Privacy Policy
Effective Date: June 11, 2026 | Last Updated: June 11, 2026
The short version: Attorney Minds is sold only to licensed U.S. law firms. The Firm is the data controller; Detailed In Design is a confidential data processor that hosts the Service. We host your data on infrastructure we operate, with each Firm's data logically segregated, encrypted in transit (TLS 1.3) and at rest (AES-256). We process Firm and Client data solely to provide the Service. We never train AI models on it, never sell it, and never share it except as required by law (with notice where permitted) or with confidentiality-bound subprocessors. Attorney-client privilege is supported by architecture, contract, and policy.
1. Introduction and Scope
This Privacy Policy describes how Detailed In Design, LLC ("Company," "we," "us," or "our"), an Illinois limited liability company, collects, uses, hosts, and protects information in connection with the Attorney Minds AI-powered legal practice management platform and its five client-portal modules - Real Estate Legal Workflow, Estate Plan Plus, Probate Navigator, Landlord Legal Ops, and Family Property Protection (collectively, the "Service").
The Company is a software company. It is not a law firm, provides no legal advice, and exercises no legal judgment. AI-generated outputs are drafts only until reviewed and approved by a licensed attorney.
Who buys and uses the Service: Attorney Minds is sold exclusively to licensed U.S. law firms following firm verification and purchase approval. The licensed law firm (the "Firm" or "Subscriber") is the buyer. Attorneys and supervised non-attorney staff of the Firm are "Authorized Users." The Firm's clients (each a "Client") are not subscribers; a Client accesses a portal module only as provided by their assigned attorney, and all legal work product is gated behind mandatory assigned-attorney review before any Client sees it.
2. Controller and Processor Roles
The Firm is the data controller. The Company is the data processor. The Firm determines the purposes and means of processing Firm and Client data within the Service. The Company processes that data on the Firm's behalf and documented instructions, solely to provide, secure, and support the Service.
As a confidential data processor, the Company:
- Processes Firm and Client data only to deliver the Service and as the Firm directs;
- Does not use Firm or Client data to train, fine-tune, or improve any AI or machine-learning model;
- Does not sell, rent, or share Firm or Client data;
- Discloses Firm or Client data only as required by law (with notice to the Firm where legally permitted) or to subprocessors bound by written confidentiality and data-protection obligations;
- Implements role-based access, encryption, and logging to protect data; and
- Securely deletes Firm and Client data on termination, as described in Section 8.
3. Information We Collect
3.1 Firm Account and Subscription Information
To establish and administer a Firm's subscription, we collect:
- Firm name, business address, and firm verification details (e.g., bar/license information used to confirm eligibility)
- Authorized User names, business email addresses, and roles
- Billing information (processed by our third-party payment processor)
- Account credentials (passwords are hashed and salted; we never store plaintext)
- License, subscription, and module-entitlement details
3.2 Firm and Client Data Within the Service (Hosted SaaS)
How the Service is deployed: Attorney Minds is hosted software-as-a-service. The Company operates the infrastructure (RKE2/Kubernetes). Each Firm's data is logically segregated from every other Firm's data. Access is over TLS 1.3, and data is encrypted at rest using AES-256. The Company hosts and processes this data solely to provide the Service to the Firm; it does not use the data for any other purpose.
Firm and Client data processed within the Service may include:
- Legal documents, matter files, and AI-generated drafts
- Client PII (names, addresses, financial and property records, and similar personal information)
- Attorney work product and legal research
- Billing records and trust/account information maintained by the Firm
- Calendar events, deadlines, and scheduling data
- Communications, notes, and portal interactions related to matters
3.3 Usage and Operational Data
To operate, secure, and improve the Service, we collect operational metadata that does not reveal the contents of Firm or Client matters:
- Feature usage frequency (e.g., "AI drafting was used 15 times" - not what was drafted)
- Performance and reliability metrics (response times, error rates)
- Security and audit logs (authentication events, access records)
- Platform version and environment metadata
We do not use this operational data to train AI models, and we do not mine the contents of Firm or Client data for analytics.
3.4 Support Communications
If an Authorized User contacts our support team, we collect the information voluntarily provided. We advise Authorized Users not to include Client-privileged information in support requests beyond what is strictly necessary to resolve an issue.
4. Client Data, Privilege, and Legal Ethics
Important: Client data within the Service constitutes attorney work product and is subject to attorney-client privilege and the Firm's confidentiality duties. The Company treats all Client data as confidential and processes it solely on the Firm's behalf. Each Firm remains independently responsible for compliance with applicable legal ethics rules, including the ABA Model Rules of Professional Conduct (particularly Rules 1.1, 1.6, and 5.3) and any state-specific variations.
Our architecture and contractual commitments are designed to support the Firm's obligations under:
- ABA Model Rule 1.6 (Confidentiality): Each Firm's data is logically segregated and encrypted; the Company processes it only to provide the Service, never trains models on it, and never sells or shares it except as described in this policy. Client legal work product is gated behind mandatory assigned-attorney review before any Client sees it.
- ABA Model Rule 1.1 (Competence): AI outputs are drafts only and include source references to support attorney review and verification before any reliance or client delivery.
- ABA Model Rule 5.3 (Supervisory Duties): Role-based access controls - configured and administered by the Firm - support supervisory obligations over supervised non-attorney staff and AI tools.
The Firm controls role-based access within the Service, including which Authorized Users may access particular matters and which Clients may access a given portal module.
5. How We Use Information
We use the information we collect to:
- Provide, host, maintain, secure, and improve the Service
- Verify Firm eligibility and process subscriptions and billing
- Provide technical support and respond to inquiries
- Send Service-related communications (updates, security notices, billing)
- Monitor and improve platform performance, reliability, and security
- Comply with legal obligations
We do not use Firm or Client data to train, fine-tune, or develop AI or machine-learning models. We do not sell, rent, or share Firm or Client data with third parties for marketing or any other purpose.
6. Data Sharing and Disclosure
We do not sell Firm or Client data and do not share it except in the limited circumstances below:
- Subprocessors: We engage a limited set of service providers (e.g., hosting, payment processing, email delivery, and support tooling) that process data on our behalf solely to operate the Service. Each subprocessor is bound by written confidentiality and data-protection obligations no less protective than those in this policy.
- Legal compliance: We disclose data only when required by law, subpoena, or valid legal process, and we provide notice to the Firm where legally permitted so the Firm may seek a protective order or other relief.
- Business transfers: In connection with a merger, acquisition, or asset sale, subject to continued confidentiality protections and advance notice to affected Firms.
We will not voluntarily disclose Firm or Client data to any third party for marketing, advertising, or model-training purposes under any circumstances.
7. Data Security
The Company operates the hosting infrastructure and implements technical and organizational safeguards, including:
- TLS 1.3 encryption in transit
- AES-256 encryption at rest
- Logical segregation of each Firm's data within the hosted environment
- Role-based access controls and least-privilege administration
- Multi-factor authentication support
- Audit logging of authentication and access events
- Regular security reviews and testing
Breach notification: If the Company becomes aware of a security breach affecting a Firm's or its Clients' data, the Company will notify the affected Firm within twenty-four (24) hours of confirming the incident, and will cooperate with the Firm's investigation and any notifications the Firm is required to make.
8. Data Retention and Deletion
- Firm and Client data within the Service: Retained for the term of the Firm's subscription and processed solely to provide the Service. Upon termination, the Company will, on request, make the Firm's data available for export for a limited transition period, after which the Company will securely delete the Firm's and Clients' data from the hosted environment (including from backups in the ordinary course), except where retention is required by law.
- Firm account data: Retained for the duration of the subscription plus 90 days, unless longer retention is required by law.
- Billing records: Retained for 7 years to comply with tax and accounting requirements.
- Support communications: Retained for 2 years after resolution.
9. Your Rights
Because the Firm is the data controller for Firm and Client data, requests from a Client regarding their personal information should be directed to the Firm. The Company will assist the Firm, as processor, in responding to such requests as required by law. With respect to account information the Company holds, and depending on jurisdiction, you may have the right to:
- Access the personal information we hold about you
- Request correction of inaccurate information
- Request deletion of your account and associated data
- Object to or restrict certain processing activities
- Data portability (receive your data in a structured format)
- Withdraw consent where processing is based on consent
To exercise any of these rights, contact us at privacy@detailedindesign.com.
10. Cookies and Tracking
Our website and the hosted Service may use:
- Essential cookies: Required for authentication and session management
- Analytics cookies: Anonymized operational metrics (can be disabled)
We do not use advertising cookies or third-party tracking pixels, and we do not use Firm or Client data for behavioral advertising.
11. Children's Privacy
Attorney Minds is a professional legal practice management platform sold to law firms and is not directed at individuals under 18 years of age. We do not knowingly collect personal information directly from children. Any personal information about minors that a Firm enters in connection with a legal matter is processed on the Firm's behalf under the Firm's control and legal authority.
12. International Data Transfers
The Service is operated for licensed U.S. law firms, and Firm, Client, and account data are processed in the United States. If an Authorized User accesses the Service from outside the United States, that user consents to the transfer and processing of account information in the United States.
13. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify the Firm of material changes via email or a prominent notice within the Service at least 30 days before changes take effect. Continued use of the Service after changes become effective constitutes acceptance of the updated policy.
14. Contact Us
If you have questions about this Privacy Policy or our data practices, contact us at:
Detailed In Design, LLC
Email: privacy@detailedindesign.com