Data Processing Policy

1. Scope

This policy describes how Efficient Legal handles client data during technology migration engagements. It applies to all data processed on behalf of law firm clients as part of platform migration, integration, or data transformation projects.

2. Data We Process

During migration engagements, we may process: matter and case records, client contact information, billing and trust accounting records, document files and metadata, time entries, and custom field data as defined in your current practice management system. We process only the data necessary to complete the migration.

3. Legal Basis for Processing

We process client data under the legal basis of contractual necessity; specifically, to fulfill our obligations under the service agreement. We act as a data processor on behalf of the Client, who remains the data controller for all client and matter data.

4. Security Measures

All data transfers use TLS encryption. Intermediate migration files are stored in encrypted, access-controlled environments. Access is limited to the specific consultant(s) assigned to your engagement. We do not use client data for training AI models, analytics, or any purpose beyond the stated engagement.

5. Sub-processors

Where migration work requires use of cloud infrastructure or tools, we disclose such sub-processors to the Client prior to engagement commencement. Clients may object to specific sub-processors, and we will work to find alternatives where technically feasible.

6. International Transfers

Where data must cross jurisdictional boundaries (for example, to reach a cloud platform's servers), we document these transfers and implement appropriate safeguards. Clients are informed of all transfer mechanisms applicable to their engagement.

7. Post-Migration Deletion

Following successful migration and Client sign-off, all intermediate data files and copies are securely deleted within 30 days. We provide a written confirmation of deletion upon request.