Privacy Policy.

We collect the minimum we need to run a paid marketplace credibly: account credentials, purchase records, audit trails, forensic download logs (for license enforcement), and operational telemetry. We don't see your skill inputs or outputs — those go directly from your machine to whichever LLM provider you choose. We don't sell your personal information. We don't collect bar numbers or verify professional credentials.

Account data.

Email address, display name, and authentication state are handled by our authentication subprocessor (Clerk). You set your own password directly with Clerk; we never see it. Author profiles also include a self-attested role (legal ops / IT / marketing / people & culture / strategy / pricing & profitability / client success / executive assistant / knowledge management / other) and a US state location, both surfaced publicly on your skill listings as part of the seller-of-record disclosure.

Purchase + payment data.

Purchase records include the price paid, the version sold, the Stripe payment-intent ID, the per-purchase license identifier (the watermark used in your downloaded bundle), and timestamps. Stripe — not Counsel Commons™ — handles your payment-card details directly; we receive only references (the payment intent ID, the last four digits of the card via Stripe metadata) and never see your full card number, CVV, or banking credentials. For sellers, Stripe Connect handles KYC, tax IDs, and bank account details — we don't see those either.

Download + access logs.

Each bundle download is logged with: purchase ID, buyer ID, the version downloaded, IP address, user-agent string, and timestamp. This forensic log supports the per-purchase watermark on every downloaded bundle. The license identifier is also embedded in the bundle file itself; if a leaked copy surfaces, we can trace it back to the original buyer. This is part of the license-enforcement mechanism disclosed in our Terms.

Audit trail data.

Some user actions produce append-only audit records: moderation actions taken by Counsel Commons™ staff (approve, reject, remove, restore, hide review, and T&S resolutions), seller upload affirmations (with timestamp, IP, and user-agent at submission time), cookie consent records, and other events that need to be reproducible for a bar inquiry or dispute. These audit records are retained for at least seven years for compliance purposes.

Catalog + content data.

Skills you publish, version metadata + bundle content, reviews you write, feedback threads you file or respond to, and escalation reasons. Reviews include your first name, last initial, and the role you select on the form; reviews are public.

Operational telemetry.

We use Vercel Analytics + Speed Insights for traffic and page-load measurement and Sentry for error monitoring (which captures stack traces, request URLs, and user IDs to help us debug). Our cookie banner is self-hosted — consent is recorded both in your browser's localStorage and server-side in an append-only audit log so we have a paper trail beyond the browser-local flag.

What we don't collect.

• Skill inputs or outputs.When you run a skill, your input goes directly from your environment to whichever LLM provider you're using. Counsel Commons™ servers never see this data. (See §05 for the data-handling implications.)
• Bar numbers or attorney verification. Authors describe their own credentials in a free-text bio and a self-attested role; we don't verify those claims and don't store license numbers. Disclosed in spec §12.
• Client matter data. Skills are tools, not practice management. Your matters, your clients, and the substantive content you process through skills never touch our infrastructure.

Each data category is justified by a concrete operational need. We don't collect data we don't use.

• Account data: to gate purchases, deliver a library, and contact you about your purchases or policy changes.
• Purchase + payment data: to process the purchase, prove the license you have, support refunds and chargebacks, and meet US tax-recordkeeping obligations.
• Download + access logs: license enforcement (per-purchase watermarking), forensic traceability if a bundle is leaked, security monitoring.
• Audit trail: respond to bar-association inquiries, dispute resolution, regulatory record-keeping.
• Catalog content: to operate the marketplace and surface signal to buyers.
• Operational telemetry: diagnose errors, measure performance, and run the cookie consent flow.

Retention is matched to operational and regulatory need:

• Account data: while your account is active. After deletion (you request it or we close the account), we keep a minimal record (account ID + closure reason + closure date) for fraud prevention.
• Purchase + payment data: 7 years from the purchase date, to satisfy US tax-recordkeeping rules and the financial-disputes window.
• Download + access logs: 7 years, to support license-enforcement claims and any DMCA action.
• Audit trail (moderation_actions, audit_logs, upload affirmations): 7 years minimum; bar inquiries can reach back several years and the audit trail is the system of record.
• Reviews and feedback:as long as the skill remains in the catalog, plus 1 year after removal. Hidden reviews (per Terms §06) stay in the database with isHidden=true; we don't hard-delete reviews because the audit trail of moderation actions references them.
• Operational telemetry: 90 days for Sentry errors, the default Vercel retention windows for Analytics + Speed Insights.

When you run a purchased skill, your input goes to whichever LLM provider you've chosen — not to Counsel Commons™. How that provider handles your input (retention, training, routing) depends on your plan + configuration with that provider, not on us. Free + consumer plans often allow training on inputs by default; enterprise / team / API plans typically don't. Check your provider's data-use policy and your specific plan settings before submitting any client-confidential or privileged information.

This is the most important privacy decision in the workflow, and it's yours to make. We can't see it, can't audit it, and don't want to be in that position.

These are the service providers we rely on to run Counsel Commons™. Each is a SOC 2 Type II vendor at time of selection — you can confirm current certification on each provider's trust page (links below). All vendors host data primarily in the United States unless noted.

We'll add or remove subprocessors as the platform evolves. Material changes (a new vendor with substantially different practices, or a new category of data shared) will be reflected on this page; user-facing changes may also surface as a banner.

Access, correction, deletion.

You can update your display name and account data through your account settings. To request a complete export of your data, or to delete your account entirely, send us a message. We'll respond within 30 days. Note: deletion of an account doesn't purge purchase records (we're required to keep those for tax compliance) or audit-trail entries; it does remove your profile, library, and the ability to sign back in.

CCPA disclosures (California residents).

• Right to know. What we collect and why is described in §02 and §03 above.
• Right to delete. Send us a message with your request.
• Right to non-discrimination.Exercising any right under CCPA won't affect your access, prices, or service quality.
• “Do not sell or share.” Counsel Commons™ does not sell personal information and does not share it with third parties for cross-context behavioral advertising.

Cookie preferences.

The cookie banner that appears on your first visit lets you choose between essential cookies only and full analytics + performance cookies. You can re-trigger the banner at any time via the “Manage cookies” link in the footer. Server-side consent records are kept for the seven-year audit-trail window above.

Marketing emails.

We don't currently run marketing campaigns. The transactional emails you do receive (purchase receipts, feedback notifications, payout notifications, removal notices) are part of the service and can't be turned off without closing your account; they don't contain promotional content.

Production traffic is HTTPS-only, with TLS terminated at Cloudflare. Authentication tokens use HttpOnly cookies and CSRF protection on mutations. Authorization is enforced server-side; client-side checks are convenience only. Bundle download URLs go through our authenticated proxy so the underlying storage URL never leaks. Database backups are taken daily and retained 30 days. Secrets are managed in Vercel Environment Variables and rotated quarterly. We target SOC 2 Type I within 6 months of launch and Type II 12 months after.

If you discover a security issue, send us a message with the details. We don't currently run a paid bug-bounty program but will acknowledge serious reports promptly.

Counsel Commons™ is for legal-business-management professionals (managing partners, COOs, finance directors, legal-ops leads, IT, marketing, HR) and is not directed to children under 18. We don't knowingly collect data from anyone under 18. If we learn that we've collected data from a minor, we'll delete it.

The marketplace is currently available to US-based legal professionals only. We may expand to other jurisdictions in the future, at which point this Policy will be updated to reflect any additional rights (GDPR, UK GDPR, etc.) that apply. Until then, if you reach the site from outside the US, you can still browse the catalog; purchase and sign-up may be geo-restricted.

We'll update this Policy from time to time. The version in force at the time of a given event governs that event. Material changes that expand the categories of data we collect or change how we share data will surface as a re-acceptance flow at next sign-in or as a banner on the site.

Privacy questions, data-subject requests, security reports, compliance concerns — all routed through one form so we don't expose email addresses to scrapers. Pick the topic that fits and send us a message.

Counsel Commons™ is a product of Legal InnovAI LLC, a Colorado limited liability company.