Transparency Notice — AI Processing
Your documents are processed by third-party AI providers
When you use Locke Prime's AI analysis features — including contract analysis, drafting
assistance, legal research, and strategy tools — the text of your documents and queries is
transmitted to third-party AI providers (including Anthropic and
OpenAI) to generate responses.
These providers process your data under their own data processing agreements, which include
enterprise confidentiality and data handling protections. We do not permit AI
providers to use your submitted content to train their models under the terms of
our enterprise agreements.
Your firm data is never sold to third parties and is never shared with
other Locke Prime firms or tenants.
3.Data Sharing
We do not sell your data. We share data only in the following limited
circumstances:
-
AI Providers: Contract text, documents, and queries are transmitted to
third-party AI providers to generate AI-assisted outputs. See Section 4 for full details.
-
Infrastructure & Hosting: We use cloud infrastructure providers
(including Railway and their underlying cloud partners) for hosting, storage, and delivery
of the Service.
-
Payment Processing: Billing and payment information is processed by our
payment provider (Stripe). We do not store full payment card numbers.
-
Legal Requirements: We may disclose information if required by law, court
order, or valid legal process, or to protect the rights and safety of Locke Prime, users,
or the public.
-
Business Transfers: In the event of a merger, acquisition, or sale of
assets, your information may be transferred as part of that transaction, subject to
continued privacy protections.
Firm Data Isolation: Your firm's data is never shared with, visible to, or
accessible by any other Locke Prime customer or tenant. Each Firm Account operates within a
fully isolated data environment.
4.AI Processing — How Your Documents Are Used
Locke Prime's AI features are powered by large language model (LLM) APIs provided by
third-party companies. When you submit a document, contract, or query for AI analysis,
the content of that submission is sent to one or more of these providers:
Each of these providers processes submitted content under enterprise API terms that include
data confidentiality protections. Under our enterprise agreements:
- Submitted content is not used by providers to train their publicly available models
- Data is processed only to generate the requested AI output and is not retained beyond what is necessary for that purpose under the provider's terms
- Providers maintain appropriate security standards for processing legal and professional content
Attorney's Advisory: Before submitting client-privileged or confidential
documents to any AI feature, attorneys should evaluate whether doing so is consistent with
their applicable rules of professional conduct regarding client confidentiality and
third-party disclosure. Locke Prime does not make this determination on your behalf.
5.Data Retention
We retain data for as long as necessary to provide the Service and as required by law.
Specific retention periods:
-
AI query and analysis history: Retained for 90 days by
default. Firm administrators can adjust this retention period in firm settings, including
reducing it or extending it up to the maximum permitted under your subscription plan.
-
Uploaded documents: Retained for the duration of your Firm Account plus
a 30-day grace period following account termination, after which they are permanently
deleted unless a legal hold is in effect.
-
Account information: Retained for the life of your account and as required
by applicable law or legitimate business need following closure.
-
Billing records: Retained for a minimum of seven (7) years as required for
tax and accounting purposes.
-
Security and access logs: Retained for up to 12 months for security
monitoring and incident investigation.
To request early deletion of your firm's data, contact
privacy@lockeprime.com.
6.Security
Locke Prime employs industry-standard security measures to protect your data, including:
- Encryption of data in transit (TLS 1.2+) and at rest
- Role-based access controls within Firm Accounts
- Isolated multi-tenant data architecture
- Secure API key management for third-party integrations
- Access logging and anomaly monitoring
- Regular security reviews
While we take reasonable steps to protect your information, no system is completely secure.
You are responsible for maintaining the security of your account credentials and notifying us
promptly at
security@lockeprime.com
if you suspect unauthorized access.
7.GDPR — Rights for EEA, UK & Swiss Residents
If you are located in the European Economic Area, the United Kingdom, or Switzerland, you
have the following rights under the General Data Protection Regulation (GDPR) and applicable
equivalent laws:
Access
Request a copy of the personal data we hold about you.
Rectification
Request correction of inaccurate or incomplete data.
Erasure
Request deletion of your personal data where no legitimate basis for retention exists.
Restriction
Request that we limit processing of your data in certain circumstances.
Portability
Request a machine-readable copy of your data for transfer to another controller.
Objection
Object to processing based on legitimate interests or for direct marketing.
To exercise these rights, email
privacy@lockeprime.com.
We will respond within 30 days. You also have the right to lodge a complaint with your
applicable supervisory authority.
Our legal bases for processing include: performance of a contract (providing the Service),
legitimate interests (security, fraud prevention), and compliance with legal obligations.
8.CCPA — Rights for California Residents
Under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA),
California residents have the following rights:
-
Right to Know: You may request disclosure of the categories and specific
pieces of personal information we have collected about you, the sources of that information,
our business purposes for collecting it, and the categories of third parties with whom we
share it.
-
Right to Delete: You may request deletion of personal information we have
collected, subject to certain exceptions.
-
Right to Correct: You may request correction of inaccurate personal
information.
-
Right to Opt Out of Sale or Sharing: Locke Prime does not sell or share
personal information for cross-context behavioral advertising. No opt-out is required,
but you may contact us to confirm.
-
Right to Non-Discrimination: We will not discriminate against you for
exercising your CCPA rights.
To submit a CCPA request, contact
privacy@lockeprime.com
or call us at the number listed on our website. We may require identity verification before
processing your request. Authorized agents may submit requests on your behalf.
Note to B2B Users: The CCPA provides limited protections for personal
information collected in a strictly business-to-business context. Much of the information
Locke Prime collects from law firm personnel falls within this B2B exception. We nonetheless
commit to handling all personal information with care and transparency.
9.Cookies & Tracking Technologies
Locke Prime uses cookies and similar technologies to operate and secure the Service:
-
Essential Cookies: Required for authentication, session management, and
core platform functionality. These cannot be disabled without breaking the Service.
-
Security Cookies: Used to detect and prevent fraud and unauthorized access.
-
Preference Cookies: Store user interface preferences (e.g., settings,
sidebar state) to improve your experience across sessions.
We do not use third-party advertising cookies or cross-site tracking technologies.
We do not participate in behavioral ad networks.
You can control cookies through your browser settings. Disabling essential cookies will
prevent you from logging in and using the Service.