ZipLaw Privacy Policy
How ZipLaw handles your information.
This Privacy Policy describes how ZipLaw, Inc. (“Company,” “we,” “our,” or “us”) collects, uses, stores, and discloses personal information when you access or use our software-as-a-service platform and related tools (“Services”).
Information We Collect
From inmates, we may collect name, Bureau of Prisons register number, facility information, case identifiers, and messages or materials submitted through CorrLinks, mail, or equivalent systems. Content of legal questions and research requests may be logged.
From supporters, we may collect name, email address, telephone number (if provided), billing relationship, and the inmate association(s) you specify.
Payment processing is handled by Stripe or other third-party processors. ZipLaw, Inc. does not store credit card numbers or bank account information on its own servers.
We may also collect automatically generated data such as system logs, IP address, device and browser information, access timestamps, URL paths, and usage metadata related to your interaction with any ZipLaw Inc. services.
How We Use Information
We use information to provide, operate, maintain, and improve the Services, including generating research outputs, document templates, and informational materials requested by users.
We use information to process subscriptions, payments, and account administration, and to respond to user inquiries, support requests, and administrative needs.
We use information to support compliance with legal, regulatory, and institutional requirements (including Bureau of Prisons policies and facility rules), to monitor communications for quality assurance, abuse prevention, and security, and to enforce our Terms & Conditions and protect the rights, property, and safety of ZipLaw, Inc. and its users.
Data Storage and Retention
Data may be stored on infrastructure provided by Amazon and/or Google or similar providers, using reasonable security controls.
Communications (including CorrLinks message content and responses), system logs, and activity records may be logged and retained for billing, auditing, dispute resolution, and compliance purposes.
We retain personal data for as long as reasonably necessary to provide the Services, comply with legal obligations, enforce our agreements, or resolve disputes. Retention periods may vary based on record type and applicable law.
Upon a verified request and to the extent permitted by law, we will delete or de-identify personal data that is no longer needed for the purposes described above. Certain data may need to be retained for legal, security, or accounting reasons even after an account is closed.
Data Sharing
We do not sell or lease user personal information.
We may share information with service providers to operate the Services, including payment processors such as Stripe, inmate messaging platforms such as CorrLinks, hosting and infrastructure providers such as AWS or Firebase, and analytics or logging providers used for performance monitoring and security.
We may disclose information as required by law, regulation, legal process, court order, or government request, or to protect the rights and safety of ZipLaw, Inc., our users, or others.
In connection with a merger, acquisition, reorganization, or sale of assets, user information may be transferred as part of the transaction, subject to this Privacy Policy or a successor policy with materially similar protections.
Security
We implement reasonable technical and organizational measures designed to protect personal data against unauthorized access, loss, misuse, alteration, or destruction. These measures may include access controls, encryption in transit where appropriate, and monitoring. However, no method of transmission or storage is completely secure, and we cannot guarantee absolute security.
Important note. Communications pass through third-party institutional systems such as CorrLinks, Bureau of Prisons mail handling, facility scanning, and telecommunications providers. ZipLaw, Inc. does not control the privacy practices, security measures, or retention policies of those systems, and this Privacy Policy does not govern their conduct.
User Rights
You may request information about the personal data we hold about you and ask that we correct inaccuracies. You may also request deletion of personal information, which we will honor to the extent permitted by law and consistent with our retention obligations.
Children’s Privacy
Our Services are not directed to or intended for children under the age of 13, and we do not knowingly collect personal information from children under 13. If we become aware that such information has been collected, we will take reasonable steps to promptly delete it. Parents or guardians who believe that a child has provided us with personal information may contact us so we can take appropriate action.
Changes to This Policy
We may amend or update this Privacy Policy from time to time. The latest version will always be posted on our website with an updated effective date. Continued use of the Services after the effective date of any change constitutes acceptance of the updated Privacy Policy.
Governing Law
This Privacy Policy and any dispute arising from or relating to it shall be governed by and construed in accordance with the laws of the United States of America, without regard to conflict-of-law principles.