Legal

Privacy Policy

Effective date: July 10, 2026

This policy describes what information NoticeForge (“we,” “us”) collects, how we use and protect it, and the choices you have. The short version: we collect what the Service needs to do its job, we share it only with the service providers that make the product work, we never sell it, and your matter data is isolated to your account at the database level.

1. Information We Collect

Account and profile information — your email address, name, and the sender-profile details you choose to add (firm name, mailing address, phone, bar number). These appear on notices you send and on your account.

Matter data you provide — project details, property information, the names and mailing addresses of parties you enter, documents you upload (such as engineering reports), and the facts, selections, and drafts produced from them.

Mailing records — when you dispatch a notice, we keep per-recipient service records: tracking numbers, dispatch and delivery timestamps, and delivery status.

Technical data — authentication session cookies and standard server logs. We use cookies only to keep you signed in — we do not use advertising cookies or third-party trackers.

2. How We Use Information

We use your information solely to operate the Service: extracting facts from your documents, assembling drafts, dispatching and tracking certified mail, computing informational deadline dates, sending you service-related email notifications, securing the platform, and providing support. We do not sell your information, and we do not use it for third-party advertising.

3. How Your Data Is Protected

Your matter data is often sensitive — here is specifically how it is protected, not just that it is:

Encryption in transit and at rest. All traffic between your browser and the Service is encrypted with TLS (HTTPS). Data stored in our database and document storage is encrypted at rest by our infrastructure provider.

Database-level account isolation. Every record — projects, documents, drafts, profile — is protected by row-level security enforced by the database engine itself. Each account can only read and write its own rows. This isolation is applied at the database layer, underneath the application, so it holds even independently of application code.

Authenticated access on every request. Every API request is verified against your authenticated session before any data is touched, and requests are additionally scoped to your account in the application layer — two independent checks.

Abuse controls. Authentication endpoints and resource-intensive operations are rate-limited, and administrative functions are restricted to authorization flags that user accounts cannot modify.

Limited retention and user-controlled deletion. Uploaded source documents are held for a limited retention period, and you can delete documents, drafts, and projects from your account at any time.

4. Service Providers

The Service is built on a small set of providers that process your data only to perform their function:

Supabase — database, authentication, and document storage (this is where your account and matter data lives, with the row-level security described above).

Anthropic and Google — AI processing. Documents you upload and the facts and drafts derived from them are processed by their AI APIs to perform extraction, drafting, and verification. We use these providers under commercial API terms under which your content is not used to train their models.

Lob — certified mail. When you dispatch a notice, the letter content and recipient names/addresses are shared with our mail provider to print and mail it — that is the product working as intended.

Resend — transactional email, used to send you service notifications (for example, delivery confirmations).

Vercel — application hosting.

We do not share your information with anyone else except as required by law or to protect the Service and its users, and we will notify you of legal demands for your data where the law allows.

5. Data Retention

Account and matter data is retained while your account is active. Uploaded source documents are subject to a limited retention period. You can delete projects, documents, and drafts at any time from within the Service, and you can request deletion of your account and associated data by contacting us at the address below.

6. Your Rights and Choices

You can access and correct your account and profile information in the app, delete your matter data from within the Service, and request account deletion, a copy of your data, or correction of anything we hold by emailing hello@noticeforge.app. We respond to verified requests within a reasonable time.

7. Children

The Service is not directed to anyone under 18, and we do not knowingly collect information from children.

8. Changes to This Policy

We may update this policy from time to time. Material changes will be communicated through the Service or by email, and the effective date above will be updated.

9. Contact

Privacy questions or requests: hello@noticeforge.app