+law
Book a demoJoin the waitlist
+Legal

Privacy Policy

Last updated: April 29, 2026

This Privacy Policy explains how PlusLaw LLC, operating as +law ("+law", "PlusLaw", "we", "us", or "our"), collects, uses, discloses, and protects information when you visit our website, sign up for an account, or use our services. We take privacy seriously, and we structure our practices around the principle that legal-intake data is privileged and deserves a higher bar than typical SaaS.

This policy applies to two distinct groups of people:

  • Customers: law firms and the staff of those firms who sign up for and administer +law accounts.
  • End users: prospective and existing clients of those law firms who interact with intake forms, magic-link client portals, or AI voice intake calls operated by our customers using +law.
If you are an end user filling out a law firm's intake form, the law firm is the controller of your data. +law processes that data on the firm's behalf. Direct any data subject requests (access, deletion, correction) to the firm first. We will support the firm in fulfilling them.
/ 01

Information we collect

Information you provide directly

When you sign up for +law as a law firm customer, we collect your name, work email, firm name, and phone number. When you create a workspace, we collect billing contact information (we do not store full payment card numbers; those are held by our payment processor).

Information collected from your firm's clients

When end users complete an intake form, +law receives whatever your firm has configured the form to collect. This typically includes contact information, demographic information, case-relevant facts, and uploaded documents. Sensitive categories may include health information, financial information, and information about minors.

Information collected automatically

We collect technical data when you use the service: IP address, browser type, device identifiers, pages viewed, time stamps, and similar telemetry. We use first-party cookies and similar technologies for session management, authentication, and core product functionality. We do not use third-party advertising or cross-site tracking cookies.

Information from AI voice intake

When AI voice intake is enabled by a firm, +law (or our voice subprocessor) collects the audio of the call, the call transcript, and any structured data extracted from the conversation. Calls are recorded with prior consent disclosure to the end user, in accordance with applicable telephone consumer protection laws.

/ 02

How we use information

We use information for the following purposes:

  • To provide the service: maintain accounts, deliver intake forms, send magic-link emails, run AI voice calls, route data to firms.
  • To support customers: respond to support requests, troubleshoot issues, and improve the product based on aggregate usage patterns.
  • To bill customers: process subscription payments and issue invoices.
  • To secure the service: detect abuse, prevent fraud, and respond to security incidents.
  • To comply with legal obligations: respond to lawful requests from regulators, courts, and other authorities.

We do not sell personal information. We do not use intake data to train artificial intelligence models for any purpose other than serving the customer who collected the data, and only when explicitly enabled by that customer.

/ 03

Sharing and disclosure

Service providers (subprocessors)

We share information with vendors that help us operate the service: hosting infrastructure, email delivery, authentication, payment processing, voice telephony, and customer support. A current list is maintained at our subprocessors page. Each subprocessor is bound by contractual obligations to protect customer data.

Legal requirements

We may disclose information when required by law, subpoena, court order, or other lawful process. Where legally permitted, we will notify the affected customer before disclosing their data.

Business transfers

If +law is involved in a merger, acquisition, or sale of assets, customer information may be transferred as part of that transaction. We will provide notice before customer information is transferred and becomes subject to a different privacy policy.

/ 04

Data retention

We retain customer data for as long as the customer maintains an active account, plus a reasonable wind-down period after termination during which data can be exported. After that period, data is deleted from active systems on a defined schedule and from backups within ninety days.

End-user intake data (the data collected by a law firm using +law) is retained according to the firm's own retention configuration. Firms can delete or redact end-user records at any time using built-in privacy tools, subject to bar-association recordkeeping requirements that may require preservation of certain audit trails.

Telemetry and operational logs are retained for up to twelve months for security, debugging, and analytics, and then purged or anonymized.

/ 05

Security

We use commercially reasonable technical and organizational measures to protect personal information from loss, misuse, and unauthorized access. These measures include:

  • Encryption of data in transit using TLS 1.2 or higher.
  • Encryption of data at rest using industry-standard algorithms.
  • Field-level encryption for designated sensitive fields (such as government identifiers and financial account numbers).
  • Access controls based on the principle of least privilege.
  • Multi-factor authentication for administrative and engineering access.
  • Logical isolation of customer workspaces, with automated tests verifying isolation on every release.
  • Secure software development practices, code review, and dependency monitoring.
  • Regular third-party security assessments.

No system can be guaranteed perfectly secure. If we become aware of a personal data breach affecting a customer, we will notify the customer without undue delay, in accordance with applicable law and our Data Processing Agreement.

/ 06

Your rights

Depending on your location, you may have rights regarding your personal information, including the right to:

  • Access the personal information we hold about you.
  • Request correction of inaccurate information.
  • Request deletion of your personal information.
  • Object to or restrict certain processing.
  • Receive a copy of your personal information in a portable format.
  • Withdraw consent where processing is based on consent.
  • Lodge a complaint with a data protection authority.

If you are an end user (a client of a law firm using +law), please direct your request to the law firm first. The firm is the controller of your intake data and is best positioned to action requests. We will support the firm in fulfilling them.

If you are a +law customer, you can exercise your rights by emailing us at hello@pluslaw.com.

/ 07

Children's privacy

+law is not directed to children under the age of 13. We do not knowingly collect personal information directly from children under 13. Law firms using +law may collect information about minors as part of legal matters (for example, in family law or estate planning); in those cases, the firm is the controller and is responsible for applicable protections. If we become aware that we have inadvertently collected information directly from a child under 13 outside of a legitimate firm-mediated intake, we will delete it.

/ 08

International data transfers

+law is operated from the United States, and our infrastructure is hosted primarily in the United States. If you access the service from outside the United States, your information will be transferred to and processed in the United States. We rely on lawful transfer mechanisms (such as Standard Contractual Clauses) where required.

/ 09

Changes to this policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify customers by email and update the "Last updated" date at the top of this page. Continued use of the service after a material change constitutes acceptance of the updated policy.

/ 10

Contact us

If you have questions about this Privacy Policy or our privacy practices, contact us at:

PlusLaw LLC323 Washington Ave N, #200
Minneapolis, MN 55401
Email: hello@pluslaw.com