MatterMind Privacy Policy
1. Introduction
MatterMind ("we," "us," or "our") is committed to protecting your privacy and complying with applicable privacy laws, including:
- The Personal Information Protection Act (Alberta) ("PIPA")
- The Personal Information Protection and Electronic Documents Act (Canada) ("PIPEDA")
- Other applicable provincial and federal privacy legislation
This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use our software platform and services (the "Service").
By using the Service, you consent to the collection, use, and disclosure of your personal information as described in this Privacy Policy.
2. Definitions
- "Personal Information" means information about an identifiable individual, including but not limited to name, email address, phone number, billing information, and professional credentials.
- "User Data" means all data, including personal information, that you input or integrate with the Service, including client matter data and practice management information.
- "We," "us," or "our" refers to MatterMind.
- "You" or "your" refers to the individual or entity using the Service.
3. Information We Collect
3.1 Information You Provide
We collect personal information that you voluntarily provide when you:
a) Register an Account:
- Name (first and last)
- Email address
- Password (encrypted)
- Law firm name
- Professional role (lawyer, staff, etc.)
b) Subscribe to a Paid Plan:
- Payment information (credit card details, processed by Stripe)
- Billing address
- Tax identification (if applicable)
c) Use the Service:
- Matter data from your Clio integration
- Custom boards, tasks, and notes you create
- Work Planner preferences and settings
d) Contact Us:
- Support inquiries and correspondence
- Feedback and survey responses
3.2 Information Collected Automatically
When you use the Service, we automatically collect:
a) Usage Information:
- Pages visited and features used
- Time spent on the Service
- Clickstream data
- Actions performed (e.g., syncing data, creating boards)
b) Device and Browser Information:
- IP address
- Browser type and version
- Operating system
- Device identifiers
- Screen resolution
c) Cookies and Tracking Technologies:
- Session cookies (required for login)
- Preference cookies (optional, for settings)
- Analytics cookies (optional, for usage analysis)
See Section 9 for more information on cookies.
3.3 Information from Third-Party Services
When you integrate with Clio, we collect:
- Matter data (client names, case details, deadlines)
- Activity data (time entries, billable amounts)
- User profile information from Clio
- OAuth tokens (encrypted)
You control what data is synced from Clio through your integration settings.
4. How We Use Your Information
We use your personal information for the following purposes:
4.1 To Provide and Improve the Service
- Create and manage your account
- Process payments and subscriptions
- Sync and display data from Clio
- Provide workflow visualization, KPI tracking, and analytics
- Respond to your support requests
- Send service-related notifications (e.g., trial expiration, billing issues)
4.2 To Personalize Your Experience
- Remember your preferences and settings
- Customize dashboard layouts and features
- Provide relevant recommendations
4.3 To Communicate With You
- Send account and subscription updates
- Notify you of new features or service changes
- Respond to inquiries and provide customer support
- Send marketing communications (with your consent)
4.4 To Ensure Security and Compliance
- Detect and prevent fraud, abuse, and security incidents
- Enforce our Terms of Service
- Comply with legal obligations and law enforcement requests
- Conduct audits and investigations
4.5 To Analyze and Improve
- Analyze usage patterns and Service performance
- Conduct research and develop new features
- Generate aggregated, anonymized statistics
Note: We do not sell your personal information to third parties.
5. Legal Basis for Processing (PIPEDA Compliance)
Under PIPEDA, we process your personal information based on:
- Consent: You provide express or implied consent when registering and using the Service
- Contractual Necessity: Processing is necessary to fulfill our Terms of Service and provide the Service
- Legitimate Interests: Processing is necessary for our legitimate business interests (e.g., fraud prevention, service improvement)
- Legal Obligations: Processing is required to comply with applicable laws
You may withdraw consent at any time, subject to legal or contractual restrictions.
6. How We Share Your Information
We do not sell, rent, or trade your personal information. We share information only in the following limited circumstances:
6.1 Service Providers
We engage trusted third-party service providers to perform functions on our behalf, including:
| Service Provider | Purpose | Data Shared |
|---|---|---|
| Stripe, Inc. | Payment processing | Name, email, billing address, payment method |
| Clio (Themis Solutions Inc.) | Practice management integration | OAuth tokens, sync requests |
| Amazon Web Services (AWS) (or similar) | Cloud hosting and data storage | All User Data (encrypted) |
| Email Service Provider (e.g., SendGrid) | Transactional emails | Email address, name |
All service providers are contractually required to:
- Use personal information only for specified purposes
- Implement appropriate security measures
- Comply with applicable privacy laws
6.2 Business Transfers
If MatterMind is involved in a merger, acquisition, or sale of assets, your personal information may be transferred to the acquiring entity. We will notify you via email or prominent notice on our website before your information is transferred and becomes subject to a different privacy policy.
6.3 Legal Requirements
We may disclose personal information if required by law, including:
- In response to a subpoena, court order, or legal process
- To comply with tax, regulatory, or reporting obligations
- To protect our rights, property, or safety, or that of users or the public
- To investigate fraud, security incidents, or violations of our Terms of Service
6.4 With Your Consent
We may share personal information for other purposes with your explicit consent.
7. Data Retention
We retain your personal information for as long as necessary to:
- Provide the Service during your active subscription
- Comply with legal, tax, and accounting obligations (typically 7 years under Alberta law)
- Resolve disputes and enforce our agreements
Account Data Retention:
- Active Accounts: Retained for the duration of your subscription
- Cancelled Accounts: Retained for 30 days after cancellation, then deleted
- Backups: May be retained for up to 90 days for disaster recovery purposes
You may request early deletion of your data (see Section 11).
8. Data Security
We implement commercially reasonable administrative, technical, and physical safeguards to protect your personal information, including:
Technical Measures:
- Encryption in transit (TLS/SSL)
- Encryption at rest for sensitive data
- Secure password hashing (bcrypt)
- Firewalls and intrusion detection systems
Administrative Measures:
- Access controls and role-based permissions
- Employee training on data protection
- Regular security audits and vulnerability assessments
Physical Measures:
- Secure data center facilities (via cloud provider)
- Environmental controls and redundancy
However, no system is completely secure. You acknowledge that:
- Internet transmission is never 100% secure
- Unauthorized access, hardware failure, or other factors may compromise security
- You are responsible for maintaining the confidentiality of your login credentials
9. Cookies and Tracking Technologies
9.1 Types of Cookies We Use
| Cookie Type | Purpose | Duration |
|---|---|---|
| Essential Cookies | Required for login and core functionality | Session |
| Preference Cookies | Remember your settings (e.g., dashboard layout) | 1 year |
| Analytics Cookies | Track usage patterns (optional) | 2 years |
9.2 Managing Cookies
You can control cookies through your browser settings:
- Accept All Cookies: Full Service functionality
- Block Third-Party Cookies: Analytics may be affected
- Block All Cookies: Some Service features may not work
9.3 Do Not Track
We do not currently respond to "Do Not Track" signals because there is no industry standard for compliance.
10. Third-Party Links
The Service may contain links to third-party websites (e.g., Clio). We are not responsible for the privacy practices or content of such websites. We encourage you to review the privacy policies of any third-party sites you visit.
11. Your Privacy Rights
Under PIPA and PIPEDA, you have the following rights regarding your personal information:
11.1 Right to Access
You may request a copy of the personal information we hold about you. We will provide this information in a commonly used format within 30 days of your request.
11.2 Right to Correction
If you believe your personal information is inaccurate or incomplete, you may request corrections. We will update your information promptly upon verification.
11.3 Right to Withdraw Consent
You may withdraw consent to the collection, use, or disclosure of your personal information at any time, subject to:
- Contractual obligations (we may not be able to provide the Service)
- Legal or business requirements (e.g., record-keeping for tax purposes)
11.4 Right to Data Portability
You may export your User Data at any time through the Service's export features.
11.5 Right to Deletion
You may request deletion of your personal information. We will comply unless:
- Retention is required by law
- Retention is necessary to complete transactions or resolve disputes
- Data is contained in backups (which are automatically deleted per our retention schedule)
11.6 Right to Lodge a Complaint
If you believe we have violated your privacy rights, you may file a complaint with:
Office of the Information and Privacy Commissioner of Alberta
Phone: 1-888-878-4044 (toll-free in Alberta)
Office of the Privacy Commissioner of Canada
Phone: 1-800-282-1376 (toll-free in Canada)
11.7 How to Exercise Your Rights
To exercise any of these rights, contact us at:
- Email: privacy@mattermind.io
- Subject Line: "Privacy Rights Request"
Include:
- Your full name
- Account email address
- Specific request (access, correction, deletion, etc.)
- Verification information (we may ask for additional proof of identity)
We will respond within 30 days. There is no fee for the first request; we may charge a reasonable fee for subsequent or excessive requests.
12. Children's Privacy
The Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that a child has provided personal information, we will delete it promptly.
If you believe a child has provided information to us, please contact us at privacy@mattermind.io.
13. International Data Transfers
Your personal information may be stored and processed in Canada or other jurisdictions where our service providers operate. These jurisdictions may have data protection laws that differ from Alberta or Canadian laws.
When transferring data internationally, we ensure:
- Service providers comply with applicable privacy laws
- Adequate safeguards are in place (e.g., contractual protections)
- Transfers comply with PIPEDA requirements
By using the Service, you consent to the transfer of your information to these jurisdictions.
14. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect:
- Changes in privacy laws
- New features or services
- Changes in our data practices
We will notify you of material changes by:
- Posting the updated Privacy Policy on our website
- Updating the "Last Updated" date at the top
- Sending an email notification (for significant changes)
Continued use of the Service after changes constitutes acceptance of the updated Privacy Policy.
15. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact:
MatterMind Privacy Officer
Email: privacy@mattermind.io
Website: https://www.mattermind.io
For general inquiries:
Email: support@mattermind.io
16. Accountability
MatterMind designates a Privacy Officer responsible for:
- Ensuring compliance with this Privacy Policy
- Responding to privacy inquiries and complaints
- Conducting privacy impact assessments
- Training staff on privacy obligations
We are committed to maintaining the confidentiality, integrity, and security of your personal information in accordance with PIPA, PIPEDA, and best practices.
By using MatterMind, you acknowledge that you have read, understood, and agree to this Privacy Policy.