lawmem.ai is operated by Blue Swan Ventures, LLC, a Florida limited liability company located at 1201 E Broward Blvd, Fort Lauderdale, FL 33301. We are the data controller for personal data collected through lawmem.ai.
For data protection inquiries, contact us at david@lawmem.ai.
We collect the minimum information necessary to operate the Service:
| Category | Data Collected | Source |
|---|---|---|
| Account data | Email address, company/organization name | Provided at signup |
| API credentials | API key (stored as bcrypt hash — plaintext not retained after issuance) | Generated at signup |
| Billing data | Stripe customer ID, subscription plan, payment status | Stripe (on subscription) |
| Wallet data | Blockchain wallet address (for x402 payment users) | Provided by customer/agent |
| Usage data | API call counts, timestamps, endpoint (store/recall), memory IDs | Automatically logged |
| Audit logs | Timestamp, API key hash, operation type, memory ID | Automatically logged |
| Website analytics | Page views, referrers, device type, country (no personal identifiers) | Plausible Analytics |
We do not collect: names of individual users, phone numbers, IP addresses linked to identities, or behavioral tracking data beyond what is described above.
We use the information we collect exclusively to:
We do not use your information for marketing, advertising, or sale to third parties. We do not use Customer Data to train AI models.
"Customer Data" means all content you submit to the Service via the /store endpoint — the text, metadata, and embeddings stored in your namespace.
Isolation: Customer Data is stored in namespaces keyed to your API Key. No other customer, operator, or system can access your namespace. Namespace isolation is enforced at the architectural level on every query.
Processing: Customer Data is processed solely to provide the Service — specifically, to generate vector embeddings for semantic search and to return results via the /recall endpoint. We do not read, analyze, or retain Customer Data for any other purpose.
Deletion: You may delete individual memories at any time via the DELETE /memory/{id} endpoint. Upon account termination, all Customer Data is deleted from both the vector database (Qdrant) and the relational database (PostgreSQL) within 30 days.
Your responsibility: You are solely responsible for ensuring that Customer Data you submit complies with applicable confidentiality obligations, privilege protections, and data protection law. Do not submit data that you do not have the legal right to process.
lawmem.ai uses Plausible Analytics (plausible.io) to collect aggregate, anonymized website traffic data. Plausible is a privacy-first analytics service that:
The data collected by Plausible is limited to: page URL, referrer source, browser, operating system, device type, and country (derived from IP, not stored). No IP addresses are stored.
Monthly subscription billing is processed by Stripe, Inc. We do not store credit card numbers or full payment instrument details on our systems. Stripe stores and processes payment data in accordance with PCI DSS standards.
When you subscribe, Stripe assigns a customer ID and subscription ID that we store in our database to manage your account. You can manage your payment methods and view invoices via the Stripe Customer Portal accessible from portal.lawmem.ai.
Stripe's privacy practices are governed by the Stripe Privacy Policy.
Pay-as-you-go and overage payments are processed on the Base blockchain network using the x402 protocol in USDC. Blockchain transactions are publicly visible and permanently recorded on the Base network. We record wallet addresses in our database solely for billing verification.
We do not link wallet addresses to personal identities unless you have provided both in the course of registration or support. We do not share wallet address data with third parties.
Blockchain data is inherently public and outside our control. If you are concerned about on-chain privacy, consider the public nature of Base network transactions before using x402 payment features.
We do not sell, rent, or trade personal data. We share data with the following service providers only as necessary to operate the Service:
| Provider | Purpose | Data Shared |
|---|---|---|
| Stripe | Subscription billing | Email, billing amounts, subscription status |
| Resend | Transactional email delivery | Email address, email content |
| Hetzner | Server infrastructure | All data stored on server (encrypted at rest using LUKS2 full-volume encryption (AES-256)) |
| Plausible | Website analytics | Anonymized page view data (no personal data) |
| Coinbase CDP | x402 payment verification | Wallet address, payment amounts |
| Cloudflare | DNS, CDN, Zero Trust access | Network traffic metadata |
We may disclose information if required by law, court order, or regulatory authority, or if we reasonably believe disclosure is necessary to protect the rights, property, or safety of Blue Swan Ventures, LLC, our customers, or the public.
You may request deletion of your account and associated data at any time by contacting david@lawmem.ai.
We implement technical and organizational measures to protect your data, including:
No security measure is perfect. In the event of a data breach that is likely to result in high risk to your rights and freedoms, we will notify you and applicable regulators as required by law.
If you are located in the European Economic Area or the United Kingdom, you have the following rights under GDPR / UK GDPR:
Our legal basis for processing your personal data is: performance of a contract (account data, billing), legitimate interests (audit logs, security), and consent (analytics via Plausible — no consent required as Plausible collects no personal data).
Legal Pro customers may request a Data Processing Agreement (DPA) at david@lawmem.ai.
To exercise any of these rights, contact us at david@lawmem.ai. We will respond within 30 days.
If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):
To exercise your rights, contact us at david@lawmem.ai. We will respond within 45 days as required by law.
lawmem.ai uses cookies minimally:
We do not use advertising cookies, tracking cookies, or third-party analytics cookies that require consent under GDPR or PECR.
The Service is not directed at children under the age of 18 and is intended for business and professional use only. We do not knowingly collect personal data from children. If we become aware that we have inadvertently collected data from a child under 18, we will delete it promptly.
We may update this Privacy Policy from time to time. We will notify you of material changes by email to the address associated with your account or by posting a notice on lawmem.ai. The effective date at the top of this page will be updated accordingly.
Your continued use of the Service after any changes constitutes acceptance of the updated Privacy Policy.
For privacy inquiries, data access requests, deletion requests, or questions about this Policy:
We aim to respond to all privacy inquiries within 30 days.