Privacy Policy

This Privacy Policy describes how 1577750 B.C. Ltd, doing business as Stern Bench ("Stern Bench," "we," "us," or "our"), collects, uses, and protects your information when you use Stern Bench Assistant (the "Service"). This policy should be read together with our Terms, including the Platform Agreement, Acceptable Use Policy, Service Terms, Security Addendum, and Data Processing Addendum, where applicable.

1. Information We Collect

1.1 Account Information

When you create or use an account for the Service, we may collect:

• email address;
• account identifiers;
• authentication metadata, including login timestamps and authentication method;
• account, workspace, deployment, or organization identifiers where applicable; and
• limited account settings and preferences.

1.2 Assistant Threads, Prompts, Responses, and Research Artifacts

When you use the Service:

• prompts, thread messages, instructions, and follow-up requests are processed in real time to provide the Service;
• the Service may generate AI-assisted responses, summaries, citations, and other research outputs;
• the Service may retain persistent or workspace-linked thread content, saved prompts, saved responses, exported artifacts, and related assistant materials in order to provide continuity, saved history, workspace functionality, and service operation during the pilot term;
• where the Service offers exports, saved artifacts, uploads approved for the applicable pilot, or other account-linked or workspace-linked features, the materials you choose to save or retain through those features may be stored in association with your account or workspace; and
• Stern Bench may retain limited operational data needed to operate, secure, support, and measure the Service, as described below.

1.3 Usage, Security, and Device Data

We automatically collect limited technical and operational information, which may include:

• IP address or hashed IP address;
• browser type and basic device identifiers;
• session, thread, account, workspace, or organization identifiers;
• timestamps and request metadata;
• aggregate usage records, rate-limit records, abuse-prevention or fraud-prevention signals;
• landing path and campaign or attribution metadata;
• performance, latency, reliability, and error data;
• local-browser persistence data, such as prompt-history or UI-state storage, where used by the Service; and
• other service metadata reasonably necessary for security, service integrity, support, and troubleshooting.

1.4 Case Corpus and Platform Data

The Service also makes available Stern Bench's curated corpus of publicly available judicial decisions and related case metadata. That corpus is independently collected and maintained by Stern Bench and is not personal information collected from you merely because you use the Service.

2. How We Use Information

We use collected information to:

• provide and operate the Service, including AI-assisted research, grounded citations, persistent pilot-workspace threads, and workspace-linked assistant features;
• maintain account or workspace preferences, thread continuity, and saved assistant functionality for the applicable pilot deployment;
• maintain security, detect abuse, prevent misuse, and enforce our Terms;
• support debugging, service reliability, incident response, and customer support;
• measure aggregate service usage and improve functionality and performance; and
• communicate service-related updates and material changes.

We do not use your information for advertising purposes. We do not sell personal information to third parties.

3. AI Processing and Third-Party Infrastructure

The Service uses third-party infrastructure and AI services to deliver assistant functionality for the serious pilot ring. Deployment-specific details may still be supplemented by the written pilot arrangement or subprocessor list.

How assistant processing works:

• for the serious pilot ring, your prompts, thread content, relevant case-corpus metadata, and other necessary service inputs may be processed through Microsoft Azure-hosted application infrastructure, Azure OpenAI services, and internal retrieval services used to support authority-backed answers;
• where the Service provides AI-assisted summaries, conversational analysis, or other research outputs, relevant prompts, thread content, case-corpus materials, and related request context may be processed by the providers supporting the serious pilot deployment; and
• infrastructure, access-control, delivery, and search/retrieval providers may also process separate service data and technical-operational information needed to operate, secure, support, and maintain their services under their own enterprise terms and privacy notices.

What we do not do:

• where Stern Bench makes a no-training commitment in writing for a serious pilot deployment, that commitment is tied to the provider arrangements in place for that deployment; and
• we do not represent that every item of operational metadata or infrastructure-level service data is itself user-facing thread history.

4. Third-Party Service Providers

We use service providers to operate the Service. These may include:

Provider	Purpose	Data Processed
Microsoft Azure	Application hosting, workspace storage, cloud operations, and deployment infrastructure	Account data, workspace data, saved assistant data, service metadata, request and storage data
Azure OpenAI Service	AI-assisted assistant processing	Prompts, thread content, relevant case-corpus materials, service inputs needed to generate outputs
Microsoft Entra ID or equivalent enterprise identity provider used for the pilot	Identity and access control	Email, authentication metadata, account identifiers, access-control data
Search / retrieval infrastructure providers used in the authority pipeline	Authority-backed search and retrieval support	Retrieval queries, search context, and related technical request data where relevant

If Stern Bench uses additional subprocessors, a current list of subprocessors will be maintained at the applicable subprocessor route on our website. Where the Data Processing Addendum applies, subprocessor use is further governed by that addendum.

5. Data Retention

We retain different categories of data for different periods:

Data Category	Retention Period
Account information	For as long as the relevant account, workspace, or deployment remains active, unless a shorter or longer period applies under the applicable pilot arrangement
Persistent threads, saved prompts, saved responses, exported artifacts, and saved assistant materials	For the duration of the active serious pilot deployment, unless deleted earlier or otherwise governed by the applicable pilot arrangement
Operational security, usage, attribution, and error records	For limited operational, security, or troubleshooting periods that may extend beyond deletion of user-facing materials
Anonymised or aggregated analytics	May be retained indefinitely

The Service may retain thread content and related account-linked or workspace-linked assistant history to provide continuity and functionality for the serious pilot deployment. Operational and infrastructure metadata may be retained separately from user-facing thread content, and certain local browser storage may also persist until cleared from the device or browser.

Upon account, workspace, or service termination, we will handle deletion or return of your personal data in line with the applicable serious pilot arrangement and technical architecture, subject to any retention required by law or reasonably necessary for security, fraud prevention, dispute resolution, backup cycling, troubleshooting, or legal compliance.

6. Cookies and Local Storage

We use limited first-party session technologies and local browser storage to:

• maintain authenticated user sessions;
• remember product preferences, cached UI state, and local prompt-history or similar browser-side continuity data where used by the Service; and
• support basic service continuity and usability.

We do not use advertising cookies or marketing trackers. We do not build advertising profiles based on your legal research activity.

7. Data Security

We implement reasonable administrative, technical, and organisational measures to protect your information, including:

• encryption of data in transit (TLS) and at rest where supported by the relevant infrastructure;
• restricted access to systems and data on a need-to-know basis;
• infrastructure hosted on enterprise-grade cloud providers; and
• incident response, access control, logging, monitoring, and security-review practices appropriate to the Service.

No system can be guaranteed to be completely secure. In the event of a data breach that poses a real risk of significant harm to you, we will notify affected users and the Office of the Privacy Commissioner of Canada as required by PIPEDA. Where a DPA applies, incident handling will also be governed by that DPA.

8. International Data Processing

Stern Bench is based in British Columbia, Canada. For the serious pilot ring, Stern Bench intends to support Azure-based regional deployment options, including UK-region deployment where specified in the applicable written arrangement. Your information may be processed and stored in Canada, the United Kingdom, the United States, or other jurisdictions where our service providers operate, depending on the agreed pilot architecture. Where data is transferred outside of Canada, we rely on the data processing agreements and security commitments of our service providers to ensure appropriate safeguards are in place. For further details, see our Data Processing Addendum where applicable.

9. Your Rights

You have the right to:

• access your personal data held by us;
• correct inaccurate or incomplete information;
• delete your account where an account-deletion path exists;
• request deletion of account-linked or workspace-linked threads, uploads, exports, or saved assistant artifacts that remain associated with your use of the Service, where such deletion functionality or request path is available; and
• withdraw consent to data processing, where consent is the basis for processing.

We will respond to rights requests within 30 days of receipt, as required by PIPEDA. If you are dissatisfied with our response, you have the right to file a complaint with the Office of the Privacy Commissioner of Canada.

10. Children's Privacy

The Service is not directed at individuals under the age of 16. We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child under 16, we will take steps to delete that information promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will provide notice through the Service or by email to the address associated with your account. Your continued use of the Service following notice of changes constitutes acceptance of the revised policy.

12. Governing Law

This Privacy Policy is governed by the laws of the Province of British Columbia and the federal laws of Canada applicable therein, including PIPEDA.

13. Contact

For privacy-related inquiries or to exercise your data rights, contact us at founder@sternbench.com.