Security, Privacy & Legal Policies

1. A Note on Our AI Technology

Iqidis is built on evolving AI-based technologies. While we implement industry best practices and continually update our methods, AI systems are inherently probabilistic and may produce errors, omissions, or biases. All outputs generated by our AI tools (“Output”) should be independently reviewed and verified with professional judgment. Users are responsible for confirming the accuracy, completeness, and suitability of any Output before relying on it for critical or professional decisions.

2. Website Disclaimer

The information provided by Iqidis, Inc. on iqidis.ai and any related products or services is for general informational purposes only. We provide information in good faith but make no representation or warranty regarding the accuracy, adequacy, validity, reliability, availability, or completeness of any information. Your use of the Site is at your own risk.

3. Professional Disclaimer

No Legal Advice. The Services and Outputs cannot and do not constitute legal advice. They are designed as assistive tools for legal professionals, not a substitute for the expertise, judgment, or direct counsel of a qualified attorney. Use of the Services does not create an attorney-client relationship.

Pro Se or Non-Legal Users. The Services are not designed for individuals representing themselves or non-lawyers without professional oversight. Reliance without licensed counsel carries significant risk.

Other Professional Fields. The Services do not provide financial, investment, tax, or accounting advice. Do not rely on Outputs for such decisions without consulting qualified professionals.

4. Artificial Intelligence Disclaimer

Iqidis uses artificial intelligence technologies to assist in various aspects of the Services. While we strive for accuracy and reliability, Output may contain inaccuracies, omissions, or biases. No AI tool, including Iqidis, can replace independent professional judgment or due diligence. Users remain solely responsible for the final work product and any advice rendered.

5. Testimonials Disclaimer

Testimonials or endorsements on the Site reflect real user experiences but are individual to those users and may not be representative of all outcomes. Testimonials may be edited for clarity or length. We do not claim, and you should not assume, that all users will achieve the same results.

6. Limitation of Liability

To the fullest extent permitted by law, Iqidis, Inc. and its officers, directors, employees, and affiliates will not be liable for any loss or damage of any kind arising out of or in connection with your use of the Site or Services or reliance on any Output. This includes liability for indirect, consequential, incidental, special, exemplary, or punitive damages. Your use of the Site and Services is solely at your own risk.

7. External Links

The Site may reference or link to third-party websites, services, or content. Iqidis does not investigate, monitor, or guarantee the accuracy, adequacy, reliability, or completeness of third-party information and is not responsible for any transactions, decisions, or actions based on third-party content or services.

8. “As Is” and “As Available”

All content, features, and services are provided “as is” and “as available,” without warranties of any kind, express or implied, including warranties of merchantability, fitness for a particular purpose, title, and non-infringement. We do not warrant that the Site or Services will meet your requirements, be uninterrupted, timely, secure, or error-free.

9. Data Handling & Subprocessors

By using the Site or Services, you acknowledge that certain data may be processed by trusted third-party service providers and subprocessors solely to deliver, maintain, or secure the Services. We do not use Customer Content to train Iqidis or third-party models. When third-party models are invoked, they are used only for discrete inference steps, with vendor caching/retention disabled. Most processing occurs in-house using Iqidis's knowledge graph, RAG, and orchestration systems. For current providers, see our Subprocessor Policy.

10. Changes to This Disclaimer

We may modify or replace this Disclaimer at any time. Material changes will be posted with an updated effective date. Your continued use of the Site or Services after changes are posted constitutes acceptance of the updated terms.

1. Introduction

Iqidis, Inc. is committed to protecting your privacy and safeguarding your information. This Privacy & Data Policy explains how we collect, use, disclose, secure, and retain information when you use our Irys legal AI services at iqidis.ai (and successor domains including irys.ai) and any related applications or services (collectively, the “Services”).

Roles & Ownership.Where the Customer is an organization or enterprise, the Organization is the data controller/owner of Customer Content and Customer Data. Authorized Users act on behalf of the Organization, and Iqidis acts solely as the Organization's data processor or service provider. We are not a custodian or data owner of your Customer Content. For website/marketing interactions, Iqidis acts as data controller of that contact/admin data.

2. Information We Collect

Information You Provide

• Account & Profile: Name, email, firm/organization, role, and authentication data.
• Payment/Billing: Processed by trusted payment providers (we do not store full payment card details).
• Customer Content: Documents and other materials you upload or input to use the Services.
• Support/Feedback: Content of support tickets, feature requests, or product feedback.

Information Collected Automatically

• Telemetry (content-free): Minimal operational telemetry excluding Customer Content. Limited to behavioral/interaction metadata (e.g., UI events/clicks, navigation flows, request timing, status/error codes, coarse device/browser metadata). Telemetry does not include prompts, model outputs, or uploaded documents/files.
• Device/Log Data: IP address, device and browser type, operating system, general geo (city/country), and timestamps.

3. How Our AI Processes Your Data (Hybrid Architecture)

Local-First, In-House Processing

By default, requests are handled in-house by Iqidis within Iqidis-controlled infrastructure using our KG/RAG and orchestration layers. Customer Content is stored and processed within your organization's dedicated Iqidis tenant and per-user profile containers — not pooled or commingled with other customers. We do not use Customer Content to train models.

Selective, Discrete Subprocessor Inference (If Needed)

For certain discrete aspects of a query (e.g., language polish, format transformation, translation, or general-knowledge reasoning), our orchestrator may invoke a subprocessor (e.g., OpenAI, Anthropic, Google) for inference only. We disable vendor caching/retention, apply data minimization, and contractually require no training on Customer Content. Many requests are satisfied entirely in-house without any external call.

No Training on Your Data

Third-party model calls are stateless and ephemeral: prompts/outputs are not retained by vendors, and Customer Content is never used to train Iqidis or third-party models. Unlike some legal tools that aggregate client data to “improve the model,” Iqidis does not pool or train on your Customer Content.

4. Legal Bases for Processing (GDPR/UK GDPR)

We process personal data under one or more of the following bases: contract performance, legitimate interests (e.g., service security and improvement), consent (where required), and legal obligations.

5. Data Processing, Storage & Retention

• No training on Customer Content by Iqidis or third-party models.
• Vendor caching/retention disabled for third-party inference.
• Authorized personnel may access Customer Content only to resolve technical issues, provide support, or enforce terms. Access is purpose-limited and time-bound, with strict access control and audit logging.
• Customer Content (Support Cases): Deleted or anonymized within 30 days after issue resolution, unless a longer period is required by law or expressly requested for ongoing support.
• Telemetry/Logs: Behavioral/interaction metadata retained for reliability/security; telemetry does not contain prompts, model outputs, or uploaded files.

6. Sharing & Disclosure

We do not sell personal data. We may share data with Service Providers & Subprocessors as necessary to deliver features; Regulators, Legal Authorities, and Advisors as necessary to comply with law or enforce rights; in connection with Business Transfers (e.g., M&A) subject to this Policy's protections; with your consent or at your direction; and intra-Organization among Authorized Users as controlled by user-configured permissions.

When an Authorized User is removed from an Organization Account, that user's access is immediately and irrevocably terminated. All Customer Content created by that user within the Organization remains under the control of and accessible to the Organization.

7. Security

We maintain controls aligned with SOC 2 and ISO 27001 frameworks, including encryption in transit and at rest; least-privilege access and SSO/IdP; network segmentation and WAF; vulnerability scanning and independent penetration testing; centralized logging and anomaly detection; and secure SDLC practices.

Data Security Incidents.If Iqidis becomes aware of a confirmed unauthorized access to or disclosure of Customer Content caused by Iqidis's breach of this Policy, Iqidis will notify the Customer without undue delay and no later than 72 hours after becoming aware; provide information about the nature of the incident, affected data categories, likely consequences, and measures taken; investigate, mitigate, and remediate the incident; and cooperate with Customer's reasonable requests for additional information.

Customer Responsibilities (Shared Responsibility). Customer is responsible for configuring security features (e.g., SSO, MFA, role-based access), managing user access and credential hygiene, classifying and minimizing sensitive data uploaded to the Services, and promptly notifying Iqidis of suspected compromise of Customer accounts or credentials.

Security questions and incident reports may be submitted to: security@iqidis.ai.

8. Data Processing Addendum (DPA) & International Transfers

For controller-processor obligations under GDPR/UK GDPR/CPRA (including Standard Contractual Clauses/UK addendum for international transfers), privacy/security indemnification, and cost allocation relating to Data Security Incidents, see the Iqidis Data Processing Addendum (DPA) available upon request. If there is a conflict between this Policy and the DPA, the DPA controls for the subject matter of that conflict.

9. Your Rights

Depending on your jurisdiction, you may have rights to: access your personal data; correct inaccurate personal data; request deletion of your personal data; restrict processing; object to processing; receive your data in a portable format; withdraw consent at any time; and lodge a complaint with a supervisory authority. To exercise any rights, submit a verifiable request to info@iqidis.ai.

10. Additional Provisions

Automated Decision-Making: We do not use personal data to make decisions that have legal or similarly significant effects solely through automated processing.

International Transfers & Regionalization: Data may be processed in the U.S. and E.U. We use appropriate safeguards (e.g., Standard Contractual Clauses and UK addenda) for cross-border transfers. Regional routing can be configured on request.

Children's Privacy: We do not knowingly collect data from individuals under 18. If such data is identified, it will be promptly deleted.

“Do Not Track”: Our Services do not currently respond to browser DNT signals. Please use the controls in our Cookie Policy to manage non-essential cookies.

1. Purpose & Scope

This Policy explains who processes Customer Data and Customer Content for Iqidis customers, how we control those processors, and what security and privacy safeguards apply. It covers Iqidis's first-party (in-house) processing — including our Knowledge Graph (KG), Retrieval-Augmented Generation (RAG), and orchestration/multi-agent layers — as well as third-party Service Providers and Subprocessors.

2. Definitions

• Customer Data: Personal data related to account/profile administration and service operation.
• Customer Content: Documents, prompts, files, and other content a customer inputs for processing, plus any model Output returned by the Services.
• Service Providers: Third parties supporting Iqidis's infrastructure/operations that may process Customer Data and limited telemetry.
• Subprocessors: Third parties that may process Customer Content (or its derivatives) to deliver a specific feature or inference step.
• Internal Processing Services: Iqidis-operated, first-party systems (KG/RAG/orchestration) running inside Iqidis-controlled environments. These are not “subprocessors.”

3. Processing Architecture

How Iqidis differs from “ChatGPT” or out-of-the-box LLMs: Iqidis is not a simple wrapper around a single model. We operate a hybrid architecture that maximizes confidentiality and control.

In-House Backbone (Default)

Most requests are handled inside Iqidis by our KG/RAG and orchestration services within Iqidis-controlled infrastructure. Customer Content is containerized per tenant and per user profile — we do not pool or commingle Customer Content across firms or matters.

Selective, Discrete Subprocessor Calls (Only When Needed)

For certain discrete aspects of a query, our orchestrator may invoke a subprocessor for inference only. These calls are ephemeral (vendor caching/retention disabled), region-aware where available, and contractually restricted from training on Customer Content. Payloads are minimized and limited strictly to the narrow task.

Zero Training on Customer Content

Iqidis does not use Customer Content to train Iqidis or third-party models. Third-party models are used only for stateless inference with no vendor-side retention enabled.

4. Key Differentiators

• Local-first, hybrid architecture. Processing runs in-house via KG, RAG, and orchestration layers. Third-party LLMs are invoked for inference steps only, with caching/retention disabled and contractual no-training obligations.
• Your data stays in your tenant — never conglomerated. Customer Content is stored and processed within your organization's dedicated Iqidis tenant and per-user profile containers.
• Scoped subprocessor use. When a subprocessor is invoked, we transmit the minimum payload needed. Vendors do not retain your prompts/outputs and do not train on your data.
• You own your data and output. You remain the data controller/owner of your User Content and Output. Iqidis acts solely as a data processor/service provider.
• Minimal, content-free telemetry. We collect only behavioral/interaction metadata. We do not log prompts, model outputs, or uploaded documents/files.

5. Security Measures

Iqidis maintains security controls aligned with SOC 2 and ISO 27001 frameworks, including encryption in transit and at rest; access controls; network security; vulnerability management; monitoring & audit; and secure SDLC.

Breach Notification. If we become aware of a breach affecting Customer Data/Content, we will notify impacted customers without undue delay and no later than 72 hours of becoming aware, unless prohibited by law.

6. Data Location & Transfers

Data is processed primarily in the U.S. and E.U. Regional routing can be adjusted based on customer requirements and technical feasibility. Cross-border transfers use appropriate safeguards as described in the Privacy & Data Policy.

7. Subprocessor Selection, Contracts & Monitoring

Before engaging or materially changing a subprocessor, Iqidis performs due diligence, establishes contractual controls (confidentiality, purpose limitation, no training, security, breach notice, deletion/return on termination), enforces configuration requirements, and conducts ongoing oversight.

8. Change Management & Customer Right to Object

Iqidis will provide ≥30 days' prior notice of any new subprocessor or material change. Customers may reasonably object (on privacy/security grounds) within the notice period, and we will work in good faith to mitigate concerns.

9. Current Service Providers

These providers support the platform and may process Customer Data. They are not used to train models.

10. Current Subprocessors — No Training, No Retention

These vendors may process Customer Content ephemerally for inference. Iqidis enforces no training and no retention/caching.

Many requests may be satisfied entirely in-house (KG/RAG/orchestration) without calling an external LLM — further reducing third-party exposure.

11. Internal Processing Services (Operated by Iqidis)

• Knowledge Graph (KG) & RAG: Proprietary services that index/link a customer's authorized sources, perform targeted retrieval, and compose grounded prompts.
• Orchestration/Multi-Agent Layer: Directs tool use, applies legal workflows, manages internal reasoning, and decides if/when to call an external LLM.
• Isolation: All internal services run with per-tenant logical isolation and encryption. They are not subprocessors because Iqidis operates them directly.

12. Transparency, Assurance & Changes

Upon reasonable request, Iqidis can provide summaries of third-party audit reports or recent pen-test executive summaries. Direct audit is available as required by law or agreed in a separate enterprise agreement. Material updates will be communicated with ≥30 days' advance notice.

1. Key Definitions

• Authorized User: An individual user who has been invited to or otherwise uses the Services under an Organization Account.
• Confidential Information: Any information disclosed by one party to the other that is designated as confidential or that reasonably should be understood to be confidential.
• Customer Content: All content, data, documents, prompts, chats, matters, and other materials submitted to or generated through the Services.
• Non-Public Materials: Any part of the Services requiring authentication.
• Output: The data, text, responses, summaries, analyses, or other information generated and returned by the Services based on User Input.
• User Content: Input and any other data, information, or material provided or submitted by User to the Services.
• Workspace: A logical environment within the Services in which content is created, stored, and managed.

2. The Services

The Services provide an AI-powered platform designed to assist legal professionals with tasks such as research, drafting, analysis, and summarization. The Services are intended as an assistive tool and are not a substitute for professional legal judgment, advice, or independent verification.

3. Accounts and Registration

Users must provide accurate, current, and complete information during registration. Accounts created with false or misleading information are subject to immediate termination. The Services are intended for users who are at least 18 years old.

4. License Grant and Restrictions

Iqidis grants User a limited, non-exclusive, non-transferable, revocable license during the Subscription Term to access and use the Services.

General Use Restrictions. User shall not: license, sell, or otherwise commercially exploit the Services; use the Services to store or transmit infringing or unlawful material; transmit viruses or malicious code; interfere with or disrupt the Services; attempt to gain unauthorized access; remove proprietary notices; or publish materially false statements about Iqidis.

Prohibitions on Reverse Engineering. User shall not reverse engineer, decompile, disassemble, or otherwise attempt to discover the source code, underlying algorithms, or architecture of the Services; access or benchmark the Services for the purpose of developing a competitive product.

5. User Content and Data

Customer retains all right, title, and interest in and to User Content. Iqidis does not use User Content to train its own or third-party AI models. Iqidis may access User Content only for the limited purposes of providing customer support, troubleshooting, ensuring service operation, and enforcing this Agreement.

6. Intellectual Property

Iqidis and its licensors own and retain all right, title, and interest in and to the Services, the underlying technology, and any modifications or enhancements thereto. Subject to compliance with this Agreement, User owns the Output generated specifically for them through their use of the Services.

7. Fees and Payment

Fees are based on the subscription plan purchased and not actual usage. Payment obligations are non-cancelable, and Fees paid are non-refundable, except as expressly provided in this Agreement. Iqidis reserves the right to change Fees upon providing at least thirty (30) days prior notice.

8. Confidentiality

Each party agrees to use the other's Confidential Information solely for purposes of performing its obligations or exercising its rights under this Agreement; to maintain confidentiality using at least the same degree of care it uses to protect its own confidential information; and not to disclose Confidential Information to any third party except to employees, contractors, and agents who have a need to know.

9. Disclaimers

THE SERVICES, SITE, AND ALL RELATED CONTENT ARE PROVIDED “AS IS” AND “AS AVAILABLE,” WITHOUT WARRANTIES OF ANY KIND, WHETHER EXPRESS OR IMPLIED. IQIDIS DOES NOT WARRANT THAT THE OUTPUT WILL BE ACCURATE, COMPLETE, RELIABLE, CURRENT, OR SUITABLE FOR ANY PARTICULAR PURPOSE. ALL OUTPUT MUST BE INDEPENDENTLY REVIEWED AND VERIFIED WITH PROFESSIONAL JUDGMENT.

10. Limitation of Liability

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT SHALL EITHER PARTY BE LIABLE FOR ANY INDIRECT, PUNITIVE, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR EXEMPLARY DAMAGES. EACH PARTY'S TOTAL AGGREGATE LIABILITY SHALL NOT EXCEED THE TOTAL AMOUNT PAID BY CUSTOMER TO IQIDIS DURING THE TWELVE (12) MONTHS PRECEDING THE CLAIM, OR $100.00, WHICHEVER IS GREATER.

11. Indemnification

By Iqidis.Iqidis will defend or settle any unaffiliated third-party claim alleging that the Services directly infringe or misappropriate such third party's U.S. patents, copyrights, or trademarks.

By User.User shall defend, indemnify, and hold harmless Iqidis from and against any third-party claim arising from Customer Content, Outputs that User modifies, User's use of the Services in violation of this Agreement, or User's violation of professional or ethical obligations.

12. Term and Termination

This Agreement commences on the date User first accepts it and continues until all Subscription Terms have expired or been terminated. Either party may terminate for cause upon thirty (30) days written notice of a material breach.

13. Governing Law and Dispute Resolution

This Agreement shall be governed by the laws of the State of New York, without regard to its conflicts of laws principles. Disputes shall be resolved by binding arbitration administered by the AAA in New York County, New York.

14. Professional Responsibility and Ethics

User acknowledges that it is a legal professional or entity employing legal professionals and is solely responsible for its professional conduct and compliance with all applicable laws, rules, and ethical obligations governing the practice of law. The Services are assistive tools.

1. Introduction

This Acceptable Use Policy (“AUP”) governs the use of the Iqidis legal AI services. It forms part of the Iqidis Terms of Service and is incorporated therein by reference.

AI Processing Note: Iqidis does not use User Content to train its own or third-party AI models. User Content processed by the AI system is not retained for AI model training purposes.

2. Prohibited Uses

Illegal or Unlawful Activities: Engaging in any activity that violates applicable law; promoting or facilitating illegal acts; infringing intellectual property rights.

Harmful or Deceptive Practices: Transmitting malware; engaging in phishing or fraud; attempting unauthorized access; interfering with or disrupting the Services; impersonating any person or entity.

Offensive or Inappropriate Content: Generating, transmitting, or storing content that is defamatory, obscene, abusive, threatening, hateful, or discriminatory; promoting violence, terrorism, or self-harm.

Misuse of the Services: Reverse engineering; building competitive products; unauthorized benchmarking, scraping, or automated access; circumventing security measures; unauthorized practice of law; using false identities.

3. Responsible Use and Professional Obligations

• Professional Judgment. Users must exercise independent professional judgment when using the Services.
• Verification. Users are solely responsible for reviewing, verifying, and validating all Output.
• Ethical Compliance. Users must ensure their use complies with all applicable rules of professional conduct.
• Confidentiality and Privilege. Users are responsible for maintaining the confidentiality of client information.
• Security Practices. Users must safeguard credentials, use strong passwords, and enable available security features.

4. Enforcement and Consequences

Iqidis reserves the right to monitor use of the Services. Violations may result in warnings; suspension of access; termination; removal of prohibited content; reporting to law enforcement; and/or pursuit of legal action.

5. Reporting Violations

If you become aware of any violation of this AUP, please promptly report it to info@iqidis.ai.

1. What Are Cookies and Similar Technologies?

Cookies are small text files placed on your device by a website. Similar technologies include web beacons/pixels, local storage, and SDKs. Some cookies are set by us (first-party), and some are set by third parties providing services to us (third-party cookies).

2. How We Use Cookies

• Strictly Necessary (Essential): Operate the site, keep you signed in, route traffic, prevent fraud/abuse, honor your cookie choices, and provide core security controls. These cannot be switched off.
• Functionality: Remember settings/preferences, improve your experience, and provide certain features.
• Analytics/Measurement: Understand how our Website is used so we can improve performance and usability. Analytics are configured to minimize data and avoid cross-site tracking.

No advertising cookies. We do not use cookies for targeted advertising.

No AI training. Cookies and similar technologies are not used to train Iqidis or third-party AI models.

3. Your Choices

• Cookie Consent Manager. You can make or change your choices for non-essential cookies at any time. EU/UK/EEA visitors: We will not set non-essential cookies until you give consent.
• Browser Controls. Most browsers let you block or delete cookies.
• Mobile/OS Controls. You may manage certain tracking preferences at the device or OS level.

4. Global Privacy Control (GPC) & Do Not Track (DNT)

We recognize Global Privacy Control (GPC) signals in supported browsers as an opt-out preference where applicable law treats such signals as valid. We do not currently respond to legacy DNT browser signals.

5. Cookie Retention

Session cookies are deleted when you close your browser. Persistent cookies remain on your device for a period set by the cookie (typically up to 13 months for analytics/functionality).

6. Third-Party Services and Links

Our Website may include links to third-party sites or embedded content. Those third parties may set their own cookies. We do not control these cookies; please review the third party's cookie/privacy policies.

7. International Considerations

Where required by law, we rely on consent for non-essential cookies and legitimate interest/necessity for strictly necessary cookies.

8. Changes to this Cookie Policy

We may update this Policy to reflect changes in technology, law, or our practices. Material changes will be posted here with an updated effective date, and where required, we will re-present the banner or request consent again.