MassTorts247 respects your privacy. This Privacy Policy explains what information we collect, how we use it, with whom we share it, how long we keep it, and the rights you have over your information. Questions? Contact privacy@masstorts247.com.
1. Who We Are (Data Controller)
This Privacy Policy applies to MassTorts247.com ("MassTorts247," "the Platform," "we," "us," or "our"), operated by LeadGen247 LLC, a Florida limited liability company. For the purposes of GDPR, we are the data controller. For CCPA/CPRA purposes, we are the business.
Mailing address and Data Protection Officer contact are listed at the end of this Policy.
2. Information We Collect
2.1 Information You Provide
- Account information: name, corporate email address, job title, firm or organization name, and authentication identifier from Google OAuth or Microsoft 365.
- Billing information: payment method and billing address (processed by Stripe — we do not store full credit card numbers).
- Profile preferences: watch list selections, tort preferences, notification settings.
- User-generated content: queries to Ask MT247, notes you save, feedback you submit.
- Communications: emails you send us, support tickets, survey responses.
2.2 Information Collected Automatically
- Device and usage data: IP address, browser type and version, operating system, referring URL, pages visited, features used, timestamps.
- Cookies and similar technologies: see our Cookie Policy.
- Analytics: aggregate, anonymized metrics via Google Analytics 4 (or equivalent).
2.3 Information From Third Parties
- Authentication providers: Google and Microsoft provide your email, name, and profile image when you sign in.
- Payment processor: Stripe provides transaction status and billing metadata.
- Public records: the Platform aggregates public mass tort data. This is not personal information about our users.
3. How We Use Your Information
| Purpose | Legal Basis (GDPR) |
|---|---|
| Provide and operate the Platform, authenticate users | Contract performance |
| Process payments and manage subscriptions | Contract performance |
| Send service communications, feature updates, transactional email | Legitimate interest / Contract |
| Send marketing and promotional emails (with opt-out) | Legitimate interest / Consent |
| Analytics, product improvement, aggregate reporting | Legitimate interest |
| Security, fraud prevention, abuse detection | Legitimate interest / Legal obligation |
| Comply with legal obligations, respond to valid legal requests | Legal obligation |
4. Who We Share Information With
We do not sell personal information. We share limited information with the following categories of recipients, only to the extent needed to operate the Platform:
- Service providers (processors): hosting (Vercel), authentication (Google Workspace, Microsoft), payments (Stripe), email delivery (Google Workspace and transactional email providers such as Resend or Postmark), analytics (Google Analytics 4), customer support tools, and error monitoring (Sentry or equivalent).
- Professional advisors: our lawyers, auditors, and accountants, under confidentiality.
- Business transfers: in the event of a merger, acquisition, or asset sale, user information may transfer to the successor entity, subject to this Policy.
- Legal compliance: when required by valid legal process, court order, or to protect rights, property, or safety.
Each service provider operates under contractual obligations to protect your information and use it only for the purposes we direct.
5. Cookies and Tracking
We use cookies and similar technologies for authentication, preferences, security, and analytics. See our Cookie Policy for full details, including how to manage your cookie preferences.
6. Data Retention
| Data Category | Retention Period |
|---|---|
| Account data (while active) | For the life of your account |
| Account data (after account deletion) | 30 days, then deleted or anonymized |
| Billing and transaction records | 7 years (tax and audit compliance) |
| Support tickets and correspondence | 3 years |
| Usage logs and analytics | 26 months, or anonymized aggregate indefinitely |
| Backups | 90 days, automatically rotated |
We may retain information longer where required by law, for legitimate business interests (e.g., fraud prevention), or to resolve disputes.
7. International Data Transfers
MassTorts247 operates from the United States. If you access the Platform from outside the United States, your information is transferred to and processed in the United States. For users in the European Economic Area, United Kingdom, or Switzerland, we rely on Standard Contractual Clauses (SCCs) and other lawful transfer mechanisms with our service providers.
8. Security
We use industry-standard security measures — including TLS encryption in transit, encrypted storage at rest, OAuth-based authentication (no password management by us), principle-of-least-privilege access controls, automated vulnerability scanning, and monitoring. No system is perfectly secure. If you become aware of a security issue, please contact security@masstorts247.com.
9. Your Rights
9.1 General Rights (All Users)
Regardless of where you are located, you may:
- Access and download your account information
- Correct inaccurate information
- Delete your account and associated data
- Opt out of marketing emails at any time via the unsubscribe link
- Close your account and request data deletion by emailing privacy@masstorts247.com
9.2 European Economic Area / United Kingdom / Switzerland (GDPR)
If you are in the EEA, UK, or Switzerland, you have the additional rights under GDPR to:
- Request access to your personal data
- Request rectification of inaccurate data
- Request erasure ("right to be forgotten")
- Request restriction of processing
- Data portability (receive your data in a machine-readable format)
- Object to processing based on legitimate interest
- Withdraw consent at any time (where processing is based on consent)
- Lodge a complaint with your local supervisory authority
To exercise these rights, contact privacy@masstorts247.com. We respond within 30 days.
9.3 California Residents (CCPA/CPRA)
If you are a California resident, you have the right to:
- Know what personal information we collect, use, disclose, and sell or share
- Request a copy of the personal information we have collected about you
- Request deletion of your personal information
- Correct inaccurate personal information
- Limit the use and disclosure of sensitive personal information
- Opt out of the sale or sharing of personal information (we do not sell personal information)
- Non-discrimination for exercising your rights
To submit a request, email privacy@masstorts247.com with "CCPA Request" in the subject line. We may verify your identity before fulfilling requests.
9.4 Authorized Agents
You may designate an authorized agent to make requests on your behalf. The agent must provide written authorization, and we may verify both your identity and the agent's authority.
10. Children's Privacy
The Platform is not directed to children under 18. We do not knowingly collect personal information from anyone under 18. If you believe a child has provided us with personal information, contact privacy@masstorts247.com and we will delete the information.
11. Automated Decision-Making
The Platform uses automated analysis (including AI-generated case scoring and Tort Opportunity Scores). These outputs are informational only — they do not produce legal effects for any individual without human review. No Platform automation makes decisions about employment, credit, insurance, or other protected categories.
12. Marketing Communications
We may send you service emails (account, billing, security) regardless of marketing preferences — these are required to operate your account. You may opt out of marketing emails (weekly intelligence digest, product updates, promotional content) at any time using the unsubscribe link in any marketing email or by contacting us.
13. Do Not Track
Some browsers offer a "Do Not Track" (DNT) signal. No widely accepted standard for DNT response exists. We currently do not alter our behavior based on DNT signals, but we honor cookie preferences set via our cookie consent banner.
14. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be announced on the Platform or by email at least 14 days before they take effect. The "Last updated" date indicates the most recent revision.
15. Contact and Data Protection Officer
For privacy questions, data rights requests, or to contact our Data Protection Officer:
- Email: privacy@masstorts247.com
- Subject line: "Privacy Request — [your topic]"
- Postal: LeadGen247 LLC, [physical mailing address], Miami, Florida, USA
We will respond to all verified requests within 30 days (45 days for complex requests, with notice).
Summary: We collect the minimum information needed to operate the Platform, we do not sell your information, we retain data only as long as necessary, and you have extensive rights to access, correct, and delete your information.