Privacy Statement

Last revised April 27, 2026

1. Introduction & Scope

The LegalSifter Group - companies owned by LegalSifter Holdings, Inc. (currently Legal Sifter, Inc. dba LegalSifter, Inc, Contract Logix, LLC and the Akorda Corporation)(“LegalSifter”, “we”, “us”, “our”) - respects your privacy and is committed to protecting it through our compliance with this Privacy and Security Statement (“Statement”).
This Statement, together with our Terms & Conditions of Website Use, describes how we collect, use, disclose, and protect personal data through our services, which include:

• Web applications (Adams Contracts™, Contract Logix®, LegalSifter Review®, and LegalSifter Organize®);

• LegalSifter ReviewPro™ Microsoft Word Add-in (see also Microsoft’s Privacy Policy);

• LegalSifter ReviewPro™ Google Workspace add-on for Google Docs (see also Google Privacy Policy);
• LegalSifter ReviewPro™ mobile application for iOS (see also Apple's Privacy Policy);

• Related professional services.

(collectively, “Services”)

This Statement does not apply to third-party websites or applications (including advertising) that may link to or be accessible from our Services. We are not responsible for their privacy practices and encourage you to review the privacy policies of any site you visit.
By using our Services, you agree to this Statement. We may update this Statement from time to time, so please review it periodically to stay informed about how your data is used.

2. Controllership and basis of processing

In the context of this Privacy and Security Statement, LegalSifter acts as a data processor, processing personal data on behalf of clients (data controllers), based on their instructions.

3. Categories of Personal Data

We may process the following types of personal data:

• Biographical information, e.g. initials or full name;
• Professional information, e.g. job title;
• Contact information, e.g. e-mail address;
• Any other type of personal data within contracts and other legal documents.

4. How We Receive Personal Data

We may receive your personal data through:

• Direct submission via navigation, registration, or contact forms;
• User feedback and problem reports;
• Automatic data collection, e.g. cookies, IP addresses, device information;
• Legal documents submitted by clients or obtained from public sources.

5. Purposes of Processing

• provide you with information, products, or services that you request from us;
• maintain the integrity and security of our Services;
• support business operations, including people development, recruiting, and business research and outreach;
• respond to lawful requests by government or law enforcement.

We only collect and retain personal data as necessary for the above purposes.

6. Automatic data collection and use of tracking technologies

• Cookies – Small data files stored on your device to remember your preferences and improve navigation (see www.aboutcookies.org for details). You can change your browser settings to block or delete cookies, but this may impact how the site functions.
• Web beacons, embedded scripts, and server logs – tools to monitor usage and performance.
• Browser fingerprinting, GPS, device identifiers, iBeacons, and ETags – particularly when accessing our site via mobile devices.

We also use Google Analytics, which collects anonymized data to help us understand site usage and performance. You can opt out of Google Analytics tracking by installing the Google Analytics Opt-out Add-on here.
Third parties may independently collect information via tracking technologies. We do not control these technologies and this Statement does not apply to them. Our systems do not currently respond to “Do Not Track” browser signals.

7. Promotional Offers from LegalSifter

You may opt out of promotional emails by contacting us at privacy@legalsifter.com.

8. Data Retention Periods

We retain your personal data for as long as is necessary to fulfill our obligations to you. Data no longer required will be deleted within six months.

9. Sharing Data with Third Parties

We may share your personal data with other entities. Such third parties may include service providers offering the following types of services:

• cloud storage
• machine learning and natural language processing data science services
• legal services
• e-mail services
• instant messaging
• work tracking
• project management
• software version control
• cloud computing
• website building
• legal R&D
• large language models

We will require that these third parties maintain at least the same level of privacy and security that we maintain for your personal data.

10. Third-Party Artificial Intelligence Processing

Our Services use third-party large language model (“LLM”) providers to analyze contracts and legal documents. Content submitted to the Services may be transmitted to these LLM providers for processing. We contractually require that these providers do not use customer content to train their models, and do not retain customer content beyond what is necessary to return a response. We do not sell personal data, and we do not use personal data contained in customer content for advertising purposes.

11. Google API Services User Data

LegalSifter ReviewPro’s use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, available at https://developers.google.com/terms/api-services-user-data-policy, including the Limited Use requirements. When you install the LegalSifter ReviewPro Google Workspace add-on, we request only the minimum OAuth scopes necessary to provide the Services, and we do not use Google user data for advertising, do not sell Google user data, do not transfer Google user data to third parties other than as necessary to provide the Services (including to the LLM providers described above under the same contractual restrictions), and do not allow humans to read Google user data except with your affirmative consent, for security investigations, or where required by law.

12. Other Disclosure of Your Personal Data

We may also disclose your personal data:

• to comply with our legal obligations, official investigations or legal proceedings, including but not limited to: in response to subpoenas, search warrants, or court orders;
• if we sell or transfer all or a portion of our company’s business interests, assets, or both, or in connection with a corporate merger, consolidation, restructuring, or other company change; or
• to our subsidiaries or affiliates only if necessary for business and operational purposes.

If we must disclose your personal data to comply with official investigations or legal proceedings initiated by governmental and/or law enforcement officials, we may not be able to ensure that such recipients of your personal data will maintain the privacy or security of your personal data.

We may use, transfer, sell, and share aggregated, anonymous data, which does not include any personal data, about users of our Services as a group for any legal business purpose, such as analyzing usage trends and seeking compatible advertisers, sponsors, clients, and customers.

13. Data Integrity and Security

LegalSifter maintains technical, organizational, and physical security measures that are reasonably designed to help protect personal data from unauthorized processing, such as unauthorized access, disclosure, alteration, or destruction. The safety and security of your personal data also depends on you. Where we have given you (or where you have chosen) a password for access to certain parts of our Services, you are responsible for keeping this password confidential.

Although we take reasonable security measures to protect your personal data, for example, by using Secure Socket Layer encryption when you transmit your password, we cannot guarantee the security of your personal data transmitted to our Services. The transmission of information via the Internet is not 100% secure and we cannot ensure the security of any information you transmit to us. We are not responsible for the circumvention of any privacy settings or security measures contained on the applications within our Services.

14. International data transfers

Our service providers may be located outside of the United States. LegalSifter remains liable for the protection of personal data that we transfer to our service providers within the scope of our Data Privacy Framework certification, except to the extent that we are not responsible for the event giving rise to any unauthorized or improper processing.

15. Data Privacy Framework participation

LegalSifter complies with the:

• EU-U.S. Data Privacy Framework;
• UK Extension to the EU-U.S. Data Privacy Framework; and
• Swiss-U.S. Data Privacy Framework.

If there is any conflict between the terms in this Statement and the Framework principles set out above, the Framework principles will govern.

To view LegalSifter’s certification, please search for LegalSifter here.

16. Your Rights

LegalSifter acknowledges the right of EU, UK and Swiss individuals to access their personal data under the Data Privacy Framework and will grant individuals reasonable access to any such information held by LegalSifter.

LegalSifter will take reasonable steps to permit individuals to correct, amend, or delete such information demonstrated to be inaccurate or processed in violation of the Data Privacy Framework, or to withdraw such individual’s consent. To exercise your rights, contact privacy@legalsifter.com.

To request deletion of your personal data or to revoke consent, email privacy@legalsifter.com with the subject line “Data Deletion Request.” We will acknowledge your request within five (5) business days and complete the deletion within thirty (30) days, except where we are required to retain data to comply with a legal obligation. If you installed the LegalSifter ReviewPro Google Workspace add-on, you may revoke our access to your Google account at any time at https://myaccount.google.com/permissions. If you use the LegalSifter ReviewPro iOS application, you may delete your account from within the app by selecting Settings > Account > Delete Account, or by emailing the address above.

17. Children’s privacy

Our Services are not intended for use by children under the age of 13, and we do not knowingly process the personal data of anyone under 18. Children should always get permission from a parent or guardian before sending personal data over the Internet. Contact us if you believe a child has provided data.

18. GDPR Compliance

The General Data Protection Regulation (“GDPR”) expands the data privacy rights for European individuals and gives them the power to control their data. For companies that process the personal data of these European individuals, the GDPR outlines specific requirements that these companies must satisfy, as well as specific rights that the European individuals can exercise with these companies. Further information on the GDPR is available on the European Union’s official website.

LegalSifter enters into Data Processing Agreements (“DPAs”) with its clients upon request, as well as with its vendors. To request a DPA, please email help@legalsifter.com.

19. BBB National Programs

LegalSifter is a member of the BBB National Programs, meaning that with respect to personal data processed within the scope of the Services, BBB National Programs has assessed LegalSifter’s data governance and data security for compliance with the BBB National Programs data privacy requirements. The criteria require that participants maintain a high standard for data privacy and implement specific best practices about notice, onward transfer, choice, access, data security, data quality, recourse, and enforcement.

20. Dispute Resolution

Where a privacy complaint or dispute cannot be resolved through LegalSifter’s internal processes, LegalSifter selected BBB National Programs as its Independent Recourse Mechanism (IRM) for the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF). Subject to the terms of the BBB National Programs Data Privacy Framework Dispute Resolution Process, if you are an individual in the European Union, the United Kingdom, Switzerland, or other participating countries with a privacy complaint against LegalSifter, you may submit a complaint to BBB National Programs. This process is free of charge to individual consumers. To file a complaint with BBB National Programs and participate in the BBB National Programs Data Privacy Framework Dispute Resolution Process, please submit the required personal data here.

21. Binding Arbitration

If your dispute or complaint can’t be resolved by us, or through the BBB National Programs Data Privacy Framework Dispute Resolution Process, you may have the right to require that we enter into binding arbitration with you pursuant to the Data Privacy Framework’s Recourse, Enforcement and Liability Principle and Annex I of the Data Privacy Framework.

22. Regulatory Oversight

LegalSifter is subject to the investigatory and enforcement powers of the United States Federal Trade Commission.

23. Changes to this Statement

We may update this Statement. If we make any material change to this Privacy and Security Statement, we will post the revised Statement to this web page and update the "Last Revised” date above to reflect the date on which the new Statement became effective. We encourage you to revisit this page periodically to read the current version of this Statement in effect.

24. Contact Information

If you have any questions or comments about this Statement, or wish to exercise your rights, please contact us by emailing us at privacy@legalsifter.com, or by writing to us at:

LegalSifter
Attn: Privacy Officer
321 Billerica Rd
Executive Suite #15
Chelmsford
MA, 01824

Please allow up to four weeks for us to reply with final resolution.