Security Policy

Updated: 02/01/2022

This overview covers the security measures put in place for our current product offerings. We outline the controls in place to secure our users' data.

VisaPortals

Our Client Portals apply databases to allow you (the user) to store end user data in client portals, where you control exactly what data is being stored.

For databases, we employ industry-standard security measures similar to those used by companies like Dropbox and Google.

‍‍Storing Data

Your data is stored using Amazon Web Services (AWS). AWS infrastructure is designed to meet the requirements of the most security-sensitive organizations in the world. AWS data centers are managed in accordance with leading data security standards, including SOC 1 - 3, PCI DSS Level 1, and ISO 9001 / ISO 27001.

‍

Webhook Security

Webhooks allow you to send data from your app to an outside database (or other web apps). Visalaw.AI apps can send these requests over Hypertext Transfer Protocol Secure (HTTPS), which means data is encrypted in transfer.

‍

Payment Processing

Visalaw.AI complies with the Payment Card Industry’s Data Security Standards and can therefore accept or process credit card information securely. Visalaw.ai certifies this compliance annually.

Personnel

Visalaw.AI is committed to conducting background screening at the time of hiring any new employees (to the extent permitted or facilitated by applicable laws and countries). In addition, Visalaw.AI communicates its policies to personnel and requires new employees to sign non-disclosure agreements.

Encryption

Any data your app collects is encrypted in transit from the end-user's machine to our servers via Transport Layer Security (TLS). All data stored by Visalaw.AI is also encrypted at rest.

‍

Breach Notification

No provider of web-based services, including Visalaw.AI, can guarantee perfect security of its data or systems. If Visalaw.AI learns of a security breach, we will promptly notify affected users so that they can take appropriate protective steps. This notification will be in accordance with state, federal, and local guidelines.

Backups

Visalaw.AI’s databases are backed up daily.

Your Responsibilities

Keeping your data secure also requires that you maintain the security of your account by using sufficiently complicated passwords and storing them safely. You should also ensure that you have sufficient security on your own systems.

Logging and Monitoring

Application and infrastructure systems log information to a centrally managed log repository for troubleshooting, security reviews, and analysis by authorized Visalaw.AI personnel. We will provide users with reasonable assistance and access to logs in the event of a security incident impacting their account.

II. INFORMATION WE COLLECT

Web bot/ Client Portal Data: We may store data about and collected by your web bots or client portals.

Contact data: We may store names, emails, phone numbers, and similar types of data that you submit to us through website contact forms or online tickets or via email or mail.

Usage information: We may collect usage information about you whenever you interact with our websites and services. This includes which web pages you visit, what you click on, when you perform those actions, what language preference you have, what you buy and so on.

Device and browser data: We may collect information from the device and application you use to access our services. Device data mainly means your IP address, operating system version, device type, device ID/MAC address, system and performance information, and browser type. If you are on a mobile device, we also collect the UUID for that device.

Information from Cookies: We may use first-party and third-party cookies as described in our Cookies Policy.

Log Data: Our web servers may keep log files that record data each time a device accesses those servers. The log files contain data about the nature of each access, including originating IP addresses, internet service providers, the files viewed on our site (e.g., HTML pages, graphics, etc.), operating system versions, device type and timestamps.

Information from third parties and integration partners: We may collect your personal information from third parties where, for example, you give permission to those third parties to share your information with us or where you have made that information publicly available online.

Billing information: If you make a payment to Visalaw.AI or via a web bot, client portal, or other service, we may collect billing details like your name, email address, and financial information depending on the third party payment processor being utilized.

Account information: You need an account before you can use some Visalaw.AI services. When you register for an account, we collect your username, password and email address.

III. USAGE OF COLLECTED INFORMATION

We process personal data about you either with your consent or in order to fulfill our contractual responsibility to deliver Services and perform the Websites and to pursue our legitimate interests of improving the Services and Websites. We have practices to help ensure that we limit these uses so that your privacy is respected and only the information related to achieving these legitimate aims is used.

A. Users

Contact Information: We use contact information to respond to your inquiries, send you information as part of the services, and send you marketing information (for as long as you do not opt-out). You can opt out of marketing communications at any time by clicking on the “unsubscribe” link in them.

Reports: We may store data you input into forms or via reports on our Websites in order to perform the service (for example, add users to newsletters or waitlists).

Information from Cookies: We use first-party and third-party cookies as described in our Cookies Policy.

How you use our services: We use information about how you use our services to improve our services for you and all users. We may collect information about the types of subscriptions you purchase, and your account transactional behavior to help us improve the Services and Website.

Device and browser data: We use device data (including IP address) both to troubleshoot problems with our service and to make improvements to it.

Log data: We use log data for a range of business purposes, including to monitor abuse and troubleshoot, to create new services, features, content or make recommendations, to track behavior at the aggregate/anonymous level to identify and understand trends in the various interactions with our services, and to fix bugs and troubleshoot product functionality.

Third parties and integrations: We use information from third parties and integration partners, where applicable to one of our services to ensure you can use our service in conjunction with other services.

Manage internal services: To manage our services we will also internally use your information and data to enforce our agreements where applicable, to prevent potentially illegal activities, and to screen for and prevent undesirable or abusive activity.

Legal uses: To respond to legal requests or prevent fraud, we may need to use and disclose information or data we hold about you. If we receive a subpoena or other legal request, we may need to inspect the data we hold to determine how to respond.

Account Information: We need to use your account information to run your account, provide you with services, bill you for our services, provide you with customer support, and contact you about your service or account. We occasionally send you communications of a transactional nature (e.g. service-related announcements, billing-related matters, changes to our services or policies, a welcome email when you first register). You cannot opt out of these communications since they are required to provide our services to you.

Your Enduser Data: We will only use Enduser data to provide the Services. We do not sell Enduser data, nor do we identify or contact Endusers except on your request or where required by law.

B. Endusers

Users own, and are data controllers of, Enduser data. Depending on how the User chooses to use the software, Enduser Data may include personal data or personal information. To the extent that Visalaw.AI processes User Data, we do so as a data processor on behalf of Users.

Web bot / Client Portal Data: We may store data about and collected by web bots or client portals in order to render that data to Users and perform the service (for example, generate reports like PDFs or Word documents with the inputted data).

Information from Cookies: We utilize cookies in apps and client portals that Endusers access strictly to ensure the proper functioning and security of the Service. For more information please see our Cookies Policy.

Device and browser data: We use device data (including IP address) both to troubleshoot problems with our service and to make improvements to it.

Logs: We use log data for a range of business purposes, including to monitor abuse and troubleshoot, to create new services, features, or content, to track behavior at the aggregate/anonymous level to identify and understand trends in the various interactions with our services, and to fix bugs and troubleshoot product functionality.

Third parties and integrations: We collect and use information from third parties and integration partners, where applicable to facilitate Users in making apps and client portals available to you as an Enduser.

C. Website Visitors

Form/Newsletter Submissions: We may store data you submit via web form in order to render services such as newsletter sign-ups or follow-up emails.

Information from Cookies: We use first-party and third-party cookies as described in our Cookies Policy.

How you use our services: We use information about how you use our services to improve our services for you and all users. For example, we may collect information about what webpages you visited so we understand what services are the most useful.

Device and browser data: We use device data (including IP address) both to troubleshoot problems with our service and to make improvements to it.

Referral information: We use referral information to track the success of our integrations and referral processes.

Manage internal services: To manage our services we will also internally use your information and data to enforce our agreements where applicable. to prevent potentially illegal activities, and to screen for and prevent undesirable or abusive activity.

D. Prohibition on Selling Data (California Privacy Notice)

Visalaw.AI does not sell (nor have we ever sold) the data we process.

IV. INFORMATION YOU SHARE

Some of our Services let you share information with others. Depending on how you elect to share your information, it may be indexed by search engines.

V. INFORMATION WE SHARE

We do not share your information or data with third parties outside Visalaw.AI except in limited circumstances.

To provide certain aspects of our services, we rely on integrations or technology services offered by third parties. We enter into agreements with these third parties to ensure they meet standards for confidentiality, privacy, and security. For example, we rely on third-party services to: send transactional emails; send marketing emails (e.g. our newsletter); send transactional text messages; store data; track engagement on our website; facilitate real-time customer support chat; and process payments.

We also share your information or data if you choose to use an integration in conjunction with Visalaw.AI services, to the extent necessary to facilitate that use. We also may have to share information or data in order to: meet any applicable law, regulation, legal process or enforceable governmental request; enforce applicable policies, including investigation of potential violations; detect, prevent, or otherwise address fraud, security or technical issues; protect against harm to the rights, property or safety of our users, the public or to Visalaw.AI and/or as required or permitted by law; and facilitate a sale, merger or change in control of all or any part of our company or business or in preparation for any of these events.

VI. SUBPROCESSORS

Where we use any third parties to assist us in delivering our services and they process your data as part of that service, they are considered subprocessors. Currently we utilize the following subprocessors:

· Amazon Web Services. Cloud hosting.

· AfterPattern. Portal infrastructure.

· Google. Business analytics.

· Calendly. Appointment Scheduling

· Mailchimp. Email newsletter.

· Webflow. Website and web forms.

· Stripe. Payment processing.

If you are an existing Visalaw.AI User and need to be notified when additional Subprocessors are used to provide Services, please notify our team at [email protected]

VII. COOKIES

We use first- and third-party cookies and similar technologies on our websites. For more information about cookies, how we use them, and how you can manage them see our Cookies Policy.

VIII. SECURITY PRACTICES

For more about our security practices, please see our Security Overview page.

IX. DATA RETENTION

If you hold an account with Visalaw.AI, we do not delete the data in your account that you choose to store. You must make the decision to delete your data and have full control over that. If you are a Website Visitor who submitted data to a User or an Enduser of an app or client portal, you will need to ask the User how long your responses will be stored in Visalaw.AI services.

X. SAFETY OF MINORS

The websites and services are not intended for and may not be used by minors. “Minors” are individuals under the age of 13 or under a higher age if permitted by the laws of their residence. Visalaw.AI does not knowingly collect personal data from minors or let them create accounts and reserve the right to delete data we reasonably believe is the personal data of minors without notice. If you believe our Services have been used to collect the personal data of a minor, please contact us at [email protected]

XI. PRIVACY POLICY UPDATES

We may make changes to this Privacy Policy from time to time. In circumstances where a change will materially change the way in which we collect or use your personal information or data, we will send a notice of this change to all of our account holders.

XII. MARKETING

You can opt-out from direct marketing in all direct marketing emails.

XIII. YOUR RIGHTS

You may wish to exercise a right to obtain information about yourself or to correct, update or delete that information. These rights may be subject to some exceptions or limitations in local law or based on your location or the services being used (e.g. the Lawyer Referral/Directory Portals, which are available only to United States visitors and users). We will take reasonable steps to verify your identity and we will respond to your request to exercise these rights within a reasonable time subject to the below for specific categories of person.

A. Rights Under Privacy Laws

In accordance with applicable privacy law, User and Enduser of the App Platform, Apps, and/or Client Portal Services have the following rights in respect to your personal information that we hold:

Rights of access and portability: The right to obtain access to your personal information and get a copy of this information.

Right to rectification: The right to obtain rectification of your personal information when you want it updated or corrected.

Right to erasure: The right to obtain the deletion of your personal information without undue delay in certain circumstances, such as where the personal information is no longer necessary in relation to the purposes for which it was collected or processed.

Right to restriction: The right to have your personal information stop being used in certain cases, including if you believe that the personal information about you is incorrect or the use is unlawful.

Right to object: The right to object, on grounds relating to your particular situation, to the processing of your personal information, and to object to the processing of your personal information for direct marketing purposes, to the extent it is related to such direct marketing.

Right to non-discrimination: The right to non-discrimination for exercising your rights as outlined in this policy. This includes, but is not limited to, denying you goods or services, charging you different prices for similar services, or providing a different level or quality of service.

B. Exercising Your Rights and Fulfilling Your Responsibilities

i. Users

Users can view, edit, delete, and download some of your data directly in your account, or you can contact us to exercise your rights. Specifically:

You can use your account to update your username, password, and billing details.

You can use the unsubscribe link in our newsletter emails to opt out of their receipt at any time.

You can follow the instructions in our Cookies Policy to manage or clear your cookies.

You can delete your account and exercise your right to be forgotten by contacting us at [email protected]

Regardless of whether a User is inside or outside of the European Union, you may be required to respond to requests from people who ask to exercise their rights as well (e.g. delete, update, or obtain a copy of data). In addition, Users are responsible for ensuring the apps and the client portals they give Endusers access to comply with privacy laws.

ii. Endusers

If you are an Enduser with a request related to exercising your rights under privacy laws, we recommend you contact the User who gave you access to the app and/or client portal. The User owns and controls your data, and is responsible for editing, deleting, or giving you a copy of it. If you're unable to get in touch with the User, contact us with the following: link to app and/or client portal to which the User gave you access, date and time you accessed the app and/or client portal, your name and email address. We will attempt to use this information to put you in contact with the User who controls the data.

iii. Website Visitors

A website visitor can be anyone who visits a Visalaw.AI webpage. Such visitors can manage data stored about them as described in more detail in our Cookies Policy (if applicable).

C. Contacting Us About Your Rights

If you have communicated with Visalaw.AI via email or other channels not listed, and you want to exercise your rights, contact us at [email protected] We may ask you to verify your identity and for info about the communications you received so we can complete your request.

If you wish to exercise one of these rights and want more information on how to do so, please contact us at [email protected] Upon request and if applicable, we will provide you with information about whether we hold any of your personal information. We will respond to your request within 30 days.

‍