The Hammer Lex (“The Hammer Lex,” “we,” “us,” or “our”) is a practice management platform for law firms operated by The Hammer Lex LLC. We respect your privacy and are committed to protecting the personal information you share with us. This Privacy Policy applies to hammerlex.com and the related applications, dashboards, and services we provide (together, the “Services”).
1.Information we collect
We collect the following categories of information:
Information you provide directly
- Account & profile data — name, work email, phone number, firm or organization name, role, password, and timekeeper rates.
- Billing data — subscription plan, billing contact, and partial payment details (such as card brand and last four digits). Full card numbers are handled by our payment processor and are not stored on our servers (see Payment processing).
- Staff & HR data — where the platform’s staff module is used, profiles, skills, banking details, and time-off requests entered by your firm.
- Communications — information you submit through contact forms, demo requests, support tickets, and email.
Customer Data your firm submits
- Client & matter records, intake and conflict-check inputs, time entries, invoices, expenses, calendar/deadline data, and documents (such as retainers, pleadings, and motions). This may include information about your firm’s clients and other third parties.
Information collected automatically
- Usage & device data — IP address, browser and device type, pages viewed, features used, referring URLs, and timestamps.
- Cookies & similar technologies — see Cookies & tracking.
2.How we use information
We use personal information to:
- Provide, operate, secure, and maintain the Services;
- Create and manage accounts and authenticate users;
- Process subscriptions, payments, and renewals, and prevent fraud;
- Respond to inquiries, demo requests, and support tickets;
- Send service and administrative messages, and—where permitted—product updates you can opt out of;
- Monitor, analyze, and improve performance, reliability, and features;
- Comply with legal obligations and enforce our agreements.
We do not sell personal information, and we do not use Customer Data to train AI models or for our own marketing.
3.Legal bases for processing
Where the EU/UK GDPR applies, we rely on these legal bases: performance of a contract (to provide the Services), legitimate interests (to secure and improve the Services and prevent fraud), consent (for certain cookies and marketing, which you may withdraw), and legal obligation (to meet tax, accounting, and other requirements).
4.How we share information
We share information only as described here:
- Service providers (sub-processors) who process information on our behalf under contract. Current categories and providers include:
| Purpose | Provider |
|---|---|
| Payment processing | Stripe, Inc. |
| Cloud hosting & infrastructure | [e.g., Microsoft Azure / AWS / Bluehost] |
| Email & transactional messaging | [e.g., your email provider] |
| Product analytics | [e.g., your analytics provider, if any] |
| Customer support | [e.g., your support tool, if any] |
- Legal & safety — when required by law, subpoena, or to protect the rights, safety, and property of The Hammer Lex, our users, or others.
- Business transfers — in connection with a merger, acquisition, financing, or sale of assets, subject to this policy.
- With your direction — for example, when your firm grants client-portal access or exports data.
5.Payment processing
Payments are processed by Stripe. When you subscribe, your payment card information is collected and processed directly by Stripe under its own terms and privacy policy; we receive limited information such as a transaction confirmation, card brand, expiration, and the last four digits. We do not store full card numbers. Stripe’s handling of your data is governed by the Stripe Privacy Policy.
6.Customer Data & your firm
For information your firm uploads about its clients, matters, and staff, your firm is the controller and we are the processor. We process that Customer Data only to provide the Services and per your firm’s documented instructions. If you are an individual whose data appears in the platform because a law firm uses our Services (for example, a client of that firm), please direct privacy requests to that firm; we will assist the firm in responding. Firms that require a formal Data Processing Agreement (DPA) can request one at support@hammerlex.com.
7.Data retention
We retain personal information for as long as your account is active and as needed to provide the Services, then for the period required to meet legal, tax, accounting, and dispute-resolution obligations. Customer Data is retained according to your firm’s subscription and is deleted or returned on request after termination, subject to legal holds and backup cycles.
8.How we protect information
We use administrative, technical, and physical safeguards designed to protect personal information, including encryption in transit, role-based access controls, and least-privilege access. No method of transmission or storage is completely secure, so we cannot guarantee absolute security. If we become aware of a breach affecting your information, we will notify you and any regulators as required by law.
9.Your privacy rights
Depending on where you live, you may have the right to access, correct, delete, or port your personal information, to object to or restrict certain processing, and to withdraw consent. Residents of California (CCPA/CPRA) may request access to and deletion of personal information and may opt out of any “sale” or “sharing” of personal information—note that we do not sell personal information. To exercise any right, contact us at support@hammerlex.com. We will not discriminate against you for exercising these rights, and we may need to verify your identity before responding.
10.Cookies & tracking
We use cookies and similar technologies to keep you signed in, remember preferences, secure the Services, and understand usage. You can control cookies through your browser settings; disabling some cookies may affect functionality. [If you deploy a cookie banner or analytics, describe the categories and how to opt out here.]
11.International transfers
We are based in the United States and may process information in the U.S. and other countries where we or our service providers operate. Where required, we use appropriate safeguards (such as Standard Contractual Clauses) for cross-border transfers of personal information.
12.Children’s privacy
The Services are intended for businesses and professionals and are not directed to children under 16. We do not knowingly collect personal information from children. If you believe a child has provided us information, contact us and we will delete it.
13.Changes to this policy
We may update this Privacy Policy from time to time. When we make material changes, we will revise the “Last updated” date above and, where appropriate, provide additional notice. Your continued use of the Services after an update means you accept the revised policy.
14.Contact us
If you have questions or requests about this policy or your personal information, contact:
The Hammer Lex LLC
Email: support@hammerlex.com