Privacy Policy

Effective Date: June 1, 2026 Last Updated: June 12, 2026

LegalAuthority (“LegalAuthority,” “we,” “us,” or “our”) is operated by Digital Horsepower, Inc. d/b/a

LegalAuthority, a Florida company. This Privacy Policy describes how we collect, use, disclose,

and safeguard information when you use our platform, including our case management, AI voice

intake, medical chronology, demand letter generation, CRM, billing, and related services

(collectively, the “Services”).

This Policy applies to law firms and their authorized users (“Customers” or “you”) who

subscribe to the Services, and, where applicable, to claimants, patients, and other individuals

whose information is processed through the Services on behalf of our Customers.

1. Scope and Roles

When our Customers use the Services to manage client and case data, including data that may

constitute Protected Health Information (“PHI”) under HIPAA, we generally act as a Business

Associate (or service provider/processor) on behalf of the Customer, who acts as the Covered

Entity or data controller. Our handling of PHI is governed primarily by the Business Associate

Agreement (“BAA”) executed with each applicable Customer, not solely by this Policy.

For information we collect directly from Customers in connection with account

administration, billing, and platform usage (i.e., not PHI processed on a Customer’s behalf),

we act as the data controller, and this Policy applies directly.

2. Information We Collect

2.1 Information You Provide

  • Account registration information (name, firm name, email, phone, address) Payment

    information (processed via our internal billing platform; we do not store full payment

    card numbers)

  • Case, client, and matter data entered or uploaded by Customers, which may include

    claimant names, contact information, medical records, billing records, and case

    documents

  • Voice recordings and transcripts captured through AI intake calls (via Retell,

    ElevenLabs, and Twilio)

  • Support communications

2.2 Information Collected Automatically

  • Device and usage data (IP address, browser type, pages visited, timestamps)

  • Cookies and similar tracking technologies (see Section 8)

  • Log data generated by platform infrastructure (Cloudflare)

2.3 Information From Third Parties

  • Data obtained via integrations the Customer authorizes (e.g., document storage,

    medical record retrieval services, NPI registry lookups)

3. How We Use Information

We use information to:

  • Provide, operate, and maintain the Services

  • Process AI-driven intake, transcription, and document generation (medical

    chronologies, demand letters, discovery documents)

  • Process payments and manage subscriptions

  • Provide customer support

  • Improve and develop the Services, including AI model performance (subject to

    Section 6 restrictions on PHI)

  • Detect, prevent, and address fraud, security incidents, and technical issues

  • Comply with legal obligations

4. AI Processing Disclosures

The Services use third-party AI and voice infrastructure providers, including but not limited to

Anthropic (Claude), Retell AI, ElevenLabs, and Twilio, to power voice intake, transcription,

and document drafting features.

  • Data submitted to these subprocessors is processed solely to deliver the requested

    functionality (e.g., generating a transcript, drafting a demand letter).

  • Anthropic API/Bedrock/Vertex do not use any customer data to train its models.

  • Appropriate BAAs are maintained with subprocessors that may handle PHI.

5. How We Share Information

We do not sell personal information. We may share information with:

  • Subprocessors and service providers who perform services on our behalf (e.g.,

    Cloudflare for hosting/storage, PaySimple for payments, Retell/ElevenLabs/Twilio for

    voice AI, Anthropic for AI processing), subject to confidentiality and, where applicable,

    BAA obligations

  • Customers’ authorized users, as directed by the Customer who controls the

    underlying case data

  • Legal and regulatory authorities, where required by law, subpoena, or court order

  • Successors, in connection with a merger, acquisition, or asset sale, subject to

    continued confidentiality obligations

A current list of subprocessors is available upon request.

6. Data Retention

  • Customer case data is retained for the duration of the subscription and for a period of 90

    days following termination, after which it is deleted or returned per the Customer’s

    instructions, except as required by law or for legitimate backup purposes.

  • Voice recordings and transcripts are retained for 6 years to align with state bar

    record-retention rules and HIPAA’s 6-year documentation requirement where

    applicable.

7. Data Security

We implement administrative, technical, and physical safeguards designed to protect

information, including:

  • Encryption of data in transit and at rest (Cloudflare R2 storage)

  • Access controls and role-based permissions

  • Audit logging

No system is completely secure. In the event of a breach involving PHI, we will notify

affected Customers in accordance with our BAA and applicable law (see HIPAA Compliance

page, Section on Breach Notification).

8. Cookies and Tracking Technologies

We use cookies and similar technologies for authentication, session management, analytics,

and platform functionality.

9. Your Rights and Choices

Depending on your location and role, you may have rights to access, correct, delete, or export

certain information.

  • Customers (law firms): May access and manage data through platform account

    settings, or by contacting Jay Rathman, Founder & CEO ([email protected]).

  • Individuals whose data is processed on a Customer’s behalf

  • (patients/claimants): Should direct requests regarding their personal data to the law firm

    (Covered Entity) that engaged our Services, as we act as their service

    provider/Business Associate and generally cannot act on such requests independently

    of the Customer’s instruction.

10. Children’s Privacy

The Services are not directed to individuals under 18, except where a minor’s information is

processed as part of a legal case (e.g., a minor claimant) at the direction of a Customer law

firm acting on behalf of the minor’s legal guardian. We do not knowingly collect personal

information directly from children for account registration purposes.

11. International Data Transfers

[INSERT: Confirm whether any data is stored or processed outside the United States —

Cloudflare, Retell, ElevenLabs, Anthropic may have international infrastructure. If so, add

transfer mechanism language.]

12. Changes to This Policy

We may update this Policy from time to time. Material changes will be communicated to

Customers via email at least 30 days before taking effect. Continued use of the Services after

the effective date constitutes acceptance.

13. Contact Us

Digital Horsepower, Inc. d/b/a LegalAuthority

[email protected]

What happens on the call

01
Submit this form
Takes 60 seconds. We create your account and send you a secure upload link immediately.
02
Sign the BAA
We email you a HIPAA Business Associate Agreement to e-sign before any records change hands.
03
Upload the records
Upload your medical records, billing records, and related documents securely.
04
We deliver on a Zoom call
Within 48-72 hours we walk you through the finished chronology and demand letter.

Digital Horsepower, Inc. d/b/a LegalAuthority