Privacy Policy

Last Updated: December 16, 2025

Welcome to Lawbandit. We are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.

1. Information We Collect

1.1 Information You Provide

• Account Information: When you create an account, we collect your name, email address, and password.
• Profile Information: You may provide additional information such as your school, year of study, and profile picture.
• Content: We collect the content you create, upload, or share through our service, including notes, documents, PDFs, and study materials.
• Payment Information: When you make a purchase, our payment processors collect your payment card information. We do not store your complete payment card details.

1.2 Google User Data

When you connect your Google account to Lawbandit, we access the following Google user data:

• Google Calendar Data: With your explicit permission, we access your Google Calendar events, including event titles, descriptions, dates, times, locations, and attendees. This is used solely to help you organize your study schedule and sync your academic calendar with our study tools.
• Basic Profile Information: We access your Google profile information (name, email address, and profile picture) to create and authenticate your Lawbandit account.

Important: Lawbandit's use of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

1.3 Automatically Collected Information

• Usage Data: We collect information about your interactions with our service, including pages visited, features used, and time spent on the platform.
• Device Information: We collect information about the device you use to access Lawbandit, including device type, operating system, browser type, and IP address.
• Cookies and Similar Technologies: We use cookies and similar tracking technologies to enhance your experience and collect usage data.

2. How We Use Your Information

We use your information for the following purposes:

• Provide and Maintain Service: To operate, maintain, and improve Lawbandit's features and functionality.
• Google Calendar Integration: We use your Google Calendar data exclusively to:
  • Display your academic schedule and deadlines within our study planning tools
  • Send you study reminders based on your calendar events
  • Help you organize study sessions around your existing commitments
  • Sync study materials with relevant calendar events

  We do NOT use your Google Calendar data for any other purpose, including advertising, marketing to third parties, or training AI models.

• Process Transactions: To process your payments and manage your subscriptions.
• Communication: To send you service-related notifications, updates, and promotional materials (which you can opt out of).
• Personalization: To personalize your experience and provide content recommendations based on your usage patterns (not based on Google user data).
• AI Features: To provide AI-powered features such as note generation, flashcards, multiple choice questions, and document analysis on content you create or upload.
• Analytics: To analyze usage patterns and improve our service. Google user data is NOT used for analytics purposes.
• Security: To detect, prevent, and address technical issues and fraudulent activity.
• Legal Compliance: To comply with legal obligations and protect our rights.

3. How We Share Your Information

We may share your information in the following circumstances:

• Service Providers: We share limited information with third-party service providers who perform services on our behalf, including:
  • Cloud storage providers (Supabase, Cloudflare) - for secure data storage with encryption
  • AI service providers (OpenAI, Anthropic) - ONLY for processing your study content, NOT for Google user data
  • Payment processors (Stripe, LemonSqueezy) - for payment processing only
  • Email service providers - for service notifications only
  • Analytics providers - for usage analytics of our platform, NOT for Google user data

  These providers are bound by confidentiality agreements and are only permitted to use your data to provide services to Lawbandit.

• Shared Content: When you choose to share notes or materials with other users, that content becomes accessible to those users. Google Calendar data is NEVER shared with other users.
• Legal Requirements: We may disclose your information (including Google user data) only if required by law, court order, or in response to valid legal requests from government authorities.
• Business Transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity, who will be bound by the same privacy commitments.
• With Your Consent: We may share your information with third parties only when you give us explicit consent to do so.

4. Data Security

We implement appropriate technical and organizational measures to protect your personal information, including Google user data, against unauthorized access, alteration, disclosure, or destruction. These measures include:

• Encryption: All data, including Google Calendar data, is encrypted both in transit (using TLS/SSL) and at rest (AES-256 encryption)
• Secure Authentication: We use OAuth 2.0 for Google account authentication, ensuring your Google credentials are never directly stored or accessed by Lawbandit
• Access Controls: Strict access controls ensure that only authorized systems and personnel can access user data, and Google user data is compartmentalized with additional restrictions
• Regular Security Audits: We conduct regular security assessments, vulnerability scans, and penetration testing
• Secure Infrastructure: All data is stored with enterprise-grade cloud providers (Supabase, Cloudflare) that maintain SOC 2 Type II compliance
• Data Minimization: We only request and store the minimum Google user data necessary to provide our calendar integration features
• Token Management: Google OAuth tokens are securely stored, encrypted, and automatically refreshed. Tokens are immediately revoked when you disconnect your Google account

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your personal information using industry-standard security practices, we cannot guarantee absolute security.

5. Data Retention and Deletion

We retain your personal information for as long as necessary to provide our services and fulfill the purposes outlined in this Privacy Policy.

Google User Data Retention

• Google Calendar Data: Your Google Calendar data is cached temporarily to provide calendar integration features. This cached data is automatically refreshed and older cache entries are deleted within 30 days.
• Immediate Deletion: When you disconnect your Google account or revoke Lawbandit's access through your Google Account settings, all Google user data (including Calendar data) is immediately deleted from our active systems.
• Account Deletion: When you delete your Lawbandit account, all your data, including any Google user data, is permanently deleted within 30 days. Backup copies may be retained for up to 90 days for disaster recovery purposes only, after which they are permanently deleted.

General Data Retention

Other personal information (account information, study content you created) is retained as long as your account is active. When you delete your account, we will delete or anonymize your personal information, except where we are required to retain it for legal, regulatory, or compliance purposes (such as financial records for tax purposes).

You can request deletion of specific data or your entire account at any time by contacting us at privacy@lawbandit.com or through your account settings.

6. Your Rights and Choices

You have the following rights regarding your personal information:

• Access: You can access and review your personal information in your account settings.
• Correction: You can update or correct your personal information at any time.
• Deletion: You can request deletion of your account and personal information at any time.
• Data Portability: You can export your study content and notes in a portable format.
• Opt-Out: You can opt out of promotional emails by clicking the unsubscribe link in those emails.
• Cookie Preferences: You can manage your cookie preferences through your browser settings.

Managing Your Google Account Connection

You have full control over your Google user data:

• Revoke Access: You can disconnect your Google account and revoke Lawbandit's access at any time through:
  • Your Lawbandit account settings (Settings → Connected Accounts → Disconnect Google)
  • Your Google Account permissions page: myaccount.google.com/permissions
• Immediate Effect: When you revoke access, all Google user data is immediately deleted from our systems, and we can no longer access your Google Calendar.
• Request Data Copy: You can request a copy of what Google Calendar data we currently have stored by contacting privacy@lawbandit.com

To exercise any of these rights, please contact us at privacy@lawbandit.com or use your account settings.

7. Children's Privacy

Lawbandit is not intended for users under the age of 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us, and we will delete that information.

8. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that are different from the laws of your country. By using Lawbandit, you consent to the transfer of your information to these countries.

9. Google API Services and Limited Use Disclosure

What Google Data We Access and Why

When you grant Lawbandit permission to access your Google account, we request the following scopes:

• Google Calendar (calendar.readonly or calendar.events): To read your calendar events and display them in our study planning interface, helping you organize study sessions around your existing commitments.
• Basic Profile Information: To authenticate your account and display your name and email.

Limited Use Requirements

We strictly limit our use of Google user data as follows:

• No Sale or Transfer: We do NOT sell, rent, or transfer your Google user data to any third parties.
• No Advertising: We do NOT use your Google user data for serving advertisements or marketing purposes.
• No Creditworthiness: We do NOT use your Google user data for determining creditworthiness or for lending purposes.
• Purpose Limitation: We ONLY use your Google Calendar data to provide and improve our study planning and calendar integration features. We do not use it for any unrelated purposes.
• No Human Review: Your Google Calendar data is not reviewed by any human unless you explicitly request support assistance, and only with your permission and for troubleshooting purposes.

Data Protection for Google User Data

• All Google user data is encrypted in transit and at rest
• Access is restricted to only the systems necessary to provide calendar features
• We do not store your Google password or credentials
• You can revoke access at any time through your Google Account settings
• When access is revoked, all Google user data is immediately deleted

10. Third-Party Services

Our service may contain links to third-party websites and services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies. Our third-party service providers include:

• Google (Authentication and Calendar API)
• OpenAI (AI Services for study content generation)
• Anthropic (AI Services for study content generation)
• Stripe (Payment Processing)
• LemonSqueezy (Payment Processing)
• Supabase (Database and Storage)
• Cloudflare (Storage and CDN)

Note: Google user data (Calendar data) is NOT shared with AI service providers (OpenAI, Anthropic) or used for AI model training.

11. AI and Machine Learning

We use artificial intelligence and machine learning technologies to provide features such as note generation, document analysis, and study material creation. Your study content that you create or upload may be processed by AI services to provide these features. We work with reputable AI providers who maintain strong data protection standards.

Important: Your Google user data (including Calendar data) is NOT processed by AI services and is NOT used to train AI models. Only your study content (notes, documents you upload) is processed by AI to generate study materials for you.

12. California Privacy Rights

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

• Right to know what personal information is collected, used, shared, or sold
• Right to delete personal information held by us
• Right to opt-out of the sale of personal information (we do not sell personal information)
• Right to non-discrimination for exercising your CCPA rights

13. GDPR Rights (European Users)

If you are located in the European Economic Area (EEA), you have rights under the General Data Protection Regulation (GDPR):

• Right of access to your personal data
• Right to rectification of inaccurate personal data
• Right to erasure ("right to be forgotten")
• Right to restriction of processing
• Right to data portability
• Right to object to processing
• Rights related to automated decision-making and profiling

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. We encourage you to review this Privacy Policy periodically for any changes. Your continued use of Lawbandit after changes are posted constitutes your acceptance of the updated Privacy Policy.

15. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us at: