1. Introduction
This Privacy Policy describes how Counsltrac ("Service"), operated by Counsltrac LLC, a Wyoming limited liability company ("Operator," "we," or "us"), collects, uses, stores, and protects information when you use the Service. By using Counsltrac, you agree to the practices described in this Policy.
Counsltrac is a legal-matter tracking tool that operates entirely inside Slack. Legal teams open and close matters from Slack threads using message shortcuts, run reports and exports with the /matters slash command, and ask natural-language questions by direct-messaging the Counsltrac bot. There is no separate web application or browser dashboard.
2. Information We Collect and Store
Counsltrac stores the following in its database (hosted on Supabase). This is the complete picture of what is written to the database:
2.1 Structured matter data
- Matter type, business unit / department, jurisdiction, complexity, priority, and status (Open or Closed)
- Requester and assigned counsel — stored as Slack user IDs together with their Slack display names
- Close-out details: outcome, level of effort ("lift"), whether outside counsel was engaged, estimated hours worked, time-to-close, and open/close timestamps
- A pointer to the source Slack thread — the channel ID and thread timestamp — and internal follow-up tracking fields (e.g., reminder flags and reopen count)
2.2 Optional free-text notes
- Opening Notes, Closing Notes, and the Reopen Reason are optional free-text fields an attorney may type into the Open, Close, and Reopen forms. These may contain privileged or sensitive legal content. They are stored in the database but are not included in AI Q&A prompts (see Section 4).
To limit what enters these fields, the Open Matter, Close Matter, and Reopen Matter forms display the following caution directly beneath each free-text field:
"Do not enter names of individuals or other personal identifiers, or any privileged or confidential details. Keep this to brief, non-identifying context."
2.3 Workspace and account data
- Slack workspace (team) ID, channel IDs, and per-workspace configuration (channel-to-template routing and matter-type lists)
- Billing and subscription fields (plan, billing contact email, and AI query count) maintained to support subscriptions
2.4 Usage and diagnostic data
- AI query records: the workspace ID, the requesting user's Slack ID, the natural-language question text (truncated), and a timestamp — used for rate limiting and usage tracking. The question text is cleared within 24 hours; the workspace ID and timestamp are kept longer to enforce the monthly usage limit (see Section 8)
- Structured application logs for diagnostics (see Section 5)
2.5 What we do NOT store
- The identity of any individual who is the subject of a matter — for example, an employee, contractor, candidate, or other third party. Our data model has no field for a subject's name, email, or identifier — it is never requested or stored. A matter is characterized only by attributes such as matter type, business unit/department, and jurisdiction. As a result, the structured data in our database cannot, on its own, identify the individual a matter concerns.
- The full content of Slack conversations is not written to our database. Stored matter records keep only a channel ID and thread timestamp that link back to the thread in Slack.
- We do not collect personal financial information beyond a billing contact email address, and we do not collect information from outside the Counsltrac service.
This is an intentional design choice. The identifying details of a matter's underlying situation already exist in Slack, governed by your own security and access controls. By pointing back to the originating Slack thread instead of copying that content into a separate database, Counsltrac avoids creating a second store of personal data and privileged material — minimizing both data-privacy exposure and attorney-client privilege concerns. Note that the optional Opening Notes, Closing Notes, and reopen-reason fields (Section 2.2) are free-text; users are advised not to enter subject-identifying details there.
3. How We Use Your Information
We use the information we collect to:
- Provide, operate, and maintain the Counsltrac service inside Slack
- Enforce workspace-level data isolation and channel-based access (users only see matters from Slack channels they belong to)
- Power the AI-assisted features (see Section 4)
- Track AI query usage for rate-limiting and subscription purposes
- Diagnose errors and improve the service, and send service-related communications such as billing notices
We do not sell, rent, or share your information with third parties for marketing or advertising purposes.
4. Artificial Intelligence Features
Counsltrac includes AI-assisted features powered by Anthropic's Claude API. We want to be precise about what is sent, because the AI features rely on Slack conversation content — not only structured fields:
- Opening a matter: the text of the originating Slack message is sent to Claude to suggest matter fields and intake follow-up questions.
- Closing a matter: the full Slack thread (up to the most recent 200 messages) is sent to Claude to suggest the outcome, level of effort, outside-counsel flag, and estimated hours. This thread content can include privileged attorney-client discussion.
- Natural-language Q&A: your question, recent conversation history, and structured matter metadata are sent to Claude. The Opening Notes, Closing Notes, and reopen-reason fields are not included in these Q&A prompts.
Our safeguards for AI processing:
- Under Anthropic's commercial API terms, prompts and outputs are not used to train Anthropic's models.
- Zero Data Retention (intended): we intend to enter a Zero Data Retention agreement with Anthropic, under which inputs and outputs are not retained after each request is processed — so legal content shared with Claude is not stored by the AI provider. Until that agreement is in place, Anthropic's standard API retention applies.
- The AI features are read-only with respect to your data: the AI can never write, update, or delete matter records.
- AI query usage is tracked per workspace per month and enforced against your plan's limit before any AI request is made.
5. Logging and Diagnostics
Counsltrac generates structured, machine-readable logs for diagnostic purposes. These logs:
- Include a timestamp, workspace ID, user ID, and the action being performed
- Do not include the contents of the Opening Notes or Closing Notes fields, and do not include Slack message bodies
- Are accessible only to the Operator and, where required, the infrastructure providers that host the service
6. Data Sharing — Subprocessors
We share Customer Data only with the subprocessors listed in our Subprocessor Disclosure. Currently these are:
- Supabase, Inc. — database, authentication, and storage (publishes SOC 2 Type II, ISO 27001, HIPAA, GDPR)
- Anthropic, PBC — AI inference for the AI features (publishes ISO 27001, ISO 42001, SOC 2 Type II)
- Render Services, Inc. — hosting for the Slack bot process (compute only; not a data store)
Counsltrac itself does not hold any independent security or privacy certifications. The certifications above are held by these providers. The full Subprocessor Disclosure, including each provider's certifications and data-handling details, is published at our Subprocessor Disclosure page.
7. Data Security
We rely on the following measures:
- Encryption in transit (TLS) and at rest (AES-256), provided by Supabase
- Row Level Security enabled on database tables, with every query filtered by workspace ID so data cannot cross workspace boundaries
- Workspace ID is always derived from the authenticated Slack context and never trusted from client-supplied input
- Channel-based access control — users can only see matters from Slack channels they are a member of
- Administrative database access (the Supabase service role key) is restricted to the bot process and is never exposed to end users
8. Data Retention
We retain Customer Data according to a defined schedule: active matters are retained for as long as your account is active, and closed matters are retained for seven (7) years, consistent with standard recordkeeping practice for legal matters. If you terminate your subscription:
- Matter data and workspace data will be deleted within 30 days of account termination upon written request
- Once a Zero Data Retention agreement with Anthropic is in place, AI inputs and outputs are not retained by the AI provider; until then, Anthropic's standard API retention applies
- The text of an AI query is cleared within 24 hours of submission; the log record itself (workspace ID and timestamp only, with no question text) is kept for ninety (90) days to enforce the monthly usage limit, then deleted. Structured application logs are retained only as long as needed for diagnostics
9. Your Rights
Depending on your jurisdiction, you may have the right to access, correct, delete, or restrict processing of your personal data, and to data portability. To exercise any of these rights, contact us at privacy@counsltrac.com. We will respond within 30 days.
10. Changes to This Policy
We will notify customers of material changes to this Privacy Policy at least 14 days in advance via email. Continued use of the Service after the effective date of any change constitutes acceptance of the updated Policy.