Privacy

Privacy Policy

Last updated: June 1, 2026

Legacy Doc HQ ("we," "us," "the platform") is a product of Midly Labs Inc. We provide estate planning document drafting tools to licensed Georgia attorneys (each, an "Attorney User") and a client portal experience to their clients (each, a "Client User"). This Privacy Policy explains what we collect, why, who we share it with, and how you control it.

We are a processor of client data on behalf of Attorney Users. The Attorney is the controller of their client information and is responsible for confidentiality obligations under their state bar's rules of professional conduct. We are committed to handling all data in a way that supports each Attorney's ability to comply with those obligations.

1. Information we collect

From Attorney Users

• Account info: name, email, phone, mailing address, law practice name, state bar number, year licensed, state of licensure.
• Verification info: bar membership status (verified during the 10-day trial via manual or automated check against State Bar of Georgia records).
• Billing info: Stripe customer ID, subscription tier, payment status. Card numbers are tokenized by Stripe — we never see or store them.
• Authentication info: Clerk user ID, session tokens.
• Optional uploads: firm letterhead, signature image, profile photo.
• Usage data: dashboard activity, documents generated, intakes sent, login timestamps.

From Client Users (collected on behalf of the Attorney)

• Intake form responses: personal identity (name, DOB, address, phone), family structure (spouse, children, beneficiaries), financial picture (estate value tier, real estate, business ownership, digital assets), end-of-life preferences (healthcare agents, life-support wishes, organ donation, burial), executor and trustee preferences, prior estate planning history.
• Vault content: documents the Attorney shares to the Client's portal, files the Client uploads (signed copies, third-party documents).
• Family invites: contact info for invited spouses, executors, or heirs and the access level the Client grants them.
• Legal review requests: the document and question submitted, payment via Stripe, and the Attorney's written response.

2. How we use the information

• To draft Georgia-compliant estate planning documents based on the Client's intake.
• To send transactional notifications (intake invites, document-ready alerts, signature requests, completed reviews).
• To bill the Attorney's subscription via Stripe and route paid legal-review revenue via Stripe Connect.
• To verify bar membership during the 10-day trial.
• To improve the product. We do not train AI models on Client User data. Plain-English summaries are generated per-document on demand and are not retained as training inputs.

3. Sub-processors we share data with

We use the following third-party services to operate the platform. Each is bound by their own terms and contractual data-handling commitments. By using Legacy Doc HQ, you consent to the necessary data sharing with these sub-processors.

• Neon — Postgres database hosting (US East). All structured user data lives here.
• Vercel — application hosting + Vercel Blob (private file storage for Client uploads).
• Stripe — payment processing for Attorney subscriptions and Stripe Connect for paid legal review payouts. Tokenized card data; we never see PAN.
• Clerk — authentication. Email, password (if used), Google OAuth tokens.
• Postmark — transactional email delivery.
• Anthropic — AI-generated plain-English document summaries. Document content is sent to Anthropic for the duration of the summary call only. Anthropic does not retain or train on submitted content under their zero-data-retention API terms.

4. Confidentiality and attorney-client privilege

Communications between an Attorney User and their Client User on this platform may be subject to attorney-client privilege under applicable state law. The platform is structured to support — not undermine — privilege:

• Client intake data and generated documents are visible only to the Attorney who owns the relationship.
• Client Users can selectively share documents with family members; the Attorney does not see the Client's family-invite list.
• Our staff does not access Client documents except for security incident response or legal compulsion.
• Sub-processors handle data on a confidential basis under their service agreements.

5. Security

• All connections use TLS 1.2+ (HTTPS).
• Data at rest in Neon and Vercel Blob is encrypted.
• Vercel Blob storage is configured private — files are not accessible via public URLs; signed proxy requests are required.
• Authentication is delegated to Clerk; multi-factor authentication is available on Attorney accounts.
• Stripe handles all card data — we are not in PCI scope.

6. Data retention

• While your account is active, we retain your data so the platform can function.
• If an Attorney cancels: their account remains read-only for 30 days, then archived. They may request a full data export (Word documents + intake data) at any time before deletion.
• If a Client requests vault closure: the Attorney is notified and can re-provision; the Client's portal session ends. Documents drafted by the Attorney remain in the Attorney's records per their professional retention obligations.

7. Your rights

Depending on where you live, you may have legal rights to:

• Request a copy of the personal data we hold about you.
• Request correction of inaccurate data.
• Request deletion of your data (subject to the Attorney's professional retention obligations).
• Object to processing or restrict how we use your data.
• (California residents) Opt out of any sale or sharing of personal information. We do not sell or share for cross-context behavioral advertising.

To exercise these rights, email patience@legacydochq.com. We respond within 30 days.

8. Cookies and analytics

We use functional cookies for authentication (Clerk and our legacy session cookie). We do not use third-party advertising or marketing cookies. Basic analytics (anonymized page views) help us understand product usage; this does not include any personally identifiable information.

9. Children's data

Legacy Doc HQ is not directed to children under 13, and we do not knowingly collect their data. If we discover such data, we delete it.

10. Changes to this policy

We'll post any updates to this page and update the "Last updated" date. Material changes will be announced by email to Attorney Users at least 14 days before they take effect.

11. Contact

Legacy Doc HQ (a product of Midly Labs Inc.)
patience@legacydochq.com

This Privacy Policy is provided as a working framework. Specific obligations under the State Bar of Georgia's Rules of Professional Conduct, the Georgia Uniform Probate Code (OCGA Title 53), and any applicable federal privacy law (HIPAA, where applicable to healthcare directives) take precedence where they impose stricter standards than what is described here.