1. Privacy Policy Overview.

2nd Chair LLC (“2nd Chair”, “we”, “us”, “our”) is an artificial intelligence-powered legal tech company offering cutting-edge AI legal technology for attorneys and law firms. 2nd Chair is committed to your understanding of our privacy practices. We have developed this Privacy Policy to explain how we collect, process, use, share, retain, secure, and transfer your personal information when you use in providing our products and services (“Services”) and/or our website at www.2ndchair.ai (the “Site”), as well as any other websites, products, and applications that are now or may in the future be operated or offered by 2nd Chair and on which this Privacy Policy is posted. This Privacy Policy applies to any users of the Services and visitors to the Site, who are referred to herein as “you”, “your” or “user”.

We are providing this Privacy Policy to help you understand our privacy practices and make informed decisions when using our Services and Site. This Privacy Policy is incorporated by reference into the “2nd Chair Site and Platform Terms of Use Agreement” (“Agreement” or “Terms”) which is binding on all Services users and Site visitors, and which governs your use of the Services and Site. Please see our Terms of Use.

This Privacy Policy incorporates by reference the 2nd Chair Data Privacy & Security Practices and the 2nd Chair Privacy Principles. These are associated documents that provide background, overview, and context to some of 2nd Chair's services and our associated privacy practices and principles. Our Privacy Policy and the related documents regarding our privacy and security practices can be found in the 2nd Chair Trust Center located at: https://trust.2ndchair.ai/.

PLEASE READ THE FOLLOWING TERMS OF USE CAREFULLY. YOU ACKNOWLEDGE THAT, BY ACCESSING, BROWSING, OR USING THE PLATFORM OR ANY OF THE SERVICES, YOU ARE DEEMED TO HAVE READ, UNDERSTOOD, AND AGREED TO BE BOUND BY THE TERMS IN THIS AGREEMENT, INCLUDING THIS PRIVACY POLICY. IF YOU DO NOT AGREE WITH THESE TERMS, PLEASE DO NOT ACCESS OR USE THE PLATFORM OR THE SERVICES.

2.  2nd Chair does not sell Personal Information.

2nd Chair does not sell your individual Personal Information or Personal Information contained in your Customer Data. (See Section 3 for the definition of Personal Information.)

3.   Personal Information we collect.

2nd Chair collects (i) information, including personal information, voluntarily supplied by you when you use our Services and visit our Site, and (ii) information that is automatically collected as you use the Services. “Personal Information” when referred to in this Privacy Policy is any information that can be reasonably linked to an identifiable individual such as name, postal address, telephone number, email address, credit and/or debit card number, and purchase information (“Personal Information”).

We strongly urge you to be careful about any personal, confidential, and/or privileged information you voluntarily provide on or while using the Services. You will be solely responsible for sharing information which is owned by third parties and may otherwise be confidential or privileged under applicable law.

PLEASE DO NOT DISCLOSE ANY CONFIDENTIAL CLIENT INFORMATION, INFORMATION WHICH MAY BE COVERED BY THE ATTORNEY-CLIENT PRIVILEGE, AND SENSITIVE PERSONAL INFORMATION SUCH AS RACE, ETHNICITY, SEXUAL ORIENTATION, HEALTH CONDITIONS, OR PREGNANCY INFORMATION THROUGH THE SERVICES.

2nd Chair collects the following Personal Information from and about you:

• Contact information: your email address if you create an account or if you include an email address when submitting feedback to us.
• Account and subscription information: you are required to create an account to use the Services. If you create an account, we will collect subscription and account information for account administration purposes and to provide you with any applicable subscription. If you subscribe, our third party payment processor will collect payment information from you, and you will need to create and maintain an account with us.
• Cookies: We strive to design the Services and Site with privacy and security by design in mind. As part of these efforts, we have limited the type of cookies and similar technologies we utilize. For our Site, we use limited cookies and similar technologies to benefit your operations, analytics, convenience and security. These cookies may collect internet or other electronic network activity including browsing history, search history, and information regarding your interaction with the Services for operations and analytics purposes. Cookies are text files stored on the browser of your computer. Cookies are used to make your experience on our Site more personal and easier to use. You may choose to decline cookies, but doing so may affect your ability to access or use certain features of our Services (for more information, see the How We Use Cookies and Similar Technology section below).
• Promotions: if you participate in a promotion or survey through the Services, we may collect your email and other information to allow you to participate in the promotion.

4.  How we may use your information.

We may use the information we collect through our Services and Site to allow you to use the Services and in the following ways:

• to administer your account and any associated subscriptions;
• to enhance the Services and your user experience, to improve our algorithms, to train our artificial intelligence statistical signatures, or to offer customized services tailored to you;
• to send you important information about the Services, changes to our terms, conditions and policies and other administrative information,including communications regarding your account and subscriptions;
• to tell you about subscriptions, services and products that may be of interest to you;
• to run promotions and organize surveys through the Services;
• to respond to requests and inquiries from you;
• to protect our users, our Services and our own rights, privacy, safety, and property, to prevent fraud or other inappropriate activity on our Services, and to allow us to pursue available remedies or limit damages that we may sustain from inappropriate activity;
• when required by law to do so, or to comply with and enforce legal requirements, terms, (including to collect money owed), agreements, and policies;
• as necessary for corporate transactions (such as fundraising, or a merger or acquisition), however, in any such transfer of information, your Personal Information would remain subject to this Privacy Policy; and
• we may also aggregate and de-identify Personal Information so that the aggregated information does not personally identify you or any other users of the Services, such as when we compile user statistics and subscription account holder trends for the Services.

5.   How we share your information.

2nd Chair does not sell Personal Information. Not of individuals. Not of customers. Not of anyone. Full Stop. Below are more details on how we may share Personal Information.

• On a need to know basis with those of our third-party service providers/contractors who help us operate the Services and provide any related services such as for payment processing, Services operations, web hosting, and Services and Site analytics. Our agreements with these third-party service providers require them to have equivalent protections of Personal Information as those stated in this privacy policy.
• To third party promotion sponsors, if any. Please refer to the applicable promotion rules or terms for more details.
• As permitted or required by law, including: (a) to comply with a law, legal process or regulations; (b) responding to or cooperating with law enforcement authorities, other government officials, or other third parties pursuant to a subpoena, a court order or other legal process; (c) to protect the vital interests of a person; (d) to protect our property, terms (including monies owed), agreements, Services, and legal rights; (e) to companies with whom we have agreed to merge with or be acquired by. and (f) to support our audit, compliance, and governance functions, wherein any such disclosure of information, your Personal Information remains subject to this Privacy Policy.
• When we have obtained your consent to disclose Personal Information for a specific purpose.
• For any Personal Information disclosed to third parties, we will only disclose the information that is necessary for them to provide the service or for us to fulfill the request or legal requirements.

6. How we protect your information.

We use physical, technical, organizational, and administrative safeguards for our Services designed to protect against loss, misuse, unauthorized access, disclosure, alteration, or destruction of the information, including any personal or sensitive Personal Information, we collect through our Services. Our security controls are designed to maintain data confidentiality, integrity, and an appropriate level of availability. 2nd Chair follows privacy-by-design and security-by-design for its development of our Services, Site, and Services. However, we cannot ensure or warrant the security of any information you transmit to our Services.

Messages that you send to us by email, including by use of the contact us features on the Services, may not be secure, and we do not recommend that you use email for sending us confidential or sensitive information, but please do so to let us know if you need to speak to us using a confidential communication method and we will contact you with further instructions.

De-identification: 2nd Chair will de-identify Personal Information to safeguard the privacy of our users when aggregating performance measurements for sharing with service providers or partners for purposes of providing additional services to you, improving the Services, and when collecting device data regarding usage, performance, and crashes.

Retention/Deletion: We will retain and use your Personal Information only for as long as necessary to fulfill the purposes for which that Personal Information was collected and as permitted or required by applicable law. Deletion requests will be honored within a commercially reasonable timeframe and as required by applicable law.

7.   How We Use Services Data, Cookies, and Similar Technology.

When you use our Site or Services, we may collect certain data as described above related to your use of our Services as we provide them. Your Personal Information may be used to provide Services to you.  Analytic usage and performance data is gathered to enable us to support and improve the Services.

Personal information may also be anonymized and/or aggregated so that you are not personally identifiable and then used in our research, along with the anonymized, aggregated data of other unidentifiable users, in order to improve our algorithms and artificial intelligence models over time so that we can provide you the best of our products and services. This data is collected when you use our Services, but we have in place protective privacy practices so that we only receive the minimum necessary data to provide the Services to you.

For our Site users, we may send a cookie to your computer. A cookie is a text file which is stored on your computer or other device and allows us to distinguish you from other users of this Site. Session-based cookies last only while your browser is open and are automatically deleted when you close your browser. Persistent cookies last until you or your browser delete them, or they expire.

We strive to design the Services and Site with privacy and security by design in mind. We have therefore limited the types of cookies and similar technologies we utilize. For our Site, we use limited cookies and similar technologies only for our operations and analytics, and your convenience and security. These cookies may collect internet or other electronic network activity including browsing history, search history, and information regarding your interaction with the Services and the Services' operations and analytics.

For your information, cookies are text files stored on the browser of your computer. Cookies are used to make your experience on our website more personal and easier to use. You may choose to decline cookies other than strictly necessary ones, but doing so may affect your experience on the Site.

Cookies we may use include:

• Performance: We use our own cookies and/or third-party cookies to see how visitors use our site, in order to enhance performance and improve our Site and Services, according to best practices. This data is anonymized and/or aggregated so that you are not identified.
• Analytics: These cookies and other technologies allow us to understand how you interact with the Site (e.g., how often you use the website, where you are accessing the website from, the content that you are interacting with). Analytic cookies enable us to support and improve how the website operates. We use third party web analytics cookies to help us measure traffic and usage trends for the website. You may opt out of tracking through these cookies by clicking the cookie icon in the lower right of our website at www.2ndchair.ai and selecting the "opt out" option. If you do not allow analytic cookies, we will not know when you have visited the website and we will not be able to monitor its performance.
• Social Media Cookies. We do not use social media cookies.

How to manage cookies: You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. The Help feature on most browsers provides information on how to accept cookies, disable cookies, or to notify you when receiving a new cookie. For additional information about cookies and how to block them, please visit allaboutcookies.org.

8.  How we provide links to additional services and other websites.

The Services may contain links to other websites. Linked websites are independent from our Services and are not governed by this Privacy Policy. 2nd Chair does not endorse, review, or have any control over the content, products, or services of linked websites or mobile apps or their privacy policies, and 2nd Chair is not responsible for the privacy practices of unaffiliated companies or organizations. In such cases, we strongly encourage you to read the applicable Privacy Policy of the other company or organization. If you decide to access any of the linked websites, please understand you do so at your own risk and at your sole responsibility.

9.  Your Choices and Rights.

Any Personal Information collected by or through our Services will be used only for the purpose it was provided as described in this Privacy Policy. Once Personal Information is no longer reasonably necessary for business purposes, we will destroy or archive the Personal Information in accordance with our retention and destruction policies.

We also respect your rights related to your Personal Information under applicable laws such as California and other jurisdictions. You may have the right: (1) to be informed about our collection, use, and disclosure of your Personal Information; (2) to know if we maintain your Personal Information, and, if we do, to receive a copy (subject to the rights of others) and to update it if it is inaccurate or out of date; (3) to object to our processing of your Personal Information for certain purposes and, if we are processing your Personal Information based on your consent, to withdraw that consent at any time; (4) to ask us to delete, erase or restrict your Personal Information or transfer to another entity if permissible; (5) to file a complaint with your applicable regulator; and (6) to not be subjected to any discriminatory treatment for the exercise of your privacy rights.

You can send us your requests related to your Personal Information while signed into the Services and via an appropriate request form or from your email address that you used to create an account or use the Services or Site. We may require that you verify your identity before exercising your individual rights, so it is important that you make your request via the Services or from your email address that you used to create an account. Additionally, please note that these rights are not absolute. For example, your deletion request does not ensure complete deletion or comprehensive removal, as the content or information may be retained subject to applicable law, investigation, government order, or where we have a legitimate interest to retain the information.

Global Privacy Control Settings: Global Privacy Control is a setting in many browsers allowing the browser to send requests to websites you visit indicating that you do not want to be tracked or monitored. If your browser supports it, you can turn on Global Privacy Control to opt out of tracking on our Site. Our website honors Global Privacy Control signals to the extent we can receive and act on these signals.

10. Marketing Communications.

We only will send marketing and informational communications to you if you have affirmatively indicated you want to receive them by providing your email address or through the Services by selecting the appropriate boxes to confirm your choices. You may opt-out of these mailings, future marketing, and informational materials at any time by by clicking the unsubscribe or opt-out feature at the bottom of emails or other marketing materials or by contacting us at unsubscribe@2ndchair.ai.

11. International Transfer of Personal Information.

We store information received through or by our Services in the United States. If you are providing the information from another country, you agree to this transfer and understand that the information will be transferred, stored, processed, and used in the United States.

12. Lawful bases of processing.

We rely on one or more of the following legal bases to process Personal Information:

• the processing is necessary to perform our contractual obligations in our Terms of Use or other contracts with you;
• the processing is necessary for the purposes of our legitimate interests, such as in improving, personalizing, and developing the Services, including by enhancing and training of our artificial intelligence models, and maintaining Services safety and security as described above;
• consent is provided by you for a specific purpose (i.e., marketing); or
• the processing is necessary to comply with a legal obligation, a court order, or to exercise or defend legal claims.

13.  Updates to this Privacy Policy.

We may update this Privacy Policy from time to time, so please visit this page periodically and review it for any changes that might affect you. We will notify you of material changes to this Privacy Policy by posting a notice on our home page for a reasonable period of time and changing the “Effective Date” above. Your continued use of the Services following the posting of changes will constitute your acceptance of the changed terms.

14.  Contact Us.

Your visit to the Site and use of the Services is subject to both this Privacy Policy and our Terms of Use, where applicable. If you have any questions, comments, or concerns regarding this Privacy Policy, please contact us by email at privacy@2ndchair.ai.

ATTACHMENT A

2nd Chair Statement on AI Data Use Practices

This 2nd Chair Statement on AI Data Use Practices (“Statement”) is an Attachment to the 2nd Chair Site and Platform Terms of Use Agreement (“Terms of Use”) and the 2nd Chair Site Privacy Policy and is incorporated by reference therein. These Practices are intended to provide background on and an overview of 2nd Chair's services and its associated data usage practices.

The Practices DO NOT replace or substitute the Terms of Use or the Privacy Policy, which remain the only controlling and legally binding documents for all data and privacy-related purposes.

These Practices are deemed to have been acknowledged, understood, and accepted by each user or customer upon their agreement to the Terms of Use and/or the Privacy Policy, and will be effective as of that date.

Article 1: Background

1. 1.      2nd Chair, as of the effective date of this Agreement, is a company that makes Artificial Intelligence (AI) tools.
   2.      2nd Chair has created one tool, David, to enable attorneys, professionals, and other knowledge workers, to make use of AI in their workflow.
   3.      2nd Chair has developed its technology to meet the particular needs of industries that have heightened professional or legal scrutiny with respect to file storage, data transfer, and information exchange.
   4.      This Statement describes the practices that 2nd Chair engages in regarding the information that the Customer transmits to 2nd Chair (Customer Data).
   5.      This Statement does not obviate the need for the Customer to understand their state American Bar Association Rules or local law with respect to artificial intelligence. 2nd Chair recognizes that each jurisdiction is different. 2nd Chair has drafted this Statement with respect to the American Bar Association Model Rules of Professional Conduct. 2nd Chair has not created this Statement for any particular Customer or that Customer's jurisdiction.

Article 2: Data Storage

1. 1.      2nd Chair stores data using Amazon Web Services. 2nd Chair also uses a vector database.
   2.      2nd Chair partitions Customer Data using a data portioning strategy such that no user can access any files of another Customer.

Article 3: Data Privacy & Access

1. 1.      2nd Chair will not open individual files within Customer Data without written authorization (which may include email authorization) from the Customer.
      
      
      1.    If the Customer permits 2nd Chair to access the content of individual files transferred as a part of Customer Data, 2nd Chair will only authorize its own agents to access such files that are relevant and limited to the scope of purpose for which the authorization is given.
      2.    2nd Chair will authorize access to Customer Data content in individual files only to those engineers, operations employees, or other members of its business necessary to complete the tasks relevant to the authorization.
      3.    2nd Chair will complete any such tasks in a timely manner and revoke access to individual file content that is part of Customer Data as soon as commercially practical to complete the tasks relevant to the authorization.
   2.     Customer hereby authorizes 2nd Chair engineers to view individual file names without any further written authorization from the Customer required. 2nd Chair employees shall only view file names associated with the development, maintenance and repair of 2nd Chair products and tools. For example, 2nd Chair engineers may see file names of Customer Data in the process of fixing a bug or developing a new feature. 2nd Chair employees shall not be authorized to search file names for purposes unrelated to the operation of the 2nd Chair business.
   3.     2nd Chair shall use commercially reasonable efforts to limit Customer Data transfers to third party vendors associated with the operation of 2nd Chair products and tools to the least amount practicable balanced against the commercial need to maintain optimal functionality for 2nd Chair products and tools.
   4.     As much as commercially practicable, 2nd Chair shall secure “Zero Data Retention,” or similarly- limited data retention and storage agreements with vendors 2nd Chair uses for data storage.

Article 4: Customer Data and AI Reproducibility

1. 1.      2nd Chair will only use Customer Data to refine, create, or otherwise improve or build 2nd Chair products and tools, such as through its use of statistical signatures to improve LLM reproducibility, as specifically authorized by the Customer.
   2.     2nd Chair will not train its AI LLM based on Customer prompts or inputs to such with respect to 2nd Chair AI products and tools unless specifically authorized by the Customer. This includes any question prompts made to David AI or Ask David.
   3.     2nd Chair reserves the right to make limited use of user behavior for improvements to 2nd Chair products and tools.  With respect to the LLM itself, 2nd Chair tracks user behavior for the purpose of improving the quality and efficiency of LLM responses.  With respect to access information of Customer Data, 2nd Chair tracks user behavior only where allowable by law and regulations, or where specifically flagged for this purpose.

Article 5: Data Retention and Security

1. 1.      Customer may delete any Customer Data at any time. When a Customer uses the file delete button, 2nd Chair shall ensure that the file is removed from all 2nd Chair products and tools and third party vendors that enable the product, including but not limited to: file stores, 2nd Chair systems, vector databases, and user databases.
   2.      In the event that a Customer terminates its relationship with 2nd Chair, or 2nd Chair terminates its relationship with a Customer, 2nd Chair shall certify that it has removed all Customer Data files linked to the Customer user profiles within 90 days. Pursuant to Article 4, Customer Data shall not be used to refine, create, or otherwise improve or build 2nd Chair products and tools during this 90 day window unless flagged for such purposes identified in Article 4.
   3.      Customer is solely responsible for maintaining its own originals or backups of all Customer Data. Once Customer Data has been removed from 2nd Chair's systems, either by Customer or due to termination, 2nd Chair cannot retrieve it.
   4.      Security Breach - If 2nd Chair is made aware of a data security breach associated with 2nd Chair or any technology that 2nd Chair uses with respect to Customer Data, 2nd Chair shall notify Customer within 14 calendar days. 2nd Chair shall deliver such notice through the email address connected to the billing account associated with the Customer.