How we handle your data.

Last updated: 2026-05-03 · Effective date: upon counsel review

Working draft. This document is a starting position drafted by the founder pending counsel review. Final binding terms will be published before the first paid signup. If you are reading this and are a customer, please contact us before relying on it.

1. Who we are

Agentic, Data & Source ("ADS", "we", "us") is operated by Agentic Agentic Enterprises (parent company; see agentic2x.ai). The website is adslaw.ai. ADS is not a law firm; nothing on this site is legal advice. See our UPL Disclaimer.

2. What we collect

2.1 Information you give us

Account info — email, password (hashed by AWS Cognito), and any optional profile fields you fill in.
Chat content — the questions you ask and the AI responses. Stored in DynamoDB with a default 90-day retention; you can delete sooner via your account settings.
Document uploads — files you upload (per-user, encrypted at rest). Stored in S3 under your user prefix; only readable by you and platform processes acting on your behalf.
Phone-call audio & transcripts — when you redeem a phone consultation code, the call is transcribed; the transcript is emailed to you and stored in your account. Audio is not retained after transcription.
Payment info — collected and stored by Stripe (we never see your card number). We see a Stripe customer ID, your purchase history, and billing email.

2.2 Information we collect automatically

Usage events — which features you use and at what frequency, captured via AWS CloudWatch RUM and our own server-side audit log.
Technical telemetry — IP address, browser, approximate location, referring URL, time of access. Used for security, fraud prevention, and aggregate analytics.
Cookies — a session ID for unauthenticated users (so we can meter free questions); auth tokens for signed-in users; CloudWatch RUM cookies. We do not use cross-site tracking cookies.

3. How we use it

To answer your legal-research questions, draft documents, and provide guidance you ask for.
To meter free-tier usage and process payments.
To detect and respond to security threats (prompt injection, abuse).
To maintain a legally-required audit trail of platform activity.
To send transactional emails (purchase confirmations, password resets, transcripts).
For aggregate analytics that help us improve the platform.

We do NOT use your chat content, document content, or phone transcripts to train AI models unless you explicitly opt in via your account settings. Default is OFF.

4. Who we share it with

We share only with these processors, only the data they need:

Amazon Web Services — hosting, storage, AI inference (Bedrock), telephony (Connect)
Stripe — payments
Anthropic / Amazon — AI model providers (data processing per their published policies)

We do not sell your data and do not share it for advertising.

5. Your rights

Under GDPR (EU), CCPA/CPRA (California), and similar laws, you have the right to:

Access a copy of your data — call GET /api/v1/me/export while signed in
Delete your data — call POST /api/v1/me/delete with confirmation
Correct inaccurate data via your account settings
Port your data — same as Access; we return JSON
Withdraw consent for any opt-in (such as training-data inclusion) at any time

6. Data retention

Chat history: 90 days default (auto-deleted by DynamoDB TTL); you can delete sooner
Documents you upload or generate: until you delete them
Audit log: 7 years (legal-compliance retention; access restricted to security and compliance staff)
Account info: while your account is active + 12 months after last activity, then deleted
Payment records: as required by Stripe and applicable tax law (typically 7 years)

7. Security

We use industry-standard practices: encryption at rest (AES-256) and in transit (TLS 1.2+); least-privilege IAM; AWS WAF; immutable audit log with 7-year retention; per-user data isolation; password hashing managed by AWS Cognito.

8. Children

ADS is not directed to children under 16. We do not knowingly collect data from anyone under 16.

9. International transfers

ADS is operated in the United States. If you access from outside the US, your data is transferred to and processed in the US. We rely on Standard Contractual Clauses where applicable for EU-origin data.

10. Changes to this policy

We will post material changes here and email registered users at least 30 days before they take effect.

11. Contact

Privacy inquiries: privacy@adslaw.ai