Privacy Policy
Effective [EFFECTIVE_DATE] · Reeve is operated by [ENTITY]
This policy explains what we collect, what we deliberately do not collect, and the choices you have. It covers both this website and the Reeve application used by law firms (“the Service”).
What we collect
Website visitors. If you request a demo we collect what you type into the form: name, firm, email, firm size, current practice software, and your message. We use it to respond to you. This site sets no advertising or cross-site tracking cookies.
Firm accounts. Name, work email, role, hashed password (bcrypt), and optional two-factor secrets for each user a firm creates.
Firm records. Client and matter names, billing rates, and contact email addresses synced from the firm’s practice-management system — used to match work to matters.
Generated billing records. The Service’s output: draft time entries (date, matter, activity type, duration, a generated description, rate, status) plus review history and an audit log of actions taken.
Source pointers, not content. Each entry stores a reference (for example a Gmail message ID) to the item that produced it. The item itself stays where it always was — in the firm’s own systems.
What we process but do not store
To classify an activity, the Service reads the content of an email, a calendar event, or a document’s file name in memory, transiently — seconds, not minutes. Content is never written to our database, logs, files, or error reports, and an automated scanner verifies this continuously. Document contents are never read at all: on Google Drive the permission we request makes that impossible; on OneDrive it is enforced in our code (see our Security page).
Google user data (Google API Services User Data Policy)
Reeve’s use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:
- We access Gmail messages (read-only), Google Calendar events (read-only), and Google Drive file metadata (read-only) solely to provide the user-facing features described here: detecting billable work and drafting time entries for attorney review.
- We use this data only to provide those features. We do not use it for advertising of any kind, and we do not sell it.
- We do not transfer Google user data to third parties except: to our processors as necessary to provide these features (see “Who else touches the data”), for security purposes, or to comply with applicable law.
- No humans at [ENTITY] read this data except with the firm’s explicit permission (for example, a support request), where necessary for security or abuse investigation, or where required by law.
- Google account connections can be revoked at any time in the app or from your Google Account permissions page; revocation is immediate.
Microsoft data
Outlook mail, calendar, and OneDrive metadata connected through Microsoft 365 receive identical handling to the Google data described above: read-only access, transient processing, no stored content, instant revocation.
AI processing
Message text is sent to Anthropic’s commercial API for one purpose: classifying the activity and drafting the entry. Under Anthropic’s Commercial Terms of Service, this data is not used to train AI models and is retained by Anthropic only briefly for abuse monitoring, with zero-retention arrangements available. We never use firm data to train models of our own, either.
Who else touches the data (subprocessors)
- Render (cloud hosting, US) — runs the application and the encrypted database.
- Anthropic (AI classification, US) — transient processing described above.
- An email delivery provider, once configured, for transactional email (password resets, weekly digests).
Each is bound by a data-processing agreement. We will update this list before adding any subprocessor.
Retention & deletion
Billing records persist while the firm’s account is active — they are the firm’s work product. Disconnecting a provider deletes its stored credential immediately. Deleting a user deletes their personal rows in one transaction. When a firm offboards, we export everything the firm wants (open formats) and then delete the firm’s entire tenant; database backups age out of the platform’s rolling window within days. Details on the Security page.
Security
TLS everywhere, application-layer AES-256-GCM encryption for stored OAuth credentials, bcrypt password hashing, per-firm isolation enforced on every endpoint, rate-limited authentication, and an independent CASA Tier 2 assessment as part of Google’s verification program. Full detail on the Security page.
Your rights
Depending on your jurisdiction you may have rights to access, correct, export, or delete personal data. Firm data requests go through the firm (the data controller for its client records); we act on the firm’s instructions as processor. Website and lead data requests come straight to us. Either way: [SUPPORT_EMAIL].
Changes & contact
We’ll post changes here with a new effective date, and notify firms of material changes. Questions: [SUPPORT_EMAIL].