Skip to main content
Legal

Privacy Policy

Your privacy matters. Learn how we collect, use, and protect your information.

Last updated: April 11, 2026

1. Introduction

This Privacy Policy explains how Clienty collects, uses, and protects your personal information.

2. Information We Collect

We collect personal information like your name, email, username, and password when you sign up. We store files you upload in AWS S3. We use Anthropic (Claude) for AI-assisted features such as chat, document summarization, and other tools described in this policy; we use OpenAI only for text-to-speech audio generation for document summaries. We use Twilio for messaging services. If you connect your Microsoft calendar, we access and sync calendar data (events, attendees, availability) from Outlook via the Microsoft Graph API and store it in our database for display. If you connect your Google account, we access and sync calendar data (events, attendees, availability) from Google Calendar via the Google Calendar API and store it in our database for display. Trust ledger entries (amounts, dates, descriptions, payment methods) you enter are stored in our database for record-keeping.

3. How We Use Your Information

We use your information to provide our CRM services, including AI-assisted features powered by Anthropic (Claude), messaging reminders via Twilio, managing your calendar events (including sync with Microsoft Outlook and Google Calendar), payment processing via Stripe, and trust account ledger record-keeping. We may also use your data to improve our services.

4. AI Document Summarization & Text-to-Speech

Clienty offers AI-powered document summarization (via Anthropic Claude) and text-to-speech (via OpenAI) to help you quickly understand and review uploaded documents. When you use these features, the following applies:

  • Summarization (Anthropic): When you click "Summarize" on a document, the text content is extracted on our servers and sent to Anthropic's API (Claude) for processing. Only the document text is sent — not filenames, client names, matter details, or other metadata.
  • Third-Party Processing: Anthropic processes API requests according to its privacy policy and terms; we log usage for billing and operations. See Anthropic's Privacy Policy (anthropic.com/legal/privacy) for how API data is handled.
  • Summary Storage: AI-generated summaries (title, summary text, and key points) are stored in our database and linked to the originating document and matter. You can delete any summary at any time.
  • Text-to-Speech (OpenAI): When you use the "Listen" feature, the summary text is sent to OpenAI's text-to-speech API. The generated audio is streamed directly to your browser and is not stored on our servers.
  • Credit Usage: Document summarization consumes 1–3 AI credits depending on document size. First-time text-to-speech playback consumes 1 AI credit; subsequent replays are free.
  • Encryption: Documents are encrypted at rest in AWS S3 using AES-256 encryption and transmitted over TLS 1.2+ encrypted connections. API communications with Anthropic and OpenAI are encrypted via TLS.
  • Attorney-Client Privilege: You are responsible for ensuring that your use of AI summarization features complies with your jurisdiction's rules regarding attorney-client confidentiality, work product doctrine, and professional conduct.
  • Opt-Out: AI summarization is entirely opt-in. No document content is ever sent to AI services unless you explicitly click the Summarize button.

For more detail on how each provider handles API data, see Anthropic's Privacy Policy (summarization) and OpenAI's Enterprise Privacy Policy (text-to-speech).

5. AI Assistant Chat

Clienty provides an AI-powered chat assistant (Anthropic Claude) that allows you to ask questions about your matters, clients, leads, and general legal topics. When you use the AI Assistant, the following applies:

  • Data Sent to Anthropic: When you send a message, the AI Assistant sends your conversation history and relevant context (matter details, client information, notes, document summaries) to Anthropic's API for processing. Only data from your organization is included.
  • No Cross-Organization Data Sharing: AI conversations are strictly scoped to your organization and your user account. No data from other organizations is ever included in your AI context.
  • Third-Party Processing: Conversation content is processed by Anthropic according to its policies. See Anthropic's Privacy Policy (anthropic.com/legal/privacy).
  • Case Law Search: When you ask about case law, the AI Assistant may search CourtListener, a free public legal database. Only your search query is sent — no client data or organizational information is shared.
  • Conversation Storage: Your AI conversations are stored in our database, encrypted at rest using AES-256 encryption, and accessible only to your user account within your organization.
  • Data Minimization: The AI Assistant only accesses the minimum data necessary to provide context — matter name, status, billing details, recent notes (up to 20), and document summaries (up to 10). Full document content is never sent.
  • Opt-In Only: The AI Assistant is entirely opt-in. No data is sent to AI services unless you actively open the AI Assistant and send a message.

6. Other AI-Powered Features (Speedy Trial, Scoresheets, Templates)

Additional tools use Anthropic (Claude) through our servers when you choose to use them. Requests are associated with your organization for billing and abuse prevention.

  • Speedy Trial Calculator: When you request rules for a U.S. state or jurisdiction, we send a prompt including the state or jurisdiction code to Anthropic to return structured speedy trial parameters. Cached rule sets may be stored temporarily to improve performance. Output is informational only and is not legal advice.
  • Sentencing Scoresheet: AI-assisted statute lookup sends your charge description and state code to Anthropic. Scenario or strategic analysis may send structured scoresheet working data and calculation results to Anthropic. Only your organization's scoresheet data is used.
  • Template generation: If you use AI to help draft or refine document templates, the content you provide is sent to Anthropic under the same organizational scoping as other AI features.
  • Third-party terms: Processing is subject to Anthropic's Privacy Policy. These features are optional; avoid entering unnecessary personal or privileged information beyond what you need.

7. SMS Communications & TCPA Compliance

We use Twilio as our SMS messaging provider to enable communication between your organization and your clients. To ensure compliance with the Telephone Consumer Protection Act (TCPA) and Twilio's Messaging Policy, we implement the following practices:

  • Sender Identification: All outbound SMS messages are automatically prefixed with your organization's name to clearly identify who is contacting the recipient.
  • Opt-Out Mechanism: Recipients can opt out of receiving SMS messages at any time by replying with STOP, STOPALL, UNSUBSCRIBE, CANCEL, END, or QUIT.
  • Opt-In Mechanism: Recipients who have opted out can opt back in by replying with START, YES, or UNSTOP.
  • Consent Records: We maintain audit logs of all opt-in and opt-out actions for TCPA compliance purposes, including the date, time, and method of consent changes.
  • Message Content: SMS messages may include appointment reminders, payment reminders, case updates, and other communications related to your services.

By using our SMS features, you agree to comply with all applicable laws regarding electronic communications, including obtaining proper consent from recipients before sending messages.

8. Team Chat & Internal Communications

Our Team Chat feature enables real-time communication between team members within your organization. When you use Team Chat, we collect and process the following information:

  • Message Content: Text messages, GIFs (via Giphy), and emoji reactions you send in chat threads.
  • File Attachments: Files you share in chat conversations are stored securely in AWS S3.
  • Metadata: Timestamps, read receipts, typing indicators, and thread membership information.
  • Mute Preferences: Your notification preferences for each chat thread.

Data Retention: Chat messages are retained for compliance and audit purposes. When you delete a chat or leave a group, messages remain accessible to other participants but are hidden from your view.

Visibility: Chat messages are only visible to members of the specific thread (direct messages or group chats). Your organization's data is isolated from other organizations.

Third-Party Services: Team Chat uses Giphy for GIF search functionality. When you search for GIFs, your search queries are sent to Giphy. Please refer to Giphy's Privacy Policy for more information.

9. Payment Processing & Stripe Connect

We use Stripe Connect to process payments and invoices on behalf of your organization. When you or your clients make payments through our platform, the following information is collected and processed:

  • Payment Information: Credit card numbers, bank account details, and billing addresses are collected and processed directly by Stripe. We do not store full payment card numbers on our servers.
  • Transaction Data: Payment amounts, dates, invoice references, and payment status are stored to maintain accurate billing records.
  • Stripe Account Information: If your organization connects a Stripe account, we store your Stripe account ID and connection status to facilitate payment processing.
  • Invoice Records: We maintain records of invoices created, sent, and paid through our platform for accounting and compliance purposes.

Data Sharing with Stripe: Payment information is shared directly with Stripe for processing. Stripe may use this data in accordance with their Privacy Policy.

Data Retention: Payment transaction records are retained for a minimum of 7 years for tax and legal compliance purposes. You may request deletion of payment data after this retention period by contacting us.

10. Calendar & Trust Ledger

Microsoft 365 & Outlook: When you connect your Microsoft account, we access calendar data (events, attendees, availability, shared calendars) via the Microsoft Graph API. This data is synced and stored in our database to display events and manage scheduling. Microsoft's Privacy Statement applies to data processed by their services.

Google Calendar: When you connect your Google account, we access calendar data (events, attendees, availability, calendar lists) via the Google Calendar API. This data is synced and stored in our database to display events and manage scheduling. Clienty's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. We only use Google Calendar data to provide and improve our calendar integration features. We do not use Google user data for serving advertisements or sell it to third parties. You may revoke access at any time through your Google Account permissions or by disconnecting the integration in Clienty. Google's Privacy Policy applies to data processed by their services.

Trust Account Ledger: When you use the trust ledger feature, we store transaction records you enter (amounts, dates, descriptions, payment methods such as check numbers or transaction references). This is for record-keeping only; we do not process or hold trust funds.

11. Data Sharing

We do not sell your data. We share it with service providers like AWS, Anthropic (Claude for AI features), OpenAI (text-to-speech only), Twilio, Stripe, Microsoft (for calendar integration), Google (for calendar integration), and Giphy to provide our services.

12. Data Security

We use industry-standard security to protect your data, including encryption and secure access controls. You are responsible for keeping your password safe.

13. Authorized Personnel Data Access

A limited number of authorized Clienty personnel may access your data strictly for the following purposes:

  • Data Migration: When you request migration of your data from another platform, authorized personnel may access your uploaded files (client lists, matter records, contacts, and documents) to map, validate, and import your data into Clienty. Source files are automatically deleted from our systems after the migration is approved.
  • Technical Support: When you contact us for help with a technical issue, authorized personnel may access your account data to diagnose and resolve the problem.
  • Service Delivery: Authorized personnel may access your data as necessary to maintain, improve, and ensure the reliability of our services.
  • Access Controls: Access to customer data is restricted to personnel who require it for the purposes described above. All access is logged in our audit system and subject to internal review.
  • No Unauthorized Use: We will never access your data for marketing, advertising, or any purpose other than providing and improving our services. We do not sell or share your data with third parties except as described in this policy.

14. Your Rights

You have the right to access, correct, or delete your data. You can contact us at clientysupport@clienty.io to exercise these rights.

15. Changes

We may update this Privacy Policy. We will notify you of significant changes.

16. Contact

If you have any questions, contact us at clientysupport@clienty.io.

Your Privacy Is Our Priority

Start your 14-day free trial with enterprise-grade data protection on every plan.

Start Free TrialContact Us