Privacy Policy for Scribe

1. Introduction

Tyr AI, Inc. ("we," "our," or "us") operates the Scribe Microsoft Word add-in (the "Service"). This Privacy Policy explains how we collect, use, disclose, and protect your information when you use Scribe.

Contact Information:
Tyr AI, Inc.
Email: privacy@tyr.ai
Support: support@tyr.ai
Website: https://get-tyr.ai

2. Information We Collect

2.1 Account Information

When you create an account or authenticate, we collect:

• Name: Your full name
• Email Address: For account identification and communication
• Organization Affiliation: Your company or organization name (if provided)
• Authentication Data: Authentication tokens managed by Auth0

2.2 Document Data

When you use Scribe to analyze documents, we collect:

• Document Content: Text from paragraphs you analyze for citations
• Citation Text: Legal citations extracted from your documents
• Citation Metadata: Information about detected citations (case names, citation strings, court information)
• Document Version History: Changes to documents tracked at the paragraph level
• Document IDs: Unique identifiers for tracking documents

2.3 Usage Information

We automatically collect:

• Add-in Interactions: Features you use, buttons clicked, pages viewed
• Performance Data: Load times, response times, error rates
• Error Logs: Technical information about errors or crashes
• Session Information: Duration of use, frequency of access
• Device Information: Browser type, Office version, operating system

2.4 Third-Party Service Data

We integrate with external services that may collect additional information:

• Auth0: Authentication and identity management
• FreeLaw API: Legal citation data retrieval
• Google Cloud Platform: Infrastructure and data storage

3. How We Use Your Information

3.1 Service Provision (Legal Basis: Contract Performance)

• Provide legal citation analysis and validation
• Track document versions and changes
• Authenticate your identity
• Deliver requested features and functionality

3.2 Service Improvement (Legal Basis: Legitimate Interest)

• Improve citation detection algorithms
• Enhance AI analysis accuracy
• Optimize add-in performance
• Develop new features
• Conduct research and analytics

3.3 Communication (Legal Basis: Contract Performance & Consent)

• Respond to support requests
• Send service updates and notifications
• Provide technical assistance
• Notify you of important changes

3.4 Legal Compliance (Legal Basis: Legal Obligation)

• Comply with applicable laws and regulations
• Respond to legal requests
• Enforce our terms of service
• Protect our rights and property

4. Data Sharing and Third Parties

4.1 Service Providers

4.2 Minerva AI Service

We use our internal Minerva AI service for citation analysis. Minerva processes document paragraphs, citation text, and AI-powered relevance analysis. Minerva is operated by Tyr AI and adheres to the same privacy standards as this Policy.

4.3 We Do Not Sell Your Data

We do not sell, rent, or trade your personal information to third parties for marketing purposes.

5. Data Retention

5.1 Active Data

• Account Data: Retained while your account is active
• Document Data: Retained while you use the Service and for 30 days after document deletion
• Usage Logs: Retained for 90 days for diagnostics and improvement

5.2 Deleted Data

• User-Deleted Documents: Removed from active systems within 30 days
• Closed Accounts: Data deleted within 90 days of account closure
• Backup Systems: May retain data in backups for up to 180 days

5.3 Legal Retention

Some data may be retained longer if required by law or for legitimate legal purposes (e.g., pending litigation).

6. Your Rights Under GDPR

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have the following rights:

• Right of Access: Request a copy of all personal data we hold about you
• Right to Rectification: Request correction of inaccurate or incomplete personal data
• Right to Erasure: Request deletion of your personal data ("right to be forgotten")
• Right to Data Portability: Receive your personal data in a structured, machine-readable format
• Right to Object: Object to processing of your personal data based on legitimate interests
• Right to Restrict Processing: Request restriction of processing under certain circumstances
• Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent

How to Exercise Your Rights

To exercise any of these rights, contact us at:

• Email: privacy@tyr.ai
• Response Time: We will respond within 30 days (may be extended to 60 days for complex requests)

To verify your identity, we may request additional information before fulfilling your request.

7. International Data Transfers

7.1 Data Processing Location

Your data is processed and stored in the United States.

7.2 EEA Data Transfers

If you are located in the EEA, UK, or Switzerland, your data transfer to the United States is protected by:

• Standard Contractual Clauses approved by the European Commission
• Adequate safeguards as required by GDPR Article 46

7.3 Data Protection Measures

We implement appropriate technical and organizational measures to ensure data protection regardless of location.

8. Data Security

We protect your data using industry-standard security measures:

8.1 Encryption

• In Transit: All data transmitted using TLS 1.2 or higher encryption
• At Rest: Data stored using AES-256 encryption or equivalent

8.2 Access Controls

• Multi-factor authentication for administrative access
• Role-based access controls
• Regular access reviews and audits

8.3 Security Practices

• Regular security assessments and penetration testing
• Vulnerability scanning and patch management
• Employee security training
• Incident response procedures

8.4 Data Breach Notification

In the event of a data breach affecting your personal information, we will notify you and relevant authorities within 72 hours as required by GDPR.

9. Cookies and Tracking

9.1 Cookies We Use

Necessary Cookies (Always Active):

• Authentication cookies: Maintain your logged-in session
• Security cookies: Prevent fraud and ensure secure connections

Analytics Cookies (With Consent):

• Usage analytics: Understand how you use the Service
• Performance monitoring: Track load times and errors

9.2 Managing Cookies

You can control cookies through your browser settings. Note that disabling necessary cookies may prevent the Service from functioning properly.

10. Children's Privacy

Scribe is not intended for users under the age of 18. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us at privacy@tyr.ai, and we will delete it.

11. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

• Right to Know: Request disclosure of personal information collected and how it's used
• Right to Delete: Request deletion of personal information, subject to certain exceptions
• Right to Opt-Out of Sale: We do not sell personal information
• Right to Non-Discrimination: Not receive discriminatory treatment for exercising your CCPA rights

To exercise your California privacy rights, contact us at privacy@tyr.ai.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements.

12.1 Notification of Changes

We will notify you of material changes by:

• Updating the "Last Updated" date at the top of this Policy
• Sending an email to your registered email address
• Displaying a prominent notice in the add-in

12.2 Continued Use

Your continued use of the Service after changes indicates acceptance of the updated Privacy Policy.

13. Contact Us

For questions, concerns, or requests regarding this Privacy Policy: