Skip to main content
Coffee & Law

Privacy Policy

Last updated: January 2, 2026

AI Solutions for Lawyers ("Company", "we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Coffee & Law platform ("Platform", "Service").

This policy complies with the General Data Protection Regulation (GDPR) (EU) 2016/679 and other applicable data protection laws.

1. Data Controller

The data controller responsible for your personal data is:

AI Solutions for Lawyers
Email: support@ai-solutions-for-lawyers.com

For all data protection inquiries, you may contact us using the details above or by emailing our Data Protection contact directly.

2. Data We Collect

2.1 Personal Data Provided by Firm Administrators

When your law firm registers for and uses Coffee & Law, firm administrators may provide the following personal data about lawyers within the organization:

  • Name: First and last name of each lawyer
  • Email address: Professional email address for communication and login
  • Office location: The office or geographic location where the lawyer works
  • Practice group: The legal practice area or department
  • Seniority level: Professional rank or seniority within the firm

2.2 Account and Authentication Data

  • Login credentials (email and encrypted password)
  • Account settings and preferences
  • Authentication tokens and session data

2.3 Usage Data

We automatically collect certain information when you access the Platform:

  • IP address and device information
  • Browser type and version
  • Pages visited and features used
  • Date and time of access
  • Referring website or source

2.4 Coffee Roulette and Meeting Data

  • Matching history and pairing records
  • Meeting participation status
  • Network relationship data

3. Legal Basis for Processing

Under the GDPR, we process your personal data based on the following legal grounds:

3.1 Contract Performance (Article 6(1)(b) GDPR)

Processing is necessary for the performance of a contract to which you are a party. This includes processing required to:

  • Create and manage your account
  • Provide the coffee roulette matching service
  • Send meeting notifications and reminders
  • Process payments and maintain billing records

3.2 Legitimate Interests (Article 6(1)(f) GDPR)

Processing is necessary for our legitimate interests, including:

  • Improving and optimizing our Platform
  • Ensuring the security and integrity of our systems
  • Analyzing usage patterns to enhance user experience
  • Fraud prevention and abuse detection

3.3 Legal Obligation (Article 6(1)(c) GDPR)

Processing is necessary for compliance with legal obligations, such as tax and accounting requirements, or responding to lawful requests from authorities.

3.4 Consent (Article 6(1)(a) GDPR)

Where required, we obtain your consent for specific processing activities, such as sending marketing communications. You may withdraw consent at any time.

4. How We Use Your Data

We use the collected data for the following purposes:

4.1 Service Delivery

  • Operating and maintaining the Platform
  • Executing coffee roulette matches based on firm criteria
  • Sending meeting invitations and notifications
  • Providing network analytics and relationship insights

4.2 Account Management

  • Creating and managing user accounts
  • Authenticating users and maintaining security
  • Processing billing and payments
  • Communicating important service updates

4.3 Platform Improvement

  • Analyzing usage patterns and trends
  • Improving matching algorithms
  • Developing new features and functionality
  • Conducting research and analytics

4.4 Security and Compliance

  • Detecting and preventing fraud or abuse
  • Enforcing our Terms and Conditions
  • Complying with legal obligations
  • Responding to legal requests

5. Data Retention

5.1 Active Accounts

We retain personal data for as long as your account is active and as needed to provide the Service. Matching history and relationship data are retained to enable the matching algorithm to avoid repeat pairings and provide network insights.

5.2 After Account Termination

Upon account termination or deletion request, we will:

  • Delete or anonymize personal data within 30 days
  • Retain certain data as required by law (e.g., billing records for tax purposes) for up to 10 years
  • Maintain anonymized, aggregated data for analytics purposes indefinitely

5.3 Backup Retention

Data in backup systems may persist for up to 90 days after deletion from active systems, after which it is permanently removed.

6. Data Sharing and Third Parties

6.1 Service Providers

We share data with trusted third-party service providers who assist us in operating our Platform. These providers are contractually bound to protect your data and may only use it for the specific purposes we authorize:

  • Cloud Infrastructure: Hosting and data storage services (EU-based data centers)
  • Email Services: Delivery of transactional emails and notifications
  • Payment Processing: Secure handling of billing and payments
  • Analytics: Understanding Platform usage and performance

6.2 Data Processing Agreements

We maintain Data Processing Agreements (DPAs) with all third-party processors to ensure GDPR-compliant data handling.

6.3 Legal Requirements

We may disclose your data when required by law, legal process, or government request, or when we believe disclosure is necessary to:

  • Comply with applicable laws or regulations
  • Enforce our Terms and Conditions
  • Protect our rights, privacy, safety, or property
  • Respond to emergency situations

6.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your personal data may be transferred. We will notify you before your data becomes subject to a different privacy policy.

6.5 No Sale of Personal Data

We do not sell, rent, or trade your personal data to third parties for their marketing purposes.

7. International Data Transfers

Your personal data is stored and processed exclusively within the European Union. Our data centers are located in the EU and are SOC 2 Type II certified.

In the event that data transfer outside the EU becomes necessary, we will ensure appropriate safeguards are in place, such as:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Binding Corporate Rules for international group transfers
  • Certification under recognized frameworks

8. Your Rights Under GDPR

As a data subject, you have the following rights under the GDPR. To exercise any of these rights, please contact us at support@ai-solutions-for-lawyers.com.

8.1 Right of Access (Article 15)

You have the right to obtain confirmation as to whether we process your personal data and, if so, to request access to that data along with information about how it is processed.

8.2 Right to Rectification (Article 16)

You have the right to request correction of inaccurate personal data and to have incomplete data completed.

8.3 Right to Erasure (Article 17)

You have the right to request deletion of your personal data when:

  • The data is no longer necessary for its original purpose
  • You withdraw consent (where consent was the legal basis)
  • You object to processing and there are no overriding legitimate grounds
  • The data has been unlawfully processed
  • Legal obligation requires erasure

8.4 Right to Restriction of Processing (Article 18)

You have the right to request restriction of processing when:

  • You contest the accuracy of the data
  • Processing is unlawful but you oppose erasure
  • We no longer need the data but you require it for legal claims
  • You have objected to processing pending verification

8.5 Right to Data Portability (Article 20)

You have the right to receive your personal data in a structured, commonly used, machine-readable format and to transmit that data to another controller.

8.6 Right to Object (Article 21)

You have the right to object to processing based on legitimate interests or for direct marketing purposes. We will cease processing unless we can demonstrate compelling legitimate grounds.

8.7 Right to Withdraw Consent

Where processing is based on consent, you have the right to withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing prior to withdrawal.

8.8 Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority, particularly in the EU Member State of your residence, place of work, or place of the alleged infringement.

8.9 Response Time

We will respond to valid requests within one month. This period may be extended by two additional months for complex requests, in which case we will inform you of the extension.

9. Cookies and Tracking Technologies

9.1 Types of Cookies We Use

Essential Cookies

These cookies are necessary for the Platform to function properly. They enable core functionality such as authentication, session management, and security features. These cookies cannot be disabled.

Functional Cookies

These cookies remember your preferences and settings to provide enhanced functionality and personalization.

Analytics Cookies

These cookies help us understand how visitors interact with the Platform by collecting and reporting information anonymously.

9.2 Cookie Management

You can control cookies through your browser settings. However, disabling certain cookies may affect the functionality of the Platform. For more information on managing cookies, visit your browser's help documentation.

9.3 Do Not Track

Our Platform does not currently respond to "Do Not Track" signals. However, you can opt out of certain tracking through cookie management.

10. Security Measures

10.1 Technical Safeguards

We implement comprehensive technical security measures, including:

  • Encryption: All data is encrypted in transit (TLS 1.3) and at rest (AES-256)
  • Access Controls: Role-based access controls and multi-factor authentication
  • Network Security: Firewalls, intrusion detection, and DDoS protection
  • Regular Audits: Security assessments and penetration testing

10.2 Organizational Safeguards

  • Employee security training and awareness programs
  • Background checks for personnel with data access
  • Strict confidentiality obligations for all staff
  • Incident response and data breach procedures

10.3 Certifications

Our data centers are SOC 2 Type II certified, demonstrating our commitment to security, availability, processing integrity, confidentiality, and privacy.

10.4 Data Breach Notification

In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the appropriate supervisory authority within 72 hours and notify affected individuals without undue delay.

11. Children's Privacy

Our Platform is designed for professional use by law firms and is not intended for children under 16 years of age. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child, we will take steps to delete it.

12. Updates to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on the Platform and updating the "Last updated" date. We encourage you to review this policy periodically.

For significant changes that affect how we process your data, we will provide additional notice, such as email notification to firm administrators.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

AI Solutions for Lawyers
Email: support@ai-solutions-for-lawyers.com

For data protection inquiries or to exercise your rights, please include "Data Protection Request" in your email subject line.

Related documents: Terms and Conditions | Imprint