This Privacy Policy explains how Turbo Law ("Turbo Law," "we," "us," or "our") handles personal information when you visit www.turbolaw.ai or use our products, apps, and support channels (the Services). We built this policy to be practical and global. It covers U.S. state privacy laws (e.g., CPRA and similar state statutes) and international regimes (e.g., EEA/UK/Swiss GDPR). Where local law requires additional terms, those will control. If you do not agree with this Policy, please do not access or use the Services.

1. Scope & Roles

Scope: Website, app, product UIs/APIs, and our support/communications channels.

Controller vs. Processor: For Website visitors, leads, and marketing contacts, Turbo Law is a controller. For Customer Content that organizations submit to our platform (e.g., case files, documents, medical records), we act as a service provider/processor and handle that content only to provide the Services and as permitted by the customer agreement.

2. Information We Collect

We collect information in three ways—(a) you provide it, (b) we collect it automatically, and (c) we receive it from your organization or third parties.

Example

• Identifiers & contact: name, email, phone, firm, role, account credentials

• Device & network activity: IP address, browser/device type, pages viewed, app events, crash/error logs, cookie and advertising identifiers.

• Commercial & usage: subscription tier, transactions, in-product activity (features used), and support interactions

• Communications & content: messages, tickets, chat/call recordings (where lawful), and feedback

• Customer Content (your organization's data): case files, documents, attachments, and other data your organization submits to the Services.

• Job applicant data: resume/CV details, work/education history, and information you provide during hiring.

• Sensitive data: may appear only inside Customer Content (e.g., health/medical details). We do not collect this from Website visitors for marketing.

  
  

We do not knowingly collect information from children. See 12

3. Sources of Information

You and your organization (account setup, support, product use)

• Your devices/browsers (automatic collection via cookies/SDKs)

• Public and enterprise sources (e.g., business contact directories) where lawful

4. How We Use Information

Provide, operate, and secure the Services; authenticate users; prevent, detect, and remediate fraud/abuse

• Troubleshoot and support; communicate about the Services

• Analyze usage to improve stability, performance, and features

• Send transactional messages (e.g., security and product notices) and—where permitted—product updates/marketing (you can opt out anytime)

• Comply with legal requirements and enforce our terms

AI & data use: We do not use Customer Content to train or improve foundation models. Any evaluation or fine-tuning on Customer Content occurs only at the customer's direction. When we use third-party AI infrastructure (e.g., cloud/LLM providers), they are contractually prohibited from training their models on your data for other customers.

Legal bases (EEA/UK/Switzerland where applicable): performance of a contract; legitimate interests (e.g., security, product improvement); consent (e.g., certain cookies/marketing); legal obligations; vital interests (rare).

5. Cookies and Online Tracking

We use cookies and similar technologies for operations, security, and analytics. Manage cookies in your browser and, where offered, in our cookie banner.

• We honor Global Privacy Control (GPC) signals as an opt-out of "sale"/"sharing," where applicable.

• We do not respond to legacy Do-Not-Track (DNT) signals

• A "Cookie Preferences / Do Not Sell or Share" link may appear in the footer where required by law.

6. When We Disclose Information

We disclose information to:

• Service providers/Processors for hosting, storage, analytics, communications, customer support, billing/payments, security, and AI infrastructure—under contracts limiting use to our instructions

• Your organization (if your firm administers your account)

• Legal & safety purposes (e.g., to comply with law, protect rights, investigate misuse)

• Business transfers (e.g., merger, acquisition, financing), with appropriate safeguards

We do not sell personal information and do not share it for cross-context behavioral advertising.

7. Retention

We retain Website/marketing data for about 13–24 months from last interaction unless a longer period is required by law or necessary for legitimate business needs. Customer Content retention and deletion are governed by the customer agreement (and, where applicable, a HIPAA BAA). When retention ends, we delete or de-identify information consistent with our policies and applicable law.

8. Security

We use administrative, technical, and physical safeguards (e.g., encryption in transit/at rest where appropriate, access controls, logging/monitoring, secure development practices). No system is 100% secure—please use strong, unique passwords and enable available security features.

9. International Data Transfers

We may transfer and store information in countries other than yours (including the U.S.). Where required, we use approved safeguards (e.g., EU Standard Contractual Clauses and the UK Addendum/IDTA). Summaries of these safeguards are available upon request (subject to redactions).

10. Your Privacy Rights

Your rights depend on your location. Subject to legal limits, you may have rights to:

• Access/Know whether we process your data and obtain a copy

• Correct/Rectify inaccurate data

• Delete/Erase data

• Portability of certain data

• Object/Restrict certain processing (e.g., marketing; legitimate-interest processing)

• Opt-out of sale/share/targeted advertising and certain profiling (we do not sell/share PI for cross-context behavioral ads)

• Withdraw consent where processing relies on consent

How to exercise: Email info@turbolaw.ai or (if available) use the Your Privacy Choices link in the footer or product. We may verify your request and, in some regions, you may use an authorized agent. Where required (e.g., CO/CT/VA), we offer an appeal process if we deny your request. We will not discriminate against you for exercising your rights.

EEA/UK/Swiss individuals: You may contact your local supervisory authority if you believe our processing violates applicable law; please contact us first so we can help.

11. HIPAA, Privelege and Confidentiality

If we handle Protected Health Information (PHI), we act as a business associate and will sign a Business Associate Agreement (BAA). We do not use PHI for marketing or to train foundation models. We do not assert or waive attorney-client privilege or work product protections on your behalf. Access to Customer Content is limited to authorized personnel for legitimate purposes (e.g., support, security) as allowed by contract.

12. Children

Our Services are intended for professional/business use and are not directed to children. We do not knowingly collect information from children under 18 (or the age defined by local law). If you believe a child has provided information, contact us and we'll take appropriate steps.

13. Changes to This Policy

We may update this Policy from time to time. The "Effective date" shows when it last changed. If we make material changes, we'll provide notice as required by law. Your continued use of the Services after changes means you accept the updated Policy.

14. Contact Us

Email: info@turbolaw.ai
If you are a business customer and need our sub-processor list or have data-handling questions, contact your account representative or email info@turbolaw.ai.