Privacy Policy — Legal Ops Maestro

Effective date: 2026-05-11 Last updated: 2026-05-11

This Privacy Policy explains how OrchestrateIQ, LLC (d/b/a Legal Ops Maestro; “Legal Ops Maestro,” “we,” “us”) collects, uses, discloses, and protects personal data when you use the Legal Ops Maestro Chrome extension, the website at legalopsmaestro.com, and related paid features (the “Services”). It is written to satisfy transparency obligations under the EU General Data Protection Regulation (GDPR), the UK GDPR, the California Consumer Privacy Act as amended by the CPRA (CCPA/CPRA), and other applicable US state privacy laws.

For how AI features specifically process your submissions, please also read our AI Disclosure.

TL;DR

• Core tracking is 100% local. Your work log lives in your browser’s storage. It is never sent to us.
• AI features are opt-in. When you choose to use one, and only then, we receive the specific content you confirmed to send.
• Once you buy a paid product, any data you provide is sent through an LLM API under Zero Data Retention (ZDR). Make sure there is no confidential data in what you submit (no client PII, no privileged matter content, no trade secrets, no API keys). We block obvious credential and identifier patterns at the gateway, but the burden of sanitizing matter content rests with you.
• No third-party analytics. No Google Analytics, no PostHog, no pixels, no session replay. The marketing website sets no analytics cookies.
• The paid Show Off Your Work Bundle ($9.99) requires a magic-link-authenticated account and is processed by Creem as Merchant of Record.

1. Controller Information

Controller: OrchestrateIQ, LLC (d/b/a Legal Ops Maestro) Address: 643 N York St, Suite 70, Elmhurst, IL 60126, USA Privacy contact: support@legalopsmaestro.com

We have not appointed a Data Protection Officer. For privacy requests concerning EU/UK data subjects, contact us at the address above.

2. Personal Data We Collect

When you use the free tracker — either the Chrome extension or the in-browser web app at legalopsmaestro.com/app/ — no account is required, and:

• Local-only tracking data is stored on your device. The Chrome extension uses chrome.storage.local; the in-browser web app uses browser localStorage scoped to legalopsmaestro.com. Either way, the data stays on your device and is never transmitted to us. Tracked categories include: timer entries (start/end, duration), labels, optional notes, work-button configuration, your profile if you fill it out (display name, target job, selected industries, optional pasted resume / public LinkedIn text used to personalize AI features), and settings and preferences. We do not collect phone numbers, dates of birth, or government identifiers in any tracker surface.

When you use paid features (account required):

• Account and authentication data: your email address, a SHA-256 hash of your active session token, account creation and last-active timestamps, and short-lived magic-link tokens issued during sign-in.
• Purchase data: SKU purchased, Creem order ID, amount and currency, purchase status (paid / refunded / disputed), and timestamps. Payment card data is never received or stored by Legal Ops Maestro; it is handled by Creem (our Merchant of Record, see Section 6).
• AI feature inputs and metadata: the structured payload you confirm at the consent step (e.g., your archetype, top Core 12 categories, tracked hours, free-text highlights you type, optional resume / LinkedIn pasted text). Prompts and responses are not persisted on our servers; only metadata (model used, token counts, cost in cents, gateway cache status, timestamp) is stored to operate the service. See Section 5.
• Support communications: any email you send to support@legalopsmaestro.com (subject, body, attachments) is retained as needed to respond.
• Edge security and performance signals collected by Cloudflare for traffic protection (DDoS mitigation, bot management); no individualized profiling.

3. Local Browser Storage and Cookies

We use no third-party analytics, no marketing pixels, no session replay, and no behavioral tracking. The marketing website at legalopsmaestro.com is statically served and sets no cookies for analytics or advertising purposes.

We use:

• Strictly necessary session storage: when you sign in for paid features, we set a single session cookie scoped to legalopsmaestro.com so the magic-link flow and entitlement checks work. This is required for the Services to function and cannot be disabled.
• Local device storage for tracking data: the Chrome extension stores tracking data in chrome.storage.local; the in-browser web app stores the same data in browser localStorage scoped to legalopsmaestro.com. Both are browser-managed, device-local stores — not cookies, not synced to any server, and never transmitted to us.

We do not load any third-party scripts on the marketing website. We honor the Global Privacy Control (GPC) signal where applicable.

4. Why We Process Personal Data (GDPR Legal Bases)

• Contract performance (Art. 6(1)(b)): account creation, magic-link sign-in, paid feature delivery, AI generation routing, support, and purchase fulfillment.
• Legitimate interests (Art. 6(1)(f)): platform security, abuse prevention, fraud and chargeback defense, service diagnostics (via Cloudflare metadata only), and internal administration. We balance these interests against your rights and freedoms.
• Legal obligations (Art. 6(1)(c)): tax, accounting, and compliance record-keeping for paid transactions.

We do not rely on consent as the legal basis for any processing other than where you explicitly opt into an AI feature at the consent step.

5. AI Processing Disclosures

Once you buy a paid product, any data you provide is sent through an LLM API under Zero Data Retention. The provider does not retain it and we do not log it, but you are responsible for ensuring there is no confidential data in what you submit. Sanitize before you submit.

When you use a paid AI feature (e.g., generate resume bullets), the following flow occurs:

1. The extension or web wizard composes a payload from only the fields you consent to send — typically your archetype, top Core 12 categories, tracked hours, and optional highlights you type.

2. The payload is sent over TLS to our Cloudflare Worker backend at legalopsmaestro.com/api/ai/*.

3. The Worker forwards it to Cloudflare AI Gateway with Unified Billing and Zero Data Retention (ZDR), which routes the request directly to the chosen model provider — currently Anthropic or OpenAI on standard API tiers. ZDR ensures Cloudflare does not retain prompts or responses; standard API tiers do not train on API traffic. Cloudflare confirmed 2026-04-28 that ZDR + no-training is a composite guarantee for Unified Billing routes to these two providers by default; no separate enterprise agreement is required.

4. We log metadata about the call (timestamp, model used, token counts, cost in cents, cache status) for operational accounting. We also scan inputs and outputs for sensitive identifier patterns and block any request or response that contains them. The scan covers:

   • Financial identifiers (credit card numbers, bank account numbers)
   • Social Security Numbers
   • Insurance and tax identifiers
   • Government-issued ID numbers (passport, driver license, national ID)
   • API keys and cloud-provider credentials (OpenAI, Anthropic, AWS, GitHub, Stripe, Slack, generic bearer tokens, PEM-format private keys)

   The first four categories are scanned by Cloudflare AI Gateway’s Data Loss Prevention layer. The credentials category is scanned by our Worker before the request reaches Cloudflare. Both apply to inputs and outputs.

   Email addresses, phone numbers, and similar contact details are not blocked, because they legitimately belong in resumes and similar career artifacts.

5. We do not log or retain the prompt or the response. The content flows through the Worker and is not persisted on our servers, and ZDR ensures the underlying providers do not retain it either.

Do not submit attorney-client privileged material, attorney work product, client personal data, information subject to ABA Model Rule 1.6, trade secrets, sealed or export-controlled data, or any other confidential information into AI-assisted fields. See our AI Disclosure for the full confidentiality clause, the data-flow chain, and training-retention details.

For the free archetype-narrative feature (which runs on Cloudflare Workers AI, not the paid gateway path), the same data-handling principles apply: no prompt or response retention; minimal metadata only.

6. Service Providers and Subprocessors

We share personal data only as needed with the following processors and independent controllers:

• Cloudflare, Inc. — Workers (compute), D1 (managed SQLite), R2 (object storage), KV (key-value), AI Gateway (Unified Billing routing for paid AI calls; ZDR-composite to Anthropic + OpenAI), Workers AI (free / degraded-fallback inference), Pages (static marketing site hosting), and edge security. Cloudflare does not train models on your inputs. DPA: cloudflare.com/cloudflare-customer-dpa.
• Anthropic, PBC — upstream AI model provider for paid AI features in the Show Off Your Work Bundle. Accessed via Cloudflare AI Gateway Unified Billing on the standard API tier; ZDR-composite by default. No prompts retained or trained on. Privacy: anthropic.com/legal/privacy.
• OpenAI, L.L.C. — upstream AI model provider for paid AI features and Anthropic-fallback routing. Accessed via Cloudflare AI Gateway Unified Billing on the standard API tier; ZDR-composite by default. No prompts retained or trained on. Privacy: openai.com/policies/api-data-usage-policies.
• Armitage Labs OÜ (d/b/a Creem) — Merchant of Record, payment processing, tax collection and remittance, billing, refund handling. Creem is the contractual seller of record for your purchase. Buyer Terms: creem.io/buyer-terms. Privacy: creem.io/privacy.
• Resend, Inc. — transactional email delivery (magic-link sign-in emails, purchase confirmations, AI output delivery). Resend retains minimal delivery metadata per its policy. Privacy: resend.com/legal/privacy-policy.

We do not use Supabase, Featurebase, PostHog, OpenRouter, Google Gemini, or any other multi-provider AI router. We do not use third-party analytics or session replay services.

7. International Data Transfers

OrchestrateIQ, LLC is established in the United States. Personal data is primarily processed in the United States (Cloudflare Workers, D1, R2, KV; Anthropic and OpenAI API endpoints). Some processing may occur in Cloudflare’s global edge network outside the US.

Where personal data leaves the EEA, we rely on approved transfer safeguards, including the European Commission’s Standard Contractual Clauses (Implementing Decision 2021/914) and, for transfers to organizations certified under the EU-U.S. Data Privacy Framework (DPF), adequacy under that framework. For transfers to the UK, we additionally use the ICO International Data Transfer Addendum (IDTA).

AI-provider transfer note. When you submit a paid AI feature, your input is transmitted to Cloudflare AI Gateway and onward to Anthropic or OpenAI. The route is United-States-hosted end-to-end. The data-flow chain and applicable safeguards are detailed in our AI Disclosure.

8. Retention

• Local extension tracking data: retained until you delete it via the extension’s Options → Delete all data action. We have no copy.
• Account and authentication data: retained while your account is active. Deleted within a reasonable period after account closure, and in any event no later than 24 months of continuous inactivity, unless a longer period is required by law.
• Purchase records: retained for 7 years to satisfy tax and accounting obligations.
• AI-feature metadata (model, token counts, cost, cache status, timestamp): retained for 12 months then purged. Prompts and responses are not stored.
• Magic-link tokens: valid for 15 minutes from issuance; deleted on first use or expiry, whichever is earlier.
• Session tokens: SHA-256-hashed; 30-day sliding window; deleted on sign-out or expiry.
• Security and authentication logs (Cloudflare-side): generally 90 days, extended up to 12 months for active abuse or security investigations.
• Backup snapshots: rolling retention of approximately 30-35 days.

9. Your GDPR, UK GDPR, and US State Privacy Rights

Subject to applicable law, you may request access, rectification, deletion (right to erasure), restriction of processing, objection to processing, and portability of your personal data, and you may withdraw any consent you have given. California and other US state residents additionally have rights to know, delete, correct, and opt out of the sale or sharing of personal information. We do not sell personal information.

To exercise any of these rights, email support@legalopsmaestro.com from the email address on file. We respond within 30 days (extendable by 60 days for complex requests, with notice). You also have the right to lodge a complaint with your local data protection authority or, in the US, with your state attorney general.

For local extension tracking data, you can also delete everything immediately via the extension’s Options → Delete all data action.

10. Automated Decision-Making

AI-generated polished impact narratives, resume bullets, work insights, and archetype narratives are coaching signals for your career documentation. They do not produce legal or similarly significant effects concerning you. We do not use personal data for decisions based solely on automated processing that produce legal or similarly significant effects within the meaning of GDPR Article 22.

11. Security

We use technical and organizational measures designed to protect personal data, including:

• TLS 1.3 with HSTS for the backend domain.
• Magic-link authentication; session tokens stored in your browser and compared server-side only as a SHA-256 hash. No passwords.
• 30-day sliding-window session validity; sign out at any time to revoke.
• Worker-side credential pre-scan on every AI-feature input to block accidental exposure of API keys, cloud-provider credentials, and PEM-format private keys.
• Cloudflare AI Gateway Guardrails on both inbound and outbound AI traffic.
• All Worker secrets stored in Cloudflare’s encrypted secret store; no secrets in source control.

No method of transmission or storage is fully secure. If you discover a security issue, please email support@legalopsmaestro.com with the subject line “Security”.

12. Children

The Services are intended for working legal operations professionals and are not directed to children. We do not knowingly collect personal data from anyone under 18. If you believe a child has created an account, email support@legalopsmaestro.com and we will delete it.

13. Extension Permissions

The Chrome extension requests:

• storage — to save your tracking entries locally on your device.
• alarms — to keep timers running reliably across browser restarts.
• host_permissions for https://legalopsmaestro.com/* — only for paid features, so the extension can call our backend for sign-in and AI features.

The extension does not request access to your tabs, browser history, bookmarks, clipboard, or any third-party domains.

14. Changes to this Policy

We may update this Privacy Policy. If we make material changes, we will update the effective date at the top and provide notice where required (for example, by email to signed-in users or by an in-app banner). Material changes that affect how we handle your data will be announced at least 7 days before they take effect.

15. Contact

For privacy requests or questions, contact:

OrchestrateIQ, LLC 643 N York St, Suite 70, Elmhurst, IL 60126, USA support@legalopsmaestro.com

For security reports, use the same email with subject “Security”.