Touchpoint Privacy Policy

Last Updated: May 15, 2025

View Terms of Service →

Welcome to Touchpoint, an AI-powered legal operations platform provided by Touchpoint Legal, Inc. ("Touchpoint", "we", "us", or "our"). Touchpoint transforms emails into actionable matter workspaces to streamline matter management and improve productivity and visibility for legal teams.

This Privacy Policy explains how we collect, process, disclose, and protect your personal data when you use our website ("Site"), our Gmail and Outlook email extensions ("Apps"), and all related services provided by Touchpoint (collectively, the "Service"), and outlines your choices concerning our data practices.

"You" or "your" refers to the individual whose personal data we process through the Service.

1. Personal Data We Collect

Data You Provide to Us

  • Registration and Contact Information: Your name, email address, phone number, and company affiliation when you register, communicate with us, or request support.
  • Payment Information: When purchasing our service, payment information is processed securely by our third-party payment provider (e.g., Stripe). We do not store your full payment card information.
  • Email Contents and Attachments: When you integrate our Service with your Gmail or Outlook account, we collect the contents of inbound emails, including email bodies, attachments, and metadata such as sender, recipient, subject line, and timestamp.
  • Feedback and Corrections: Any manual edits, corrections, or feedback you provide on the AI-generated outputs within the Service.

Data Collected Automatically

  • Extracted Task Data: Descriptions, deadlines, dependencies, and related data points automatically generated by our AI from your emails.
  • Usage and Analytics: Information such as timestamps of processing jobs, logs related to performance, service usage metrics, and system monitoring data.

Data from Third Parties

  • Third-Party Authentication: Encrypted authentication tokens from Google and Microsoft when you connect your accounts to Touchpoint.
  • Publicly Available Information: Occasionally, publicly available information related to professional contacts may be collected for providing enhanced Service features.

2. How We Use Personal Data

  • AI Processing: Parsing your emails into tasks, extracting relevant deadlines, dependencies, and generating task descriptions.
  • Knowledge Base: Storing and indexing emails, tasks, and related data for retrieval and ongoing matter management.
  • Product Improvement: Using anonymized feedback and usage data to refine and enhance our AI models, algorithms, and product features.
  • Communications and Notifications: Sending you updates on processing status, task reminders, Service updates, security alerts, and account notifications.

3. How We Share Your Data

  • Service Providers: We share data with essential technology partners to deliver our Service, including:
    • AWS (SES, Lambda, S3, Bedrock)
    • Supabase (Postgres, pgvector)
    • Amazon Textract
    • Third-party AI services (OpenAI, Anthropic, etc.)
  • Legal Obligations: We may disclose your information in response to lawful requests by regulatory agencies, law enforcement, or pursuant to court orders.
  • No Resale Commitment: We will never sell, rent, or lease your personal data to third parties.

Use of Third-Party AI Services

  • Touchpoint uses third-party AI vendors, such as OpenAI and Anthropic, to power certain features like task extraction, summarization, and data organization.
  • These vendors receive only the minimum necessary data to provide their services securely and under contract. We do not allow our AI partners to use Touchpoint customer data to train their models. Your data is processed solely for delivering the specific functionality within the platform.

Marketing and Advertising Practices

  • Touchpoint does not engage in interest-based advertising or use your personal data for targeted advertising across third-party platforms.
  • However, we may send you direct marketing emails about Touchpoint features, product updates, or legal tech news if you opt in. You can unsubscribe at any time using the link in those emails or by adjusting your communication preferences in your account settings.
  • We may use aggregated, de-identified usage data (e.g., feature adoption rates) to improve our marketing and product development. We do not sell or share personal information for advertising purposes.

4. Data Retention and Deletion

  • Retention Period: We retain emails, extracted task data, and related information for as long as your account remains active and for up to 2 years following account deletion, or as required by applicable law. You may request a longer data retention period with advanced notice to team@touchpoint.legal.
  • Backup and Archival: Backup data is securely stored and retained separately for up to 6 months following account deletion.
  • Your Data Rights: You may request data export, correction, or deletion of your personal data consistent with GDPR, CCPA, or applicable privacy laws.

5. Security Measures

  • Encryption: All data is encrypted in transit using TLS and encrypted at rest in AWS S3 and Supabase Postgres databases.
  • Access Controls: We employ strict, least-privilege access controls, AWS IAM roles, encrypted credentials, and multi-factor authentication.
  • Logging and Monitoring: Comprehensive audit logs track who accessed data and when, ensuring transparency and accountability.

6. User Controls and Choices

  • AI Processing Opt-Out: You may configure settings to disable AI processing for specific emails or contacts within your account settings.
  • Consent for Email Processing: By integrating your email account with Touchpoint, you consent to our processing of inbound emails as described herein.
  • Notification Preferences: Customize notifications for new tasks, deadlines, processing statuses, and Service updates directly within your account preferences.

7. Business Users and Employer-Provided Access

If you access Touchpoint through an enterprise agreement between your employer (or another organization) and Touchpoint, that organization may act as the controller of your data. In such cases:

  • Your employer may set limitations on how we process your data (e.g., disabling features or restricting data retention).
  • Requests to access, correct, or delete your data should be directed to your employer. We will assist the organization in fulfilling such requests as required.
  • Your organization may have visibility into your usage of the Service, including analytics on email processing or workspace activity.

8. Children's Privacy

Touchpoint does not knowingly collect personal data from individuals under the age of 16. If we become aware of such collection, we will take immediate steps to delete this information.


9. Changes to This Privacy Policy

We may periodically update this Privacy Policy. When we do, we will notify you by email or via a prominent in-app banner at least 14 days before such changes become effective.


10. Contact Us

For privacy questions or requests, please contact our privacy team:

Touchpoint Legal

Email: team@touchpoint.legal


We use essential, personalization, and analytics cookies to operate, personalize, and enhance your experience with our Service. You can control cookies through your browser settings or by using privacy-focused browser extensions. See our detailed Cookie Policy for more information.