Privacy Policy

1. Scope

This policy describes how Anchor collects, uses, discloses, and protects personal information in connection with the Anchor application at anchorlegal.ca. It applies to information about firm users (lawyers, paralegals, staff) and to client and counterparty information that firm users enter into Anchor in the course of running matters.

2. Categories of information we handle

Account information (about your firm's users)

• Name, work email, role, language preference.
• Authentication credentials (passwords are hashed; sessions are signed cookies).
• Sign-in audit log: IP address, user agent, timestamp.

Matter information (about your firm's clients and counterparties)

• Party identifiers (name, contact information, role) as entered by firm users.
• Documents, drafts, comments, deadlines, time entries, retainer ledger, billing data.
• Search history within the firm.

Operational data

• Application logs, error traces, performance metrics.
• AI-feature audit log (concepts sent, model used, token count, cost).

3. How we use information

• To provide the service. Storing and serving matter data to authenticated firm users.
• To secure the service. Sign-in audit logs, rate limiting, abuse detection.
• To improve the service. Aggregated, anonymized usage metrics (e.g. average search latency). We do not use matter content to train models.
• To communicate with you. Transactional email (sign-ins, password resets, signature requests). Product news email is opt-in and CASL-compliant; you can unsubscribe at any time.

4. Legal basis (PIPEDA / BC PIPA)

For account holders we rely on consent given at signup. For matter content we act as a service provider to your firm — your firm is the privacy controller and you remain responsible to clients and counterparties under BC PIPA and the Law Society's confidentiality obligations.

5. Where data lives

• Primary database: PostgreSQL hosted on DigitalOcean's Toronto (TOR1) region.
• Backups: Encrypted daily snapshots, stored both on the host and in DigitalOcean Spaces (TOR1).
• Email transit: Transactional email is sent over TLS through our SMTP provider.
• AI inference: Selected text (concepts, holdings, body snippets) is sent to OpenRouter, which routes to Google's Gemini family for inference. Anchor does not retain the request body beyond the audit-log row needed to attribute cost.

6. Retention

• Matter data: retained for the life of your subscription plus 30 days after cancellation to allow export. Backups age out within 90 days of deletion from production.
• Audit logs: retained for 24 months by default.
• You may request earlier deletion of specific records, subject to your firm's own retention obligations under LSBC rules and applicable law.

7. Your rights

Subject to PIPEDA and BC PIPA, you may request:

• Access — a copy of the personal information Anchor holds about you.
• Correction — to update information you believe is inaccurate.
• Withdrawal of consent / deletion — closure of your account and deletion of associated personal information, subject to backup retention windows above.
• Export — a structured export of your matters and drafts (CSV + ZIP of attachments).

Send requests to [email protected]. We will respond within 30 days.

8. Security

• All traffic is HTTPS-only (HSTS enforced; Cloudflare in front of origin).
• Passwords are bcrypt-hashed; sessions are signed; cookies are HttpOnly + Secure + SameSite=Lax.
• Database access is restricted to the application user; no public Postgres port.
• Backups are encrypted at rest in DigitalOcean Spaces.
• Rate limits + brute-force protection on the sign-in endpoint.
• Incidents are disclosed to affected firms without undue delay (target: 72 hours).

9. Cookies

We use a single first-party session cookie for authentication. We do not use third-party analytics or advertising cookies.

10. Children

Anchor is not directed at children. Family-law matters routinely involve information about minors; that information is treated as confidential matter content under §2.

11. Changes to this policy

Material changes will be announced at least 30 days in advance via email and the in-app "What's new" panel.

12. Contact

Privacy questions or requests: [email protected].