Privacy Policy

Effective [EFFECTIVE_DATE] · Reeve is operated by [ENTITY]

This policy explains what we collect, what we deliberately do not collect, and the choices you have. It covers both this website and the Reeve application used by law firms (“the Service”).

The short version. We help law firms turn their own work activity into draft time entries. To do that we read work data transiently, store only structured billing metadata, train no AI models on your data, show no ads, and sell nothing about you to anyone. When a firm leaves, we hand over its data and delete our copy.

What we collect

Website visitors. If you request a demo we collect what you type into the form: name, firm, email, firm size, current practice software, and your message. We use it to respond to you. This site sets no advertising or cross-site tracking cookies.

Firm accounts. Name, work email, role, hashed password (bcrypt), and optional two-factor secrets for each user a firm creates.

Firm records. Client and matter names, billing rates, and contact email addresses synced from the firm’s practice-management system — used to match work to matters.

Generated billing records. The Service’s output: draft time entries (date, matter, activity type, duration, a generated description, rate, status) plus review history and an audit log of actions taken.

Source pointers, not content. Each entry stores a reference (for example a Gmail message ID) to the item that produced it. The item itself stays where it always was — in the firm’s own systems.

What we process but do not store

To classify an activity, the Service reads the content of an email, a calendar event, or a document’s file name in memory, transiently — seconds, not minutes. Content is never written to our database, logs, files, or error reports, and an automated scanner verifies this continuously. Document contents are never read at all: on Google Drive the permission we request makes that impossible; on OneDrive it is enforced in our code (see our Security page).

Google user data (Google API Services User Data Policy)

Reeve’s use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:

Microsoft data

Outlook mail, calendar, and OneDrive metadata connected through Microsoft 365 receive identical handling to the Google data described above: read-only access, transient processing, no stored content, instant revocation.

AI processing

Message text is sent to Anthropic’s commercial API for one purpose: classifying the activity and drafting the entry. Under Anthropic’s Commercial Terms of Service, this data is not used to train AI models and is retained by Anthropic only briefly for abuse monitoring, with zero-retention arrangements available. We never use firm data to train models of our own, either.

Who else touches the data (subprocessors)

Each is bound by a data-processing agreement. We will update this list before adding any subprocessor.

Retention & deletion

Billing records persist while the firm’s account is active — they are the firm’s work product. Disconnecting a provider deletes its stored credential immediately. Deleting a user deletes their personal rows in one transaction. When a firm offboards, we export everything the firm wants (open formats) and then delete the firm’s entire tenant; database backups age out of the platform’s rolling window within days. Details on the Security page.

Security

TLS everywhere, application-layer AES-256-GCM encryption for stored OAuth credentials, bcrypt password hashing, per-firm isolation enforced on every endpoint, rate-limited authentication, and an independent CASA Tier 2 assessment as part of Google’s verification program. Full detail on the Security page.

Your rights

Depending on your jurisdiction you may have rights to access, correct, export, or delete personal data. Firm data requests go through the firm (the data controller for its client records); we act on the firm’s instructions as processor. Website and lead data requests come straight to us. Either way: [SUPPORT_EMAIL].

Changes & contact

We’ll post changes here with a new effective date, and notify firms of material changes. Questions: [SUPPORT_EMAIL].