Introduction
This Privacy Policy ("Policy") explains how Visalaw Ventures, INC, doing business as Visalaw AI ("Visalaw," "Company," "we," "us," or "our") collects, uses, discloses, and otherwise processes personal information in connection with our websites (the "Sites"), our AI-powered immigration law platform, and the related content, services, products, and functionality we offer (collectively, the "Services"). As used in this Policy, "personal information" corresponds to "Personal Data" as defined under applicable laws such as the GDPR, CCPA, and other data protection legislation.
When This Policy Applies
This Policy applies when Visalaw is the controller of personal information---meaning we determine how and why your personal information is processed. This includes personal information collected from:
-
Visitors to our websites and marketing pages
-
Individuals who register for events, webinars, or newsletters
-
Business contacts and prospective customers
-
Individuals who communicate with us directly
When This Policy Does Not Apply to Customer Data
This Policy does not govern personal information that we process on behalf of our customers (law firms and their authorized users) when they use our Services. When a law firm or other enterprise customer uploads documents, submits queries, or otherwise provides data through the Visalaw platform, Visalaw acts as a data processor on behalf of that customer. In that capacity:
-
Customer data is processed exclusively in accordance with our Data Processing Addendum (DPA), not this general Privacy Policy.
-
The customer (law firm) remains the data controller and is responsible for providing appropriate notices to and obtaining necessary consents from individuals whose data is processed through the Services.
-
If you have questions about how a Visalaw customer uses your personal information, please contact that customer directly. In the event of a conflict between this Privacy Policy and a written agreement with a customer (including the SaaS Agreement, Data Processing Addendum, or Security Addendum), such agreement will control solely with respect to Customer Data processed on behalf of that customer.
Our AI-Specific Commitments
When processing data on behalf of our enterprise customers:
-
No Training on Customer Data. We do not use Customer Data or Customer Content (queries and outputs) to train any AI models. Our third-party model providers are also contractually prohibited from training on customer data.
-
No Human Review. Visalaw personnel do not access or review Customer Data or Customer Content except as necessary to provide or support the Service, or to comply with legal obligations.
-
Data Isolation. Each customer's data is logically isolated from other customers' data within our platform.
-
Encryption. Customer Data is encrypted at rest (AES-256) and in transit (TLS 1.2+).
For complete details on how we handle customer data, please see our Data Processing Addendum and Security Addendum, available in the Trust Portal and by request.
What Personal Information We Collect
Information You Provide to Us
-
Contact Information: Name, email address, phone number, job title, company name, and bar number or AILA membership (where applicable).
-
Account Information: Credentials, billing information, and profile details. Payment processing is handled by Stripe; we do not store payment card details.
-
Communications: Messages sent through our contact forms, chat, email, or support channels.
-
Event Information: Registration details for webinars, demos, and events.
-
Feedback: Product feedback, ratings, and survey responses.
Information Collected Automatically
-
Log Data: IP address, browser type, device type, operating system, referring URLs, and timestamps.
-
Analytics Data: Pages visited, features used, click paths, and session duration.
-
Location Data: Approximate geographic location inferred from IP address.
We and our third-party partners use cookies and similar technologies to collect this information automatically. Please see our Cookie Policy at visalaw.ai/cookie-policy for details and opt-out options. Our Services do not currently respond to "Do Not Track" browser signals.
Information from Third Parties
-
Your Employer or Company: If you access our Services through your employer, we may receive your information from them.
-
Other Users: Information about you may be included in content uploaded by other users of the Services.
-
Service Providers: Our service providers may share information they collect on our behalf.
-
Public Sources: We may collect information from publicly available sources.
How We Use Personal Information
We use personal information collected as a controller for the following purposes:
-
Providing, maintaining, and improving our Services and websites
-
Communicating with you about your account, inquiries, and support requests
-
Processing transactions and sending related notices
-
Marketing and advertising (with appropriate consent where required)
-
Conducting research and analytics to improve our offerings. For clarity, this does not include Customer Data processed on behalf of enterprise customers, which is governed exclusively by the Data Processing Addendum and is not used for product improvement except in de-identified, limited operational metadata form.
-
Ensuring the security and integrity of our Services
-
Complying with legal obligations and enforcing our rights
-
Detecting and preventing fraud or other prohibited activities
We collect the categories of personal information described above for the purposes described in this section and disclose them to the categories of recipients described in "How We Share Personal Information."
How We Share Personal Information
-
With Your Employer/Company: If you access the Services through your employer, we may share information with them.
-
Service Providers: We engage third-party providers for cloud infrastructure, analytics, payment processing, customer support, marketing services, and AI model services. These providers process data on our behalf under contractual obligations.
-
Business Partners: We may share information with partners who offer complementary services.
-
Legal Requirements: We may disclose information to comply with laws, respond to legal process, protect rights and safety, or as required by governmental authorities.
-
Business Transactions: In connection with mergers, acquisitions, or similar corporate transactions.
-
With Your Consent: We may share information for other purposes with your consent or at your direction.
We do not sell personal information. We have not sold personal information in the preceding twelve months and will not sell personal information in the future.
Data Security
We implement appropriate technical and organizational measures to protect personal information, including:
-
Encryption at rest (AES-256) and in transit (TLS 1.2+)
-
Access controls based on the principle of least privilege
-
Regular security assessments and penetration testing
-
Employee security awareness training
-
Incident response and breach notification procedures
For detailed information about our security practices, please visit our Security page at visalaw.ai/security or request our Security Addendum.
Data Retention
We retain personal information for as long as necessary to fulfill the purposes for which it was collected, including to satisfy legal, accounting, or reporting requirements. Retention periods are determined based on factors such as the nature of the data, the purposes of processing, applicable legal obligations, and whether the information is needed to resolve disputes or enforce agreements. For example, account data is retained for the duration of the account relationship, marketing data is retained until you opt out, and system logs are retained in accordance with our internal data retention schedule.
For customer data processed under our DPA, retention and deletion are governed by the DPA and the customer's instructions. Customers may request deletion of their data at any time, and Visalaw will comply within 30 days of such request.
International Data Transfers
Visalaw is based in the United States. Personal information may be transferred to and processed in the United States or other jurisdictions where our service providers operate. When transferring personal information internationally, we use appropriate safeguards including Standard Contractual Clauses and the EU-U.S. Data Privacy Framework (where applicable). For Customer Data processed under our Data Processing Addendum, data is hosted in the United States unless otherwise agreed in writing with the customer.
Your Rights and Choices
General Rights
-
Access: Request a copy of the personal information we hold about you.
-
Correction: Request correction of inaccurate personal information.
-
Deletion: Request deletion of your personal information, subject to certain exceptions.
-
Portability: Request a copy of your data in a structured, machine-readable format.
-
Opt-Out of Marketing: Unsubscribe from marketing emails using the link in each email.
-
Cookie Preferences: Manage cookie settings through our Cookie Policy.
To exercise any of these rights, contact us at [email protected].
California Residents (CCPA/CPRA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act, including the right to know what personal information we collect and how we use it, the right to request deletion, and the right to non-discrimination for exercising your rights. We do not sell or share personal information for cross-context behavioral advertising as defined by the CCPA.
Virginia Residents (VCDPA)
Virginia residents have additional rights including the right to access, correct, delete, and obtain a copy of personal data, and the right to opt out of targeted advertising, sale of personal data, or profiling. To exercise these rights, contact [email protected].
EEA, UK, and Switzerland Residents (GDPR)
If you are located in the EEA, UK, or Switzerland, you have additional rights under the GDPR including the right to object to processing, the right to restrict processing, and the right to lodge a complaint with a supervisory authority. Our legal bases for processing include: contract performance (e.g., providing the Services you requested); legitimate interests (e.g., improving website functionality, ensuring security, and fraud prevention); consent (e.g., marketing communications, where you may withdraw consent at any time); and legal obligations (e.g., compliance with applicable laws and regulations). We do not engage in automated decision-making or profiling that produces legal or similarly significant effects on individuals.
Australian Residents
Australian residents have rights under the Australian Privacy Act 1988 including the right to access and correct personal information. Complaints may be directed to the Office of the Australian Information Commissioner (OAIC).
Canadian Residents (PIPEDA)
Canadian residents have rights under PIPEDA including the right to access, rectify, erase, and withdraw consent. Information transferred outside Canada is subject to the laws of the receiving jurisdiction.
Children's Privacy
Our Services are not directed to children under the age of 16. We do not knowingly collect personal information from children under 16. If we learn that we have collected personal information from a child under 16, we will promptly delete it.
Third-Party Links and Services
Our Services may contain links to third-party websites and services. This Policy does not apply to those third-party services, and we are not responsible for their privacy practices. We encourage you to review the privacy policies of any third-party services you access.
Changes to This Policy
We may update this Policy from time to time. We will notify you of material changes by posting the updated Policy on our website with a revised "Last Updated" date. For material changes that affect how we process customer data under our DPA, we will provide notice to affected customers in accordance with the DPA.
Contact Us
If you have questions about this Policy or wish to exercise your privacy rights, please contact us:
Visalaw Ventures, INC
1028 Oakhaven Road
Memphis, TN 38119
