Updated: Jan. 21, 2021
This privacy policy explains how Afterpattern handles data collected by us as a data controller during the normal course of business, as well as how Afterpattern as a data processor handles all information input into the Afterpattern software or generated on behalf of Users in connection with the services. Afterpattern provides a service (including our web-based platforms hosted at afterpattern.com, afterpattern.app, afterpattern.site, portal.law, app.law, and community.lawyer, and our Microsoft Office Add-in "Afterpattern: Document Automation") that Users use primarily to develop apps, databases, and portals and make them available for use by Endusers. These services and websites are made available for use worldwide (with the exception of our lawyer referral / lawyer directory product, which is only available in the United States).
I. SCOPE
- Endusers of Apps and/or Portals: If you are an Enduser of an app or portal, we hereby notify you that we are not responsible for the processing of your data but are merely rendering services to the responsible party -- specifically, the Afterpattern User who operates the app or portal. We suggest you carefully read the terms and conditions and privacy policy of that User, as those are the ones governing the processing of your personal data. If you have any doubts, please contact that person, company, or organization.
- Automation Platform Users (including the Microsoft Office Word Add-in "Afterpattern: Document Automation"): If you are a User of Afterpattern’s Automation Platform Websites or Services, this Privacy Policy sets forth how we are processing your personal data, and how are we processing personal data on your behalf.
- Users of and Visitors to Lawyer Referral/Directory Portals: If you are a User of or Visitor to a Lawyer Referral/Directory Portals, we hereby notify you that we are not responsible for the processing of your data but are merely rendering services to the responsible party -- specifically, the Community.lawyer/Afterpattern User who administers the Lawyer Referral/Directory Portal. We suggest you carefully read the terms and conditions and privacy policy of that User, as those are the ones governing the processing of your personal data. If you have any doubts, please contact that person, company, or organization.
- Links to or Integrations with Third-Party Websites: Our Website and Services may contain links and provide integrations to other websites. We do not operate, control, or endorse these websites, and your usage of these links and integrations is your choice and is subject to the policies and terms of those websites.
II. INFORMATION WE COLLECT
- Enduser Data: Users may build apps, portals, or databases to collect and store data.
- Lawyer Referral/Directory Submissions/Reports: We may store data you input into forms or via reports on our Websites.
- Contact data: We may store names, emails, phone numbers, and similar types of data that you submit to us through contact forms or online tickets or via email or mail.
- Usage information: We may collect usage information about you whenever you interact with our websites and services. This includes which webpages you visit, what you click on, when you perform those actions, what language preference you have, what you buy and so on.
- Device and browser data: We may collect information from the device and application you use to access our services. Device data mainly means your IP address, operating system version, device type, device ID/MAC address, system and performance information, and browser type. If you are on a mobile device we also collect the UUID for that device.
- Information from Cookies: We may use first-party and third-party cookies as described in our Cookies Policy.
- Log Data: Our web servers may keep log files that record data each time a device accesses those servers. The log files contain data about the nature of each access, including originating IP addresses, internet service providers, the files viewed on our site (e.g., HTML pages, graphics, etc.), operating system versions, device type and timestamps.
- Information from third parties and integration partners: We may collect your personal information from third parties where, for example, you give permission to those third parties to share your information with us or where you have made that information publicly available online.
- Billing information: If you make a payment to us or via an app, portal, or other services, we may collect billing details like your name, email address, and financial information depending on the third party payment processor being utilized.
- Account information: You need an account before you can use some services. When you register for an account, we collect your username, password and email address.
III. USAGE OF COLLECTED INFORMATION
We process personal data about you either with your consent or in order to fulfill our contractual responsibility to deliver Services and perform the Websites and to pursue our legitimate interests of improving the Services and Websites. We have practices to help ensure that we limit these uses so that your privacy is respected and only the information related to achieving these legitimate aims is used.
A. Users
- Contact Information: We use contact information to respond to your inquiries, send you information as part of the services, and send you marketing information (for as long as you do not opt-out). You can opt out of marketing communications at any time by clicking on the “unsubscribe” link in them.
- Reports: We may store data you input into forms or via reports on our Websites in order to perform the service (for example, render those reports to Lawyer Referral/Directory Portal administrators).
- Information from Cookies: We use first-party and third-party cookies as described in our Cookies Policy.
- How you use our services: We use information about how you use our services to improve our services for you and all users. We may collect information about the types, patterns, and structure of apps and client portals you and other Users build, the types of subscriptions you purchase, and your account transactional behavior to help us improve the Services and Website.
- Device and browser data: We use device data (including IP address) both to troubleshoot problems with our service and to make improvements to it.
- Log data: We use log data for a range of business purposes, including to monitor abuse and troubleshoot, to create new services, features, content or make recommendations, to track behavior at the aggregate/anonymous level to identify and understand trends in the various interactions with our services, and to fix bugs and troubleshoot product functionality.
- Referral information: We use referral information to track the success of our integrations and referral processes.
- Third parties and integrations: We use information from third parties and integration partners, where applicable to one of our services to ensure you can use our service in conjunction with other services.
- Manage internal services: To manage our services we will also internally use your information and data to enforce our agreements where applicable, to prevent potentially illegal activities, and to screen for and prevent undesirable or abusive activity.
- Legal uses: To respond to legal requests or prevent fraud, we may need to use and disclose information or data we hold about you. If we receive a subpoena or other legal request, we may need to inspect the data we hold to determine how to respond.
- Account Information: We need to use your account information to run your account, provide you with services, bill you for our services, provide you with customer support, and contact you about your service or account. We occasionally send you communications of a transactional nature (e.g. service-related announcements, billing-related matters, changes to our services or policies, a welcome email when you first register). You cannot opt out of these communications since they are required to provide our services to you.
- Your Enduser Data: We only use Enduser data (or share it with subprocessors) to provide the Services. We do not sell Enduser data, nor do we identify or contact Endusers except on your request or where required by law.
B. Endusers
Users own, and are data controllers of, Enduser data. Depending on how the User chooses to use the software, Enduser Data may include personal data or personal information. To the extent that Community.lawyer processes User Data, we do so as a data processor on behalf of Users.
- App / Portal Data: We may store data about and collected by apps, portals, or databases in order to perform the service (for example, assemble documents like PDFs or Word documents with the inputted data).
- Information from Cookies: We utilize cookies in apps and client portals that Endusers access strictly to ensure the proper functioning and security of the Service. For more information please see our Cookies Policy.
- Device and browser data: We use device data (including IP address) both to troubleshoot problems with our service and to make improvements to it.
- Logs: We use log data for a range of business purposes, including to monitor abuse and troubleshoot, to create new services, features, or content, to track behavior at the aggregate/anonymous level to identify and understand trends in the various interactions with our services, and to fix bugs and troubleshoot product functionality.
- Third parties and integrations: We collect and use information from third parties and integration partners, where applicable to facilitate Users in making apps and client portals available to you as an Enduser.
- Manage internal services: To manage our services we will also internally use your information and data to enforce our agreements where applicable, to prevent potentially illegal activities, and to screen for and prevent undesirable or abusive activity.
- Legal uses: To respond to legal requests or prevent fraud, we may need to use and disclose information or data we hold about you. If we receive a subpoena or other legal request, we may need to inspect the data we hold to determine how to respond.
C. Website Visitors
- Lawyer Referral/Directory Portal Submissions: We may store data you submit via Lawyer Referral/Directory Portals in order to render such data to the Lawyer Referral/Directory Portal Users (including administrators) to whom it was submitted.
- Information from Cookies: We use first-party and third-party cookies as described in our Cookies Policy.
- How you use our services: We use information about how you use our services to improve our services for you and all users. For example, we may collect information about what webpages you visited so we understand what services are the most useful.
- Device and browser data: We use device data (including IP address) both to troubleshoot problems with our service and to make improvements to it.
- Log data: We use log data for a range of business purposes, including to monitor abuse and troubleshoot, to create new services, features, content or make recommendations, to track behavior at the aggregate/anonymous level to identify and understand trends in the various interactions with our services, and to fix bugs and troubleshoot product functionality.
- Referral information: We use referral information to track the success of our integrations and referral processes.
- Manage internal services: To manage our services we will also internally use your information and data to enforce our agreements where applicable. to prevent potentially illegal activities, and to screen for and prevent undesirable or abusive activity.
- Legal uses: To respond to legal requests or prevent fraud, we may need to use and disclose information or data we hold about you. If we receive a subpoena or other legal request, we may need to inspect the data we hold to determine how to respond.
D. Prohibition on Selling Data (California Privacy Notice)
Afterpattern does not sell (nor have we ever sold) the data we process.
IV. INFORMATION YOU SHARE
Some of our Services let you share information with others. Depending on how you elect to share your information (e.g. via public Communities/Marketplaces), it may be indexed by search engines.
V. INFORMATION WE SHARE
We do not share your information or data with third parties outside Afterpattern except in limited circumstances.
To provide certain aspects of our services, we rely on integrations or technology services offered by third parties. We enter into agreements with these third parties to ensure they meet standards for confidentiality, privacy, and security. For example, we rely on third-party services to: send transactional emails; send marketing emails (e.g. our newsletter); send transactional text messages; store data; track engagement on our website; facilitate real-time customer support chat; and process payments.
We also share your information or data if you choose to use an integration in conjunction with Afterpattern services, to the extent necessary to facilitate that use. We also may have to share information or data in order to: meet any applicable law, regulation, legal process or enforceable governmental request; enforce applicable policies, including investigation of potential violations; detect, prevent, or otherwise address fraud, security or technical issues; protect against harm to the rights, property or safety of our users, the public or to Afterpattern and/or as required or permitted by law; and facilitate a sale, merger or change in control of all or any part of our company or business or in preparation for any of these events.
VI. SUBPROCESSORS
Where we use any third parties to assist us in delivering our services and they process your data as part of that service, they are considered subprocessors. We enter into GDPR-compliant data processing agreements with each subprocessor, extending GDPR safeguards everywhere personal data is processed. Currently we utilize the following subprocessors:
- Amazon Web Services. Cloud hosting.
- Google. Business analytics.
- Hotjar. User interactions.
- Intercom. Live chat and customer success.
- Mailchimp. Email newsletter.
- Mailgun. Transactional email.
- New Relic. Infrastructure monitoring.
- Rollbar. Error monitoring.
- Stripe. Payment processing.
- Twilio. Text messaging.
If you are an existing Afterpattern User and need to be notified when additional Subprocessors are used to provide the Services, you can subscribe to updates by emailing hello@afterpattern.com with the subject line "Add this email to your Subprocessor mailing list".
VII. COOKIES
We use first- and third-party cookies and similar technologies on our websites. For more information about cookies, how we use them, and how you can manage them see our Cookies Policy.
VIII. SECURITY PRACTICES
For more about our security practices, please see our Security Practices page.
IX. DATE RETENTION
If you hold an account with us, we do not delete the data in your account that you choose to store. You must make the decision to delete your data and have full control over that. If you are a Website Visitor who submitted data to a User or an Enduser of an app or client portal, you will need to ask the User how long your responses will be stored in Afterpattern services.
X. SAFETY OF MINORS
The websites and services are not intended for and may not be used by minors. “Minors” are individuals under the age of 13 or under a higher age if permitted by the laws of their residence. Afterpattern does not knowingly collect personal data from minors or let them create accounts and reserve the right to delete data we reasonably believe is the personal data of minors without notice. If you believe our Services have been used to collect the personal data of a minor, please contact us at hello+privacy@afterpattern.com.
XI. DATA TRANSFERS
For users subject to the GDPR and acting as a Data Controller by using our Services, Afterpattern offers a Data Processing Addendum (DPA), which includes the EU approved Standard Contractual Clauses/Model Clauses. Submit a request to enter into a DPA by emailing us at hello@afterpattern.com with relevant details.
XII. PRIVACY POLICY UPDATES
We may make changes to this Privacy Policy from time to time. In circumstances where a change will materially change the way in which we collect or use your personal information or data, we will post a notice to our site and/or send a notice of this change to all of our account holders.
XIII. MARKETING
You can opt-out from direct marketing in all direct marketing emails.
XIV. YOUR RIGHTS
You may wish to exercise a right to obtain information about yourself or to correct, update or delete that information. These rights may be subject to some exceptions or limitations in local law or based on your location or the services being used (e.g. the Lawyer Referral/Directory Portals, which are available only to United States visitors and users). We will take reasonable steps to verify your identity and we will respond to your request to exercise these rights within a reasonable time subject to the below for specific categories of person.
A. Rights Under Privacy Laws
In accordance with applicable privacy law, User and Enduser of the Automation Platform, Apps, and/or Portal Services have the following rights in respect to your personal information that we hold:
- Rights of access and portability: The right to obtain access to your personal information and get a copy of this information.
- Right to rectification: The right to obtain rectification of your personal information when you want it updated or corrected.
- Right to erasure: The right to obtain the deletion of your personal information without undue delay in certain circumstances, such as where the personal information is no longer necessary in relation to the purposes for which it was collected or processed.
- Right to restriction: The right to have your personal information stop being used in certain cases, including if you believe that the personal information about you is incorrect or the use is unlawful.
- Right to object: The right to object, on grounds relating to your particular situation, to the processing of your personal information, and to object to the processing of your personal information for direct marketing purposes, to the extent it is related to such direct marketing.
- Right to non-discrimination: The right to non-discrimination for exercising your rights as outlined in this policy. This includes, but is not limited to, denying you goods or services, charging you different prices for similar services, or providing a different level or quality of service.
B. Exercising Your Rights and Fulfilling Your Responsibilities
i. Users
Users can view, edit, delete, and download some of your data directly in your account, or you can contact us to exercise your rights. Specifically:
- You can use your account to update your username, password, and billing details.
- You can use the unsubscribe link in our newsletter emails to opt out of their receipt at any time.
- You can follow the instructions in our Cookies Policy to manage or clear your cookies.
- You can delete your account and exercise your right to be forgotten by contacting us at hello+datarequest@afterpattern.com.
Regardless of whether a User is inside or outside of the European Union, you may be required to respond to requests from people who ask to exercise their rights as wel (e.g. delete, update, or obtain a copy of data)l. In addition, Users are responsible for ensuring the apps and the portals they give Endusers access to comply with privacy laws.
For example, you can build your apps to not collect personal information. You can also use such features or design patterns in combination with integrations with outside databases (e.g. Clio, Google Sheets, Zapier) and only collect the exact subset of data you need. You can include consent statements in the Services you make available to Endusers. When in doubt, we encourage Users to seek legal advice to comply with privacy and data collection laws and regulations.
ii. Endusers
If you are an Enduser with a request related to exercising your rights under privacy laws, we recommend you contact the User who gave you access to the app and/or portal. The User owns and controls your data, and is responsible for editing, deleting, or giving you a copy of it. If you're unable to get in touch with the User, contact us with the following: link to app and/or client portal to which the User gave you access, date and time you accessed the app and/or client portal, your name and email address. We will attempt to use this information to put you in contact with the User who controls the data.
iii. Website Visitors
A website visitor can be anyone who visits one of our service's webpages. Such visitors can manage data stored about them as described in more detail in our Cookies Policy (if applicable).
C. Contacting Us About Your Rights
If you've communicated with Afterpattern via email or other channels not listed, and you want to exercise your rights, contact us at hello+privacy@afterpattern.com. We may ask you to verify your identity and for info about the communications you received so we can complete your request.
If you wish to exercise one of these rights and want more information on how to do so, please contact us at hello+privacy@afterpattern.com. Upon request and if applicable, we will provide you with information about whether we hold any of your personal information. We will respond to your request within 30 days.