Legal

Privacy Policy

Effective June 11, 2026. We built Pasqio so that your clients' privileged material stays private — including from us. This page explains exactly what we collect, what we can and cannot see, and what happens when you leave.

Request a Demo Sign In

What we store for you

Pasqio stores the data your firm puts into it: documents, files, imported emails, client and matter records, calendars, time entries, invoices, and trust accounting records. Document and file content is encrypted with AES-256-GCM using per-matter keys before it is written to storage. We do not read, mine, analyze, sell, or share your content. Our operations are designed around metadata, not content — routine support never requires decrypting anything.

What we collect about you

  • Account data: names, email addresses, roles, and authentication records (hashed passwords, 2FA configuration) for the people your firm authorizes.
  • Usage and security logs: an audit trail of actions (who accessed what, when, from which IP address) kept for your firm's own compliance, plus operational logs and error reports with sensitive values automatically redacted.
  • Billing data: your firm's billing contact and subscription state. Card details are processed by Stripe and never touch our servers.

We do not use advertising trackers or analytics that profile you, and we never sell personal information.

Who else touches data

We use a small set of infrastructure providers (Amazon Web Services for hosting, Resend for transactional email, Stripe and Confido Legal for payments, Sentry for error monitoring, and — only when your firm enables them — Google and Microsoft for email and calendar integrations). Document content reaches these providers only in encrypted form or not at all. The current subprocessor list, with what each one sees, is maintained on our Security & Trust page.

Retention and deletion

  • Deleted clients and matters enter a 30-day recovery window, then are permanently and automatically destroyed — database records and encrypted file storage both.
  • Deleted data may persist in encrypted database backups for up to 30 additional days before aging out.
  • If your firm leaves Pasqio, you may export your data first; on request we permanently delete the firm's entire dataset.
  • Audit logs are retained indefinitely because of their evidentiary value to law firms.

Your rights

You may request access to, correction of, or deletion of personal information we hold about you by emailing hello@pasqio.com. For data your firm controls inside Pasqio (client records, documents), direct requests to your firm — we act as a processor on the firm's instructions.

Breach notification

If we confirm unauthorized access to your firm's data, we will notify your designated contact within 72 hours with what was accessed, when, containment status, and recommended actions.

Changes and contact

We will post material changes to this policy here and notify firm administrators by email. Questions: hello@pasqio.com.

Related capabilities
Terms of Service
The agreement governing your use of Pasqio.
Security & Trust
Our controls, subprocessors, and live status.