Legal

Privacy Policy

This policy explains how CounselFlow collects, uses, stores, and protects your personal data.

Last updated: March 2026

1. Who we are

CounselFlow is a practice lifecycle management platform designed for barristers practising in Ireland. When we refer to “CounselFlow”, “we”, “us”, or “our” in this policy, we mean the entity responsible for operating the CounselFlow platform and processing your data.

2. Data we collect

We collect the following categories of personal data:

  • Account information: name, email address, and authentication credentials when you create an account.
  • Application data: information you provide when applying for early access, including practice area, professional title, years of call, how you manage tasks/events/fees/documents, location, and free-text responses.
  • Practice data: case details, party names, contact information, task descriptions, event details, fee records, payment notes, and documents you create within the platform.
  • Financial identifiers: VAT number, BIC, and IBAN, used for fee note generation and payment tracking.
  • Usage data: anonymised analytics about how you interact with the platform, used to improve the product.

3. How we use your data

  • To provide and maintain the CounselFlow platform and its features.
  • To authenticate your identity and secure your account.
  • To process your early access or waitlist application.
  • To generate documents, fee notes, and reports on your behalf.
  • To send you service-related communications (account notifications, security alerts).
  • To improve the platform based on aggregated, anonymised usage patterns.

We do not sell your personal data. We do not use your practice data for advertising or marketing to third parties.

4. Legal basis for processing

We process your data on the following legal bases under GDPR:

  • Contract: processing necessary to provide the service you have signed up for.
  • Legitimate interest: improving the platform, preventing fraud, and ensuring security.
  • Consent: where you have opted in to communications beyond essential service messages.

5. Data storage and security

All production data is stored in the EU. For full details on our encryption controls, infrastructure compliance, and account security measures, see our Security page.

Key protections include:

  • HTTPS/TLS encryption for all data in transit.
  • AES-256 encryption at rest via our infrastructure provider.
  • Application-layer encryption for all sensitive data fields using dedicated encryption keys.
  • Two-factor authentication, rate limiting, and bot protection.

6. Data sharing

We do not share your personal data with third parties except in the following limited circumstances:

  • Infrastructure providers: Supabase (database hosting) and AWS (cloud infrastructure), both of which process data on our behalf under appropriate data processing agreements.
  • Legal obligation: where we are required to disclose data by law or valid legal process.

We do not use your practice data for AI model training, advertising, or any purpose beyond providing the CounselFlow service to you.

7. Data retention

Your data is retained for as long as your account is active. If you close your account, your data is retained for 90 days to allow for recovery, then permanently deleted.

Waitlist and early access application data is retained until launch or until you request its removal, whichever is sooner.

8. Your rights

Under GDPR, you have the right to:

  • Access your personal data and obtain a copy.
  • Rectify inaccurate or incomplete data.
  • Request erasure of your data.
  • Restrict or object to certain processing.
  • Data portability — receive your data in a structured, machine-readable format.
  • Withdraw consent at any time where processing is based on consent.

To exercise any of these rights, contact us through the platform or via email.

9. Cookies and analytics

CounselFlow uses essential cookies required for authentication and session management. We use anonymised analytics to understand how the platform is used. We do not use third-party advertising cookies or trackers.

10. Changes to this policy

We may update this privacy policy from time to time. Material changes will be communicated via the platform or by email. Continued use of CounselFlow after changes constitutes acceptance of the updated policy.

11. Contact

If you have questions about this privacy policy or how your data is handled, please contact us through the CounselFlow platform.