Privacy Policy

Ruby Law Professional Corporation ("Ruby Law," "we," "us," "our") is a Canadian AI-native law firm licensed by the Law Society. We combine AI-assisted drafting with human review by licensed Canadian lawyers and paralegals so that founders and small businesses can access high-quality legal documents quickly and affordably.

Our service is delivered through rubylegal.ai. Self-serve drafts are generated by AI from a structured wizard; on the Counsel tier, a licensed lawyer reviews, revises, and finalizes the document before it is released to you. This Privacy Policy explains how we handle the personal information you share with us in connection with either workflow.

You can reach our Privacy Officer at admin@rubylegal.ai.

As a law firm, we are governed by the Rules of Professional Conduct and the By-Laws of the applicable law society in addition to general privacy law. The Rules most relevant to how we treat your information are Rule 3.3 (Confidentiality), Rule 3.4 (Conflicts of Interest), Rule 3.6 (Fees and Disbursements), and Rule 3.2-1A (Limited Scope Retainer).

Rule 3.3 imposes a strict and continuing duty of confidentiality over all information concerning a client’s business and affairs acquired in the course of the professional relationship, regardless of whether the information is privileged or the source. That duty is broader than solicitor-client privilege and applies from the moment you share information with us.

Rule 3.4 requires us to screen for conflicts before accepting a matter. We collect the minimum information necessary to run a conflicts check and will decline the engagement if a conflict exists. Rule 3.2-1A governs our limited scope engagements (for example, document-only engagements), which we confirm to you in writing before we begin work.

Account information: your name, email address, phone number, business name, and (where applicable) business address. You provide this when you create an account or begin a matter with us.

Matter intake and wizard answers: the names and addresses of the parties to your agreement, the commercial terms you want reflected in the document, any background facts you share in the Ruby chatbot, and every answer you give in the drafting wizard. Together these form the substantive file for your matter.

Identification information: where we act on an engagement, we collect the client identification and verification information required by applicable law society by-laws on client identification and verification, and the federal Proceeds of Crime (Money Laundering) and Terrorist Financing Act where applicable.

Technical information: IP address, device and browser type, session identifiers, pages visited, and essential cookies used to keep you signed in. We do not use advertising or cross-site tracking cookies.

Payment information: processed by Stripe Inc. We never see or store your full card number, CVV, or bank credentials — Stripe provides us only a tokenized reference and transaction metadata.

We collect personal information to generate your draft agreement, to allow a licensed lawyer or paralegal to review and finalize it on the Counsel tier, to run conflicts checks, to identify and verify clients under applicable law society by-laws and FINTRAC requirements, to issue invoices and process payment, to respond to your questions, and to comply with our professional, tax, and record-keeping obligations.

Under PIPEDA s.5 (Schedule 1, Principle 4.2 — Identifying Purposes), we identify the purposes for which personal information is collected at or before the time of collection. Under Principle 4.3 (Consent), we rely on your knowledge and consent, except where PIPEDA permits collection, use, or disclosure without consent (for example, to investigate a breach of an agreement or to comply with a court order).

We retain closed-matter files for a minimum of seven (7) years from the date the file is closed, consistent with applicable law society record retention guidelines and financial record requirements. Some records (for example, trust account records, wills, and real estate files) are retained longer where the applicable law society or legislation so requires.

After the retention period ends, files and associated personal information are securely destroyed or, where held in digital form, permanently deleted from active systems and backups on the next backup rotation cycle.

Account information for users who never convert to a paid matter is retained for 24 months from last activity and then deleted, unless you request earlier deletion.

Our lawyers and paralegals: the licensed Canadian lawyer assigned to your matter and any supporting paralegal or law clerk, all of whom are bound by applicable law society confidentiality rules and solicitor-client privilege where it attaches.

Anthropic PBC: we use the Anthropic Claude API to generate draft agreements from your wizard answers. We send Anthropic the wizard inputs and drafting instructions required to produce the document. Where available, we use Anthropic’s zero-retention API mode so that prompts and completions are not retained by Anthropic for training or logging beyond the immediate request. We do not send Anthropic your payment information, your account password, or client identification documents.

Stripe Inc.: for payment processing only. Stripe receives the information necessary to complete a transaction and is contractually bound to use it only for that purpose.

Cloud hosting and infrastructure providers: who store and transmit data on our behalf under written data processing terms.

Where required by law: a court order, subpoena, search warrant, law society investigation, or FINTRAC reporting obligation.

We never sell your personal information. We never use it for advertising, profiling, or training third-party AI models.

Solicitor-client privilege is the strongest protection Canadian law gives to communications with a lawyer, but it is narrower than confidentiality. Privilege attaches only once a solicitor-client relationship is formed, which for Ruby Law means once a written engagement letter has been signed and we have confirmed acceptance of the matter.

Before an engagement letter is signed — for example, while you are exploring the site, asking the Ruby chatbot general questions, or using the self-serve wizard without counsel review — the information you share with us is confidential as a business matter and is protected by applicable law society confidentiality rules, but it is not privileged. Once an engagement letter is in place, all communications with your Ruby Law lawyer for the purpose of giving or receiving legal advice are subject to solicitor-client privilege.

Self-serve drafts generated without lawyer review are NOT legal advice and do NOT create a solicitor-client relationship. If you want advice on your specific situation, you must engage us on the Counsel tier and sign a written engagement letter.

Under the Personal Information Protection and Electronic Documents Act, S.C. 2000, c. 5, you have the right to know what personal information we hold about you, to access it, to request correction of inaccuracies, to withdraw consent to further processing (subject to legal and contractual restrictions), and to receive an explanation of how your information has been used and to whom it has been disclosed.

To exercise any of these rights, email our Privacy Officer at admin@rubylegal.ai. We will respond within thirty (30) days as required by PIPEDA Principle 4.9, and where we cannot comply with a request we will explain the reason and the recourse available to you. We may require you to verify your identity before releasing personal information.

Some records are subject to solicitor-client privilege or law society retention rules, which may limit your right to deletion or correction. We will always tell you when and why a legal exception applies.

If you have a privacy concern, please contact our Privacy Officer first at admin@rubylegal.ai. We will investigate and respond in writing within 30 days.

If you are not satisfied with our response, you may file a complaint with the Office of the Privacy Commissioner of Canada at www.priv.gc.ca or by phone at 1-800-282-1376. In Quebec, you may file a complaint with the Commission d’accès à l’information.

If your concern relates to the professional conduct of a Ruby Law lawyer or paralegal, you may file a complaint with the applicable provincial law society.

We protect personal information with safeguards appropriate to its sensitivity, as required by PIPEDA Principle 4.7. All data is encrypted in transit using TLS 1.2 or higher and encrypted at rest using AES-256. Access to client matters is restricted on a least-privilege, need-to-know basis to the lawyer, paralegal, and technical staff directly assigned to the matter.

Administrative safeguards include written confidentiality obligations for every team member, mandatory law society-compliant training on confidentiality and conflicts, single sign-on with multi-factor authentication for all staff accounts, and periodic access reviews. Physical safeguards include secure cloud data centres with SOC 2 Type II controls.

Despite these safeguards, no system is completely secure. If we experience a breach of security safeguards involving a real risk of significant harm, we will notify you and the Office of the Privacy Commissioner of Canada as required by PIPEDA s.10.1.

If you are a Quebec resident, the Act respecting the protection of personal information in the private sector, CQLR c. P-39.1 (as amended by Law 25), also applies to you. In addition to your PIPEDA rights, you have the right to be informed when an automated decision is made about you using your personal information and to request the main factors and parameters that led to the decision, the right to data portability (to receive your information in a structured, commonly used technological format), the right to de-indexation where dissemination of your information causes serious injury, and the right to be informed before your personal information is transferred outside Quebec.

Our Privacy Officer (admin@rubylegal.ai) also serves as our Person in Charge of the Protection of Personal Information for Law 25 purposes. If you would like to exercise any Law 25 right, please contact us directly.

Some of our service providers, including Anthropic PBC and certain cloud infrastructure vendors, are located in the United States. When we send your personal information to those providers, it may be processed on servers outside of Canada and may become subject to lawful access requests under the laws of that jurisdiction (including the USA PATRIOT Act and the U.S. CLOUD Act).

Under PIPEDA Principle 4.1.3, we remain accountable for personal information transferred to a third party for processing and use contractual means to ensure a comparable level of protection. Our agreements with cross-border processors require encryption, confidentiality, data-handling standards at least equivalent to PIPEDA, and prompt notification of any unauthorized access.

By using the service, you acknowledge and consent to this cross-border transfer. If you do not want your information transferred outside Canada, please do not submit it through the site and contact us to discuss alternative delivery arrangements.

The Ruby Law service is a business-to-business legal service intended for use by adults 18 years of age or older. We do not knowingly collect personal information directly from children under 18. If you believe a child has provided us with personal information, please contact admin@rubylegal.ai and we will delete it promptly.

We use only essential, first-party cookies required to operate the site, keep you signed in, and remember your wizard progress between sessions. We do not use third-party advertising cookies, cross-site tracking cookies, or behavioural advertising pixels. We do not sell or share cookie data with advertisers.

You can disable cookies through your browser settings, but doing so may prevent the wizard and your account from working correctly.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal obligations. When we do, we will update the "Last updated" date at the top of this page. If the change is material (for example, a new category of data collection, a new processor, or a new cross-border transfer), we will give you notice through the site and, where we have an email address on file for you, by email at least fourteen (14) days before the change takes effect.

Your continued use of the service after the effective date of a change constitutes acceptance of the updated Policy.

Drafts generated by the Ruby Law wizard are produced by a large language model (currently Anthropic Claude) trained on general-purpose text and fine-tuned for Ruby Law through our proprietary prompts, clause libraries, and regulatory modules. The AI does not independently verify facts you provide in the wizard, and AI output can contain errors, omissions, or language that is not suitable for your specific situation.

On the Self-Serve tier, drafts are delivered without lawyer review. They are provided as document automation only and are NOT legal advice. No solicitor-client relationship is created by using the self-serve wizard. On the Counsel tier, a licensed Canadian lawyer or paralegal reviews the AI draft, revises it as needed, and finalizes the document before it is released to you, and a written engagement letter is put in place.

Ruby Law does not use your personal information, wizard answers, or drafts to train third-party AI models. Where we use Anthropic’s zero-retention API mode, your prompts and completions are not retained by Anthropic beyond the immediate API call.

Questions, access requests, or privacy concerns? Please contact our Privacy Officer:

Privacy Officer
Ruby Law Professional Corporation
admin@rubylegal.ai

Ruby Law Professional Corporation is a law firm licensed by the Law Society. See also our Terms of Service.