPR grants you the following rights with respect to your personal data. 

  • Right to be informed: You are entitled to be informed of the use of your personal data. This Privacy Policy provides such information to you
  • Right to access: You have the right to request access to your personal data which we maintain, and if you choose, receive a copy of such data.
    • Right to delete or erase: You have the right to request that we delete your personal data which we maintain in certain circumstances, for example where we no longer have a legitimate interest to maintain it. 
    • Right to correct/rectify/update: You have the right to correct personal data that we hold about you. 
    • Right to data portability: You have the right to request that your personal data which you have provided directly to us be provided to you or another data controller in a structured, commonly used and machine-readable format.
  • Right to restrict processing:  Under some circumstances, you may request to restrict our use of your personal data, for example where we have a legitimate interest.  You also have a right to object to our processing of your personal data for direct marketing purposes.
  • Right to withdraw consent: If your personal data is processed by us on the legal basis of consent, you have the right to withdraw your consent. Withdrawing your consent will not affect the lawfulness of processing we conducted prior to such withdrawal, nor will it affect the processing of your personal data conducted in reliance of a legal basis other than consent. 
  • Right to refuse to be subjected to automated decision making, including profiling: You have the right not to be subject to a decision and insist on human intervention if the decision is based on automated processing and produces a legal effect or a similarly significant effect on you
  • Right to lodge a complaint: If you have a complaint about how we use your personal data, we hope that you will contact us at [email protected]. However, you can always file a complaint with the data protection authority in your jurisdiction. For more information, please contact your local data protection authority.  Contact details for data protection authorities in the EEA are available at https://edpb.europa.eu/about-edpb/board/members_en. Contact details for the data protection authority in the UK is available at https://ico.org.uk/.

How To Exercise Your Rights.

If you would like to exercise any of your rights, please send us an email at [email protected].  Please note that we may require additional information from you to verify your request or that you are authorized to act on the behalf of another.  This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We will only use the information you provide to us when exercising your rights above to verify your identity or authority to make the request.  In some cases, our ability to honor your rights may depend upon our obligations to process personal data for security, safety, fraud prevention reasons, compliance with regulatory or legal requirements, or because processing is necessary to deliver the Services you have requested. Where this is the case, we will inform you of specific details in response to your request.

CONTACT US

For questions about our privacy practices, this Privacy Policy, and/or to exercise any of your choices or rights in connection with your personal information, please email us at [email protected]

Free Trial
Get a Demo

See invoices paid 70% faster with LeanLaw’s streamlined accounting workflows. Boost collections and increase your cash flow. LeanLaw is the alternative to law practice management software.

Free Trial
Get a Demo

Certified Legal Manager Provider

QuickBooks Online
Premium App Partner

QuickBooks

888.882.3017

Privacy Policy | Terms of Use | Service Level Agreement
© 2024 LeanLaw. All Rights Reserved