Trust Center

LitiSync, Inc. Privilege & Confidentiality Framework

This Privilege & Confidentiality Framework describes the operational, technical, and governance controls used by LitiSync, Inc. (“LitiSync,” “we,” “our,” or “us”) to support confidentiality protections and attorney-client privilege when law firms use the LitiSync platform (the “Service”).

1. Purpose

The purpose of this framework is to describe safeguards designed to support attorney-client confidentiality obligations and preserve privileged communications when the Service is used under the direction of participating law firms.

This framework reflects operational practices and governance controls and should be read together with the applicable Master Service Agreement, Data Processing Agreement, Privacy Policy, and other governing agreements.

2. Role of the Platform

LitiSync operates as a technology service provider that processes information on behalf of participating law firms.

Participating law firms:

  • Determine the purposes and means of processing legal matter data;
  • Determine whether communications are confidential or privileged under applicable law;
  • Supervise legal workflows supported by the Service; and
  • Retain responsibility for complying with professional responsibility and confidentiality obligations.

LitiSync does not provide legal advice and does not independently determine privilege status of communications.

3. Intended Privilege Positioning

Where the Service is used in connection with legal representation, communications and matter materials processed through the Service may be intended to support confidential communications, attorney-client privilege, or attorney work product protections to the extent applicable under law.

LitiSync cannot guarantee that privilege or work product protection applies in any particular instance. Preservation of privilege depends on applicable law and the actions of the participating law firm and its clients.

The Service may include workflow prompts and messaging designed to reinforce confidentiality awareness, including guidance encouraging intake participants to communicate from private settings and avoid unauthorized disclosure.

4. Attorney-Controlled Access and Governance

Access to matter-related information within the Service is controlled by participating law firms through role-based permissions and account authorization.

Participating law firms determine:

  • Which users may access case-related materials;
  • The level of access granted to each authorized user;
  • When access is modified or revoked;
  • How retention settings are configured for their matters; and
  • Whether and how matter data is exported or shared.

LitiSync personnel access Customer Data only as necessary to operate, maintain, secure, or support the Service and under documented confidentiality obligations.

5. Confidential Handling of Matter Information

Information submitted through the Service—including intake communications, recordings, transcripts, uploaded documents, structured intake data, and related materials—is treated as confidential and processed solely to provide platform functionality and related support services.

LitiSync does not use matter data for advertising purposes and does not disclose such information except:

  • At the documented direction of the law firm controlling the matter;
  • As required by law, subpoena, or valid legal process;

To authorized subprocessors providing infrastructure or support services under contractual confidentiality and data protection obligations.

6. Security Controls Supporting Confidentiality

To support confidentiality protections, LitiSync maintains administrative, technical, and organizational safeguards including:

  • Encryption of data in transit and at rest;
  • Role-based access controls and authentication safeguards;
  • System monitoring, logging, and access auditing;
  • Secure hosting environments and infrastructure protections;
  • Incident detection and response procedures designed to address unauthorized access risks.

No security control eliminates all risk. Safeguards are designed to reduce the likelihood and impact of unauthorized access, disclosure, or alteration.

7. Workforce Confidentiality Obligations

Personnel with authorized system access are subject to confidentiality obligations and internal policies governing the handling of customer information.

Access to matter data is limited to personnel with a legitimate operational need and is subject to internal controls, monitoring, and governance procedures.

8. Law Firm Responsibilities

Participating law firms remain responsible for:

  • Determining privilege status of communications;
  • Providing clients with appropriate confidentiality instructions;
  • Managing internal user access permissions;
  • Reviewing all system-generated outputs before legal use or reliance;
  • Complying with applicable professional responsibility and confidentiality rules; and
  • Ensuring proper handling of exported or downloaded materials.

9. Data Retention and Confidentiality Lifecycle

Matter-related information remains subject to confidentiality protections throughout its lifecycle within the Service.

Retention and deletion are governed by:

  • Law firm–directed retention settings;
  • Applicable contractual agreements;
  • Legal and regulatory obligations; and
  • Operational security requirements.

Upon direction from the participating law firm and subject to applicable law, matter data may be exported or deleted in accordance with established procedures.

10. Incident Notification

If LitiSync becomes aware of a confirmed security incident involving unauthorized access to Customer Data, LitiSync will notify the affected law firm without undue delay in accordance with contractual and legal requirements and will cooperate in reasonable investigation and remediation efforts.

11. Continuous Governance and Review

LitiSync periodically reviews internal security, confidentiality, access-control, and operational practices to maintain safeguards designed to support privileged legal workflows and evolving regulatory expectations.

12. Limitations of This Framework

This framework describes operational controls and governance practices and does not independently create an attorney-client relationship or establish legal privilege. Privilege and confidentiality protections are governed by applicable law and attorney supervision.

13. Changes to This Framework

LitiSync may modify this Privilege & Confidentiality Framework from time to time to reflect updates to the Service, operational practices, security measures, or legal requirements. Unless otherwise required by applicable law, updates become effective upon posting the revised version to the Service or website. Continued use of the Service after the effective date constitutes acceptance of the revised Framework. To the extent permitted by law, modifications will not apply retroactively to disputes arising before the effective date.

14. Contact

Questions regarding this Privilege & Confidentiality Framework may be directed to:

LitiSync, Inc.
Security & Compliance

c/o Law Office of Andrea Paparella, PLLC

134 W. 29th Street, Suite 1001

New York, NY  10001-5304

United States