Privacy Policy
Effective [Effective date] · last reviewed [date]
This policy explains how [Legal entity name] (“we”, “us”) processes personal data through CaseLightning / CONVEYi (the “Service”), an Outlook add-in that helps UK conveyancing firms triage email, draft replies and manage matters. It is written to meet UK GDPR and the Data Protection Act 2018.
Who is the controller
For the personal data a conveyancing firm processes about its own clients and matters, the firm is the data controller and we act as a processor on its behalf under our customer terms / data processing agreement. For account, billing and support data about the firm and its users, we are the controller. Our registered details: [Legal entity name], [Registered address], ICO registration [ICO registration number].
What data we process
- • Mailbox content you act on: email subject, body, participants and attachments of the messages you open or that auto-triage processes.
- • Matter data: property addresses, party names, dates, counterparties, documents and the records you create.
- • Account data: your name, work email, Microsoft tenant/user identifiers, role.
- • Billing data: firm billing contact and subscription status (card details are handled by Stripe, not us).
- • Operational data: audit logs, and per-request AI usage metering (token counts and cost — not message content).
How we use it & legal bases
We process matter and mailbox content solely to provide the Service to your firm (performance of contract, and our legitimate interest in operating the product); account and billing data to manage your subscription (contract and legal obligation); and operational data to secure, debug and improve the Service (legitimate interests). We do not sell personal data or use your matter content to train our own models.
Where your data lives
Your emails and documents remain in your firm’s own Microsoft 365 tenant — we read and write via Microsoft Graph using least-privilege permissions scoped to the signed-in user’s mailbox and OneDrive. Matter records, identifiers, embeddings and audit logs are stored in our database. Data is logically isolated per firm (tenant): one firm can never access another’s matters or content.
AI processing
To produce drafts, summaries, classifications and document text, the relevant matter/email content is sent to our AI sub-processor (Anthropic Claude) for that request. Content is sent as data, never as instructions, and is not used to train the provider’s models under our commercial terms. If your firm supplies its own AI key (BYOK), those requests go to your own provider account instead.
Sub-processors
We use the following sub-processors. Each is engaged under a data processing agreement.
| Sub-processor | Purpose | Region |
|---|---|---|
| Microsoft (Microsoft 365 / Graph / OneDrive) | Hosts your mailbox, files and the data the add-in reads and writes. Your emails and documents stay in your own organisation’s Microsoft 365 tenant. | EU/UK or tenant region |
| Anthropic (Claude) | Generates email drafts, summaries, classifications and document text from the matter content sent for each request. | USA |
| Groq (failover only) | Used only if no Anthropic key is configured, to generate the same outputs. Avoid in production by configuring Anthropic. | USA |
| Voyage AI / OpenAI (embeddings) | Converts matter text into vector embeddings for retrieval. Only the configured provider is used. | USA |
| Supabase (PostgreSQL) | Stores matter records, identifiers, embeddings, audit logs and metering. EU region recommended. | EU |
| Vercel | Hosts and serves the application and APIs. | EU/US edge |
| Stripe | Processes subscription billing. Receives billing contact and payment data, not matter content. | USA/EU |
Where a sub-processor is outside the UK/EEA, transfers are covered by the UK International Data Transfer Agreement / Addendum to the EU Standard Contractual Clauses or an adequacy decision.
Retention
We retain matter and account data for as long as your firm has an active account, then delete or return it per your data processing agreement. Deleting a matter removes its records (identifiers, documents register, embeddings, triage) from our database; files in your own OneDrive remain under your control. Audit logs are kept for [retention period].
Your rights
Under UK GDPR you have rights of access, rectification, erasure, restriction, portability and objection. Where your firm is the controller of matter data, please direct requests to your firm; we will assist them as processor. For account data we control, contact us at [privacy@yourdomain]. You may also complain to the ICO (ico.org.uk).
Security
Secrets are encrypted at rest, transport is HTTPS/TLS, access is least-privilege and tenant-isolated, and every significant action is recorded in an audit log. Report security concerns to [privacy@yourdomain].
Changes
We will update this policy as the Service evolves and post the new effective date here.
Contact
[Legal entity name], [Registered address]. Email [privacy@yourdomain].