Get a Demo

Privacy Statement

Last revised August 4th, 2025

1. Introduction & Scope


The LegalSifter Group - companies owned by LegalSifter Holdings, Inc. (currently Legal Sifter, Inc. dba LegalSifter, Inc, LegalSifter Law, LLC, Contract Logix, LLC and the Akorda Corporation)(“LegalSifter”, “we”, “us”, “our”) - respects your privacy and is committed to protecting it through our compliance with this Privacy and Security Statement (“Statement”).

This Statement, together with our Terms & Conditions of Website Use, describes how we collect, use, disclose, and protect personal data through our services, which include:

  • Web applications (Adams Contracts™, Contract Logix®, LegalSifter Review®, LegalSifter Organize®, and LegalSifter Control®);
  • LegalSifter ReviewPro™ Microsoft Word Add-in (see also Microsoft’s Privacy Policy);
  • Related professional services.

(collectively, “Services”)

This Statement does not apply to third-party websites or applications (including advertising) that may link to or be accessible from our Services. We are not responsible for their privacy practices and encourage you to review the privacy policies of any site you visit.

By using our Services, you agree to this Statement. We may update this Statement from time to time, so please review it periodically to stay informed about how your data is used.

2. Controllership and basis of processing


In the context of this Privacy and Security Statement, LegalSifter acts as a data processor, processing personal data on behalf of clients (data controllers), based on their instructions.

 

3. Categories of Personal Data


We may process the following types of personal data:

  • Biographical information, e.g. initials or full name;
  • Professional information, e.g. job title;
  • Contact information, e.g. e-mail address;
  • Any other type of personal data within contracts and other legal documents.


4. How We Receive Personal Data


We may receive your personal data through:

  • Direct submission via navigation, registration, or contact forms;
  • User feedback and problem reports;
  • Automatic data collection, e.g. cookies, IP addresses, device information;
  • Legal documents submitted by clients or obtained from public sources.

5. Purposes of Processing


We process personal data to:

  • provide you with information, products, or services that you request from us;
  • maintain the integrity and security of our Services;
  • support business operations, including people development, recruiting, and business research and outreach;
  • respond to lawful requests by government or law enforcement.

We only collect and retain personal data as necessary for the above purposes.

6. automatic data collection and use of tracking technologies


We collect non-personal technical information about your device and browsing activity. This may include your IP address, browser type, pages visited, time spent on each page, and the date and time of your visit. This data is collected in aggregate and is not used to identify individuals. We use it to improve our Services, enhance user experience, and better understand website traffic and usage patterns.

 

The above information is collected using common tracking technologies, such as:

  • Cookies – Small data files stored on your device to remember your preferences and improve navigation (see www.aboutcookies.org for details). You can change your browser settings to block or delete cookies, but this may impact how the site functions.
  • Web beacons, embedded scripts, and server logs – tools to monitor usage and performance.
  • Browser fingerprinting, GPS, device identifiers, iBeacons, and ETags – particularly when accessing our site via mobile devices.

We also use Google Analytics, which collects anonymized data to help us understand site usage and performance. You can opt out of Google Analytics tracking by installing the Google Analytics Opt-out Add-on here.

Third parties may independently collect information via tracking technologies. We do not control these technologies and this Statement does not apply to them. Our systems do not currently respond to “Do Not Track” browser signals.

7. Promotional Offers from LegalSifter


You may opt out of promotional emails by contacting us at privacy@legalsifter.com.


8. Data Retention Periods


We retain your personal data for as long as is necessary to fulfill our obligations to you. Data no longer required will be deleted within six months.

 

9. Sharing Data with Third Parties


We may share your personal data with other entities. Such third parties may include service providers offering the following types of services:

  • cloud storage
  • machine learning and natural language processing data science services
  • legal services
  • e-mail services
  • instant messaging
  • work tracking
  • project management
  • software version control
  • cloud computing
  • website building
  • legal R&D
  • large language models

We will require that these third parties maintain at least the same level of privacy and security that we maintain for your personal data.


10. Other Disclosure of Your Personal Data


We may also disclose your personal data:

  • to comply with our legal obligations, official investigations or legal proceedings, including but not limited to: in response to subpoenas, search warrants, or court orders;
  • if we sell or transfer all or a portion of our company’s business interests, assets, or both, or in connection with a corporate merger, consolidation, restructuring, or other company change; or
  • to our subsidiaries or affiliates only if necessary for business and operational purposes.

If we must disclose your personal data to comply with official investigations or legal proceedings initiated by governmental and/or law enforcement officials, we may not be able to ensure that such recipients of your personal data will maintain the privacy or security of your personal data.

We may use, transfer, sell, and share aggregated, anonymous data, which does not include any personal data, about users of our Services as a group for any legal business purpose, such as analyzing usage trends and seeking compatible advertisers, sponsors, clients, and customers.


11. Data Integrity and Security


LegalSifter maintains technical, organizational, and physical security measures that are reasonably designed to help protect personal data from unauthorized processing, such as unauthorized access, disclosure, alteration, or destruction. The safety and security of your personal data also depends on you. Where we have given you (or where you have chosen) a password for access to certain parts of our Services, you are responsible for keeping this password confidential.

Although we take reasonable security measures to protect your personal data, for example, by using Secure Socket Layer encryption when you transmit your password, we cannot guarantee the security of your personal data transmitted to our Services. The transmission of information via the Internet is not 100% secure and we cannot ensure the security of any information you transmit to us. We are not responsible for the circumvention of any privacy settings or security measures contained on the applications within our Services.


12. international data transfers


Our service providers may be located outside of the United States. LegalSifter remains liable for the protection of personal data that we transfer to our service providers within the scope of our Data Privacy Framework certification, except to the extent that we are not responsible for the event giving rise to any unauthorized or improper processing.


13. Data Privacy Framework participation


LegalSifter complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce.  LegalSifter has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF.  LegalSifter has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF.  If there is any conflict between the terms in this privacy policy and the DPF Principles and/or the Swiss-U.S. DPF Principles (DPF Principles), the Principles shall govern.  To learn more about the Data Privacy Framework Program (DPF Program), and to view our certification, please visit https://www.dataprivacyframework.gov/.

 

If there is any conflict between the terms in this Statement and the Framework principles set out above, the Framework principles will govern.

 

To view LegalSifter’s certification, please search for LegalSifter here.

 

Pursuant to the DPF Program, EU, UK, and Swiss individuals have the right to obtain our confirmation of whether we maintain personal information relating to you in the United States. Upon request, we will provide you with access to the personal information that we hold about you. You may also correct, amend, or delete the personal information we hold about you. An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data transferred to the United States in reliance on the DPF Program should direct their query to [INSERT your organization’s contact email]. If requested to remove data, we will respond within a reasonable timeframe. 

 

We will provide an individual opt-out choice, or opt-in for sensitive data, before we share your data with third parties other than our agents, or before we use it for a purpose other than which it was originally collected or subsequently authorized. To request to limit the use and disclosure of your personal information, please submit a written request to privacy@legalsifter.com

 

14. your Rights


LegalSifter acknowledges the right of EU, UK and Swiss individuals to access their personal data under the Data Privacy Framework and will grant individuals reasonable access to any such information held by LegalSifter.

LegalSifter will take reasonable steps to permit individuals to correct, amend, or delete such information demonstrated to be inaccurate or processed in violation of the Data Privacy Framework, or to withdraw such individual’s consent. To exercise your rights, contact privacy@legalsifter.com.


15. children’s privacy


Our Services are not intended for use by children under the age of 13, and we do not knowingly process the personal data of anyone under 18. Children should always get permission from a parent or guardian before sending personal data over the Internet. Contact us if you believe a child has provided data.


16. GDPR Compliance


The General Data Protection Regulation (“GDPR”) expands the data privacy rights for European individuals and gives them the power to control their data. For companies that process the personal data of these European individuals, the GDPR outlines specific requirements that these companies must satisfy, as well as specific rights that the European individuals can exercise with these companies. Further information on the GDPR is available on the European Union’s official website.

LegalSifter enters into Data Processing Agreements (“DPAs”) with its clients upon request, as well as with its vendors. To request a DPA, please email help@legalsifter.com.

 

17. BBB national Programs


LegalSifter is a member of the BBB National Programs, meaning that with respect to personal data processed within the scope of the Services, BBB National Programs has assessed LegalSifter’s data governance and data security for compliance with the BBB National Programs data privacy requirements. The criteria require that participants maintain a high standard for data privacy and implement specific best practices about notice, onward transfer, choice, access, data security, data quality, recourse, and enforcement.

 

18. Dispute Resolution


Where a privacy complaint or dispute cannot be resolved through LegalSifter’s internal processes, LegalSifter selected BBB National Programs as its Independent Recourse Mechanism (IRM) for the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF). Subject to the terms of the BBB National Programs Data Privacy Framework Dispute Resolution Process, if you are an individual in the European Union, the United Kingdom, Switzerland, or other participating countries with a privacy complaint against LegalSifter, you may submit a complaint to BBB National Programs. This process is free of charge to individual consumers. To file a complaint with BBB National Programs and participate in the BBB National Programs Data Privacy Framework Dispute Resolution Process, please submit the required personal data here.


19. Binding Arbitration

If your dispute or complaint can’t be resolved by us, or through the BBB National Programs Data Privacy Framework Dispute Resolution Process, you may have the right to require that we enter into binding arbitration with you pursuant to the Data Privacy Framework’s Recourse, Enforcement and Liability Principle and Annex I of the Data Privacy Framework.

 

20. Regulatory Oversight


LegalSifter is subject to the investigatory and enforcement powers of the United States Federal Trade Commission.

21. Changes to this Statement


We may update this Statement. If we make any material change to this Privacy and Security Statement, we will post the revised Statement to this web page and update the "Last Revised” date above to reflect the date on which the new Statement became effective. We encourage you to revisit this page periodically to read the current version of this Statement in effect.


22. Contact Information


If you have any questions or comments about this Statement, or wish to exercise your rights, please contact us by emailing us at privacy@legalsifter.com, by phone number 1-724-221-7438, or by writing to us at:

LegalSifter
Attn: Privacy Officer
8878 Covenant Avenue #304
Pittsburgh, PA 15237

Please allow up to four weeks for us to reply with final resolution.

Frequently Asked Questions

1. How will you provide assurance that you are meeting your compliance requirements? (For example, SOC 2 report)
  • LegalSifter has achieved SOC 2 and will provide its report upon request.
  • We host LegalSifter Review and LegalSifter Organize on Amazon Web Services.  Attached is their SOC compliance site: Amazon SOC Compliance Site.
2. Please provide a listing of where your data centers and off
  • We host LegalSifter Review and LegalSifter Organize environments at Amazon Web Services Northern Virginia, Singapore, London, Ireland, and Beijing - see Amazon Global Infrastructure.
  • We will host LegalSifter Review and LegalSifter Organize data at other Amazon Web Services locations at the request of the client or partner.
3. Are any of your data centers, servers, or data storage locations outside of the US?
In general, no. We offer locations outside of the US for some non-US clients.
4. If we must retain and generate data to support a legal matter, will you allow data to be put on retention hold?
Yes.
5. What if data is co-mingled with another client's data?
Client data is not co-mingled with another client's data, except in the case of research and development and only if you give us permission to use such data for research and development.
6. What type of database environment is used to store data (multi-instance or multi-tenant)?
We are primarily a multi-tenant company, as of 2017.
7. What integrations are required?
LegalSifter Review and LegalSifter Organize do not require integrations.
8. Does LegalSifter acquire any rights to our data through the agreement, including intellectual property rights? Do you use client data to promote your business, such as collating client data as market information or selling the client behavior for third party marketing?
We ask our clients if they will allow us to use their contracts for research purposes only - to further our machine learning algorithms (“Sifters”). All clients benefit from our improved Sifters, and our Sifters need client data to do that.  Each client may decline to give us such permission when we work through our subscription agreement. We will also ask each client for permission to use their name and logo in marketing materials. If we do not have a client’s express written permission on either front, we will not acquire any rights to its data, and we will not use a client's name and logo for marketing purposes.
9. For an audit or security incident, will we be able to audit controls via a third party?
Yes.
10. What is the process to export data?
  • LegalSifter Organize has an export button available at all times to clients, allowing them to export their data into xls format.
  • LegalSifter Review has an export button available to all clients, allowing them to export their sifted documents to docx format.
11. How long is my data stored in LegalSifter Review?
  • 15 days after a user deletes a contract in the LegalSifter Review (moves to Trash, then Deletes from Trash), LegalSifter permanently excises the associated contract files. LegalSifter retains the name of the file, the document type, and the account that uploaded it for reporting purposes as long as the account is open.
  • LegalSifter Review allows organizations to disable excision of deleted documents via a setting. This can be done for litigation hold or any other client need.
  • 30 days after a company or individual terminates their contract or trial for LegalSifter Review, LegalSifter permanently excises all data in the database and datastore.
  • Please note this refers to the LegalSifter Review, not the data that is in the R&D research repository. Copies of contracts are there if the client allowed so in their executed agreement with LegalSifter.
12. How long is my data stored in LegalSifter Organize?
  • 30 days after a company or individual terminates their contract, project, or trial for LegalSifter Organize, LegalSifter permanently excises all data in the database and datastore.
  • Please note this refers to the LegalSifter Organize product, not the data that is in the R&D research repository. Copies of contracts are there if the client allowed so in their executed agreement with LegalSifter.
13. What happens if I need extended access to documents, in cases such as litigation hold?
LegalSifter ensures that clients may specify when Client Data is deleted from LegalSifter’s systems, and to separate content and manage Client Data under differing scenarios (e.g., for litigation hold).
14. What will LegalSifter do in the case of a data breach?
LegalSifter will notify client(s) of any data breach within twenty-four (24) hours of becoming aware of any confirmed (a) breach of network or computing assets that result in potential or actual unauthorized access to any Client Data, or (b) misuse, potential disclosure or loss of, or inability to account for, any Client Data.