§ 03 · Privacy

Privacy.

Last updated · Apr 28, 2026

This Privacy Policy describes what OpenCounsel collects when you use the Service, how we use it, who else sees it, and how long we keep it. We are a California-licensed law firm, so the data you share with us is also governed by California Bar rules on client confidentiality and recordkeeping.

01What we collect

To provide a consultation and produce a report, we collect:

CategoryWhat it includes
IdentityMobile phone number, first and last name.
LocationThe California ZIP code where the issue is happening.
Intake summaryThe text you write in the “in your own words” field.
ConsultationAudio recording of the call and a written transcript.
DocumentsAnything you upload: leases, notices, photos, receipts.
ReportThe Legal Situation Report we generate from the call and your documents.
Audit logTime-stamped records of privileged events (intake submitted, disclaimer accepted, report generated, etc.) including the IP address and user-agent string for each event. Required by California Bar rules.

We do not collect Social Security numbers, financial-account credentials, or government ID numbers. The Service does not gather precise device location or microphone access outside the explicit voice consultation you initiate.

02How we use it

  • To run the consultation and generate your report.
  • For attorney supervision and review of flagged matters.
  • To communicate with you about the consultation and any follow-up engagement.
  • For audit and compliance with California Bar rules.
  • To improve the Service in aggregate, with personally-identifying details removed.

We do not sell or rent your information, and we do not use it for advertising. Not to OpenCounsel users, not to anyone else.

03Who else sees it

Your data is restricted to:

  • The supervising California-licensed attorney who reviews flagged matters and signs the report.
  • OpenCounsel personnel with a need-to-know for technical support or audit response, bound by confidentiality.
  • Sub-processors we use to deliver the Service. Each operates under a data-processing agreement that limits use to providing services to OpenCounsel:
    • Supabase (database, authentication, file storage)
    • Twilio (SMS verification, telephony)
    • Retell.ai (voice agent)
    • Vercel (web hosting)
    • The model providers we use to draft reports
  • Attorneys you engage on a separate retainer, if you ask us to share your file.
  • Authorities if compelled by valid legal process, and only the specific data the process actually compels.

04How long we keep it

California Bar rules require attorneys to keep client-matter records for seven years after the matter closes. We follow that period as a baseline for consultation files, recordings, transcripts, and reports.

Audit-log entries are retained for the same seven-year period and cannot be deleted early. They exist precisely so the firm can demonstrate compliance if the Bar inquires.

You can request deletion of optional data (uploaded documents you decide you do not want us to keep, for example) and we will honor it where Bar rules and these Terms permit. Some core records, including the audit log, must remain.

05California residents (CCPA / CPRA)

If you are a California resident, you have the rights to:

  • Know what personal information we hold about you.
  • Receive a copy of that information in a portable format.
  • Correct inaccurate personal information.
  • Delete personal information, subject to the seven-year retention noted above.
  • Opt out of any sale or sharing of personal information (we do not sell or share).
  • Be free from discrimination for exercising any of these rights.

To exercise these rights, email privacy@opencounsel.co. We may need to verify your identity (typically by sending a code to the phone on file) before processing the request.

06Security

The data lives in a Postgres database on Supabase with row-level security enforcing read-own access; no client-side process can write directly. Files in storage are private with path-prefix access control. Communications between your browser and our servers are TLS-encrypted. Internal access is logged and reviewed.

No security model is perfect. If we ever discover a breach affecting your data we will notify you in accordance with California law.

07Children

The Service is for adults 18 or older. We do not knowingly collect information from minors. If you believe we have, email privacy@opencounsel.co and we will delete it.

08Korean-speaking users

We offer the consultation and report in Korean as well as English. Korean-language data is handled identically; this Privacy Policy applies in full. A Korean translation of this policy will be published when the Korean route launches; the English version governs in case of conflict.

09Changes

When we change this policy in any material way we will post the new version here and update the “Last updated” date. If the change affects how we handle data you have already given us, we will notify you by SMS at the phone on file.

10Contact

Privacy requests: privacy@opencounsel.co. General contact: hello@opencounsel.co.