Robot Robot and Human
Terms of Service

Privacy Policy

Effective Date: February 12, 2026 | Last Updated: February 12, 2026

Robot Robot & Human, LLC (“we,” “us,” “our,” or “Company”) operates the Robot Robot and Human platform (the “Service”), an AI-powered legal document analysis and case management platform. This Privacy Policy describes how we collect, use, disclose, and protect your information when you use our Service.

Contact Information

Robot Robot & Human, LLC
169 Madison Ave STE 55306
New York, NY 10016
Email: legal@robotrobotandhuman.com

1. Information We Collect
1.1 Account Information

When you register for an account, we collect:

  • Full name
  • Email address
  • Password (stored in encrypted/hashed form; we never store plaintext passwords)
  • Phone number (optional)
  • Bar number or attorney credentials (optional)
  • Law firm or organization name
  • Role within your organization
1.2 Organizational Information

For organization accounts, we collect:

  • Organization name
  • Business domain
  • Billing contact information
  • Subscription plan details
  • Team member information (names, emails, roles)
1.3 Payment Information

We process payments through Stripe, Inc., our third-party payment processor. We do not directly store complete credit card numbers or banking information on our servers. We may store: the last four digits of your payment card (for display purposes), billing address, and transaction history.

1.4 Legal Documents and Case Data

When you use our Service, you may upload:

  • Legal documents (PDFs, Word documents, images, text files)
  • Case information and metadata
  • Discovery materials
  • Deposition transcripts
  • Court filings and pleadings
  • Client-related information
1.5 Derived and AI-Generated Data

In the course of providing the Service, we generate and store the following derived data from your uploads:

  • Extracted text: Text content extracted from documents via OCR (optical character recognition)
  • Vector embeddings: Mathematical representations of your document content used for semantic search functionality. Embeddings are not intended to be human-readable. However, like any derived representation, embeddings may still reflect information about the underlying text.
  • AI-generated analyses: Contradictions, insights, discovery gaps, deposition strategies, and other analytical outputs produced by AI processing of your documents
  • Document metadata: File type, size, page count, Bates numbers, classification, and processing status

Derived data associated with a document is deleted from our active systems when you delete the source document, subject to limited retention for backups, security, compliance, and billing/usage records (which are retained without your document content where feasible).

1.6 Usage Data

We automatically collect:

  • Log data (IP address, browser type, access times, pages viewed)
  • Device information
  • Feature usage patterns (which tools used and frequency)
  • Search queries within the platform
  • AI interaction logs (questions asked, model used, tokens consumed, and request metadata; we minimize stored content and generally do not store full prompts/responses unless enabled for debugging or required for security, compliance, or billing purposes
  • Document access history (who viewed/downloaded documents and when)
1.7 Cookies and Similar Technologies

We use cookies and similar technologies for the following purposes:

  • Authentication cookies: To maintain your login session
  • Security cookies: Used for CSRF (Cross-Site Request Forgery) protection
  • Preference cookies: To remember your settings and preferences
2. How We Use Your Information
2.1 Service Delivery

We use your information to: provide and maintain the Service; process and analyze your legal documents via OCR and AI processing; generate AI-powered insights, contradictions, and recommendations; create vector embeddings to enable document search and discovery features; facilitate team collaboration within your organization; process payments and manage subscriptions; and send transactional communications (password resets, account notifications, usage alerts).

2.2 Service Improvement

We use aggregated, anonymized data to: improve system performance and reliability, enhance user experience, develop new features, fix bugs and technical issues, and monitor system health. We do not use your individual documents or case data for product development purposes.

2.3 Audit and Compliance

We maintain audit logs of user and administrator actions to: ensure the security and integrity of the Service, investigate potential security incidents or Terms of Service violations, comply with legal obligations, and provide transparency about who has accessed your data.

3. AI Processing and Third-Party Services
NO TRAINING ON YOUR DOCUMENT CONTENT

We do not use your documents or case content to train our own models. We use AI providers and API tiers that are intended not to use API-submitted data for training their general-purpose models. Providers may retain data for limited periods for abuse monitoring and service integrity as described in their terms.

3.1 AI Service Providers

We use the following AI service providers to process your documents:

OpenAI

Used for document analysis, text extraction, and insights generation. We use API tiers intended not to use API-submitted data for training of general-purpose models, subject to OpenAI's terms and any retention for abuse monitoring and service integrity.

Anthropic (Claude)

Used for document analysis, contradiction detection, and case insights. Per Anthropic's Commercial terms for API services, API-submitted data is intended not to be used for training of general-purpose models, subject to any retention for abuse monitoring and service integrity.

Google (Gemini)

Used for large document processing and extended context analysis. We use Commercial/API tiers intended not to use API-submitted data for training of general-purpose models, subject to provider terms and any retention for abuse monitoring and service integrity.

OpenRouter

Used as an AI model routing and aggregation service to direct requests to the appropriate AI provider. OpenRouter acts as an intermediary. Requests routed through intermediaries remain subject to intermediary and underlying provider terms, including any retention for abuse monitoring and service integrity.

3.2 Document Processing Pipeline

When you upload a document, it undergoes the following automated processing:

  1. Upload and Storage: Your document is uploaded to secure storage (typically AWS S3 in production) either via secure, time-limited presigned URLs or through our API depending on configuration
  2. Text Extraction (OCR): An automated worker service downloads your document from S3, extracts text content using optical character recognition, and stores the extracted text in our database
  3. Embedding Generation: The extracted text is divided into semantic chunks and sent to AI providers to generate vector embeddings, which are stored in our database for search functionality
  4. AI Analysis: Document text is sent to AI providers (via secure API connections) for analysis, generating insights, contradictions, discovery suggestions, and other analytical outputs

Our primary infrastructure is located in the United States. Document text is transmitted to AI providers only via encrypted API connections and is not intended to be used for model training; however, providers may retain data for a limited time for abuse monitoring and service integrity, and some processing may occur outside the United States depending on provider configuration and operations.

3.3 Complete Sub-Processor List

The following third-party service providers (sub-processors) may process your data in connection with the Service:

ProviderPurposeData Accessed
AWS (Amazon Web Services)Application hosting (ECS Fargate), document storage (S3), secrets management, logging (CloudWatch)All application data, documents, logs
DatadogApplication performance monitoring (APM) and observability (as configured)Service telemetry and operational metadata (may include request metadata such as IP address, user agent, and URLs; configured to minimize sensitive content)
CockroachDB CloudDatabase hostingAll structured data (accounts, cases, metadata, extracted text, embeddings)
OpenAIAI document analysis and embeddingsDocument text submitted for analysis and embeddings (retention governed by provider terms)
AnthropicAI document analysisDocument text submitted for analysis (retention governed by provider terms)
Google (Gemini)AI large-context document analysisDocument text submitted for analysis (retention governed by provider terms)
OpenRouterAI model routingDocument text routed to underlying providers (retention governed by intermediary/provider terms)
StripePayment processingBilling information, payment card details, transaction history
SendGrid (Twilio)Transactional emailEmail addresses, email content (invitations, password resets, notifications)
CloudflareDNS management and CDNNetwork traffic metadata, IP addresses

All sub-processors are bound by contractual obligations regarding the confidentiality and security of your data. We will update this list if we add new sub-processors and will provide notice of material changes.

4. Data Storage and Security
4.1 Geographic Location

Our primary infrastructure is located in the United States (including AWS US-East-1 with a disaster recovery environment in AWS US-West-2). Depending on configuration and the operation of our sub-processors, some processing may occur outside the United States. By using the Service, you understand that your information may be transferred to and processed in jurisdictions other than your own.

4.2 Encryption
  • Data in transit: TLS 1.2+ encryption for all connections
  • Data at rest: AES-256 encryption for documents stored in AWS S3 where enabled, and encryption-at-rest controls provided by our infrastructure and database hosting providers
  • Secrets management: API keys, database credentials, and other sensitive configuration are stored in AWS Secrets Manager (encrypted, access-controlled)
4.3 Security Measures

We implement commercially reasonable security measures including: role-based access controls and least-privilege principles, audit logging of all data access events, automated monitoring and alerting for anomalous activity, secure credential storage (hashed passwords, encrypted secrets), time-limited presigned URLs for document access, and logical data isolation between organizations.

No method of electronic transmission or storage is 100% secure. While we use commercially reasonable measures to protect your data, we cannot guarantee absolute security.

5. Data Retention
5.1 Active Accounts

We retain your data for as long as your account remains active and as needed to provide the Service. Documents and case data are retained indefinitely unless you delete them.

5.2 Deleted Content

When you delete a case, it may enter a soft-delete (archive) period during which the case may be recoverable by contacting support. When you delete a document, we delete the document file from our active storage systems and delete associated extracted text, vector embeddings, and AI-generated analyses from our active databases. We also take steps to scrub operational AI interaction logs of document content where feasible while retaining non-content metadata (e.g., token counts, model used) for security, reliability, and billing/usage tracking. Deletions may not immediately remove information from backups or disaster recovery replicas, which are retained for limited periods for security and continuity. We recommend downloading any documents you wish to retain before deleting them from the Service.

5.3 Account Closure

Upon account closure or written request to legal@robotrobotandhuman.com, we will delete your account and associated data within thirty (30) days and confirm deletion in writing. You may request an export of your data before deletion (see our Terms of Service, Section 13).

5.4 Post-Deletion Retention

The following records are retained beyond account deletion:

  • Audit logs: Retained for ninety (90) days after account deletion for compliance and security purposes
  • Billing records: Retained for seven (7) years as required by tax and accounting regulations
  • Legal hold data: If your data is subject to a valid legal hold, preservation order, or pending litigation, we may retain it beyond the standard deletion period as required by law
6. Information Sharing and Disclosure
We Do Not Sell Your Data

We do not sell, rent, or trade your personal information, legal documents, or any user data to third parties. We have never sold user data and have no plans to do so.

6.1 Service Providers (Sub-Processors)

We share data with the sub-processors listed in Section 3.3, solely for the purpose of providing the Service. All sub-processors are bound by contractual confidentiality and data protection obligations.

6.2 Within Your Organization

Your organizational administrators may access: user account information (names, emails, roles), usage statistics, and documents shared within the organization in accordance with role-based permissions.

6.3 Legal Requirements

We may disclose information when required by: valid court orders or subpoenas, legal process or government requests, to protect our rights, property, or safety or that of others, or in emergencies to protect the safety of any person. We will make commercially reasonable efforts to notify you before disclosing your data in response to legal process, unless prohibited by law or court order from doing so.

6.4 Business Transfers

In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or substantially all of our assets, your data may be transferred to the acquiring entity. We will notify you before your data becomes subject to a different privacy policy.

7. Your Rights and Choices

You have the right to:

  • Access: View and download your account information, documents, and data through the Service
  • Correction: Update or correct your account information at any time
  • Export: Download your uploaded documents and request export of your data (see our Terms of Service, Section 13 for details on export availability)
  • Deletion: Request deletion of your account and all associated data
  • Opt-out: Opt out of marketing communications at any time by clicking “unsubscribe” in emails or contacting us

To exercise any of these rights, contact us at legal@robotrobotandhuman.com. We will respond to all requests within thirty (30) days.

8. Attorney-Client Privilege and Confidentiality

We understand the sensitive and privileged nature of legal documents. Your use of the Service does not waive attorney-client privilege or work product protection. We treat all uploaded documents and case data as confidential information.

Platform administrators may access your documents and data only for the limited purposes described in our Terms of Service (Section 7.1): technical support (upon your request), debugging and resolving technical issues, investigating potential security incidents, and complying with valid legal requirements. All such access is logged in our application logging infrastructure with the administrator's identity, the action taken, and a timestamp.

Platform administrators are prohibited from disclosing your confidential information to unauthorized persons, sharing your data with other organizations, or accessing your data for non-operational purposes.

9. Data Breach Notification

In the event of a confirmed data breach that affects your personal information or uploaded documents, we will:

  • Notify affected users and/or customer administrators without unreasonable delay after confirming the breach, and as otherwise required by applicable state or federal law
  • Provide a description of the nature of the breach and the types of data involved
  • Describe the measures we are taking or have taken to address the breach and mitigate potential harm
  • Provide contact information for questions and recommended steps you can take to protect yourself
  • Notify relevant regulatory authorities as required by applicable law
10. Cookies and Tracking Technologies

The Service uses the following types of cookies and similar technologies:

  • Essential cookies: Required for authentication, session management, and core Service functionality. These include authentication tokens stored in the browser. These cannot be disabled without breaking the Service.

We do not use third-party advertising trackers, cross-site tracking cookies, or behavioral advertising technologies. We do not serve advertisements within the Service.

11. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have the following additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

  • Right to Know: You may request information about the categories and specific pieces of personal information we have collected about you
  • Right to Delete: You may request that we delete your personal information, subject to certain exceptions
  • Right to Opt-Out of Sale: We do not sell your personal information. We have never sold personal information and have no plans to do so
  • Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA/CPRA rights
  • Right to Correct: You may request correction of inaccurate personal information
  • Right to Limit Use of Sensitive Information: You may request that we limit our use of your sensitive personal information to purposes necessary for providing the Service

To exercise these rights, contact us at legal@robotrobotandhuman.com with the subject line “CCPA Request.” We will verify your identity before fulfilling requests and respond within forty-five (45) days.

11.1 Other U.S. State Privacy Rights

Residents of certain U.S. states may have additional rights under state privacy laws (for example, the right to access, delete, correct, or obtain a copy of personal information, and to opt out of certain processing activities). We will honor applicable requests as required by law. To submit a request, email legal@robotrobotandhuman.com with the subject line “State Privacy Request.”

12. Children's Privacy

The Service is not intended for individuals under 18 years of age. We do not knowingly collect information from children under 18. If we discover that we have inadvertently collected such information, we will delete it promptly. If you believe that a child under 18 has provided us with personal information, please contact us at legal@robotrobotandhuman.com.

13. International Users

The Service is currently offered only to users in the United States. All data is stored and processed primarily in the United States, subject to our sub-processors and configuration (see Section 4.1). We do not intentionally market the Service to users outside the U.S. If you access the Service from outside the U.S., you understand that your information may be transferred to and processed in the United States and other jurisdictions, and you are responsible for compliance with local data protection laws.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by: posting the updated policy on our website with a revised “Last Updated” date, sending email notification for significant changes to the address associated with your account, and providing at least thirty (30) days' notice before material changes take effect. Your continued use of the Service after the effective date of changes constitutes acceptance of the updated policy. If you do not agree to the changes, you must stop using the Service.

15. Contact Us

For questions, concerns, or requests regarding this Privacy Policy:

Robot Robot & Human, LLC

169 Madison Ave STE 55306
New York, NY 10016
Email: legal@robotrobotandhuman.com
Privacy-specific inquiries: legal@robotrobotandhuman.com (subject line: “Privacy Inquiry”)

This Privacy Policy is effective as of February 12, 2026. Previous version: December 6, 2025.

Terms of ServiceBack to Home

© 2025–2026 Robot Robot and Human. All rights reserved.