Privacy Policy

1. Introduction

Bookshelf Life, LLC (“Bookshelf Life,” “we,” “us,” or “our”) operates the Bookshelf Life platform, a document management service designed for attorneys and their clients. This Privacy Policy explains how we collect, use, disclose, retain, and protect your personal information when you access or use our website, applications, and services (collectively, the “Service”).

By using the Service, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please do not use the Service.

2. Information We Collect

2.1 Information You Provide

When you create an account, use the Service, or communicate with us, we may collect: your full name, email address, and login credentials; documents and files you upload to the platform; glossary terms and binder configurations you create; and any other information you voluntarily provide through the Service or in correspondence with us.

2.2 Information Collected Automatically

When you access the Service, we may automatically collect: IP address, browser type and version, device type and operating system; pages visited, time spent, and navigation patterns; cookies and similar tracking technologies (see Section 7); and log data including access times and error reports.

2.3 Information From Third Parties

We may receive information about you from third-party authentication providers (such as Supabase Auth), analytics services, or from the attorney or law firm that created your account on the platform.

3. How We Use Your Information

We use the information we collect to:

Provide, maintain, and improve the Service; authenticate your identity and manage your account; facilitate document sharing between attorneys and clients; display glossary terms and manage binder configurations; communicate with you about the Service, including support requests and updates; monitor and analyze usage trends to improve user experience; detect, prevent, and address fraud, security issues, and technical problems; and comply with legal obligations and enforce our terms of service.

3.1 Legal Bases for Processing (EEA/UK Users)

If you are located in the European Economic Area (EEA) or the United Kingdom (UK), our legal bases for processing your personal data under the General Data Protection Regulation (GDPR) and UK GDPR include: performance of a contract (to provide you with the Service); legitimate interests (to improve and secure the Service); consent (where you have given explicit consent); and compliance with legal obligations.

4. How We Share Your Information

We do not sell your personal information. We may share information in the following limited circumstances:

With your attorney or client: Documents and binder contents are shared between attorneys and their assigned clients as an essential function of the Service.

Service providers: We work with trusted third-party providers (including Supabase for database and authentication, and cloud hosting services) who process data on our behalf under strict confidentiality agreements.

Legal requirements: We may disclose information if required by law, regulation, legal process, or governmental request, or to protect the rights, property, or safety of Bookshelf Life, our users, or the public.

Business transfers: In the event of a merger, acquisition, reorganization, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change.

5. Data Retention

We retain your personal information for as long as your account is active or as needed to provide you with the Service. If you or your attorney requests account deletion, we will delete or anonymize your personal data within 30 days, unless retention is required by law or for legitimate business purposes such as resolving disputes or enforcing agreements. Uploaded documents are deleted from our storage systems upon account deletion or upon request by the managing attorney.

6. Data Security

We implement industry-standard security measures to protect your personal information, including: encryption in transit (TLS/SSL) and at rest; role-based access controls and Row Level Security policies; secure authentication through Supabase Auth with hashed password storage; and regular security reviews and monitoring.

While we strive to protect your information, no method of transmission over the Internet or electronic storage is completely secure. We cannot guarantee absolute security but are committed to promptly notifying affected users in the event of a data breach, in compliance with applicable laws.

7. Cookies and Tracking Technologies

We use cookies and similar technologies to maintain your session, remember your preferences, and analyze how the Service is used. These include: essential cookies required for authentication and core functionality; and analytics cookies to understand usage patterns and improve the Service.

You can control cookies through your browser settings. Disabling essential cookies may prevent you from using certain features of the Service. We do not use cookies for advertising or third-party tracking purposes.

8. Your Rights

8.1 Rights Under GDPR (EEA/UK Users)

If you are in the EEA or UK, you have the right to: access the personal data we hold about you; rectify inaccurate or incomplete data; erase your personal data (“right to be forgotten”); restrict or object to processing of your data; data portability (receive your data in a structured, machine-readable format); withdraw consent at any time, where processing is based on consent; and lodge a complaint with your local supervisory authority.

8.2 Rights Under CCPA/CPRA (California Residents)

If you are a California resident, you have the right to: know what personal information we collect, use, and disclose; request deletion of your personal information; opt out of the sale or sharing of your personal information (we do not sell personal information); non-discrimination for exercising your privacy rights; and correct inaccurate personal information.

8.3 Rights Under PIPEDA (Canadian Users)

If you are in Canada, you have the right to: access your personal information held by us; challenge the accuracy and completeness of your data and have it amended; and withdraw consent for the collection, use, or disclosure of your personal information, subject to legal or contractual restrictions.

8.4 Rights Under LGPD (Brazilian Users)

If you are in Brazil, you have the right to: confirmation and access to your data; correction of incomplete, inaccurate, or outdated data; anonymization, blocking, or deletion of unnecessary or excessive data; data portability; deletion of data processed with your consent; and information about public and private entities with which we share your data.

8.5 Rights Under POPIA (South African Users)

If you are in South Africa, you have the right to: be notified when your personal information is collected; request access to your personal information; request correction or deletion of your personal information; object to the processing of your personal information; and submit a complaint to the Information Regulator.

8.6 Australian Privacy Principles (Australian Users)

If you are in Australia, we comply with the Australian Privacy Principles (APPs) under the Privacy Act 1988. You have the right to access and correct your personal information and to make a complaint about our handling of your data.

To exercise any of these rights, please contact us using the information provided in Section 12 below. We will respond to your request within the time frames required by applicable law.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence, including the United States. These countries may have data protection laws that differ from those in your jurisdiction. When we transfer personal data internationally, we implement appropriate safeguards as required by applicable law, including Standard Contractual Clauses (SCCs) approved by the European Commission, equivalent transfer mechanisms recognized under UK GDPR, and contractual protections with our service providers.

10. Children’s Privacy

The Service is not directed to individuals under the age of 16 (or the applicable age of consent in your jurisdiction). We do not knowingly collect personal information from children. If we become aware that we have collected personal data from a child without parental consent, we will take steps to delete that information promptly. If you believe a child has provided us with personal data, please contact us immediately.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. We will notify you of material changes by posting the updated policy on this page with a revised “Last Updated” date and, where required by law, by email or through in-app notification. Your continued use of the Service after any changes constitutes your acceptance of the updated policy.

12. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

For EEA/UK users, if you are not satisfied with our response, you have the right to lodge a complaint with your local data protection supervisory authority.

13. Additional Disclosures

13.1 Do Not Track

Some browsers transmit “Do Not Track” (DNT) signals. We currently do not respond to DNT signals, as there is no industry-standard approach to DNT. We will update this policy if a standard is established.

13.2 Third-Party Links

The Service may contain links to third-party websites or services. We are not responsible for the privacy practices of those third parties. We encourage you to read the privacy policies of any third-party services you visit.

13.3 Attorney-Client Privilege

Bookshelf Life is a technology platform that facilitates document management. Nothing in this Privacy Policy is intended to waive, limit, or otherwise affect attorney-client privilege or work product protections. Attorneys are responsible for ensuring that their use of the Service complies with applicable professional responsibility rules and obligations regarding client confidentiality.