Draft — Pending Attorney Review. This is a production-ready draft. Final language will be confirmed by qualified legal counsel before Asolo's general availability launch. This document does not constitute legal advice.
← Asolo

Privacy Policy

Effective Date: [Pending attorney review — to be set before general availability]

1. Who We Are

Asolo is operated by Grantley Holdings LLC d/b/a Asolo (“Asolo,” “we,” “us,” “our”). We provide an AI-assisted practice management platform designed for licensed estate-planning attorneys in the United States. This Privacy Policy describes how we collect, use, and protect information in connection with the Asolo platform (asolo.ai).

Questions about this policy: legal@asolo.ai

2. Information We Collect

Account and Billing Information

When you create an account, we collect your name, email address, firm name, and subscription tier. Payment information (card type, last four digits, expiry) is transmitted directly to Stripe and is not stored on Asolo servers.

Usage and Log Data

We collect information about how you use the platform: pages visited, features accessed, API call timestamps, error events captured by Sentry, and uptime data monitored by BetterStack. This data is used to operate, improve, and secure the platform.

Client and Matter Data

When you connect integrations or enter information manually, Asolo processes data about your clients and matters: client names and contact information, matter names and descriptions, and document file names and metadata. This data is yours — Asolo processes it as your data processor, acting solely on your instructions.

Communications Metadata

From connected integrations (Google Workspace, Microsoft 365, Clio, and others), Asolo ingests metadata only — never full message bodies, file contents, or attachments. Specifically:

  • Email: from address, to/cc addresses, subject, date, and a preview snippet of up to 500 characters.
  • Calendar: event title, description preview (≤500 characters), start/end times, attendees, and conference URL.
  • Documents: file name, MIME type, size, and modification date. No file content is downloaded or stored.
  • Chat (Microsoft Teams): chat message previews up to 500 characters, HTML-stripped.

AI Interaction Content

Prompts you submit to the Asolo AI assistant, system context injected from your practice data (memory records), and AI-generated responses are processed through Anthropic's Claude API. See Section 6 for how Anthropic handles this data.

Support Chat

Messages sent via the Crisp support widget in the authenticated app are processed by Crisp (EU) under their data processing terms. See our sub-processor list at asolo.ai/sub-processors.

3. How We Use Information

We use the information described above to:

  • Provide, operate, and improve the Asolo platform.
  • Authenticate you and manage your subscription via Stripe.
  • Generate AI-assisted briefings, practice insights, and document context under your supervision.
  • Send transactional communications (account alerts, billing receipts, briefing delivery) via Resend.
  • Monitor platform performance, diagnose errors, and maintain security.
  • Comply with legal obligations.

We do not sell your personal information. We do not use client or matter data for any purpose other than providing the Asolo service to you.

4. Client and Matter Data

You are the data controller for any personal data belonging to your clients and matters. Asolo processes this data solely as your data processor, on your documented instructions. Our processing is limited to: storing metadata you ingest via integrations; generating AI-assisted outputs you request; and surfacing relevant context during Asolo chat and briefing sessions.

Asolo employees do not access your client or matter data except to resolve a support issue you have reported and with your explicit authorization.

5. Attorney-Client Privilege and Legal Confidentiality

Asolo is designed to support attorneys' obligations under ABA Model Rules 1.1 (Competence), 1.6 (Confidentiality), and 5.3 (Supervision), and the guidance in ABA Formal Opinion 512 (July 2024, Generative AI). Attorneys remain solely responsible for compliance with these rules and any applicable state bar guidance.

ABA Model Rule 1.6 — Confidentiality

Rule 1.6 requires attorneys to make reasonable efforts to prevent inadvertent disclosure of client information, including when using cloud-based services. Asolo implements the following safeguards:

  • Encryption at rest using AES-256 (Supabase).
  • Encryption in transit using TLS 1.3.
  • OAuth tokens and API keys encrypted in Supabase Vault — not stored in plaintext.
  • Scope-minimized OAuth (read-only scopes wherever applicable).
  • Row-level security in the database — attorneys can access only their own firm's data.
  • Sub-processor Data Processing Agreements — all sub-processors are contractually bound to data protection obligations.
  • Zero data retention by default with Anthropic — prompts are not used to train AI models.

ABA Model Rule 5.3 — Supervision

Rule 5.3 requires attorneys to supervise non-lawyer assistants, including AI tools. Asolo enforces attorney review of all AI-generated outputs before they reach clients. Asolo does not send communications to clients or file documents on behalf of attorneys without explicit attorney action.

ABA Formal Opinion 512 (July 2024) — Generative AI

ABA FO 512 addresses attorney obligations when using generative AI, including competence, confidentiality, communication with clients about AI use, supervision of AI outputs, and fee considerations. Asolo's architecture is designed to support compliance: attorney supervision is required for every output; confidentiality is protected through technical and contractual safeguards; source citations accompany AI outputs to support attorney verification. Attorneys are responsible for understanding ABA FO 512 and any applicable state bar guidance, and for satisfying disclosure obligations to clients.

Privilege Analysis

Attorneys are solely responsible for determining which client communications and documents to connect to Asolo and for assessing any privilege implications of doing so. Asolo does not provide legal analysis of privilege issues.

6. AI Processing and Anthropic

Asolo uses Anthropic's Claude AI models via the Anthropic API. When you interact with the Asolo chat assistant or request briefings, your prompts and the context injected from your practice memory are transmitted to Anthropic for inference.

Under Asolo's Data Processing Agreement with Anthropic, and Anthropic's API usage policies:

  • Anthropic does not use API inputs or outputs to train its models by default.
  • No data retention by Anthropic beyond the duration of the API call.
  • Anthropic processes data in the United States.

Asolo content sent to Anthropic includes your prompt and relevant memory context. It does not include raw integration data (emails, files) beyond short metadata previews ingested into memory records.

7. Third-Party Integrations

When you connect an integration (Google Workspace, Microsoft 365, Clio, MyCase, PracticePanther, Smokeball, DocuSign, Dropbox, NetDocuments, Zoom), you authorize Asolo to access the data described in each integration's OAuth authorization screen. Asolo stores only metadata — not file content, not full email bodies, not document content.

OAuth tokens are encrypted in Supabase Vault. You may disconnect any integration at any time from the Integrations settings page; Asolo will stop syncing from that provider and, on request, delete the associated data.

8. Sub-Processors

Asolo uses the sub-processors listed at asolo.ai/sub-processors. We provide at least 30 days' advance notice before adding a new sub-processor that processes personal data.

A Data Processing Addendum governing sub-processor obligations is available to Firm tier customers. Contact legal@asolo.ai to request an executed DPA.

9. Cookies and Analytics

Strictly Necessary

Session cookies (authentication) and preference cookies. These are required for the platform to function and are not subject to consent.

Analytics

PostHog is used for product analytics on the authenticated app and marketing site. IP addresses are anonymized. No client or matter data is sent to PostHog.

Advertising and Conversion Tracking

Google Ads and LinkedIn Insight Tag scripts load on the marketing site only when user consent is obtained via the cookie consent banner and when the respective API keys are configured. These scripts are not loaded in the authenticated app.

10. Data Retention and Deletion

We retain your account data for the duration of your subscription plus 30 days following termination, after which it is purged. You may export your data in machine-readable format at any time from your account settings. Backups follow a 30-day rolling deletion window.

Client and matter data you have ingested from integrations is deleted with your account data. You may request immediate deletion by contacting legal@asolo.ai.

11. Security

Asolo implements: AES-256 encryption at rest; TLS 1.3 in transit; OAuth tokens encrypted in Supabase Vault; scope-minimized OAuth; row-level security in the database; access controls restricting employee access to production data; and application error monitoring via Sentry. A SOC 2 Type 1 audit is in progress (target completion Q3 2026).

No security measure is 100% effective. You are responsible for safeguarding your account credentials and promptly notifying us of any suspected unauthorized access at legal@asolo.ai.

12. Your Rights

GDPR (EEA and UK)

You have the right of access, rectification, erasure, restriction of processing, data portability, and the right to object. You also have the right to lodge a complaint with your supervisory authority.

CCPA (California)

California residents have the right to know what personal information is collected, the right to delete personal information, and the right to opt out of sale (Asolo does not sell personal information).

To exercise your rights, contact legal@asolo.ai. We will respond within 30 days (GDPR) or 45 days (CCPA). We may need to verify your identity before processing a request.

13. Contact

Grantley Holdings LLC d/b/a Asolo
Email: legal@asolo.ai
Website: asolo.ai

For Data Processing Addendum requests (Firm tier): legal@asolo.ai

14. Changes to This Policy

We will post changes to this policy at asolo.ai/privacy and notify you by email at least 30 days before material changes take effect. Continued use of the Asolo platform after the effective date of updated terms constitutes acceptance of the changes.