Privacy Policy

Archis Technologies ("we," "us," or "our") is dedicated to protecting the privacy and security of the personal and professional information processed through our practice management platform (the "Service"). This Privacy Policy explains how we collect, use, store, and safeguard information when you use our Service.

1. Our Role: Data Controller vs. Data Processor

Under standard data protection principles:

• Data Controller: The law firm or legal practice utilizing the Service ("Customer") is the Data Controller of all client details, litigation tracking data, case histories, task lists, and documents uploaded to the workspace. The Customer is responsible for determining the lawful basis for processing, managing user permission roles, and obtaining necessary client consent.
• Data Processor: Archis Technologies acts as the Data Processor. We process Customer Data strictly in accordance with the Customer's instructions, as defined in our Terms of Service, to run the platform, maintain logical security isolation, and provide technical support.

2. Information We Collect

We collect and process the following categories of information to provide the Service:

• Account & Firm Profile Data: When a workspace is created, we collect the firm name, owner name, owner email address, phone number, and physical address. When team members are invited, we collect their name, email address, and assigned platform role (Lawyer, Paralegal, or Secretary).
• Service & Matter Data: Data inputted by authorized firm members, which includes client details (names, contact numbers, email addresses, physical addresses); case tracking metadata (case names, opposing party names, court hearing dates, case types, and matter status); task details (task titles, descriptions, due dates, assignee IDs, and task discussion comments); financial and billing records (invoices, tax rates, payment dates, amounts, and manual payment method entries); and audit tracking data.
• Uploaded Files and Documents: File binaries uploaded directly to the Service's private storage buckets for specific cases.
• System Telemetry & Aggregated Metrics: Metadata automatically computed by database triggers to manage resource usage, including the total count of active users, cases, clients, documents, and total storage bytes used by the firm.

3. How We Use and Process Information

We process information for the following business purposes:

• Providing, operating, maintaining, and improving the features of the Service.
• Managing customer subscriptions, billing, and processing transaction logs.
• Enforcing tenant data isolation and role-based access control (RBAC) boundaries.
• Troubleshooting technical bugs and providing customer support.
• Monitoring platform performance and protecting against security threats, fraud, or abuse.

4. Data Security and Isolation Architecture

We enforce technical and administrative safeguards to protect your data:

• Row-Level Security (RLS): All customer data is stored in shared database tables but logically isolated at the database engine level. Every query is scoped by the caller's verified `firm_id` session variables.
• Document Storage: Document binaries are stored in private cloud storage buckets, structured by firm and case identifiers. File downloads require a cryptographically signed access token that is time-limited to one (1) hour.
• Administrative Restrictions: Designated Archis support engineers ("Super Admins") possess strictly limited, read-only database query rights solely for troubleshooting and maintenance. Super Admins do not inspect document files or access authentication details, and they cannot alter case logs or client information.

5. Third-Party Sub-Processors and Data Sharing

We do not sell, rent, or trade your data. We share data only with third-party service providers (sub-processors) necessary to run our infrastructure:

• Cloud Hosting and Database Infrastructure: We host our database, storage buckets, and authentication modules on cloud infrastructure provided by Supabase (and its underlying cloud hosting infrastructure).
• Email Deliverability: We utilize cloud mail servers configured for system transaction emails (such as firm invitations and system warnings).
• Legal Compliance: We may disclose data to third parties if required to do so by a valid, legally binding court order, subpoena, or law enforcement warrant. We will notify the Firm Owner of any such request in advance unless we are legally prohibited from doing so.

6. Data Retention and Deletion

• Active Workspaces: We retain Customer Data for as long as the firm's subscription is active.
• Inactive Workspaces: If a firm's subscription expires or is suspended, user login access is restricted, but the data remains stored securely.
• Post-Cancellation Purge: Upon subscription cancellation or account termination, Customer Data remains stored for a period of thirty (30) days to allow for final database exports. Upon the expiry of this 30-day grace period, all database records (cases, clients, tasks, comments, billing entries) and storage files (case documents, invoice PDFs) associated with the firm will be permanently deleted and purged from our primary databases and storage servers. Backup copies, if any, will be overwritten in accordance with standard database backup cycles.

7. User Rights and Client Requests

The clients of your law practice may have specific data rights (e.g., access, rectification, or deletion of their personal information). Because the Law Firm is the Data Controller, clients must submit these requests directly to your firm. Archis provides built-in tools (such as case deletion, client details editing, and document removal) to enable the firm to fulfill client requests.

8. International Data Transfers

Our Service utilizes cloud servers hosted globally by our infrastructure providers. By using the Service, you acknowledge that Customer Data may be hosted, processed, or transferred across international borders. Archis Technologies ensures that our sub-processors maintain high-grade security certifications and contractual data protection safeguards.

9. Changes to this Privacy Policy

We reserve the right to update this Privacy Policy from time to time. We will notify Firm Owners of any material updates via email or in-app notices prior to the changes taking effect. Continued use of the Service after the effective date of an update constitutes acceptance of the modified policy.

10. Contact Us

For inquiries regarding this Privacy Policy or our data handling practices, please contact our privacy compliance officer at: