Retained, held, and deleted on request.
How Eve-Legal, LLC retains and disposes of matter, account, and audit data in the JustineAI™ PI production environment. Consistent with the data-handling and security commitments.
1. Retention
Matter and account data are retained for the subscription term plus the contractually agreed retention period. Audit records are retained for a 7-year horizon by default (or the contracted period) and survive matter or tenant deletion to support post-termination ethics or malpractice review. Audit records contain action records, not matter content. Enterprise customers may extend retention by contract.
2. Deletion model
In normal operation, matter records are soft-deleted, not hard-deleted, consistent with ABA Model Rule 1.15. Soft-deleted records are excluded from the application but recoverable within the retention window. Blob storage has soft-delete, versioning, and change-feed enabled, so a deleted or overwritten document is recoverable within the soft-delete window.
3. Legal hold
A matter placed under legal hold cannot be deleted — the restriction is enforced at the data layer, and any deletion attempt is refused. Only firm-administrators (and platform superadmins) may place or lift a hold.
4. Right to erasure / offboarding
On written request — customer offboarding, or a data-subject erasure request subject to legal-hold and statutory retention — a tenant’s matter data and documents are permanently deleted and a deletion attestation (per-table record counts and timestamp) is produced. The audit trail is preserved for the contracted period. Erasure refuses if any matter in the tenant is under legal hold. Data at rest is encrypted with Azure-managed keys; customer-managed keys (enabling key-revocation crypto-shredding) are on the enterprise roadmap, so erasure today is performed by deletion and attestation.
5. CCPA / CPRA & state privacy
We honor access, deletion, correction, and portability requests as required by applicable US state privacy laws, completed within the contractual response window and subject to legal-hold and retention obligations. Firms fulfil their clients’ requests using in-product tooling — a data-subject locator that finds every place an individual appears across matters, export, anonymization, correction, and a request ledger that records the request and its outcome. Where deletion is not permitted (for example, an active matter under hold), the personal information is anonymised where feasible or retained under the applicable legal basis, with the reason communicated.