Habeas – Privacy Policy

1. Introduction

At Habeas we are committed to protecting the privacy and confidentiality of our users. This Privacy Policy outlines our practices concerning the collection, use, and protection of information on our AI legal research platform, Habeas ("the Service").

2. Information We Collect

We collect and process the following types of information. Please keep in mind these facets of our platform must be tracked to ensure user security and application performance.

a) Account Information

  • User name and organisation-affiliated email address
  • Account login information

b) Usage Data

  • Interaction with our Service
  • Information provided through feedback forms, buttons and surveys
  • User search queries and research patterns
  • Features and tools used

c) User-Generated Content

  • The content of the prompts, conversations and questions users submit to the Habeas Platform, whilst not directly monitored, will be stored and flagged if they violate rules of engagement.
  • Documents uploaded for analysis (subject to our anonymization requirements) 

d) Technical Data

  • IP address
  • Browser type and version
  • Device information
  • Log data

Please note that the collected technical data is in line with standard practice.

3. How We Use Your Information

  • To provide and maintain our Service
  • To improve and personalize our legal research tools
  • To analyze usage patterns to enhance our AI models and core software
  • To communicate with you about our Service
  • To comply with legal obligations

4. Data Minimization and Anonymization

We are committed to the principle of data minimization:

  • Do not, under any circumstances, submit client information or any client-identifying information to the Habeas platform.
  • Our systems incorporate some guardrails for detecting and redacting potential personally identifiable information (PII) from submitted queries and documents.
  • Saying this, anything a user submits to a chat window or search bar will be registered on the internal database, and thus it is crucial users are responsible and reasonable in their formulation and submission of prompts.

5. Data Storage and Security

We implement stringent technical and organizational measures to protect your data:

  • All data is encrypted in transit and at rest using industry-standard encryption protocols including the use of JSON web tokens
  • We use secure databases located in Australia for the application's core functionality, including storing usernames, private user details and private conversations
  • Regular security audits and penetration testing are conducted on the Habeas Database
  • However, keep in mind that changes to the product are being implemented regularly. This means that we reserve the right to change data structures, or delete user data when necessary. For example, if a user submits private client confidential data and breaks our terms of service, we reserve the right to delete said data.
  • We leverage external API providers, including OpenAI and Anthropic, and we encourage users to read the privacy policy associated with these platforms.

6. Data Retention and Deletion

  • Account-associated information is retained for the duration of your account's active status. This is crucial in ensuring our own compliance
  • Anonymized query data may be retained indefinitely for service improvement purposes
  • You may delete your account and associated data at any time, from within the Habeas platform

7. Third-Party Services

We may use third-party services for certain functions (e.g., cloud storage, analytics or API services). These services are carefully selected for the application's core functionality.

Please consider that when utilising tools on the platform that utilise OpenAI's external API, the considerations of submitting private information or client information become particularly important.

8. User Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal data we hold about you
  • Correct any inaccurate personal data
  • Request deletion of your personal data
  • Object to or restrict the processing of your personal data
  • Data portability

9. Data Transfers

If we transfer your data outside your jurisdiction, we ensure appropriate safeguards are in place to protect your privacy rights.

10. Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date.

11. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us through the Habeas website's provided contact details.