Privacy Policy

Last updated: April 16, 2026

How Zarlu, Inc. collects, uses, and protects your information when you use LawyerAudio.

1. Introduction

This Privacy Policy describes how Zarlu, Inc. (“Zarlu,” “we,” “us,” or “our”) collects, uses, discloses, and protects your information when you use LawyerAudio (“Service”). We are committed to transparency, especially given that our users are attorneys handling sensitive client information.

By using the Service, you agree to the practices described in this policy. If you do not agree, do not use the Service.

2. Information We Collect

2.1 Prospective Customer Information (Sales Outreach)

If you have not created a LawyerAudio account but receive a commercial email from us, we may have obtained your contact information from publicly available sources or third-party business data providers (such as Apollo.io). In that case, we may collect and process:

Name
Business email address
Phone number (if publicly listed)
Company name and website
Job title
Practice area

We use this information solely to contact you about our products and services. This data is stored in our email outreach platform (Instantly.ai) and our lead enrichment provider (Apollo.io).

Your rights as a prospective contact:

Opt out of communications: Reply “unsubscribe” to any email from us, or email [email protected], and we will remove you from all outreach within 24 hours and add you to our permanent suppression list.
Request your data: You may request a copy of the information we hold about you by emailing [email protected].
Request deletion: You may request that we delete all information we hold about you by emailing [email protected]. We will delete your data from our outreach platforms within 30 days, except where retention is required by law.
We do not sell your personal information. Transferring your contact information between our data providers and outreach tools is done solely to contact you about our products and does not constitute a sale under the CCPA/CPRA.

California residents: See Section 8 for additional rights under the CCPA/CPRA. These rights apply to you whether or not you have a LawyerAudio account.

Residents of Virginia, Colorado, Connecticut, and other states with consumer privacy laws: See Section 9. You may have similar rights under your state’s law.

2.2 Account Information

When you register, we collect:

Name
Email address
Firm name (optional)
Primary practice area (optional)
Billing information (processed by our payment provider; we do not store full payment card numbers)

2.3 Documents and Content You Upload

When you use the Service, we process:

PDF documents you upload for script generation
Draft scripts generated from your documents
Edits you make to scripts
Attorney-approved final scripts
Audio files generated from approved scripts

2.4 Usage Data

We automatically collect:

Log data (IP address, browser type, operating system, referring URL)
Service usage patterns (features used, actions taken, timestamps)
Device information
Audit trail data (generation, editing, approval, sharing, and listening events)

2.5 Cookies and Tracking Technologies

Our marketing site uses:

PostHog — web analytics to understand page visits, referral sources, demo engagement, and call-to-action clicks. PostHog may collect page URLs, device and browser information, IP address (which may be anonymized), and use cookies or similar browser storage to recognize repeat visits. See PostHog’s privacy policy for details on their data handling practices.
Google Ads conversion tracking — to measure the effectiveness of our advertising (subject to Google’s privacy policies)

The Service application uses:

PostHog — product analytics to understand how features are used, identify issues, and improve the Service. PostHog collects usage events (such as pages visited, features used, and interactions), device and browser information, and IP address (which may be anonymized). PostHog does not have access to the content of your documents, scripts, or audio files. See PostHog’s privacy policy for details on their data handling practices.
Essential cookies required for authentication and session management

We do not use third-party advertising cookies within the application.

3. How We Use Your Information

We use your information to:

Provide the Service — process your documents, generate scripts, produce audio, and enable sharing
Maintain your account — manage authentication, billing, and subscription status
Improve the Service — analyze usage patterns (in aggregate) to improve features and performance
Communicate with you — send service-related notices, respond to support requests, and provide product updates
Ensure security — detect and prevent fraud, abuse, and unauthorized access
Comply with law — respond to legal process and enforce our Terms of Service

We do not use your documents or content for:

Training AI models
Advertising or marketing purposes
Sale to third parties
Any purpose other than providing the Service to you

4.1 Third-Party AI Providers

To generate draft scripts and audio, we transmit your documents and approved scripts to third-party AI providers:

Provider	Purpose	Data Shared
Google Cloud Vertex AI	Script generation	Uploaded documents, processing instructions
OpenAI	Audio generation	Attorney-approved scripts, audio-generation instructions

These providers:

State in their published API and cloud service terms that customer API data is not used for model training by default or without customer permission/instruction
May retain limited data for abuse monitoring, security logging, session state, caching, or related service operations as described in their documentation and service terms
Process data under their API and cloud service terms rather than consumer chatbot terms

4.2 Infrastructure Providers

Provider	Purpose
Amazon Web Services (AWS)	Application hosting, managed PostgreSQL (RDS), object storage, encryption
Cloudflare	Marketing site hosting, DNS, CDN, edge functions
PostHog	Website and product analytics, feature usage tracking, error monitoring
Resend	Transactional email delivery (magic links, account notifications)

4.3 Payment Processing

Provider	Purpose
Stripe	Payment processing, subscription billing, invoices, and checkout flows

We use Stripe to handle billing. Stripe receives only the information necessary to process your payments, such as billing contact details, subscription selections, and transaction metadata. We do not store full payment card numbers.

4.4 Legal Requirements

We may disclose information if required by law, regulation, legal process, or governmental request, or to protect the rights, safety, or property of Zarlu, our users, or the public.

4.5 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred. We will notify you before your information becomes subject to a different privacy policy.

We may share information with your explicit consent for purposes not described in this policy.

5. Data Storage and Security

5.1 Where We Store Data

Your data is stored on Amazon Web Services in the United States (Northern Virginia / us-east-1).

5.2 Security Measures

We implement commercially reasonable security measures including:

Encryption in transit using TLS 1.3
Encryption at rest for all documents, scripts, and audio files
Role-based access controls within your firm’s account
Audit logging of all content generation, editing, approval, and sharing events
Secure sharing via expiring, revocable links
Access controls requiring authentication for all Service operations

For more detail, see our Security page.

5.3 No Absolute Guarantee

While we use commercially reasonable safeguards, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.

6. Data Retention

6.1 Prospective Customer Data (Sales Outreach)

Contact information obtained from third-party sources for sales outreach is retained as follows:

Active outreach: Data is retained in our outreach platforms while a campaign is active.
Post-campaign: Contacts who do not respond are deleted from our outreach platforms within 6 months of the final outreach attempt.
Suppression list: If you opt out of communications, we retain your email address on our suppression list indefinitely to ensure we do not contact you again. No other data is retained on the suppression list.
Deletion requests: If you request deletion of your data, we delete it from our outreach platforms within 30 days. We retain only your email address on our suppression list to prevent future contact, unless you instruct us otherwise.

6.2 Your Content

We retain your documents, scripts, and audio files for as long as your account is active or as needed to provide the Service. You may delete content at any time through the Service.

6.3 Account Information

We retain account information for as long as your account is active. After account termination, we retain basic records as necessary for legal, accounting, and compliance purposes.

6.4 Usage and Log Data

Aggregate usage data may be retained indefinitely for analytics purposes. Individual log data is retained for a reasonable period for security and debugging purposes.

6.5 After Termination

Upon account termination, you may request export of your content during a reasonable export window. After the export period, we delete your content from active systems. Backup deletion follows our standard backup rotation schedule.

7. Your Rights and Choices

7.1 Access and Portability

You may access, export, or download your content at any time through the Service.

7.2 Correction

You may update your account information at any time through the Service settings.

7.3 Deletion

You may delete individual content items at any time. You may also request complete account deletion by contacting us at [email protected].

7.4 Communication Preferences

You may opt out of non-essential communications. Service-related notices (such as billing confirmations and security alerts) cannot be opted out of while your account is active.

7.5 Do Not Track

Browser Do Not Track signals are not consistently supported across the web, so our services may not respond to them in all cases. You can control cookies and similar technologies through your browser or device settings.

8. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act and the California Privacy Rights Act. These rights apply whether you are a LawyerAudio account holder or a prospective customer who received a commercial email from us.

8.1 Right to Know

You may request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources, the business purposes for collection, and the categories of third parties with whom we share it.

8.2 Right to Delete

You may request deletion of your personal information, subject to certain exceptions (such as legal compliance requirements).

8.3 Right to Correct

You may request correction of inaccurate personal information.

We do not sell your personal information. We do not share your personal information for cross-context behavioral advertising.

8.5 Right to Non-Discrimination

We will not discriminate against you for exercising your privacy rights.

8.6 Exercising Your Rights

To exercise these rights, contact us at [email protected]. We will verify your identity before processing your request. You may also designate an authorized agent to make a request on your behalf.

8.7 Categories of Information

For the purposes of the CCPA/CPRA, we collect the following categories of personal information:

Identifiers — name, email address, phone number, IP address
Commercial information — subscription plan, billing history
Internet or electronic network activity — usage data, log data
Professional information — firm name, practice area, job title
Inferences — none; we do not create consumer profiles

For prospective customers contacted via sales outreach, we collect identifiers (name, business email, phone number) and professional information (firm name, practice area, job title) from third-party business data providers. We do not collect commercial information, internet activity, or usage data about prospective customers.

9. Other State Privacy Laws

We comply with applicable state privacy laws, including those in Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Delaware, Iowa, Maryland, Minnesota, Nebraska, New Hampshire, New Jersey, Tennessee, and other states with consumer privacy legislation. If you are a resident of one of these states, you may have similar rights to those described in Section 8, whether you are a LawyerAudio account holder or a prospective customer who received a commercial email from us. Contact us at [email protected] to exercise your rights.

10. Children’s Privacy

The Service is not directed to individuals under 18. We do not knowingly collect personal information from children. If you believe we have collected information from a child, contact us at [email protected] and we will promptly delete it.

11. International Users

The Service is hosted and operated in the United States. If you access the Service from outside the United States, your information will be transferred to and processed in the United States. By using the Service, you consent to this transfer.

12. Third-Party Links

The Service may contain links to third-party websites or services. We are not responsible for their privacy practices. We encourage you to review the privacy policies of any third-party services you access.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or through the Service at least 30 days before they take effect. Your continued use of the Service after the effective date constitutes acceptance of the updated policy.

The “Last updated” date at the top of this page indicates when this policy was most recently revised.

14. Data Protection Contact

For privacy-related inquiries, data subject requests, or complaints:

Zarlu, Inc. Email: [email protected]

We aim to respond to all privacy inquiries within 30 days.