Legal
Privacy Policy
Effective date: June 13, 2026 · Last updated: June 13, 2026
This Privacy Policy describes how Kovel.io, a subsidiary of Spaceship Earth, LLC d/b/a Kovel (“Kovel,” “we,” “us,” or “our”) collects, uses, shares, and protects information in connection with your use of kovel.ioand any related applications, portals, or services (collectively, the “Services”). By accessing or using the Services you agree to this Privacy Policy. If you do not agree, do not use the Services.
1. Information We Collect
1.1 Information You Provide
When you create an account or use the Services, we collect the information you voluntarily submit, including:
- Identity & contact information — your full name, email address, phone number (if provided), and the jurisdiction(s) in which your legal matters arise.
- Legal matter context — descriptions of your legal situation that you enter during intake, onboarding, or research sessions, including the nature of your matter, the parties involved, relevant dates, and any supporting documents you upload to the Law Library feature.
- AI conversation content — the prompts you submit to the AI research portal and the AI-generated responses returned during your sessions. If you save sessions to your Law Library, those records persist; unsaved session content is discarded at session end.
- Attorney matching information — your stated legal needs, preferred practice areas, and jurisdiction preferences used to match you with a licensed attorney in the Kovel network.
- Communications — messages you send to us through support channels, email, or any feedback forms.
1.2 Billing Information
Payment processing on the Services is handled by Stripe, Inc. Kovel does not store your full credit card number, card verification code, or bank account details. We receive from Stripe a tokenized payment reference, the last four digits of your card, the card brand, and billing address information you provide at checkout. By submitting payment information through the Services, you agree to Stripe’s Privacy Policy.
1.3 Automatically Collected Information
When you access the Services, our infrastructure automatically records certain technical data, including:
- Device & access information — IP address, browser type, operating system, device identifiers, referring URL, and pages visited within the Services.
- Log data — the date and time of each request, server responses, and error logs. These logs are used for security monitoring and debugging and are retained for 90 days.
- Session tokens — cryptographically signed session identifiers stored as httpOnly cookies for authentication purposes. See Section 7 (Cookies) for details.
2. How We Use Your Information
We use the information we collect for the following purposes:
- Providing the Services — to create and manage your account, match you with a licensed attorney in your jurisdiction, process your AI research queries, and deliver the functionality described in your subscription plan.
- Attorney matching — to identify a licensed attorney in the Kovel network whose jurisdictional authorization and practice areas align with your stated legal needs, and to share the information necessary to establish a formal attorney engagement.
- AI query routing — to route your research prompts to the appropriate AI model infrastructure under the direction of your matched attorney. We do not use your matter content to train AI models. All queries route through enterprise endpoints that contractually prohibit training on inputs or outputs.
- Billing and account management — to process subscription payments, issue invoices, manage plan changes, and enforce billing-related restrictions.
- Security and fraud prevention — to detect, investigate, and prevent unauthorized access, abuse, or fraudulent use of the Services.
- Legal compliance — to comply with applicable laws, respond to lawful legal process, and protect the rights, property, and safety of Kovel, its attorneys, and users.
- Service improvement — to analyze aggregated, de-identified usage patterns to improve the platform. No individual matter content is used for this purpose.
- Communications — to send you transactional messages (account confirmation, payment receipts, attorney engagement notifications), product updates, and, where you have opted in, service announcements. You may unsubscribe from non-transactional communications at any time.
3. How We Share Your Information
3.1 With Your Directing Attorney
The attorney matched to your matter receives the information necessary to establish and fulfill the engagement: your name, contact details, jurisdiction, matter summary, and (if you authorize it) access to Law Library materials you designate as relevant to your matter. Your attorney is an independent licensed professional bound by the professional conduct rules of their jurisdiction, including duties of confidentiality. We contractually require all network attorneys to maintain confidentiality consistent with applicable bar rules.
3.2 Service Providers
We share information with third-party vendors who assist us in operating the Services, subject to data processing agreements that restrict their use of your information to the purposes for which it is shared:
- AI infrastructure providers (including Anthropic, PBC) — to process your research queries under zero-retention, zero-training contractual terms.
- Payment processor (Stripe, Inc.) — for billing and subscription management.
- Cloud hosting and infrastructure providers — for data storage and application hosting, all within U.S. data centers.
- Email delivery services — for transactional email (account notifications, magic-link authentication).
3.3 No Sale of Personal Data
Kovel does not sell, rent, or trade your personal information to any third party for their own marketing or commercial purposes.
3.4 Legal Process and Safety
We may disclose information when required by law, court order, subpoena, or other governmental or legal process. To the extent permitted by applicable law, we will attempt to notify the directing attorney before disclosing matter content so that counsel may assert privilege and seek a protective order. Nothing in this Privacy Policy limits Kovel’s ability to respond to legally binding process.
3.5 Business Transfers
If Kovel is involved in a merger, acquisition, sale of assets, or similar transaction, your information may be transferred as part of that transaction. We will provide notice of any such transfer and any material change to this Privacy Policy.
4. Data Retention
We retain your account information and any Law Library materials you have saved for the duration of your active subscription and for two (2) years following cancellation or termination of your account, except where a longer retention period is required by law or is necessary to resolve a dispute or enforce our agreements.
Unsaved AI session content (prompts and responses not explicitly saved to the Law Library) is discarded at the end of each session and is not stored on Kovel’s servers beyond the session.
You may request deletion of your account and associated data at any time by contacting privacy@kovel.io. We will fulfill deletion requests within thirty (30) days, subject to our right to retain information where required by applicable law, to resolve active disputes, or to comply with our legal obligations. Certain log data, billing records, and attorney-engagement documentation may be subject to mandatory retention periods independent of your deletion request.
5. Privilege and Confidentiality
The content you submit to the Services in connection with a legal matter is treated as confidential. Kovel’s infrastructure is designed so that matter content is accessible only to you and your directing attorney. Network attorneys are bound by the professional conduct rules of their jurisdiction, which impose independent duties of confidentiality with respect to client communications.
Whether attorney-client privilege attaches to any specific communication made through the Services is a legal question that depends on the existence and scope of your attorney-client relationship, your conduct, and the facts of your matter. Kovel makes no guarantee that privilege will attach. Please review the full privilege disclaimer in Section 6 of our Terms of Service.
6. Security
Kovel implements commercially reasonable administrative, technical, and physical safeguards designed to protect your information against unauthorized access, disclosure, alteration, or destruction. These include, without limitation:
- TLS 1.3 encryption for all data in transit between your browser and our servers.
- AES-256 encryption for Law Library documents stored at rest, using per-matter encryption keys.
- Contractual zero-retention terms with AI model providers.
- U.S.-only data residency with no cross-border replication.
- Access controls limiting Kovel personnel access to user data to those with a demonstrated need.
No security system is impenetrable, and no method of electronic storage or transmission over the Internet is 100% secure. While we strive to protect your information, we cannot guarantee absolute security. In the event of a data breach affecting your information, we will notify you as required by applicable law.
7. Cookies
Kovel uses a minimal cookie footprint. We set a single category of cookies:
- Authentication session tokens — httpOnly, Secure, SameSite=Lax cookies that authenticate your session with the platform. These cookies are strictly necessary for the Services to function and cannot be disabled without preventing you from logging in.
We do not use advertising cookies, third-party tracking pixels, or behavioral analytics cookies. We do not share cookie data with advertising networks.
8. Children’s Privacy
The Services are not directed to individuals under the age of 18. We do not knowingly collect personal information from minors. If you believe we have inadvertently collected information from a minor, please contact us at privacy@kovel.io and we will delete it promptly.
9. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email to the address associated with your account at least thirty (30) days before the changes take effect. The updated policy will be posted at this URL with a revised effective date. Your continued use of the Services after the effective date of any changes constitutes acceptance of the revised policy. If you do not accept the revised policy, you should discontinue use of the Services before the effective date.
10. Contact Us
If you have questions, requests, or concerns about this Privacy Policy or our data practices, please contact us at:
KovelKovel.io, a subsidiary of Spaceship Earth, LLC
Privacy inquiries: privacy@kovel.io
Kovel is not a law firm. Nothing in this Privacy Policy constitutes legal advice. View our Terms of Service →