Privacy Policy

Effective: January 1, 2025

ReferU.AI, a Public Benefit Corporation ("ReferU.AI," "we," "us," or "our") operates an AI-enabled platform that helps people find attorneys and provides a legal research agent. This Privacy Policy explains how we collect, use, disclose, secure, and retain information when you access our websites, applications, and services (collectively, the "Services").

By using the Services, you acknowledge that your personal information will be handled as described in this Policy. If you do not agree, please do not use the Services.

Key Privacy Commitments (At-a-Glance)

  • No AI Model Training on Your Data: We do not use your content—redacted or de‑identified—to train or fine‑tune proprietary or third‑party AI models.
  • No AI Model Training on Your Data: We do not use your content—redacted or de‑identified—to train or fine‑tune proprietary or third‑party AI models.
  • Challenge to Legal Demands: We in good faith contest, narrow, or challenge legal requests and only disclose when compelled by a lawful court order; we’ll notify you when legally permitted.
  • No Third‑Party Data Selling/Sharing: We do not sell or share your data; limited disclosures only to licensed attorneys for potential representation and to contracted service providers acting on our instructions.
  • Chat Session Handling: After a chat ends, session content is removed from active chat systems and necessary information is securely stored in our customer relationship management (CRM) software; we retain only what’s needed and honor deletion requests subject to legal/operational limits.
  • Encryption: TLS for data in transit; AES‑256 for data at rest; additional field‑level encryption for designated sensitive fields.
  • Account Security: Salted, adaptive password hashing (e.g., bcrypt/Argon2), MFA for employee accounts, strict RBAC, continuous monitoring, audit logs, and real‑time intrusion detection/alerting.
  • Testing & Research: Monthly penetration tests with redacted public summaries; bug bounty rewards from USD $200 to $20,000 for qualifying reports.
  • Cookies: Functional cookies and limited ads‑effectiveness measurement only; no use of cookies to collect PII or case details; manage cookies via your browser settings.

Who We Are

Controller: ReferU.AI, a Public Benefit Corporation

Contact: support@referu.ai | (832) 299-4339

Mailing Address: 8 The Green, #23899, Dover, DE 19901

Scope and Key Definitions

This Policy applies to information we process in relation to users of the Services.

“Personal Information” or “PII” means information that identifies or reasonably relates to an identified or identifiable individual.

“Attorneys” means licensed legal professionals who may receive limited user information for the sole purpose of evaluating potential representation and facilitating consultations. Attorneys are not our agents or employees and operate under their own privacy and security policies.

“Fi” means ReferU.AI’s legal research agent described in Section 13.

What We Collect

We collect information you provide directly, information generated through your use of the Services, and information from publicly available sources relevant to our matching and research features (e.g., court dockets, filings, opinions, attorney disciplinary records, and other public legal data).

1. Information You Provide

  • Case descriptions and related narrative or documents you upload.
  • Contact details (e.g., name, email address, phone number) when provided.
  • Preferences relevant to attorney matching (e.g., location, budget, language).
  • Communications with us (e.g., support requests) and survey responses.

2. Information Collected Automatically

  • Device and usage data (e.g., browser type, pages visited, referrers, approximate location derived from IP address, timestamps).
  • Log data necessary to operate, secure, and troubleshoot the Services.

3. Publicly Available/Third-Party Sources

  • Court and regulatory records used to identify and match users with attorneys.

We do not collect sensitive information unless you choose to provide it (see Section 5 for redaction before AI processing).

How We Use Information

We use information to:

  • Provide and operate the Services, including attorney matching, consultation scheduling, and our legal research features.
  • Communicate with you about matches, scheduling, updates, and service-related notices.
  • Maintain the security and integrity of the Services, including fraud prevention, abuse monitoring, debugging, and incident response.
  • Comply with legal obligations and enforce our terms.

We do not use your information—including redacted or de-identified data—to train, fine-tune, or otherwise improve any third-party or proprietary AI models (see Section 6).

1. Redaction of Personally Identifiable Information (PII) Before AI Processing

Prior to transmitting any user-submitted content to our AI systems, ReferU.AI will apply automated measures to remove or redact PII prior to AI processing, including:

  • Social Security numbers.
  • Driver’s license numbers (including state ID numbers).
  • Complete date of birth (DOB).
  • Home address.
  • Phone numbers.
  • Email addresses.
  • Bank account information and credit/debit card information (including card number, expiration date, and security codes).
  • Mental health information (including diagnoses, treatment details, provider names, or notes).
  • Names of minors.
  • Information that directly identifies (or would reasonably enable identification of) victims of sexual assault, domestic violence, or stalking.

Note: Some Services require limited contact details (e.g., to schedule a consultation). In those cases, contact information may be processed by our systems as necessary to provide the requested feature and is handled as described in this Policy.

2. No Use of Your Data for AI Model Training

Data processed by our AI systems is used exclusively to deliver matching and research services. ReferU.AI does not use your information—including redacted or de-identified data—to train, fine-tune, or otherwise improve any third-party or proprietary AI models. Our systems operate on a non-training, non-retention basis with respect to user content, except as necessary to provide the Services and as described in Section 10 (Retention) and Section 11 (Security & Monitoring).

3. Information Submitted to Attorneys

This Privacy Policy does not extend to the practices of attorneys, who maintain their own privacy policies and security measures. Your PII and case-related details may be submitted to attorneys via phone, email, or their contact forms solely to evaluate potential representation and to facilitate determination of whether to engage as counsel. We do not control attorneys’ security measures. Any attorney–client relationship is between you and the attorney, not ReferU.AI.

4. No Third-Party Data Sharing (with Narrow Exceptions)

ReferU.AI does not sell, share, or disclose your information to third parties. Notwithstanding the foregoing, we may disclose personally identifiable information and case-related details to licensed attorneys solely for the purpose of evaluating potential representation and facilitating determination of whether to engage as counsel. Any such disclosure occurs only within the context of identifying suitable legal counsel and evaluating representation.

We also engage service providers ("processors") who act on our behalf and under our instructions to operate the Services (e.g., cloud hosting, AI processing, CRM, security, analytics strictly limited to service operations). These service providers are contractually required to implement security and privacy safeguards commensurate with the sensitivity of the data and may not use information for their own purposes. Use of certified providers does not, by itself, confer the same certifications on ReferU.AI.

5. Chat Session Handling; Retention and Deletion

  • Chat Session Handling and CRM. Promptly after a chat session ends, session content is removed from active chat processing systems and necessary information is securely transmitted to and stored in our CRM.
  • Retention. We retain data only as long as necessary to provide the Services or as required by law. Limited operational logs and encrypted backups may retain information for a bounded period consistent with security, fraud prevention, audit, and disaster recovery needs.
  • Data Minimization & Anonymization. We collect and retain only what is necessary to provide the Services. Where feasible, PII is anonymized or pseudonymized, consistent with Section 5 (Redaction of PII Before AI Processing).
  • Deletion. You may request deletion of your data at any time by contacting support@referu.ai. We will delete it subject to legal, security, and operational limits (e.g., fraud prevention, audit, or backup retention windows). Deletions from backups will occur in the ordinary course of backup rotation.

Cookies and Similar Technologies

  • Only Necessary Cookies. We use functional cookies (e.g., for session management and preference storage) and limited measurement cookies to assess the effectiveness of our advertising so we can reach more users.
  • No PII or Case Details. PII and case details are not collected or used via cookies for these purposes. You can control cookies through your browser settings. We do not use cookies for cross-site behavioral profiling of case content.

Security

We implement administrative, technical, and organizational measures to help protect information within our systems. Without limiting the foregoing, ReferU.AI represents the following measures:

  • Encryption in Transit (TLS). Data transmitted between you and our Services is protected using Transport Layer Security (TLS) to encrypt information in transit and mitigate interception by unauthorized parties. (We do not rely on legacy SSL.)
  • Encryption at Rest (AES-256). When stored on our systems, data is encrypted at rest using the Advanced Encryption Standard (AES-256).
  • Field-Level Encryption. Designated sensitive fields (for example, specific PII and case-related elements) are encrypted at the field level in addition to storage-level encryption, providing granular protection for highly sensitive information.
  • Data Encryption (Hashing). We use modern cryptographic hashing appropriate to the use case. Passwords are not stored using MD5 or raw SHA-256; they are stored using salted, adaptive password hashing (e.g., bcrypt or Argon2). SHA-256 may be used for integrity checks and non-password hashing. MD5 may be used only for non-security checksums where cryptographic strength is not required.
  • Secure Authentication. Employee accounts are protected by secure password storage and multi-factor authentication (MFA). Access is limited to personnel with a legitimate business need.
  • Role-Based Access Controls (RBAC). Access to systems and data is governed by role-based, least-privilege controls aligned with job responsibilities.
  • Audit Logs and Monitoring. We continuously monitor our systems for unauthorized access and maintain audit logs of system activity. Our environment employs real-time intrusion detection and alerting to help identify and respond to potential security threats.
  • Secure Data Storage & Backup. User data is stored securely with redundancy and regular, encrypted backups to mitigate data loss. Backup media are stored in secure locations.
  • Monthly Penetration Testing. We conduct monthly penetration testing by qualified testers. We publish public summaries of findings (with sensitive details redacted or delayed where appropriate) at https://blog.referu.ai/penetration-test-reports.
  • Bug Bounty Program. ReferU.AI welcomes responsible security research. As a token of appreciation, we may award cash bounties for qualifying, original vulnerability reports, ranging from USD $200 (low severity) up to USD $20,000 (exceptional impact). Final award amounts and eligibility are at ReferU.AI’s sole discretion, based on severity, exploitability, impact, and report quality (including clear reproduction steps or proof-of-concept).
  • How to report: Email support@referu.ai with a detailed description, affected asset(s), reproduction steps, and PoC if available.
  • Conditions: You must act in good faith, avoid privacy violations or data exfiltration, do not disrupt services (e.g., DoS), avoid social engineering, and allow reasonable time for remediation before any disclosure. Duplicate or non-security issues may be ineligible. We may modify or discontinue the program at any time.

Important: No method of transmission or storage is perfectly secure. We cannot guarantee absolute security.

Fi – Legal Research Agent

The same measures described in this Policy apply to Fi. Users may voluntarily authenticate their email and phone number to receive more queries. The general topic of a research session (e.g., “Brown v. Board of Education,” “Miranda v. Arizona” etc.) may be saved so that, if you opt in, you can receive updates on topics you’re interested in. You can withdraw consent at any time via the unsubscribe link included in those emails.

Your Privacy Rights

Depending on where you live, you may have rights with respect to your personal information, such as the rights to access, correct, delete, restrict processing, object, or data portability. U.S. state residents (e.g., under the CCPA/CPRA) may have additional rights to know/access, correct, delete, and to opt out of certain disclosures. ReferU.AIdoes not sell or share personal information as those terms are defined by applicable U.S. state privacy laws.

To exercise your rights, email support@referu.ai with the subject line “Privacy Request.” We will verify your request and respond as required by applicable law. You may authorize an agent to submit a request on your behalf where permitted by law.

International Users

ReferU.AI is based in the United States. If you access the Services from outside the U.S., your information may be transferred to, stored in, and processed in the U.S. By using the Services, you acknowledge these transfers.

Children’s Privacy

The Services are not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child has provided us personal information, please contact support@referu.ai, and we will take appropriate steps to delete such information.

Incorporation by Reference

Our Terms of Service is incorporated into this Privacy Policy by reference. By using our Services, you agree to the Terms of Service.

Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will provide notice (e.g., by email or through the Services) and update the “Effective date” above. Your continued use of the Services after a change means you accept the updated Policy.

Contact Us

If you have questions about this Policy or our privacy practices, please contact us at support@referu.ai.

Subscribe To Our Newsletter!

Social Media
Facebook
Instagram
TikTok
Twitter
LinkedIn
Contact
(832) 299-4339
support@referu.ai
ATTORNEY ADVERTISING. This site is for informational purposes only and may be considered attorney advertising in some jurisdictions. ReferU.AI is not a law firm and does not provide legal advice. Use of this site or communication with ReferU.AI does not create an attorney–client relationship, and the protections of such a relationship do not apply.

HOW WE MATCH AND HOW WE GET PAID. Matches are generated using objective criteria applied to authoritative public data about courts and attorneys (for example, court documents, bar-association information, and recognized certifications). Attorneys cannot pay to be included on the platform or to be ranked higher in your results, and we do not use self-submitted marketing profiles to generate matches. When you choose to have us facilitate a consultation with an attorney identified through the platform, we may charge that attorney a standard technology and marketing fee for that introduction. This fee is not charged to you and is not a share of, or percentage of, any legal fees or recovery.

EVERY CASE IS UNIQUE. Any statistics, examples, or case outcomes referenced on this site are based on selected data and time periods and our internal methods for identifying similar matters. They are illustrative only. Every case is unique, and outcomes depend on many factors, including the specific facts and law of each matter and the attorney you choose. Past performance does not guarantee future results.
© 2024 All Rights Reserved
AboutPrivacy PolicyTerms of ServiceBlog