Attorney-Client Privilege Protection FormHarbor operates as a limited technical agent of licensed attorneys solely to preserve attorney-client privilege and confidential legal communications. We maintain SOC 2 Compliant Architecture security controls and strict confidentiality protocols.
1. Overview
FormHarbor ("Company," "we," "us," or "our") provides litigation drafting and research support services exclusively to licensed attorneys ("Partner Attorneys"). This Privacy Policy explains how we collect, use, protect, and disclose information related to our B2B services.
1.1 Our Commitment
We are committed to:
- Preserving attorney-client privilege and work-product doctrine
- Maintaining SOC 2 Compliant Architecture security standards
- Protecting confidential legal data with military-grade encryption
- Complying with CCPA, GDPR, and attorney ethics rules
- Never using client data to train public AI models (CA SB 574 compliant)
2. Information We Collect
2.1 Partner Attorney Information
When you register for FormHarbor services, we collect:
- Professional Information: Name, bar number, law firm name, practice areas
- Contact Information: Email address, phone number, business address
- Authentication Data: Login credentials, security questions
- Billing Information: Payment method, billing address (processed via PCI-compliant third parties)
2.2 Case-Related Information
To provide drafting support services, we may receive:
- Client Data: Names, A-numbers, receipt numbers, immigration history
- Case Materials: A-Files, USCIS notices, supporting documents
- Legal Research: Case law, statutes, precedents
- Communications: Email, portal messages, project instructions
Important: All client data remains subject to attorney-client privilege. FormHarbor acts as your agent to preserve this privilege, not as a separate party with independent access rights.
2.3 Technical Information
We automatically collect:
- Log Data: IP addresses, browser type, access times, pages viewed
- Device Information: Device type, operating system, unique identifiers
- Cookies: Session cookies for authentication (see Section 8)
- Usage Analytics: Feature usage, portal activity, document downloads
3. How We Use Information
3.1 Service Delivery
We use collected information to:
- Prepare litigation drafts, motions, and legal research
- Conduct A-File forensic analysis and timeline construction
- Verify legal citations and Bluebook compliance
- Provide technical legal memoranda and research support
- Deliver white-label work product to Partner Attorneys
3.2 Platform Operations
- Authenticate user access and prevent unauthorized use
- Process billing and payments
- Send service updates and project notifications
- Improve platform features and user experience
- Maintain audit trails for quality assurance
3.3 Legal Compliance
- Comply with court orders, subpoenas, or legal processes
- Investigate fraud, security threats, or terms violations
- Maintain records for SOC 2 compliance audits
- Preserve evidence for potential litigation
4. How We Protect Information
4.1 Encryption & Security
| Security Measure | Description |
|---|---|
| Data at Rest | AES-256 encryption for all stored data |
| Data in Transit | TLS 1.3 encryption for all transmissions |
| Access Controls | Role-based access, multi-factor authentication |
| Network Security | Firewalls, intrusion detection, DDoS protection |
| Audit Trails | Complete logging of all data access and changes |
| SOC 2 Compliant Architecture | Annual third-party security audits |
4.2 Physical Security
- Data centers with 24/7 security monitoring
- Biometric access controls
- Video surveillance and access logs
- Redundant backup systems
4.3 Personnel Security
- Background checks for all team members
- Confidentiality agreements (NDAs) with all employees
- Regular security training and compliance updates
- Zero offshore labor (100% U.S.-based team)
5. Information Sharing & Disclosure
5.1 We Do NOT Share With:
- ❌ Public AI training models (CA SB 574 compliant)
- ❌ Marketing or advertising platforms
- ❌ Data brokers or third-party marketers
- ❌ Offshore contractors or non-U.S. entities
- ❌ Government agencies (except under valid legal process)
5.2 Limited Sharing Permitted:
We may share information only with:
- Service Providers: Payment processors, cloud hosting (all under NDA and BAAs)
- Legal Obligations: Court orders, subpoenas, regulatory investigations
- Business Transfers: Merger, acquisition, or sale (with notice to Partner Attorneys)
- Consent: When you explicitly authorize sharing
6. California SB 574 Compliance
In compliance with California SB 574 (effective January 1, 2026):
- ✅ We verify all legal citations against live databases before delivery
- ✅ We do NOT use client data to train public or commercial AI models
- ✅ Partner Attorneys can independently verify all citations
- ✅ We maintain audit trails of citation verification processes
- ✅ We comply with Rule 1.6 (Confidentiality of Information)
7. Your Privacy Rights
7.1 CCPA Rights (California Residents)
Under the California Consumer Privacy Act, you have the right to:
- Access: Request a copy of all data we hold about you
- Deletion: Request deletion of your data (subject to legal retention requirements)
- Correction: Request correction of inaccurate information
- Opt-Out: Opt-out of data sales (Note: We do not sell data)
- Non-Discrimination: Exercise rights without penalty
7.2 GDPR Rights (EU Residents)
Under the General Data Protection Regulation, you have:
- Right to access, rectification, erasure, and portability
- Right to restrict or object to processing
- Right to withdraw consent
- Right to lodge complaints with supervisory authorities
7.3 How to Exercise Rights
Contact us at privacy@formharbor.com or call 1-866-497-9628. We will respond within 30 days.
8. Cookies & Tracking
We use essential cookies for:
- Authentication: Keep you logged into the partner portal
- Security: Prevent cross-site request forgery (CSRF)
- Analytics: Understand platform usage (anonymized data only)
We do NOT use advertising cookies or third-party tracking pixels.
9. Data Retention
We retain data as follows:
| Data Type | Retention Period |
|---|---|
| Partner Attorney Account Data | Duration of relationship + 7 years |
| Case Materials & Work Product | 7 years after project completion |
| Billing Records | 7 years per IRS requirements |
| Security Logs | 2 years (SOC 2 requirement) |
| Technical Analytics | 18 months (anonymized) |
10. Children's Privacy
FormHarbor services are intended for licensed attorneys only. We do not knowingly collect information from individuals under 18 years of age.
11. International Data Transfers
All data is stored and processed in the United States. We do NOT transfer data to offshore contractors or international entities. If you are accessing FormHarbor from outside the U.S., you consent to data processing in the United States.
12. Changes to This Policy
We may update this Privacy Policy with 30 days' notice via email to registered Partner Attorneys. Material changes will require affirmative consent. Continued use after notice constitutes acceptance of updated terms.
13. Contact Us
For privacy questions or to exercise your rights, contact:
FormHarbor Privacy Officer
Email: privacy@formharbor.com
Phone: 1-866-497-9628
Mail: FormHarbor Privacy Office, 123 Legal Plaza, San Francisco, CA 94102
By using FormHarbor's services, you acknowledge that you have read and understood this Privacy Policy and agree to our data practices as described herein.