Privacy Policy

For account administration, website operation, marketing, security, billing, support, and direct communications, ElevenFlo generally acts as a controller or business.

For workspace content, uploaded documents, prompts, chat transcripts, matter-specific research, and organization-configured use of the Service, ElevenFlo generally acts as a processor or service provider on behalf of the customer organization, except where we process that data to secure the Service, comply with law, enforce our agreements, prevent abuse, or as otherwise described in an applicable Customer Agreement or data processing addendum.

If you use the Service through an organization, that organization may control your workspace, account settings, content, logs, connector grants, and retention choices.

The information we collect depends on how you interact with the Service. We group the categories below so you can see how AI-powered features, docket search, and account management work together.

We also obtain information from licensing databases, professional networking platforms, joint marketing partners, analytics providers, and single sign-on services when you opt to connect them to ElevenFlo. Because Public Record Data may originate from third-party or official sources, requests to correct, seal, restrict, or remove such information may need to be directed to the original court, claims agent, noticing agent, data provider, or source system.

We and our service providers use cookies, local storage, and pixel tags to remember your preferences, keep you signed in, and understand how visitors use the Service. You can adjust your browser or device settings to refuse cookies, but doing so may limit functionality. For more information about cookies, visit http://www.allaboutdnt.com.

We process personal information to operate, secure, and improve ElevenFlo. Key purposes include:

• Delivering AI chat, docket research, document analysis, search results, and account features.
• Providing customer support and communicating updates, security alerts, and administrative messages.
• Monitoring usage, billing token consumption, rate limits, and service capacity.
• Researching and improving product performance, including evaluation of new AI prompts and tools.
• Detecting, investigating, and preventing abuse, fraud, or security incidents.
• Complying with legal obligations, enforcing our agreements, and protecting the rights of ElevenFlo, our users, and others.

ElevenFlo does not use your prompts, conversation transcripts, uploaded documents, AI outputs, or workspace content to train ElevenFlo foundation models or third-party foundation models, unless your Customer Agreement or an opt-in control expressly permits a different use.

We may use aggregated, de-identified, or limited evaluation data to test retrieval quality, citation accuracy, prompt performance, latency, safety controls, and product functionality. We do not use that evaluation activity to train foundation models.

Different AI Features may use different Third-Party AI Providers, tools, regions, retention periods, safety-review processes, and data-use controls. Some providers may retain prompts, outputs, files, or related logs for limited periods for abuse monitoring, security, debugging, legal compliance, or feature persistence. Our provider configurations may vary by feature, plan, region, release status, and whether a feature uses web search, grounding, file storage, or external AI connectors.

We do not authorize Third-Party AI Providers to use your prompts, uploads, workspace content, or AI outputs to train foundation models, except where you expressly opt in or a Customer Agreement states otherwise. We may review prompts or outputs flagged by automated systems or reported by users for safety, abuse monitoring, security, support, debugging, legal compliance, and Terms enforcement.

ElevenFlo supports the Model Context Protocol (MCP), which allows you to authorize external AI assistants, such as Anthropic Claude, OpenAI ChatGPT, or compatible MCP clients, to access parts of your ElevenFlo account through an OAuth-secured session on your behalf.

When you approve an MCP connector, the AI assistant you authorize receives an access token tied to your ElevenFlo account and scoped to MCP access. We do not share your ElevenFlo password, session cookie, or payment data with the connector.

Requests made by the connector invoke ElevenFlo MCP tools, such as case search, docket browsing, document retrieval, document analysis, summary search, and related bankruptcy research tools. The connector may receive the same kinds of case, docket, filing, summary, and research data that you can access in ElevenFlo. Data returned to the connector is then handled under the third party's own terms and privacy policy.

We record MCP tool usage, credit reservations, ledger entries, usage-period balances, request metadata, timestamps, client identifiers, account identifiers, and error details as needed to provide the connector, enforce entitlements and rate limits, maintain audit trails, calculate usage, investigate errors, prevent abuse, and support billing or customer support.

You can view and revoke active AI connector grants from your ElevenFlo account settings. Revocation terminates the connector's active access tokens and refresh tokens and stops future access, but it does not retrieve or delete data already transmitted to the connector.

Expired or revoked OAuth artifacts, including authorization requests, authorization codes, access tokens, and refresh tokens, are automatically pruned after a short retention window. OAuth grant records may be retained as an audit trail so you and ElevenFlo can see which clients were authorized and when they were revoked.

ElevenFlo processes and returns data requested through MCP tools, but the third-party AI assistant controls its own reasoning, prompts, outputs, storage, display, retention, downstream processing, analysis, and presentation of results after receiving that data.

We share information only with parties that help us provide or protect the Service, or when required by law.

• Service providers. Cloud hosting, storage, analytics, customer support, payment, and email providers that act under our instructions.
• AI model providers. Anthropic (Claude models), Google LLC (Gemini models via the Google Generative AI API), and OpenAI LLC (web search tool) process your prompts and related context to generate responses.
• Infrastructure partners. Amazon Web Services, Inc. hosts our application infrastructure, encrypted document storage (S3), and managed Elasticsearch cluster that powers docket search.
• Professional advisors. Lawyers, auditors, bankers, and insurers assisting us with legal, financial, or compliance matters.
• Authorities. Law enforcement, regulators, and courts when required by law or needed to protect rights, safety, or security.
• Business transfers. Successors in interest during mergers, acquisitions, or similar transactions.

We do not sell personal information or share it for cross-context behavioral advertising.

We retain personal information for as long as necessary to provide the Service, comply with legal obligations, resolve disputes, and enforce our agreements. Currently we follow these guidelines:

• Account data remains while your account is active and for up to 24 months after closure unless we must keep it longer for tax, audit, or legal reasons.
• Chat transcripts and attachments remain available in your workspace until you delete them. Deleted conversations are scheduled for removal from active systems within 30 days and from backups within 90 days.
• Search queries, download counters, and token usage are generally retained for up to 18 months to support analytics, safety, and billing.
• Security and application logs are typically retained for 30 to 90 days, though longer retention may apply for investigations.
• OAuth connector tokens are retained until they expire, are revoked, or are pruned after a short retention window.
• OAuth grant and audit records are retained as needed for security, audit, compliance, and dispute-resolution purposes.
• AI-provider logs and feature-persistent files are retained according to provider, feature, plan, and contractual configuration.

If legal requirements or legitimate business needs require longer retention, we will isolate data from normal use and delete it once those obligations end.

Please do not submit protected health information, payment card details, Social Security numbers, data about children under 18, export-controlled materials, or attorney-client privileged content unless your agreement with ElevenFlo expressly allows it and you have the necessary consents. ElevenFlo does not provide HIPAA-compliant services and does not act as a Business Associate.

• Account settings. Update account, contact, and firm details by signing into your profile.
• Conversation management. Delete individual AI conversations directly in the chat interface. Contact privacy@elevenflo.com to request bulk deletion.
• Marketing communications. Opt out of promotional email by following unsubscribe links or contacting us.
• Cookies. Adjust browser or device settings to reject or clear cookies.

We use technical, organizational, and physical safeguards designed to protect personal information, including encryption in transit (TLS 1.2 or higher), encryption at rest for stored files and databases, role-based access controls, network segmentation, monitoring, and regular security reviews. No system is entirely secure, so we encourage you to use strong passwords, enable multi-factor authentication where offered, and report suspected misuse promptly.

Where the GDPR, UK GDPR, or similar laws apply, our legal bases may include:

• Contract. To provide the Service, administer accounts, process subscriptions, deliver AI chat, docket research, document analysis, and support.
• Legitimate interests. To secure the Service, prevent abuse, debug and improve functionality, measure usage, manage billing capacity, maintain audit logs, protect legal rights, and communicate with business users.
• Consent. For certain cookies, marketing communications, optional integrations, or processing that requires consent.
• Legal obligation. To comply with tax, accounting, regulatory, court, law-enforcement, sanctions, export-control, and other legal obligations.
• Public interest or legal claims. Where applicable to public-record data, legal claims, regulatory inquiries, or professional compliance.

ElevenFlo is headquartered in the United States. When we transfer personal information outside your home jurisdiction, we rely on appropriate safeguards such as Standard Contractual Clauses, the UK International Data Transfer Addendum, and contractual commitments requiring service providers to protect the data with comparable safeguards. We also apply technical protections such as encryption, access controls, and limited retention to mitigate transfer risks.

ElevenFlo uses AI and automated systems to generate research suggestions, summarize documents, and enforce rate limits or abuse protections. These tools support your workflow but do not make decisions with legal or similarly significant effects about you. The Service is intended for research, workflow support, document analysis, and information retrieval. It is not designed to make legally binding decisions, adjudicate rights, determine eligibility, or make consequential decisions about individuals. If you would like a human to review an AI-assisted decision or if you wish to object to profiling, contact us at privacy@elevenflo.com.

The Service is not intended for individuals under the age of 18. If you believe we have collected personal information from a child in violation of law, contact us and we will delete it.

We may update this Privacy Policy from time to time. When we do, we will update the effective date and provide additional notice where required by law or where changes are material. If we materially change how we use previously collected personal information in a way that is materially less protective or requires consent, we will provide appropriate notice and obtain consent where required before applying the new practice to that information.

Email questions or privacy requests to privacy@elevenflo.com. You may also reach us at info@elevenflo.com for general inquiries.