Privacy Policy
Effective Date: April 17, 2026
Last Updated: April 17, 2026
1. Introduction
This Privacy Policy describes how Charles W. Daff, an individual doing business as KPI Scribe (“we,” “us,” or “our”), collects, uses, stores, and protects information in connection with the KPI Scribe web application available at www.kpiscribe.com (the “Service”).
KPI Scribe provides key performance indicator dashboards and reports for law firms that use Clio Manage. We understand that the data we process may include information subject to attorney-client privilege and other confidentiality obligations. This Privacy Policy is written to give you a clear, complete account of our data practices.
If you have questions about this Privacy Policy, contact us at support@kpiscribe.com.
2. Our Role: When We Are a “Business” and When We Are a “Service Provider”
We serve two distinct roles under the California Consumer Privacy Act (CCPA), and we want to be transparent about both.
As a Business. For account-level data that you provide directly to us (your email address and password), we are the “business” under the CCPA. We determine the purposes and means of processing this data.
As a Service Provider. For Clio Data synced from your Firm's Clio Manage account (including, but not limited to, matters, activities, bills, contacts, users, allocations, bank transactions, practice areas, and bank account information), we act as a “service provider” under the CCPA. We process this data solely on your behalf and at your direction to provide the Service. We do not sell this data, share it for cross-context behavioral advertising, or retain or use it for any purpose other than providing the Service, except for the creation of aggregated and anonymized data as described in Section 8.
3. Information We Collect
3.1 Information You Provide Directly
Account Registration. When you create an account, we collect your email address and password. Your password is hashed using bcrypt before storage and is never stored in plaintext. We do not collect your name, firm name, phone number, or other personal information at signup.
Custom Report Descriptions. When you create a custom report, we collect the natural-language description you provide. This description is sent to our AI provider to generate a database query (see Section 6).
Communications. If you contact us for support or provide feedback, we collect the contents of those communications.
3.2 Information Synced from Clio Manage
When you connect your Clio Manage account, the Service syncs data via Clio's API, including the following categories:
| Data Category | Examples of Fields |
|---|---|
| Matters | Case number, description, status, open/close dates, responsible attorney, client reference |
| Activities | Time entries, expense entries: hours, rates, descriptions, associated matter |
| Bills | Invoice number, subject, status, amounts (due, paid, outstanding) |
| Contacts | Client names, contact type |
| Users | Attorney and staff names, email addresses, billing rates, roles |
| Allocations | Payments applied to specific bills |
| Bank Transactions | Trust account deposits, disbursements, amounts, descriptions |
| Practice Areas | Practice area names and categories |
| Bank Accounts | Account names, types (trust/operating), balances |
This data may include information subject to attorney-client privilege. See Section 7 for how we handle privileged information.
The scope of data synced depends on the permissions you grant through Clio's OAuth authorization flow. We do not modify, delete, or otherwise alter your Firm's data in Clio.
3.3 Information Collected Automatically
Server Logs and Error Monitoring. We use Sentry for server-side error monitoring. When an error occurs, Sentry receives the error stack trace and a Firm identifier. Error payloads are not designed to contain personally identifiable information, though error diagnostic data may occasionally include technical context related to the operation that triggered the error.
Basic Analytics. We use Vercel's built-in analytics on www.kpiscribe.com. This collects page-view data (pages visited, referrer, country-level location). Vercel Analytics is first-party, does not set cookies, and does not track individual users across sessions. The marketing site does not collect any personal information unless you voluntarily submit your email address through a contact or signup form.
5. How We Use Information
We use the information we collect for the following purposes:
Providing the Service. Syncing and storing your Clio Data, generating dashboards and reports, executing AI-generated queries, and managing your account.
Authentication and Security. Verifying your identity, maintaining session security, enforcing row-level data isolation, and verifying webhook authenticity.
Transactional Communications. Sending email confirmations, password reset emails, and team member invitations via our email provider (Resend).
Subscription Management. Processing payments and managing subscription status through Stripe.
Error Monitoring and Debugging. Identifying and resolving technical issues through Sentry.
Product Improvement. Understanding how the Service is used through aggregated, anonymized usage patterns to improve functionality and performance.
We do not use your data for advertising, marketing to third parties, or any purpose unrelated to providing and improving the Service.
6. AI Processing
6.1 How AI Works in KPI Scribe
The Service uses Anthropic's Claude (an AI system) to power the custom report builder. When you describe a report in plain language, the AI generates a database query and chart configuration.
6.2 What the AI Receives
When you use the custom report builder, the AI receives your natural-language report description, prior messages in the report-building conversation, and a system prompt containing the database schema (structure only), query instructions, example patterns, and basic firm configuration settings (such as available billing hours per month) necessary for metric calculations.
The AI does not receive, access, or process your Firm's actual data. No client names, matter details, financial figures, or other record-level information. The AI generates a SQL query, and the Service then executes that query against your data in a sandboxed, read-only database environment.
6.3 No AI Training
As described in Section 6.2, your Firm's actual data is never transmitted to any AI provider. Only your natural-language report descriptions, conversation context, the database schema, and basic configuration settings are sent. Anthropic's current commercial API terms prohibit the use of API inputs and outputs for model training.
7. Attorney-Client Privilege and Confidential Information
We recognize that Clio Data synced to the Service may include information protected by attorney-client privilege, the work product doctrine, or other confidentiality obligations.
We treat all Clio Data as confidential. We do not review, access, or disclose individual Firm data except as necessary to operate the Service, respond to support requests you initiate, or comply with legal obligations.
Service provider access does not waive privilege. Your disclosure of data to us as a service provider, for the purpose of receiving data processing and reporting services, is analogous to disclosures law firms routinely make to practice management platforms, document management systems, cloud storage providers, and e-discovery vendors. This access is functional and necessary to provide the Service, and is not intended to waive any privilege or protection.
You are responsible for determining whether your Firm's use of the Service complies with applicable rules of professional conduct, confidentiality obligations, and client agreements. Nothing in this Privacy Policy constitutes legal advice regarding the effect of using the Service on any privilege or protection.
8. Aggregated and Anonymized Data
We may create aggregated and anonymized datasets derived from use of the Service for product improvement and to develop optional benchmarking features. This data is subject to the following constraints:
- Fully anonymized: No individual Firm, user, client, or matter is identifiable.
- Aggregated across Firms: Data points are combined from multiple Firms; single-Firm metrics are never exposed.
- Numerical metrics only: Only performance metrics (e.g., utilization rates, realization rates, collection rates) are included. Client names, matter descriptions, time entry narratives, and other content-level data are never included in aggregated datasets.
- Not sold or shared: Aggregated data is used solely for internal product improvement and for optional in-product benchmarking features available to subscribers. It is not sold to or shared with third parties.
9. Third-Party Service Providers
We use the following third-party service providers to operate the Service. Each provider receives only the data necessary to perform its function:
| Provider | Purpose | Data Received |
|---|---|---|
| Supabase | Database hosting (PostgreSQL), user authentication | All application data, user email addresses, hashed passwords, synced Clio Data |
| Vercel | Application hosting, serverless functions, page-view analytics | Request/response data in the course of hosting; first-party page-view analytics (no individual user tracking) |
| Anthropic | AI-powered report generation (Claude API) | Report descriptions, conversation context, database schema, and basic firm configuration. Never actual Firm data |
| Stripe | Payment processing | Firm name and subscription metadata; no Clio Data, no user email addresses |
| Resend | Transactional email delivery | User email addresses for account confirmation, password reset, and team invitations |
| Sentry | Server-side error monitoring | Error stack traces, Firm identifiers; error payloads are not designed to contain user PII |
All third-party providers are US-based or operate US-region infrastructure. We require our service providers to maintain appropriate security measures and to use your data only for the purposes of providing their services to us.
10. Data Security
We implement the following security measures to protect your data:
- Encryption at rest: All stored data is protected by AES-256 encryption at the infrastructure level.
- Encryption in transit: All data transmitted between your browser, our servers, and third-party providers is encrypted using TLS 1.2 or higher.
- OAuth token encryption: Clio OAuth tokens are encrypted at the application level using AES-256-GCM with per-token random initialization vectors before storage. The encryption key is a server-side environment variable inaccessible to client-side code.
- Multi-tenant isolation: Every data table includes a Firm identifier column, and Row-Level Security (RLS) is enforced at the PostgreSQL database level. No query, including administrative queries, can access another Firm's data.
- Sandboxed AI query execution: AI-generated database queries run through a dedicated PostgreSQL role with SELECT-only permissions on analytics data tables. This role has no access to OAuth tokens, billing data, or user management records.
- Webhook verification: All incoming Clio webhooks are verified using HMAC-SHA256 signatures before processing.
- Password security: Passwords are hashed using bcrypt and are never stored or transmitted in plaintext.
No method of electronic storage or transmission is 100% secure. While we implement commercially reasonable measures, we cannot guarantee absolute security. For more detail on our security practices, see our Security page.
11. Data Retention and Deletion
| Event | What Happens | Timeline |
|---|---|---|
| Active account | Clio Data is synced and updated continuously | Ongoing |
| Clio disconnection | All synced Clio Data is permanently deleted; account data (email, subscription) is retained | Immediate |
| Subscription cancellation | Reports remain accessible in read-only mode; synced data is no longer updated. Clio Data and reports are retained indefinitely pending reactivation, Clio disconnect, or account deletion | No automatic deletion |
| Clio delete notification | The specific record identified by Clio is permanently removed | Immediate |
| Account deletion request | Access is revoked immediately. The account enters a 30-day recovery window during which the firm owner may cancel deletion and restore access. After the recovery window, all account data and associated Clio Data are permanently deleted | Within 30 days of request |
All deletions are hard deletes. Data is removed from the database, not merely flagged as inactive.
12. Disclosure Required by Law
We may disclose your information, including Clio Data, if required to do so by law or in response to valid legal process, including a subpoena, court order, or search warrant. We may also disclose information if we believe in good faith that disclosure is necessary to: (a) comply with applicable law or legal obligations; (b) protect and defend our rights or property; (c) protect the safety of any person; or (d) protect against legal liability.
If we receive legal process seeking disclosure of a Firm's Clio Data, we will notify the affected Firm before disclosure unless we are legally prohibited from doing so, to allow the Firm the opportunity to seek a protective order or other appropriate remedy.
13. Your Rights Under the CCPA
If you are a California resident, you have the following rights with respect to the personal information for which we act as a business (your email address and account data):
Right to Know. You may request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources from which it was collected, the purposes for collection, and the categories of third parties with whom it has been shared.
Right to Delete. You may request deletion of your personal information. We will comply, subject to applicable exceptions under the CCPA.
Right to Correct. You may request correction of inaccurate personal information.
Right to Non-Discrimination. We will not discriminate against you for exercising your CCPA rights.
Exercising Your Rights. To submit a CCPA request, contact us at support@kpiscribe.com. We will verify your identity before processing your request. We will respond within 45 days, with a possible 45-day extension if necessary.
Clio Data. For Clio Data that we process as a service provider on behalf of your Firm, CCPA requests from individuals whose personal information is contained within that data (e.g., clients whose names appear in matters) should be directed to your Firm. We will assist your Firm in responding to such requests.
No Sale of Personal Information. We do not sell personal information as defined by the CCPA. We do not share personal information for cross-context behavioral advertising.
14. Do Not Track
The Service does not respond to Do Not Track browser signals. We do not track individual users across third-party websites or online services.
15. Data Transfers
All data is stored and processed in the United States. The Service is currently available only to US-based firms. If we expand to additional regions in the future, we will update this Privacy Policy accordingly.
16. Children's Privacy
The Service is designed for use by law firms and legal professionals. It is not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we learn that we have collected personal information from an individual under 18, we will delete that information promptly.
17. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or through the Service at least 30 days before the changes take effect. Your continued use of the Service after the effective date of the revised Privacy Policy constitutes your acceptance of the changes.
The “Last Updated” date at the top of this policy reflects the most recent revision.
18. Contact
If you have questions about this Privacy Policy or our data practices, contact us at:
Charles W. DaffKPI Scribe
Email: support@kpiscribe.com