This Data Processing Policy describes how OmniLegislation™ (“we,” “us,” or “our”) collects, processes, stores, and manages data in connection with the OmniLegislation™ platform at omnilegislation.com (the “Service”). This policy should be read alongside our Privacy Policy, Terms of Service, and Cookie Policy.
1. Scope
This policy covers two categories of data:
- Platform Data: Publicly available legal information — including legislation, court filings, appellate opinions, and judicial records — that OmniLegislation™ aggregates, processes, and delivers to subscribers.
- Subscriber Data: Personal and account information provided by subscribers, including account details, alert configurations, search activity, and billing information.
2. Platform Data: How We Collect and Process Legal Information
Data Sources
OmniLegislation™ collects legal data from multiple publicly available sources, including government legislative databases, state and federal court systems, appellate court records, and other public legal repositories. We use a proprietary monitoring engine that continuously aggregates data from these sources across all 50 US states and Congress.
All legal data collected by OmniLegislation™ is derived from public records. We do not collect private, sealed, or restricted court records.
Processing
After collection, all legal data undergoes automated processing, which includes:
- Deduplication: Records from multiple sources covering the same legal event are identified and merged into a single canonical record to prevent duplicate alerts.
- Keyword Extraction: Relevant keywords and topics are extracted from each record for matching against subscriber Practice Area Monitors.
- Summarization: Each record is processed by artificial intelligence to generate a concise summary of the legal development, including what changed and its potential significance.
- Prioritization: Records are classified by priority level. Items such as newly signed laws, appellate precedent, or bills reaching a floor vote are flagged as urgent.
- Confidence Scoring: Each processed record is assigned a confidence level based on the quality and consistency of the underlying source data.
Storage
Processed legal data is stored in a secure database hosted by Supabase (PostgreSQL). Data is retained indefinitely to support subscriber search history, JudgeIQ™, and bill tracking features. Raw source data is retained for quality assurance and deduplication purposes.
Delivery
Processed data is delivered to subscribers exclusively via email alerts. There is no API access or webhook delivery. Alert content is matched to each subscriber's Practice Area Monitors, state filters, and record type preferences.
3. Subscriber Data: How We Handle Your Information
What We Collect
We collect the following subscriber data:
- Account Information: Name, email address, company name, and subscription tier.
- Billing Information: Payment details are processed and stored securely by Stripe. OmniLegislation™ does not store credit card numbers or full payment credentials on our systems.
- Practice Area Monitor configurations: Keywords, state filters, record type filters, and alert frequency preferences.
- Search Activity: Search queries, filters applied, results viewed, and export activity within the platform.
- Usage Data: Login history, pages visited, features used, and session duration.
How We Process Subscriber Data
Subscriber data is processed for the following purposes:
- Service Delivery: Matching new legal records against your Practice Area Monitors and delivering email alerts.
- Billing: Processing subscription payments and managing plan changes through Stripe.
- Platform Improvement: Analyzing aggregate usage patterns to improve search, alert matching, and overall platform performance.
- Security and Anti-Abuse: Monitoring for suspicious activity, enforcing rate limits, detecting unauthorized scraping, and protecting the integrity of the Service.
- Customer Support: Responding to inquiries and resolving account issues.
How We Store Subscriber Data
Subscriber data is stored in a secure database hosted by Supabase with the following protections:
- Encrypted data transmission (TLS/SSL) between your browser and our servers
- Database access restricted to authorized systems and personnel
- Payment data handled entirely by Stripe (PCI-DSS compliant) and never stored on our servers
- Regular monitoring of access logs and system activity
How Long We Keep Subscriber Data
- Active Accounts: Subscriber data is retained for as long as your account is active and your subscription is in good standing.
- Cancelled Accounts: After cancellation, account information is retained for 90 days to allow for reactivation. After 90 days, personal information is scheduled for deletion unless retention is required by law or for legitimate business purposes (such as resolving billing disputes).
- Search and Usage Logs: Retained for up to 12 months for analytics and anti-abuse purposes, then purged.
- Billing Records: Retained for 7 years in accordance with standard accounting and tax requirements.
4. AI Processing
OmniLegislation™ uses artificial intelligence to process legal data. Specifically:
- Deduplication and filtering of raw legal records is performed using AI to identify duplicate entries from multiple sources and assess relevance.
- Summarization of legal developments is generated by AI to provide concise descriptions of legislation, court decisions, and appellate opinions.
- Alert matching uses AI to ensure that subscriber Practice Area Monitors are matched accurately against incoming legal records.
AI processing is applied exclusively to publicly available legal data. Subscriber personal information is not used to train AI models. AI-generated summaries are provided for informational purposes only and do not constitute legal advice.
5. Data Sharing and Third-Party Processors
We use the following third-party service providers to operate the Service. Each provider receives only the minimum data necessary to perform its function:
| Provider | Purpose | Data Shared |
|---|---|---|
| Stripe | Payment processing | Billing name, email, payment method |
| SendGrid | Email alert delivery | Subscriber email address, alert content |
| Supabase | Database hosting | All platform and subscriber data (encrypted) |
| Digital Ocean | Server infrastructure | All platform data (encrypted in transit and at rest) |
| Google Analytics | Website traffic and usage analytics | Usage data, IP address, browser info (see Cookie Policy) |
| Hotjar | Session replay and user experience analysis | Usage data, click patterns, scroll behavior (see Cookie Policy) |
| Google Ads | Advertising and conversion tracking | Website visit data, device identifiers (see Cookie Policy) |
| Meta (Facebook) Pixel | Advertising and retargeting | Website visit data, device identifiers (see Cookie Policy) |
We do not sell, rent, or trade subscriber data to third parties.
We may disclose data if required by law, regulation, legal process, or governmental request, or to protect the rights, property, or safety of OmniLegislation™, our subscribers, or the public.
6. Data Exports and Watermarking
Subscribers on eligible plans may export data from the platform in CSV format, subject to the export limits of their subscription tier.
All exported files contain embedded watermarks, including the subscriber's account identifier and the date and time of export. This watermarking is used to identify the source of any unauthorized redistribution of data. Removing or altering watermarks is a violation of our Terms of Service.
CSV export is available to subscribers under the membership plan, subject to reasonable use limits and abuse-prevention measures described in our Terms of Service.
7. Data Security
We implement reasonable administrative, technical, and physical safeguards to protect data, including:
- TLS/SSL encryption for all data in transit
- Encrypted database storage with restricted access
- Payment processing through Stripe (PCI-DSS Level 1 compliant)
- Rate limiting and anti-scraping protections on the subscriber portal
- CAPTCHA enforcement for high-volume export activity
- IP and session monitoring for suspicious access patterns
- Regular review of access logs and security configurations
While we take data security seriously, no system is completely immune to risk. We cannot guarantee absolute security of your data.
8. Cross-Border Data Transfers
OmniLegislation™ is based in the United States. All data is collected, processed, and stored within the United States. If you access the Service from outside the United States, you acknowledge that your data will be transferred to and processed in the United States, where data protection laws may differ from those in your jurisdiction.
9. Your Rights
Depending on your jurisdiction, you may have the right to:
- Access the personal data we hold about you
- Correct inaccurate or incomplete data
- Delete your personal data, subject to legal and contractual retention requirements
- Export your personal data in a commonly used format
- Object to certain types of processing, such as marketing-related tracking
To exercise any of these rights, contact us at hello@omnilegislation.com. We will respond within 30 days.
For California residents, additional rights under the CCPA are described in our Privacy Policy.
10. Changes to This Policy
We may update this Data Processing Policy from time to time to reflect changes in our practices, technologies, or legal requirements. When we make changes, we will revise the “Last Updated” date at the top of this page. Material changes will be communicated via email or a notice on our website.
Your continued use of the Service after changes are posted constitutes acceptance of the updated policy.
11. Contact Us
If you have questions about this Data Processing Policy or how we handle your data, contact us at: