Legal

Privacy Policy

Effective date: June 1, 2026 · Last updated: June 1, 2026

This Privacy Policy explains how Bearister, ("Bearister," "we," "us," or "our") collects, uses, and shares information in connection with our practice-management software, websites, and related services (the "Service").

1. Who this policy covers

This policy applies to three groups: visitors to our marketing site; customers and their authorized users who hold a Bearister account (typically law firms and their personnel); and the individuals whose information our customers choose to store in the Service.

An important distinction runs through this policy. For data we collect about our own customers and site visitors, Bearister acts as a controller. For the matter, client, document, and financial data that a customer firm uploads or generates inside the Service ("Customer Data"), the firm is the controller and Bearister acts as a processor or service provider that handles that data on the firm's behalf and under its instructions. Our handling of Customer Data is governed by the agreement between Bearister and the customer; where that agreement conflicts with this policy as to Customer Data, the agreement controls.

2. Information we collect

Information you provide

Account and profile information, such as name, firm name, email address, role, and credentials when you register or are invited to the Service.
Billing information. Subscription and payment details are processed by our payment processor; we receive limited records such as plan, status, and the last four digits of a card, not full card numbers.
Communications you send us, including support requests, feedback, and survey responses.
Customer Data that customers and their users input into the Service, which may include client and contact details, matter information, documents, time entries, invoices, and trust-account records.

Information collected automatically

Usage and log data, such as pages and features used, actions taken, timestamps, and referring pages.
Device and connection data, such as IP address, browser type, operating system, and device identifiers.
Cookies and similar technologies, as described in Section 9.

3. How we use information

We use information that we control to:

provide, operate, maintain, and secure the Service;
authenticate users and manage accounts;
process payments and administer subscriptions;
respond to requests and provide customer support;
understand usage and improve features, performance, and reliability;
detect, prevent, and respond to fraud, abuse, and security incidents;
send service and transactional messages, and, where permitted, product updates you can opt out of; and
comply with legal obligations and enforce our terms.

We process Customer Data only to provide and support the Service in accordance with our customer's instructions and the applicable agreement. We do not sell Customer Data, and we do not use it to train models or for our own marketing.

4. How we share information

We share information in the following limited circumstances:

Service providers and sub-processors that help us run the Service, such as cloud hosting, infrastructure, email delivery, analytics, and payment processing, under contracts that limit their use of the information.
Within a customer account. Customer Data is accessible to the authorized users and administrators of the customer's own account, as the customer configures.
Legal and safety reasons, when we believe disclosure is reasonably necessary to comply with law, legal process, or a government request, to enforce our agreements, or to protect the rights, property, or safety of any person.
Business transfers, in connection with a merger, acquisition, financing, or sale of assets, subject to this policy.

We do not sell personal information, and we do not share it for cross-context behavioral advertising.

5. Sub-processors

We engage a limited set of sub-processors to deliver the Service. As of the effective date we utilize: Netlify and Ngrok. We require sub-processors to protect information consistent with this policy and our customer agreements.

6. Data security

We maintain administrative, technical, and physical safeguards designed to protect information, including encryption in transit and at rest, access controls, and monitoring. No method of transmission or storage is completely secure, so we cannot guarantee absolute security. If we become aware of a breach affecting your information, we will notify you and any affected customers as required by applicable law and our agreements.

7. Data retention and deletion

We retain account and usage information for as long as your account is active and as needed to provide the Service, comply with legal obligations, resolve disputes, and enforce our agreements. Customer Data is retained according to the customer agreement; upon termination, customers may export their data during the window described in that agreement, after which we delete or de-identify it in the ordinary course, subject to backups and legal-retention requirements.

8. Your choices and rights

Depending on your location and role, you may have rights to access, correct, delete, or receive a copy of your personal information, and to object to or restrict certain processing. Residents of California and certain other states may have rights under laws such as the CCPA/CPRA, and individuals in the EEA or UK may have rights under the GDPR.

Where Bearister holds information as a controller, you can exercise these rights by contacting us at masvidal@gmail.com. Where the information is Customer Data, please direct your request to the customer firm that controls it; we will assist that firm in responding as required. We will not discriminate against you for exercising your rights.

9. Cookies and analytics

We use strictly necessary cookies to operate the Service and, where permitted, analytics cookies to understand and improve usage. You can control cookies through your browser settings, and where required we will request your consent and offer choices.

10. International data transfers

We are based in the United States and may process information in the United States and other countries. Where we transfer personal information across borders, we rely on appropriate safeguards such as standard contractual clauses where applicable. <

11. Children's privacy

The Service is intended for businesses and is not directed to children. We do not knowingly collect personal information from children under 18. If you believe a child has provided us information, please contact us so we can delete it.

12. Health information

The Service is not designed to be a repository for protected health information (PHI). If a customer's use involves PHI subject to HIPAA, that use requires a separate written agreement, including a Business Associate Agreement, before any PHI is placed in the Service.

13. Changes to this policy

We may update this policy from time to time. When we make material changes, we will update the date above and, where appropriate, provide additional notice. Your continued use of the Service after an update means you accept the revised policy.

14. Contact us

Questions about this policy or our privacy practices can be sent to masvidal@gmail.com.