Privacy Policy

We collect account information such as name, email address, team membership, role, authentication data, subscription status, and billing metadata. We also collect configuration data needed to operate the service, including encrypted Render API keys, encrypted Render service identifiers, encrypted Dropbox refresh tokens, and job metadata such as job type, timestamp, status, and payload summaries.

Stillroot Legal is designed so EDMS usernames and passwords remain in the client's Render account, not in the Stillroot Legal web app. Do not enter EDMS credentials into Stillroot Legal unless we explicitly provide a supported field for that purpose in the future. Worker jobs use the Iowa Courts eFiling or EDMS account configured by the client; Stillroot Legal does not create or provide those court-system credentials.

When a team owner connects Dropbox, Dropbox provides an OAuth refresh token that allows the service and configured worker services to access the authorized Dropbox account according to the scopes granted. When a team stores Render credentials, Stillroot Legal uses those credentials to trigger jobs and, when configured, sync Dropbox tokens into the client's Render worker services.

We use information to authenticate users, manage teams, process subscriptions, store configuration, trigger client-authorized jobs, show job history and activity logs, provide support, secure the service, and comply with legal obligations.

We use service providers to operate the service, including hosting, database, payments, email, Dropbox OAuth/API access, and Render API integrations. These providers process information as needed to deliver their services to us or to you.

Worker jobs run in the client's Render environment and commonly deliver downloaded documents to the client's Dropbox account. Stillroot Legal stores job metadata and activity history, but the current web app is not intended to be the system of record for case documents.

We do not sell personal information. We may share information with service providers, with your organization, when required by law, to protect rights and security, or in connection with a business transaction such as a merger, acquisition, or asset sale.

We retain account, billing, credential, activity, and job metadata for as long as needed to provide the service, comply with legal obligations, resolve disputes, and maintain business records. Credentials can be removed from the Credentials page where supported.

We use reasonable safeguards designed to protect information, including encryption for stored connection credentials. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.

Team owners can manage team members, credentials, Dropbox connections, and subscriptions through the dashboard where supported. You can revoke Dropbox access in Dropbox, rotate Render credentials in Render, and contact us for account or data requests.

The service is intended for professional use by law firms and is not directed to children.

We may update this Privacy Policy from time to time. The updated version will be posted on this page with a new effective date.

Questions about this Privacy Policy can be sent through the contact path on the site or to the support address provided during onboarding. See also our Terms of Service.