Privacy Policy

Defensa ("we," "our," or "us") is committed to protecting the privacy and confidentiality of the information you provide when using our legal technology platform. This Privacy Policy explains how we collect, use, store, and protect your information.

1. Information We Collect

Account Information

When you create an account, we collect your name, email address, law firm name, and contact information. This information is used to identify you and provide access to our services.

Evidence and Case Data

When you upload video files, documents, or other evidence to Defensa, we process and store this content to provide transcription and analysis services. This may include body-worn camera footage, custodial interviews, and other case-related materials.

Email Integration Data

If you choose to connect your email account (Gmail or Microsoft Outlook), we access only emails containing Evidence.com links or similar evidence-sharing platforms. We do not access, read, or store your general email correspondence.

Google Drive Integration Data

If you choose to connect your Google Drive account, we access files that you explicitly select for import into Defensa. We access your Google account email address to identify your connection. We do not access, browse, or index files beyond what you specifically choose to import.

Usage Information

We collect information about how you interact with our platform, including pages visited, features used, and timestamps. This helps us improve our services and troubleshoot issues.

2. Google User Data

Defensa integrates with Google services when you choose to connect your Gmail or Google Drive account. This section specifically addresses how we handle data obtained through Google APIs, in compliance with the Google API Services User Data Policy.

2.1. Data Accessed

When you connect your Google account, Defensa may access the following types of Google user data:

• Gmail (read-only access): Email message metadata (subject lines, senders, dates) and message body content, limited to emails that contain links to evidence-sharing platforms such as Evidence.com. We mark processed emails as read to avoid duplicate processing.
• Google Drive (read-only access): File names, metadata, and file content for files you explicitly select for import into Defensa.
• Google Account Email Address: Your email address is accessed to identify and manage your connected account within Defensa.

2.2. How We Use Google User Data

Google user data is used exclusively for the following purposes:

• Evidence Import: Scanning Gmail for Evidence.com links and importing selected Google Drive files into your Defensa cases for analysis.
• AI-Powered Analysis: Imported evidence files are processed using AI transcription and analysis services to generate transcripts, Miranda warnings detection, timeline extraction, and issue identification.
• Account Management: Your Google email address is used to associate your connected account with your Defensa account.

We do not use Google user data for advertising, market research, or any purpose unrelated to providing Defensa's evidence analysis services. We do not use Google user data to train AI or machine learning models.

2.3. Sharing of Google User Data

Google user data may be shared only in the following limited circumstances:

• AI Processing Providers: Evidence files imported from Google Drive are sent to our AI processing providers (OpenAI for audio transcription, Anthropic for analysis) solely to generate transcripts and analysis results. These providers are contractually prohibited from retaining, using, or training on your data.
• Cloud Infrastructure: Data is stored on secure cloud infrastructure (Amazon Web Services) under strict access controls.
• Legal Requirements: We may disclose data if required by law, subpoena, or court order, and will notify you unless legally prohibited.

We do not sell, rent, or trade Google user data to any third party. We do not share Google user data with third parties for advertising or analytics purposes.

2.4. Storage and Protection of Google User Data

• Encryption in Transit: All Google user data is transmitted over HTTPS using TLS 1.2 or higher.
• Encryption at Rest: Stored data is encrypted using AES-256 server-side encryption on Amazon S3 and encrypted database fields.
• OAuth Token Security: Google OAuth refresh tokens are encrypted with AES-256-GCM before storage and are never exposed in logs or API responses.
• Access Controls: Only the authenticated user who connected the Google account can access their imported data. Administrative access is restricted to essential operations personnel.
• U.S.-Based Infrastructure: All storage and processing of Google user data occurs within the United States on AWS infrastructure.

2.5. Retention and Deletion of Google User Data

• Active Account: Imported evidence files and analysis results are retained for as long as your Defensa account is active and you choose to keep the data.
• Disconnection: You can disconnect your Gmail or Google Drive account at any time through your Defensa account settings. Upon disconnection, your OAuth tokens are immediately deleted. Previously imported evidence files remain in your cases until you delete them.
• Data Deletion: You can delete individual cases, videos, or files at any time. Deleted items are moved to trash and permanently removed within 30 days.
• Account Deletion: When you delete your Defensa account, all associated data — including all data obtained from Google — is permanently removed from our systems within 30 days.
• Requesting Deletion: To request deletion of your data, you can use the in-app deletion features, or contact us at support@defensa.app. We will process deletion requests within 30 days.

3. How We Use Your Information

We use your information to:

• Provide transcription and AI-powered analysis of your evidence
• Manage your account and authenticate your access
• Send service-related communications (account verification, security alerts)
• Improve and develop our platform
• Comply with legal obligations

4. AI Processing and Data Usage

Defensa uses artificial intelligence to analyze evidence and generate insights. Regarding AI processing:

• No Training on Your Data: Your evidence and case materials are never used to train our AI models or any third-party AI systems.
• Purpose-Limited Processing: AI analysis is performed solely to provide you with transcription, Miranda detection, timeline extraction, and issue identification services.
• Third-Party AI Services: We use third-party AI providers (such as OpenAI for transcription and Anthropic for analysis) to process your data. These providers are contractually bound to confidentiality and data protection obligations.

5. Data Storage and Security

We implement robust security measures to protect your information:

• Encryption: All data is encrypted in transit using TLS 1.2+ and at rest using AES-256 encryption.
• Access Controls: Strict access controls limit who can view your data within our organization.
• U.S.-Based Infrastructure: All data processing and storage occurs within the United States.
• Audit Logging: We maintain comprehensive logs of all access to your data for security and compliance purposes.

6. Data Sharing

We do not sell, rent, or trade your personal information or case data. We may share information only in the following circumstances:

• Service Providers: Third-party vendors who help us operate our platform (cloud hosting, AI processing) under strict confidentiality agreements.
• Legal Requirements: When required by law, court order, or government request, though we will notify you unless legally prohibited.
• With Your Consent: When you explicitly authorize sharing with others.

7. Your Rights and Choices

You have the following rights regarding your data:

• Access: Request a copy of the data we hold about you.
• Correction: Update or correct inaccurate information.
• Deletion: Request deletion of your account and associated data. When you delete data, we permanently remove it from our systems.
• Data Export: Download your case data and analysis results.
• Email Disconnection: Revoke email integration access at any time through your account settings.

8. Data Retention

We retain your data for as long as your account is active or as needed to provide services. You may delete individual cases or your entire account at any time. Upon account deletion, we remove your data within 30 days, except where retention is required by law.

9. Cookies and Tracking

We use essential cookies to maintain your session and authentication. We do not use third-party advertising or tracking cookies. Analytics cookies, if used, are privacy-respecting and do not track individual users across sites.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or through a notice on our platform. Your continued use after changes constitutes acceptance of the updated policy.

11. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us at:

Defensa
Email: support@defensa.app