Privacy Policy

This Privacy Policy explains how Aureum Technologies LLC (“Aureum,” “we,” “us”) handles information in connection with AureumCore.

1. Two kinds of data

It helps to separate two things:

• Account data — information about your firm and its users (names, email addresses, billing details, usage logs). We act as the controller of this data.
• Your Content — the matters, client records, and documents your firm puts into the platform. Your firm controls this data; we process it on your behalf to provide the service and only under your instructions.

2. Information we collect

• Account and profile: firm name, workspace subdomain, user names and email addresses, role assignments.
• Billing: plan, seat count, and billing contact. Card payments are handled by Stripe; we receive limited details such as the card brand and last four digits, never the full number.
• Your Content: documents, matter and client records, time entries, messages, and anything else you upload or create.
• Usage and audit logs: logins, document downloads, permission changes, and similar events, with user, IP, and timestamp.
• Device and cookie data: the cookies needed to keep you signed in and to run the application.

3. How we use information

We use information to provide and secure the service, authenticate users, process subscriptions, maintain the audit log, provide support, detect and prevent abuse, and communicate with you about your account. We do not sell your information.

4. Confidentiality of Your Content

Your matters are yours. We do not access the contents of your matters and documents except in narrow, logged circumstances — for example, when you ask us for support on a specific record, or where required by law. There is no general back-door admin view on top of your tenant, and your data is isolated from other firms at the database level.

5. AI processing

AI features run on infrastructure we operate. Your Content is not sent to third-party AI providers such as OpenAI or Anthropic, and it is never used to train any model — ours or anyone else’s.

6. Service providers and subprocessors

We use a small number of vendors to run the service, under contracts that limit them to processing data on our behalf. These currently include payment processing (Stripe), cloud hosting in the United States, and e-signature delivery for signing workflows. We do not share Your Content with advertisers.

7. Data retention and deletion

We keep Your Content for as long as your account is active. Deleted records are soft-deleted first and can be restored from the recovery bin for a period before permanent deletion. Encrypted backups are retained on a rolling basis (about 30 days). After your account closes, you have a reasonable period to export your data before we delete it.

8. Security

Documents and the database are encrypted at rest, connections use TLS, two-factor authentication is available to every user, and tenant isolation is enforced on every read and write. No system is perfectly secure, but we take protecting your data seriously.

9. Your rights and choices

Depending on your location, you may have rights to access, correct, export, or delete personal data. For Account data, contact us and we will help. For Your Content, your firm administrator controls access and deletion directly in the app; if you are a client or invited user, please contact the firm that invited you, since they control that data.

10. Cookies

We use only the cookies needed to keep you signed in and operate the application. We do not use third-party advertising cookies.

11. Data location

Your data is hosted in data centers in the United States.

12. Children

AureumCore is a business tool not intended for children, and we do not knowingly collect personal information from anyone under 18.

13. Changes to this policy

We may update this policy from time to time. If we make material changes, we will notify you through the service or by email.

14. Contact

Questions about privacy or a data request? Get in touch.