Privacy Policy
Last updated: 2026-07-12
TODO LEGAL REVIEW: This policy is an engineering draft describing implemented behavior. It must be reviewed by qualified counsel before Matterline is offered to real clients.
What Matterline is
Matterline organizes information you paste into a structured, reviewable timeline for employment-law matters. It does not provide legal advice, determine whether a claim is valid, predict outcomes, or replace attorney judgment.
Information we process
Account data: your email and name, handled by our authentication provider (Supabase). Matter data: the notes you paste to build a timeline, and the structured timelines you choose to save.
How pasted notes are handled
In the current version, pasted notes are processed in memory to generate a timeline and are not stored in our database unless you explicitly save the resulting analysis. We do not retain the raw text after the analysis is generated. See the Security Overview and AI Usage pages for details.
AI processing
To build a timeline, the notes you submit are sent from our server to Google's Gemini API for that single request. We do not send your notes to any other third party. See Subprocessors.
What we log
We keep an audit log of actions and identifiers (for example, "analysis completed" with a matter id). Audit logs never contain your pasted notes, client or employer names, allegations, medical information, quotes, or generated timeline content.
Deletion
You can delete an individual analysis, an entire matter, your account, or your firm workspace. Deletion removes the associated saved records; a confirmation is written to the audit log without preserving the deleted content. Deleted matters may be held for a short, firm-configurable recovery period before permanent deletion.
What we do not claim
Matterline does not currently claim SOC 2 or ISO 27001 certification, HIPAA compliance, guaranteed attorney-client privilege, zero data retention, or complete confidentiality. Use fictional, anonymized, or redacted information during early testing.
TODO LEGAL REVIEW: Add data-subject rights, retention specifics per jurisdiction, contact/DPO details, and breach-notification commitments before production.