Privacy Policy

This Privacy Policy describes how Verdica LLC (“Verdica,” “we,” “us,” or “our”), collects, uses, stores, and discloses information in connection with the Verdica platform and related services (the “Services”).

This Privacy Policy applies to the law firms and other legal organizations (the “Firms”) and their authorized users who access the Services. It does not apply to a Firm’s own clients or third parties whose information the Firm may submit to the platform. Any such data is governed by the Firm’s own privacy practices and, where applicable, our Business Associate Agreement.

1. Information We Collect

1.1 Account and Firm Information

When a Firm registers for or configures the Services, we collect:

• Firm name and, if provided, office location and contact information;
• Names and email addresses of authorized users;
• Billing and payment information (processed by our payment processor; Verdica does not store full payment card numbers); and
• Account preferences and platform configuration settings.

1.2 Client Data Submitted by the Firm

Firms use the Services to store and manage information about their clients and legal matters. This may include:

• Names and contact information of individuals;
• Incident and injury descriptions;
• Medical history, treatment records, and healthcare provider information; and
• Medical records, police reports, and other supporting case information.

Verdica processes this information as a service provider on behalf of the Firm. The Firm is responsible for determining the lawfulness of collecting and submitting such information to the Services.

1.3 Usage and Technical Data

We automatically collect certain technical data when you use the Services, including:

• Audit log data including actions taken and the entity affected;
• Session timestamps and login history; and
• Error and performance data.

2. How We Use Information

We use the information we collect to:

• Provide, operate, and maintain the Services;
• Generate AI-powered analyses, summaries, and suggestions within the platform;
• Send transactional notifications (e.g., account invitations and password resets);
• Monitor platform performance, diagnose errors, and improve reliability;
• Maintain audit logs for compliance and accountability purposes;
• Comply with applicable legal obligations; and
• Enforce our Terms of Service.

We do not use Client Data to train or improve AI models without the Firm’s explicit written consent.

3. How We Share Information

We do not sell personal information. We may share information in the circumstances described below.

3.1 Subprocessors

We engage trusted third-party service providers (“subprocessors”) to help deliver the Services. These providers process data on our behalf and only in accordance with our instructions. Our subprocessors include:

This list may be updated as we add or change subprocessors. We will provide notice of material changes to our list of subprocessors.

3.2 Legal Requirements

We may disclose information if required to do so by law, court order, or governmental authority, or if we believe in good faith that disclosure is necessary to protect the rights, property, or safety of Verdica, our customers, or others.

3.3 Business Transfers

In the event of a merger, acquisition, or sale of all or substantially all of our assets, information held by Verdica may be transferred to the acquiring entity. We will provide notice before any such transfer takes effect.

3.4 With Your Authorization

We may share information with third parties when the Firm has directed or authorized us to do so.

4. Protected Health Information (HIPAA)

The Services are designed for use by law firms or other legal organizations that may handle Protected Health Information (“PHI”) in connection with personal injury and other legal matters. Verdica’s Business Associate Agreement (“BAA”) is incorporated into and made part of the Terms of Service and is automatically in effect upon the Firm’s acceptance of those Terms. No separate signature is required.

Verdica implements administrative, physical, and technical safeguards consistent with HIPAA’s Security Rule to protect PHI. Our transactional communications are designed to avoid transmitting PHI in email payloads; instead, notifications contain only a secure link directing authorized users to access information within the platform.

5. Data Retention

We retain information for as long as necessary to provide the Services and fulfill the purposes described in this Privacy Policy, unless a longer retention period is required by law.

Upon termination of a Firm’s service plan, we will retain Client Data for up to ninety (90) days to allow for data export, after which it will be deleted or anonymized unless legal obligations require otherwise. Account and billing records may be retained longer as required by applicable law.

6. Data Security

We implement commercially reasonable technical and organizational security measures to protect information against unauthorized access, loss, disclosure, or alteration. These measures include:

• Encryption of data in transit (TLS) and at rest;
• Access controls and role-based permissions;
• Audit logging of all significant actions within the platform;
• Secure, token-based authentication for all external-facing links; and
• Subprocessor agreements requiring equivalent data protection standards.

No security measures are perfect. In the event of a data breach affecting your information, we will notify affected Firms in accordance with applicable law and our BAA obligations.

7. Cookies and Tracking

We use session cookies and similar technologies to maintain authenticated sessions and support core platform functionality. We do not use third-party advertising trackers or behavioral profiling technologies on the platform.

8. Third-Party Links and Integrations

The Services may include integrations with or links to third-party services. This Privacy Policy does not apply to such third-party services. We encourage you to review the privacy policies of any third-party services you connect to the platform.

9. Children’s Privacy

The Services are intended for use by legal professionals and are not directed at individuals under the age of 18. We do not knowingly collect personal information from minors. If you believe we have inadvertently collected such information, please contact us and we will promptly delete it.

10. Your Rights and Choices

10.1 Access and Correction

Authorized users may access and update their own account information through the platform settings at any time.

10.2 Data Export

Firms may export their Client Data from the platform at any time during an active service plan using available export features.

10.3 Deletion

Firms may request deletion of their account and associated data by contacting us at support@verdicatech.com. Certain information may be retained as required by law or for legitimate business purposes such as fraud prevention.

10.4 California Residents

If you are a California resident, you may have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information we collect, the right to request deletion, and the right to opt out of the sale of personal information. We do not sell personal information. To exercise such rights, if applicable to you, contact us at the address below.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify Firms via email or in-platform notice at least thirty (30) days before the changes take effect. Your continued use of the Services after the effective date of any update constitutes acceptance of the revised policy.

12. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us at privacy@verdicatech.com.