Privacy Policy
LegalAidCMS is a content and communication platform for legal aid organizations. Aeldris is the AI layer that powers intelligent content creation, compliance review, and multi-channel delivery. This Privacy Policy explains how LegalAidCMS and Aeldris under QED42 Engineering Private Limited ("we," "us," "our") collect, use, share, and protect information when you visit our website, request information about our services, or when legal aid organizations use our platform to deliver legal information to the public.
1. Who We Are and What We Do
QED42 Engineering Private Limited, operating as LegalAidCMS, is a technology company based in India providing software services to legal aid organizations primarily in the United States. We provide tools that help legal aid organizations publish legal information, manage compliance workflows, and communicate with the public through web, chat, SMS, and WhatsApp channels. Aeldris is our AI layer that assists with content review, summarization, and compliance checking. We are a technology provider, not a law firm, and we do not provide legal advice.
2. Information We Collect
We collect different types of information depending on how you interact with us. When you visit our marketing website at legalaidcms.com, we collect your IP address, browser type and version, device information, pages you visit, and time spent on pages, referring website addresses, and general location data at the city and country level through cookies, web beacons, and analytics tools. When you submit a demo request or contact form, we collect your name, email address, phone number, organization name, job title, and any message or questions you include. When legal aid organizations subscribe to LegalAidCMS and Aeldris, we collect organization account information, including organization name, billing contact details, authorized user names and email addresses, and subscription information. When legal aid organizations use the platform to publish content and communicate with the public, the platform processes legal content documents uploaded by staff, intake form responses submitted by members of the public, chat messages, SMS messages, and WhatsApp messages between the organization and the public, file attachments and documents, usage data including login times and features used, and content submitted to Aeldris for AI-assisted review or summarization. Our platform automatically logs authentication events and security-related activities, error logs, diagnostic information, and feature usage patterns for troubleshooting purposes.
3. Our Role: Data Controller vs. Data Processor
The nature of our relationship with information depends on the context. We act as the data controller (meaning we determine how and why data is processed) for website visitor information and analytics, demo request and contact form submissions, legal aid organization account information, and platform authentication and access logs. We act as a data processor (meaning we process data only on behalf of and as instructed by the legal aid organization) for intake form responses submitted by the public to legal aid organizations, messages sent via chat, SMS, or WhatsApp between the public and legal aid organizations, documents and content uploaded by legal aid staff, and any personal information about the public contained in content processed by Aeldris. When we act as a data processor, the legal aid organization is the data controller. The organization determines what information to collect, how to use it, and how long to keep it. We process this information only as instructed by the organization and as necessary to provide our services.
4. How We Use Information
We use information to operate and maintain the LegalAidCMS platform and Aeldris AI tools, authenticate users and prevent unauthorized access, process intake forms and route them to appropriate legal aid staff, deliver messages via chat, SMS, and WhatsApp channels, enable Aeldris to review content, check compliance, and generate summaries as directed by organizations, provide customer support and respond to questions, troubleshoot technical issues and improve system performance, develop new features and enhance existing functionality, respond to demo requests and inquiries about our services, send service-related announcements including system updates and security notices, send billing information, detect and prevent fraud, abuse, and security threats, comply with legal obligations including responding to valid legal requests, and maintain audit logs for security and compliance purposes. We analyze aggregated, de-identified usage data to understand how organizations use the platform and improve Aeldris AI features, but we do not use individual client data from legal aid organizations for these analytics purposes.
5. AI Processing and Aeldris
Aeldris uses large language models from Anthropic (Claude) accessed via API. When content is submitted to Aeldris, the content is transmitted to Anthropic's API for processing, Anthropic does not use the submitted content to train its public models, Anthropic does not retain the content beyond the immediate processing session, we receive the AI-generated output and return it to the organization, and we log the interaction (timestamp, user, document type) for quality assurance and system improvement. We do not use your organization's confidential content or client information to train AI models. We may use aggregated, de-identified data about how Aeldris is used to improve functionality, but this does not include the substance of your content. AI systems have known limitations and may produce inaccurate outputs. Organizations are responsible for reviewing all AI outputs before using or publishing them.
6. How We Share Information
We work with third-party service providers who help us deliver our services, including cloud hosting providers (Amazon Web Services, Google Cloud Platform), communication service providers (Twilio for SMS, Meta for WhatsApp Business API), analytics providers (Google Analytics with IP anonymization), payment processors, and AI service providers (Anthropic). These providers have access to information only as necessary to perform their functions and are obligated to protect the information. When we process information on behalf of a legal aid organization, we share that information only with authorized users within that organization. We do not share information collected by one legal aid organization with other organizations or third parties except as directed by the organization or required by law. We may disclose information if required by valid subpoenas, court orders, government requests, emergency situations involving danger of death or serious physical injury, or to establish or exercise our legal rights. When legally permitted, we will notify affected organizations before disclosing their information in response to legal requests. We do not sell personal information to third parties. We do not share information with advertisers or data brokers. We do not use information collected on behalf of legal aid organizations for our own marketing purposes.
7. International Data Transfers
QED42 is based in India. Legal aid organizations using our services are primarily in the United States. Information processed through our platform may be transferred to, stored in, and processed in India, where our company operates, the United States, where our servers and some service providers are located, and other countries where our cloud infrastructure providers maintain data centers. When we transfer personal information internationally, we implement appropriate safeguards, including encryption of data in transit and at rest, data processing agreements with security and confidentiality commitments, and regular security assessments of our infrastructure and practices.
8. Data Security
We implement technical, administrative, and physical security measures to protect information from unauthorized access, loss, misuse, or disclosure. Our security practices include encryption of data in transit using TLS 1.3 or higher, encryption of sensitive data at rest, role-based access controls limiting who can access information, multi-factor authentication for administrative access, regular security audits and vulnerability assessments, employee training on data protection and confidentiality, logging and monitoring of system access and activities, and regular data backups stored in secure, geographically distributed locations. However, no system is completely secure. If we discover a data breach affecting information we process on behalf of a legal aid organization, we will notify the organization within 72 hours and provide information needed for their breach notification obligations. Organizations remain responsible for notifying affected individuals as required by law.
9. Data Retention
We retain organization account information, billing records, and payment history for the duration of the active subscription plus seven years after account closure for tax, accounting, and legal compliance purposes. For information we process on behalf of legal aid organizations, organizations control retention of their content and can delete content at any time through the platform. Deleted content is removed from production systems within 30 days. Backup copies are retained for up to 90 days for disaster recovery purposes. Chat, SMS, and WhatsApp message logs are retained according to organization settings, typically between 90 days and 7 years, depending on the organization's compliance requirements. System access logs, error logs, and security logs are retained for 12 months. Website visitor analytics data is retained for 26 months. Demo request and contact form information is retained until you ask us to delete it or until 3 years of inactivity, whichever comes first. When a legal aid organization terminates its subscription, the organization has 30 days to export its content and data, after which we delete all organization content from production systems.
10. Your Rights and Choices
If you are an authorized user of a legal aid organization's account, you can access and update your profile information through your account settings, request deletion of your user account by contacting your organization's administrator, and request a copy of information we hold about your user account by contacting us at privacy@legalaidcms.com. If you submitted information to a legal aid organization through intake forms, chat, SMS, or WhatsApp, the legal aid organization controls your information, and you should contact them directly to exercise rights regarding your information. If you visited our website or requested a demo, you can request access to information we hold about you, request correction of inaccurate information, request deletion of your information subject to legal retention requirements, and object to the processing of your information for direct marketing. If you are a resident of California, Colorado, Connecticut, Utah, Virginia, or other US states with comprehensive privacy laws, you have rights to know what personal information we collect and how we use it, access a copy of your personal information, correct inaccurate personal information, delete your personal information subject to exceptions, and opt out of sales of personal information. We do not sell personal information. We do not use personal information for targeted advertising. We do not make automated decisions that produce legal or similarly significant effects. To exercise these rights, email datarights@legalaidcms.com. We will not discriminate against you for exercising your privacy rights.
11. Cookies and Tracking Technologies
We use cookies and similar technologies on our marketing website. Essential cookies are required for the website to function and cannot be disabled. These include authentication cookies, security cookies, and load balancing cookies. Analytics cookies help us understand how visitors use our website using Google Analytics with IP anonymization enabled to collect information about pages visited, time spent on site, traffic sources, and general geographic location. You can opt out of Google Analytics using the Google Analytics Opt-out Browser Add-on. We do not use advertising or tracking cookies. We do not engage in cross-site tracking or behavioral advertising. You can control cookies through your browser settings to block or delete cookies, the cookie preference tool on our website, and opting out of Google Analytics as described above. Disabling essential cookies may prevent parts of the website from functioning properly.
12. Children's Privacy
Our marketing website and platform are not intended for children under 13, and we do not knowingly collect information from children under 13. Legal aid organizations serve individuals of all ages, including minors seeking legal assistance. When a legal aid organization collects information from a minor, the organization is responsible for complying with applicable laws regarding minors' information including COPPA where applicable, the organization must obtain any required parental consent, we process information about minors only as directed by the organization and as necessary to provide our services, and we implement age-appropriate security measures for all information processed through the platform. If we become aware that we have collected information directly from a child under 13 without parental consent, we will delete it promptly. If you believe we have information about a child under 13, contact us at privacy@legalaidcms.com.
13. Changes to This Privacy Policy
We may update this Privacy Policy periodically to reflect changes in our practices, services, or legal requirements. When we make changes, we will update the Effective Date at the top of this policy. For material changes, we will notify legal aid organizations by email at least 30 days before the changes take effect, we will post the updated policy on our website, and continued use of our services after changes take effect constitutes acceptance of the updated policy.
14. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us.
Email: privacy@legalaidcms.com
Data Rights Requests: datarights@legalaidcms.com
Security Issues: security@legalaidcms.com
General Inquiries: hello@legalaidcms.com
Mailing Address: QED42 Engineering Private LimitedOffice No. 405, Amar Neptune, Baner Hills Road, Pune – 411045, Maharashtra, India.