Privacy Policy

Introduction

Causel Inc. (“Causel,” “we,” “us,” or “our”) is a Delaware corporation with its principal office in San Francisco, California. This Privacy Policy describes how we collect, use, disclose, and protect information in connection with the Causel Agentic Operating System (the “Platform”) and our website at causel.ai (the “Site”). This Policy applies to all visitors to the Site and all customers and authorized users of the Platform.

By accessing the Site or using the Platform, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with this Policy, do not access the Site or use the Platform.

Information We Collect

Customer Data (Platform)

When customers use the Platform, they upload litigation discovery materials including documents, electronic communications, deposition transcripts, contracts, and other case-related files (“Customer Data”). Customer Data is governed by the Terms of Service and any applicable Data Processing Agreement, not this Privacy Policy. We process Customer Data solely to provide the Platform and do not use it for any other purpose, including marketing, analytics, model training, or sale to third parties.

Account Information

When you create an account or are provisioned as an Authorized User, we collect your name, business email address, job title, firm name, and telephone number. We use this information to provide and administer access to the Platform, to communicate with you about your account, and to provide customer support.

Usage Data

We automatically collect information about how you interact with the Platform, including features used, pages visited, time spent, search queries within the Platform, and error logs. We use this information to improve the Platform, diagnose technical issues, and ensure security. Usage data does not include the content of Customer Data.

Site Visitor Data

When you visit the Site, we may collect your IP address, browser type, operating system, referring URL, and pages viewed. We use cookies and similar technologies to analyze Site traffic and improve the user experience. You may control cookie preferences through your browser settings.

How We Use Information

We use the information we collect for the following purposes:

• To provide, maintain, and improve the Platform
• To process transactions and send related information, including invoices and payment confirmations
• To communicate with you about your account, including service announcements and security alerts
• To respond to your requests, comments, and questions
• To monitor and analyze usage patterns and trends to improve the Platform
• To detect, investigate, and prevent security incidents, fraud, and other harmful activity
• To comply with legal obligations and respond to lawful requests from public authorities
• To enforce our Terms of Service and other agreements

How We Share Information

We do not sell, rent, or trade your personal information. We do not share Customer Data with any third party except as described in this section.

We may share information with: (a) service providers who perform services on our behalf, including cloud infrastructure providers (Amazon Web Services), analytics providers, and payment processors, each of whom is contractually obligated to use information only as necessary to provide services to us; (b) professional advisors, including attorneys, auditors, and consultants, as necessary for the provision of their services; (c) law enforcement or government agencies in response to a valid legal process (subpoena, court order, or warrant), provided that we will notify Customer to the extent legally permitted before disclosing Customer Data; and (d) in connection with a merger, acquisition, or sale of all or substantially all of our assets, in which case information may be transferred to the acquiring entity.

Data Security

We implement and maintain reasonable administrative, technical, and physical safeguards designed to protect information from unauthorized access, use, disclosure, alteration, or destruction. These measures include encryption at rest (AES-256) and in transit (TLS 1.2+), single-tenant infrastructure isolation, role-based access control, immutable audit logging, and continuous vulnerability monitoring. However, no method of transmission over the Internet or method of electronic storage is completely secure, and we cannot guarantee absolute security.

Data Retention

Customer Data is retained for the duration of the applicable Matter or Enterprise Contract term and is permanently deleted within seventy-two (72) hours of termination as described in our Terms of Service. Account information is retained for as long as your account is active and for a reasonable period thereafter to comply with legal obligations, resolve disputes, and enforce agreements. Usage data and site visitor data are retained for up to twenty-four (24) months and then aggregated or deleted.

Your Privacy Rights (California)

If you are a California resident, you have the following rights under the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020 (CCPA/CPRA):

• Right to Know: You may request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources, the business purposes for collection, and the categories of third parties with whom we share it.
• Right to Delete: You may request that we delete personal information we have collected about you, subject to certain exceptions.
• Right to Correct: You may request that we correct inaccurate personal information we maintain about you.
• Right to Opt-Out of Sale/Sharing: We do not sell or share your personal information as those terms are defined under CCPA/CPRA.
• Right to Non-Discrimination: We will not discriminate against you for exercising any of these rights.

To exercise any of these rights, contact us at privacy@causel.ai. We will verify your identity before processing your request and respond within forty-five (45) days as required by law.

Categories of Personal Information Collected

In the preceding twelve (12) months, we have collected the following categories of personal information as defined by CCPA/CPRA: identifiers (name, email address, IP address); professional or employment-related information (job title, firm name); and internet or other electronic network activity information (usage data, browsing history on the Site). We have not collected biometric information, geolocation data, sensory data, or protected classifications.

Your Privacy Rights (European Economic Area & United Kingdom)

If you are located in the European Economic Area (“EEA”), the United Kingdom (“UK”), or Switzerland, the following provisions apply to the processing of your personal data under the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and the UK General Data Protection Regulation (“UK GDPR”).

Legal Bases for Processing

We process your personal data on the following legal bases: (a) performance of a contract (Article 6(1)(b) GDPR) — to provide the Platform and fulfill our contractual obligations under the Terms of Service; (b) legitimate interests (Article 6(1)(f) GDPR) — to operate and improve the Site, ensure security, and prevent fraud, where those interests are not overridden by your data protection rights; (c) consent (Article 6(1)(a) GDPR) — for optional analytics cookies on the marketing site, which you may withdraw at any time; and (d) legal obligation (Article 6(1)(c) GDPR) — to comply with applicable laws and regulations.

Your Rights Under GDPR

Subject to applicable law, you have the following rights regarding your personal data:

• Right of Access (Article 15): You may request a copy of the personal data we hold about you.
• Right to Rectification (Article 16): You may request correction of inaccurate personal data.
• Right to Erasure (Article 17): You may request deletion of your personal data, subject to certain exceptions including legal retention obligations.
• Right to Restriction of Processing (Article 18): You may request that we restrict the processing of your personal data in certain circumstances.
• Right to Data Portability (Article 20): You may request a copy of your personal data in a structured, commonly used, machine-readable format.
• Right to Object (Article 21): You may object to processing based on legitimate interests. We will cease processing unless we demonstrate compelling legitimate grounds.
• Right to Withdraw Consent (Article 7(3)): Where processing is based on consent, you may withdraw consent at any time without affecting the lawfulness of prior processing.
• Right to Lodge a Complaint: You have the right to lodge a complaint with your local data protection supervisory authority.

To exercise any of these rights, contact us at privacy@causel.ai. We will respond within thirty (30) days as required by GDPR.

International Data Transfers (EEA/UK)

The Platform is hosted in the United States. If you are located in the EEA, UK, or Switzerland, any transfer of your personal data to the United States is conducted pursuant to the EU-U.S. Data Privacy Framework, the UK Extension to the EU-U.S. Data Privacy Framework, and/or Standard Contractual Clauses (SCCs) approved by the European Commission (Commission Implementing Decision (EU) 2021/914). Copies of the applicable SCCs are available upon request.

Data Protection Officer

For privacy inquiries from EEA, UK, or Swiss data subjects, contact our designated privacy representative at dpo@causel.ai.

International Data Transfers

The Platform is hosted in the United States. If you access the Platform from outside the United States, you consent to the transfer of your information to the United States. We will process your information in accordance with this Privacy Policy regardless of where it is stored.

Children’s Privacy

The Platform and Site are not directed to individuals under the age of eighteen (18). We do not knowingly collect personal information from children. If we learn that we have collected personal information from a child, we will delete that information promptly.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated Policy on the Site with a revised “Last Updated” date and, for Platform customers, by sending a notice to the email address associated with your account at least thirty (30) days before the changes take effect.