FERMLY
Privacy Overview

This Privacy Policy describes how we collect, use, protect, and share information when you use our legal AI platform. We are committed to implementing the highest standards of data protection and comprehensive privacy safeguards for legal professionals and their clients.

Google Drive
OneDrive
Dropbox

We integrate with your existing cloud storage providers to access documents for analysis, but we never download, store, or retain your files on our servers. All document processing happens in real-time and is not persisted.

Information We Collect
We collect only the information necessary to provide our services

Account Information

  • Law firm details: Firm name, address, contact information, practice areas
  • User credentials: Email addresses, passwords for authentication
  • Integration tokens: Tokens for cloud storage access (Google Drive, OneDrive, Dropbox)
  • Payment information: Subscription status and billing details (processed by PayFast)

Client Information

  • Personal Identifiable Information (PII): Names, addresses, phone numbers, email addresses, ID numbers
  • Case details: Case numbers, titles, descriptions, opposing parties, court jurisdictions
  • Document metadata: File names, creation dates, document types, analysis results

Usage Information

  • Feature usage: Analytics on service usage patterns
  • System logs: Technical logs for security monitoring and service improvement
  • Error reports: Technical error information for debugging
How We Use Your Information
  • Provide and maintain our AI-powered legal practice management services
  • Process document analysis requests in real-time
  • Improve our AI models and service quality
  • Send important service updates and notifications
  • Provide customer support and technical assistance
  • Ensure security and prevent fraud
Security Measures

Transport Security

TLS 1.3 for all data transmission to ensure secure communication.

Access Controls

Multi-factor authentication and role-based permissions ensure only authorized personnel can access your account information for support purposes.

Monitoring

Continuous security monitoring and threat detection to maintain the highest security standards.

Compliance

We comply with relevant data protection regulations and maintain appropriate security certifications.

Third-Party Service Providers

We work with the following third-party service providers who may process data on our behalf:

Infrastructure and Hosting

DigitalOcean

Server hosting and infrastructure. Data location: United States (US East region). ISO 27001 certified, SOC 2 Type II compliant.

Cloudflare

CDN, DDoS protection, SSL/TLS termination. Data location: Global edge network. SOC 2 Type II, ISO 27001, PCI DSS compliant.

Supabase

Database hosting, authentication, and real-time data management. Data location: United States (AWS infrastructure). SOC 2 Type II, ISO 27001, GDPR compliant.

AI Service Providers

DeepSeek AI

Legal document analysis, case summarization, contract review. Data processed: Anonymized and redacted document content only. Zero-day retention. Data location: China.

VoyageAI

Document embedding generation for semantic search. Data processed: Anonymized text chunks for vector generation. Zero-day retention. Data location: United States.

Payment Processing

PayFast

Payment processing for subscriptions. Data location: South Africa. PCI DSS Level 1 compliant.

Cloud Storage Integration

We integrate with your cloud storage providers (Google Drive, OneDrive, Dropbox) but do not act as a data processor. You maintain full control and ownership. We only request read & write access for platform-created folders. Documents are accessed directly from your storage and never stored on our servers.

Data Storage and Retention

Storage Infrastructure

We use Hetzner VPS hosting with enterprise-grade security. All data is stored with strict role-based access controls and audit logging.

Retention Policies

  • Active Accounts: Data retained while account is active
  • Account Deletion: All data permanently deleted within 30 days
  • Analysis Results: Automatically deleted after 30 days
  • Audit Logs: Retained for 12 months for security monitoring
  • Backup Deletion: All backups deleted within 90 days of account closure
Your Privacy Rights

Access and Control

  • Access your personal information
  • Update or correct your data
  • Download your data
  • Delete your account

Communication

  • Opt out of marketing emails
  • Control notification preferences
  • Request data processing information
  • Lodge privacy complaints
Contact Information

Contact Us

Email: [email protected]
Address: Alice Lane, Sandton, South Africa