ChambersChambersby AskLexSign in

Privacy Policy

Last updated: 17 May 2026

Chambers is an AI-assisted legal workspace operated by AskLex ("we", "us", "our"). This policy explains what personal data we collect when you use app.asklex.law, how we use it, and the choices you have.

1. What we collect

  • Account data — name, work email, password hash, organization, role, time zone, optional avatar URL.
  • Authentication data — session tokens (HttpOnly cookies), trusted-device cookies (30-day), MFA secrets, OAuth identity from Google when you choose "Continue with Gmail".
  • Usage events — pages you visit, features you use, request counts, token counts, and storage usage. Used to enforce plan caps and produce billing.
  • Audit trail — every action you take that modifies data (invites, role changes, billing changes, deletions) is recorded with actor, target, timestamp, IP, and user agent.
  • Customer documents — files you upload (contracts, judgments, briefs) are stored encrypted-at-rest and processed by our AI models only on your request.
  • Email + payment — billing email, payment method (handled by our payment processor; we never see your full card number).

2. Google sign-in

When you choose Continue with Gmail, Google shares your email, name, and profile picture URL with Chambers (scopes: openid email profile). We use this only to create or match your Chambers account. We do not read your Gmail mailbox, Drive files, calendar, or any other Google data.

You can revoke Chambers' access at any time at myaccount.google.com/permissions.

3. How we use your data

  • To provide and improve the Chambers product.
  • To authenticate you and protect your account.
  • To enforce plan caps and bill correctly.
  • To meet our legal and compliance obligations.
  • To respond to your support requests.

We do not train AI models on your documents without your explicit, per-workspace opt-in. Your customer documents are processed in stateless inference calls and are not retained by our model providers under our data-processing agreements.

4. Where your data lives

We host on Cloudflare's edge network. Customer data is stored in Cloudflare D1 (Sydney/Singapore region) for authentication metadata and in TigerData Cloud (Singapore region) for application data and documents. Encrypted at rest, encrypted in transit.

5. Sub-processors

  • Cloudflare, Inc. — hosting, CDN, edge compute, AI Gateway
  • TigerData / Timescale, Inc. — Postgres database
  • Anthropic, PBC — large-language model (Claude)
  • Resend — transactional email delivery
  • Google LLC — Sign-in with Google (if you choose to use it)
  • Stripe, Inc. — payment processing

6. Retention

  • Account + audit data: kept while your account is active + 7 years after closure (legal-industry standard).
  • Session tokens: 7 days (refreshable to 30 days with "Keep me signed in").
  • Trusted-device cookies: 30 days.
  • Documents: kept while your workspace is active; deleted within 30 days of workspace closure.

7. Your rights

You can:

  • Access, export, or delete your personal data at any time from your profile page.
  • Revoke active sessions from Security settings.
  • Close your account and request full deletion by emailing support@asklex.law.
  • If you're in the EU/UK, file a complaint with your local data-protection authority.

8. Children

Chambers is not intended for anyone under 16. We do not knowingly collect data from children.

9. Changes

We'll email you at least 30 days before any material change to this policy.

10. Contact

Questions, requests, or complaints: support@asklex.law.
Data Protection Officer: dpo@asklex.law.