Privacy
Privacy Policy
Last updated: 2026-04-25
Who we are
Advottic ("we", "us") is operated by Techno Optics LLC. Contact: contact@advottic.com.
What we collect
- Account info: email address (and optional name, role, organization, avatar URL) when you sign in via Google, Microsoft, or email magic link.
- Case content you create: case files, descriptions, exhibits (file uploads with metadata you provide), and Advottic Reviews.
- Collaborators: emails you enter to invite collaborators to your cases.
- Billing: if you subscribe, a Stripe customer ID and subscription status. We never see or store your card details - Stripe handles those directly.
- Operational logs: IP addresses on Advottic Review / Bella requests for rate limiting and standard server logs from our hosting provider.
- Feedback submissions: when you use the in-app feedback form, we record the page you were on, your browser user-agent, and the account email so we can follow up. We do not capture case content from the feedback form.
Why we process it (legal bases)
- Contract: providing the service you signed up for (case organization, Advottic Review, exports).
- Legitimate interests: securing the platform, preventing abuse, keeping the service running.
- Consent: optional analytics and profile customizations.
- Legal obligation: tax records for paid subscriptions; responses to valid legal process.
Sub-processors
We share the minimum data needed with these third parties to run the service:
- Vercel - hosting + edge network.
- Supabase - authentication, database (Postgres), file storage.
- Anthropic - natural-language processing partner used by Advottic Review and Bella. Inputs travel over TLS and, under the partner's commercial terms, are not used to improve any outside service.
- Stripe - subscription billing for paid plans.
- Resend - transactional email delivery (sign-in codes, signing request notifications, billing receipts, collaborator invites, Safe Witness alert emails). We send Resend the recipient address, the email subject and body, and the rendered HTML. We do not send case content beyond what the user has explicitly chosen to share via email (e.g., a signing request).
- Twilio - SMS delivery for Safe Witness alerts only. When a user triggers Safe Witness, we send Twilio the recipient phone number and the alert text (which includes a short verification PIN the user pre-shared with the contact, the user’s GPS location URL, and a tel:911 link). Twilio is not used for any marketing or recurring messaging. The recipient must have been explicitly added to the user’s Safe Witness contacts list inside Advottic before any message can be sent, and the user can remove the contact at any time from /profile to revoke future messages.
Your rights (GDPR / CCPA)
You can exercise these rights at any time, free of charge:
- Access & portability: export your data as JSON from the Profile page.
- Rectification: edit your profile / case data directly in the app.
- Erasure: delete your account from the Profile page. This deletes all cases, exhibits, reviews, and your authentication record. Stripe billing history is retained as required by law.
- Restriction / objection: email us to pause specific processing.
- Complaint: lodge a complaint with your local data-protection authority.
Retention
We keep your data for as long as your account is active. When you delete your account we erase the records described above immediately, except where law requires retention (for example, billing records).
Security
- All traffic is encrypted in transit (TLS).
- Database and storage at rest are encrypted by Supabase.
- Row-level security policies ensure users can only read and modify their own cases (and shared collaborator cases).
- Server-side actions are CSRF-protected via Next.js' built-in mechanisms.
- HSTS, frame-deny, and strict referrer headers are enforced site-wide.
Cookies
We use essential cookies only - to keep you signed in. We do not use advertising or third-party tracking cookies.
Changes
We'll post material changes to this policy on this page and update the date at the top.
Children
Advottic is intended for adults handling their own legal matters and for the law firms that serve them. The service is not directed at anyone under 18, and we do not knowingly collect personal information from anyone under 18.
In line with the U.S. Children’s Online Privacy Protection Act (COPPA), if we learn that we have collected personal information from a child under 13 without verifiable parental consent, we will delete that information promptly. If you are a parent or guardian and believe your child has provided us with personal information, please email contact@advottic.com and we will delete it within 30 days.
When working on matters that involve a minor (a custody case, a school discipline matter, a guardianship), the adult Advottic account holder controls the matter file. We do not require a child to log in or provide information directly.
Mobile apps (iOS & Android)
The Advottic native apps wrap the same web service inside a native shell. The data we collect from a mobile session is identical to the web session: account email, your case content, the documents you upload, your billing identifiers, and basic device user-agent for troubleshooting. Mobile-specific notes:
- Sign in with Apple. If you sign in via Apple, Apple may share a private relay email address rather than your real one; we send all account email to whichever address Apple gives us, and you can manage that relay from your Apple ID settings.
- Camera / files. We request permission only when you explicitly attach an exhibit. We do not pre-scan your camera roll, contacts, or location.
- Push notifications. Disabled by default. If you opt in, we use them only for case-activity alerts (a hearing reminder, a new collaborator comment) and never for marketing.
- Tracking. The mobile apps do not track you across other apps or websites and do not include third-party advertising SDKs. Apple’s App Tracking Transparency prompt will not be shown because we do not request the IDFA.
- Children. Same rule as the web service: the mobile apps are not directed at anyone under 18, and we do not knowingly collect personal information from anyone under 18. See the “Children” section above for full details and the COPPA contact path.
Contact
Email contact@advottic.com for any privacy-related question or to exercise a right above.
