Privacy Policy

1. Information We Collect

When you use Ohio Lawyer Index, we may collect:

• Information you provide: Name, email address, phone number, city/zip code, and description of your legal situation as shared through the chat assistant.
• Automatically collected: Approximate geographic location based on your IP address (city-level only), browser type, and general usage analytics.
• Chat content: The conversation you have with our AI assistant, used to generate directory-fit suggestions.
• Sensitive information:Depending on the nature of your legal matter (e.g., personal injury, medical malpractice, workers' compensation), you may voluntarily disclose health-related or medical information during the chat. We treat all such information with heightened care as described in Section 4 below.

2. How We Use Your Information

• To generate directory-fit suggestions based on your described legal needs and location.
• To send your case details to listed attorneys you choose or consent to contact as directory intake (only with your explicit consent via the consent checkbox).
• To assess lead quality and improve directory filtering.
• To detect and prevent abuse or fraud.

3. How We Share Your Information

We share your personal information with the listed attorneys you approve, and only after you explicitly consent via the submission checkbox. We do not sell, rent, or share your personal information with any other third parties for marketing or commercial purposes.

Important: Directory lead notifications to attorneys are handled through the attorney portal where possible. If email is used for notification, it should not include detailed case facts.

We may share anonymized, aggregated data for analytics or service improvement purposes.

4. Health & Sensitive Information

Ohio Lawyer Index is not a healthcare provider, health plan, or healthcare clearinghouse.We are a legal directory and lead-intake tool and are generally not a "covered entity" under the Health Insurance Portability and Accountability Act (HIPAA).

However, we recognize that users describing personal injury, medical malpractice, workers' compensation, elder law, or similar legal matters may voluntarily disclose health-related information. We treat all such information with the following safeguards:

• Minimized collection: Our AI assistant collects only the information necessary to filter attorney directory listings. We do not request detailed medical records, diagnoses, or treatment histories.
• Automatic PHI stripping: Before any case information is sent to listed attorneys, our system automatically strips specific medical details (diagnoses, medication names, doctor names, medical facility names, and other identifiable health information) from the case description. Attorneys receive only a general legal summary — never specific health details.
• Zero health data retention: Health and medical information shared during chat is processed in real-time and is never stored, logged, or retained by Ohio Lawyer Index in any form. Chat conversations exist only in your browser session memory and are destroyed when you close the page or start a new session.
• Encrypted transmission: All data is transmitted over HTTPS (TLS encryption) between your browser and our servers.
• No secondary use: Health-related information is never used for marketing, advertising, profiling, or any purpose other than generating directory-fit suggestions.
• AI instruction guardrails: Our AI assistant is explicitly instructed to exclude all medical details, diagnoses, and health specifics from the structured data it generates. The case summary sent to attorneys describes the legal situation only.

If you have concerns about sharing sensitive health information,we recommend describing your legal matter in general terms during the chat (e.g., "injury from a medical procedure" rather than specific diagnoses) and providing detailed medical information directly to the attorney you choose to retain, where it will be protected by attorney-client privilege.

5. AI Processing & Third-Party Services

We use the following third-party services to operate this site:

• Anthropic (Claude AI):Powers our chat assistant. Your chat messages — including any case details or health information you share — are sent to Anthropic's API for processing. Anthropic states that API data is not used to train their models. Anthropic's privacy policy applies to data processed through their service.
• Google (Gmail SMTP):Email notifications may be sent to attorneys via Gmail without detailed case facts. Google's privacy policy applies.
• Cloudflare:Provides DNS, CDN, and tunnel services. Traffic passes through Cloudflare's network. Cloudflare's privacy policy applies.
• Firebase (Google Cloud): Hosts the website. Static hosting only — no user data is stored in Firebase.
• IP-API: Used for approximate IP-based geolocation. Only your IP address is sent; no personal information is transmitted.

We do not currently have Business Associate Agreements (BAAs) with these providers, as we are not a HIPAA-covered entity. If you require HIPAA-compliant communication, please contact your attorney directly after selecting an attorney.

6. IP Geolocation

We use your IP address to detect your approximate city-level location within Ohio. This is used to suggest nearby attorneys. We do not store your IP address permanently. The location detection is approximate and you are always asked to confirm or correct your location during the chat.

7. Data Retention & Deletion

• Chat conversations: Exist only in your browser session memory (React state). Chat data is never persisted to any server, database, log file, or storage system by Ohio Lawyer Index. When you close the page, start a new session, or navigate away, all chat data is permanently destroyed.
• Health/medical information: Zero retention. Any health or medical details shared during chat are processed in real-time for directory filtering purposes only and are automatically stripped before any data is sent to attorneys. We do not store, log, or retain health information in any form.
• Directory lead data: The structured lead data sent to attorneys (name, email, phone, city, practice area, and a PHI-stripped legal summary) is retained in our processing system logs for a maximum of 90 days, then permanently deleted. This data contains no medical details.
• Sent emails: Directory lead notification emails are retained in our email system for up to 90 days for delivery verification, then deleted. These emails should not include detailed case facts.
• Anthropic API processing:Chat messages are sent to Anthropic's API for real-time processing. Anthropic retains API inputs/outputs for up to 30 days for trust and safety purposes per their data retention policy. We have no control over Anthropic's retention period. See Anthropic's privacy policy.
• Deletion requests: You may request immediate deletion of your data at any time by contacting us at privacy@techeasyit.com. We will process deletion requests within 30 days.

8. Cookies

This site uses minimal, functional browser storage for consent and session continuity. We do not use third-party tracking cookies or advertising cookies.

9. Data Security

We implement reasonable technical and organizational measures to protect your information, including:

• HTTPS/TLS encryption for all data in transit
• Security headers (Content-Security-Policy, X-Frame-Options, X-Content-Type-Options, XSS Protection, Referrer-Policy, Permissions-Policy)
• Rate limiting and anti-bot measures (honeypot fields, message throttling, submission cooldowns) to prevent automated abuse
• Authentication required before accessing the chat assistant
• Prompt injection defense: All user inputs are sanitized before processing — XML/HTML tags are stripped, instruction override attempts are filtered, and message length is capped. The AI system prompt includes explicit guardrails against prompt injection attacks.
• Session sandboxing: Each chat session is isolated in browser memory with no cross-session data leakage. Sessions cannot access data from other users or previous sessions. All state is destroyed on page close or session reset.
• Automatic PHI stripping: A multi-layer defense strips health information: (1) the AI is instructed to exclude medical details from structured output, (2) client-side regex patterns strip diagnoses, medications, doctor names, SSNs, and other identifiable health data before the lead is transmitted.
• CORS-restricted webhooks — API endpoints only accept requests from authorized origins

However, no system is completely secure, and we cannot guarantee the absolute security of your data. Information shared through the chat is not privileged legal communication and does not carry the protections of attorney-client privilege.

10. Your Rights

You have the right to:

• Request access to the personal data we hold about you.
• Request correction of inaccurate data.
• Request deletion of your data (processed within 30 days).
• Withdraw consent for sharing your information with attorneys at any time before submission.
• Receive a copy of data we have collected about you in a portable format.

To exercise these rights, contact us at privacy@techeasyit.com.

11. Children's Privacy

This service is not directed at individuals under 18. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us for immediate removal.

12. Ohio & Federal Privacy Laws

This service complies with applicable Ohio privacy laws, including Ohio's data breach notification statute (ORC 1349.19). In the event of a data breach affecting your personal information, we will notify you and the Ohio Attorney General as required by law.

While we are not a HIPAA-covered entity, we voluntarily adopt privacy practices consistent with the principles of data minimization, purpose limitation, and individual rights as described in this policy.

13. Changes to This Policy

We may update this Privacy Policy at any time. Changes will be posted on this page with an updated effective date.