Law Dog AI

Security and Data Handling

Back to app

Law Dog AI - Security and Data Handling

Last Updated: March 4, 2026

This page summarizes how Law Dog AI (DocuDash Inc.) handles data and the safeguards we use.

1) What we store

Conversations

  • We store conversation text (messages and conversation items) in our primary database to provide the Service.

Uploaded documents

  • We store file metadata (e.g., filename/title and related identifiers) in our database.
  • File contents are uploaded to our AI infrastructure provider's file/vector store system to enable file search, unless a feature is disabled.

Logs

  • Operational logs may include filenames and document titles and technical diagnostics.
  • Log retention: up to 90 days.

2) What we do NOT do

  • We do not use your content to train or fine-tune machine learning models.
  • We configure our primary AI provider not to use your content for training.
  • We do not use a separate OCR-only subprocessor.

3) Where data is processed

  • Primary database hosting is on Neon-managed PostgreSQL (United States).
  • AI processing and file/vector search are performed by our primary AI infrastructure provider.
  • Application hosting and upload blob/object storage are provided via Vercel.

4) Optional third-party features

Certain features are optional and, when enabled, send data to third parties:

  • OCR via our primary AI infrastructure provider (when enabled)
  • Citation checks/search (CourtListener)

If you do not want a feature to send data to a third party, keep it disabled.

5) Retention and deletion

  • Default conversation retention target: up to 90 days, unless you delete sooner.
  • If you delete a conversation, we delete it from your account and primary systems and delete associated AI file/vector assets used for that conversation as part of the deletion process.
  • Residual copies may persist briefly in backups or third-party systems consistent with their retention practices.

6) Security safeguards (high level)

  • TLS encryption in transit
  • Encryption at rest for stored data (including infrastructure-provider managed encryption controls)
  • Network controls (firewalls and restricted database access paths)
  • Secure session cookies (secure/HttpOnly in production) and session timeouts
  • Restricted administrative access (limited to the service owner)
  • Request rate limiting and concurrency controls on key API routes

7) Contact

Security questions or incident reporting: logan.lathrop@yahoo.com