Introduction LawFocusPro (“Law Focus Pro Inc.,” “we,” “our,” “us”) is a Canadian subscription-based platform that gives entrepreneurs and small-business owners a digital workspace for on-demand legal guidance, document automation, and compliance tracking. This Privacy Policy describes how we handle personal information when account holders, their employees, outside counsel, or visitors access lawfocuspro.com or any associated mobile application.
Privacy Policy We operate under the Personal Information Protection and Electronic Documents Act (PIPEDA) and substantially similar provincial statutes.
• Information we collect
(a) Profile data — legal name, trade name, business number, mailing address, telephone, preferred language, time-zone.
(b) Credentials — work email, hashed password, WebAuthn or TOTP secret, sign-in IP logs, session tokens.
(c) Matter content — contracts, cap-table snapshots, shareholder resolutions, correspondence drafts, uploaded evidence, e-signatures, version history.
(d) Regulatory artifacts — KYC records, beneficial-ownership registers, export-control declarations, corporate minute-book extracts.
(e) Billing information — tokenised card reference, last four digits, billing postal code, GST/HST allocation, invoice status.
(f) Support media — chat transcripts, screen-share recordings, voicemail files. (g) Telemetry — browser build, device type, crash traces, feature click-paths.
• Purposes
– verify identity and satisfy anti-money-laundering rules;
– populate document templates and manage revision workflows;
– route questions to licensed lawyers through the advice portal;
– calculate subscription fees and issue tax-compliant invoices;
– send update digests, statutory-filing reminders, and security alerts;
– perform aggregated, de-identified analytics that improve drafting-clause libraries and risk-flagging models; – detect fraud or abusive conduct.
• Retention Corporate minute-book material and advice logs are stored for ten years after account closure to meet provincial law-society archiving rules. Payment and tax records persist for seven years. Encrypted backups roll on a 35-day cycle.
• Access & correction
Authorised administrators can review or amend stored data in Settings → Data Console or by emailing privacy@lawfocuspro.com.
• Consent Express consent is obtained at sign-up and whenever you connect a third-party storage, banking, or identity-verification service. Implied consent covers security logs necessary to maintain service integrity. Withdrawal requests are honoured unless overriding legal obligations apply; we will outline any resulting loss of functionality before completion.
• Accountability A designated Privacy Officer conducts yearly compliance audits, oversees staff training, and responds to written inquiries within 30 days.
GDPR
Although LawFocusPro focuses on Canadian businesses, some users or counterparties may reside in the European Economic Area (EEA). Where the EU General Data Protection Regulation (GDPR) applies, we act as:
• Controller for account profiles, billing data, and platform telemetry;
• Processor for documents, correspondence, and matter files uploaded at your discretion.
Processing bases include contract necessity (Art. 6 (1)(b)), legitimate interest in safeguarding privileged material (Art. 6 (1)(f)), and legal obligation (Art. 6 (1)(c)). EEA residents may exercise rights to access, rectify, erase, restrict, port, or object by contacting dpo@lawfocuspro.com and may lodge complaints with their local supervisory authority.
Cookie Policy
4.1 Types of cookies
• Essential — session tokens, CSRF guards, load-balancer cookies that maintain secure authentication and document-signing flows.
• Preference — remembers interface language, dark-mode toggle, and recent-matter filters.
• Analytics — first-party Matomo cookies employing IP-address truncation to measure feature adoption and latency. • Outreach — optional cookies that surface new template packs or partner insurance discounts; never used for third-party ad networks.
4.2 How to disable cookies Modern browsers allow you to block or delete cookies. Essential cookies are required for console access; disabling them will prevent login. Preference and analytics cookies may be declined via our consent banner or by enabling “Do Not Track.” Outreach cookies load only after explicit opt-in and can be revoked at any time under Account → Privacy.
Transfer to Third Parties
We do not sell personal information. Limited disclosures are made only to:
• Canadian cloud hosts providing encrypted storage in Toronto and Montréal;
• PCI-DSS Level 1 payment processors;
• Independent legal practitioners retained for conflict-screening or quality review (access confined to assigned files);
• Regulators, courts, or law-society investigators when legally compelled;
• Law-enforcement agencies where disclosure is necessary to investigate fraud or protect public safety. All vendors sign Data-Processing Agreements that mandate safeguards equivalent to PIPEDA and, where applicable, EU Standard Contractual Clauses.
Data-Security Measures
• AES-256-GCM encryption at rest with tenant-scoped keys safeguarded in FIPS 140-2 Level 3 hardware security modules.
• TLS 1.3 with Perfect Forward Secrecy for all data in transit.
• Zero-trust segmentation isolating each client workspace and matter vault.
• Role-based access control enforced by hardware-backed multi-factor authentication.
• Hourly incremental and nightly full backups replicated cross-region with a 15-minute Recovery Point Objective.
• Continuous code-dependency scanning, quarterly penetration tests, and annual SOC 2 Type II audit. • Incident-response protocol that notifies affected users within 72 hours of a confirmed breach and provides ongoing remediation updates.
Effective Date This Privacy Policy takes effect on 18 June 2025 and replaces all previous versions. Material amendments will be announced by email and in-app banner at least 30 days before they become enforceable.