Law Firm Signals
Legal · Law Firm Signals

Privacy Policy

Last updated June 4, 2026

This policy explains what information Law Firm Signals processes, why, and the choices you have. It covers both the people who use our product and the public professional information we classify into signals. Please read it alongside our Terms of Service and Source Policy.

01Who we are

Sure Scale Private Limited (UEN 202407567D), a company registered in Singapore and trading as Law Firm Signals ("Law Firm Signals", "we", "us", or "our") provides public-signal intelligence to legal technology vendors. For the personal data described here, we act as the data controller. You can reach us through our contact page for general questions, or at privacy@lawfirmsignals.com for privacy, data, and removal requests. Our Data Protection Officer is Nicholas Watson (nick@lawfirmsignals.com).

02At a glance

This summary is here to orient you. It is not a substitute for the full policy below.

  • What we collect: account details of people who use the product, and publicly disclosed professional information about law firms and the people acting for them in a professional capacity.
  • Where it comes from: only public sources: firm websites, press, published insights, directories, public technical records, and public discussion on platforms such as Reddit, X, and LinkedIn. No data brokers, no purchased lists, no private or gated data.
  • How we use it: to operate the product and to classify public events into structured buying signals. We do not sell your account data, watchlist, or signal engagement.
  • AI: we use AI models to classify and summarise public information and to draft engagement briefs. These outputs are interpretations and can be wrong; we apply an editorial threshold and you should verify before acting.
  • Your rights: you can access, correct, or delete your data, and individuals named in signal data can request removal.

03What data we process

We process the following categories of data:

  • Account data: the work email, name, company, role, and usage activity of people who sign up for or use the product, plus support correspondence. We also record IP address and user agent at login for security.
  • Signal data: publicly disclosed professional information about law firms and named individuals acting in a professional capacity (for example, a partner who co-authors a published article or a disclosed lateral move), classified into structured signals.
  • Stakeholder data: the names, professional roles, and likely involvement of senior people associated with a public change (for example, a budget holder or innovation lead). Inferred involvement is an interpretation, not a statement of fact: see Classification and inference.
  • Contact data: business email addresses and other professional contact details, sourced from public pages or inferred from public patterns and then validation-checked. We do not include phone numbers unless they are publicly disclosed.

04Where the data comes from

Signal, stakeholder, and contact data are sourced exclusively from publicly available information: firm careers pages and job postings, official press releases and published insights, about, practice and people pages, public homepage positioning, office and contact pages, public technical records (such as nameserver and MX records and site technology detections), legal industry directories, and public discussion on platforms such as Reddit, X, and LinkedIn. We do not use data brokers, purchase contact lists, or access private, gated, or non-public information, and we do not bypass authentication, paywalls, or technical access controls. Public pages are crawled at a respectful rate. Our full approach is set out in the Source Policy.

06How we use data

We use account data to operate the service, provide support, secure accounts, and communicate with you. We use signal, stakeholder, and contact data to classify public events into structured buying signals, map likely stakeholders, and prepare engagement context for our customers. We do not sell, rent, or share your account data, watchlist, or signal engagement with any third party. We may create aggregated or de-identified statistics (for example, the volume of signals detected) that do not identify any individual.

07Classification, inference, and AI

Turning a public change into a signal involves interpretation. We use automated processing (including AI and large language models) to classify changes against vendor categories, summarise public material, infer the likely people behind a change, score confidence, and draft engagement briefs.

These outputs are interpretations of public information, not verified statements of fact. AI systems can produce inaccurate, outdated, or fabricated information (sometimes called "hallucinations"), including incorrect facts, URLs, attributions, or names. We apply an editorial relevance threshold and cite the public source behind each signal so it can be checked, but we do not warrant that any signal, stakeholder mapping, or brief is complete or correct. Confidence scores are provided wherever inference is involved.

This automated processing supports your sales activity and does not produce legal or similarly significant effects on any individual within the meaning of GDPR Article 22. To generate these outputs we send relevant public data to third-party AI model providers (such as Anthropic Claude via AWS Bedrock); these providers are contractually restricted from using the data to train their own models, and data is encrypted in transit. You can request human review of any classification that concerns you.

08Contact data and outreach

Business email addresses are taken from public sources or inferred from public patterns and then validation-checked (for example, bounce-checked) before use. Inferred contact data may still be incomplete or incorrect. We surface recommendations and context only: we never send outreach on your behalf, and we do not operate AI agents that contact firms automatically. If you use signal or contact data to reach out, you are the sender and are responsible for complying with applicable law, including anti-spam and data-protection rules (such as PECR, CAN-SPAM, CASL, and the GDPR) and honouring opt-out requests.

09Disclosure and sub-processors

We do not sell your personal information and we do not share it for cross-context behavioural advertising. We share data only with:

  • Service providers / sub-processors: infrastructure and hosting, transactional and marketing email, payment processing, error tracking, AI model providers, and public-web research and search services, each bound by a data processing agreement. A current list is available on request.
  • Legal and protection: where required by law or valid request from a public authority, or to protect our rights, safety, or property.
  • Business transfers: as part of a merger, acquisition, or sale of assets, with notice to you.
  • With your consent: where you ask us to share data with a third party.

10Data retention

We retain account data for as long as your account is active and for a reasonable period afterwards to meet legal and operational obligations. Signal, stakeholder, and contact data are retained while they remain relevant to our customers and are refreshed against their public source; data that no longer reflects its public source is updated or removed.

11Data security

We apply appropriate technical and organisational measures, including encryption in transit and at rest, access controls, rate limiting, and periodic security reviews. No method of transmission or storage is completely secure, so while we use commercially reasonable measures we cannot guarantee absolute security.

12International transfers

We are based in Singapore and our infrastructure and AI model providers operate primarily in the United States. Where we transfer personal data internationally, we use appropriate safeguards (such as the European Commission's standard contractual clauses and equivalent UK arrangements) so that data transferred out of the EEA, the UK, or Singapore receives an adequate level of protection.

13Your rights

Subject to applicable law, you have the right to access, correct, or erase your personal data, to object to or restrict processing, to data portability, and to withdraw consent where we rely on it. You may also lodge a complaint with a supervisory authority. To exercise these rights, contact privacy@lawfirmsignals.com; we respond within 30 days (or sooner where required), and may extend by up to 60 days for complex requests with notice to you. California residents have equivalent rights to know, delete, correct, and not be discriminated against; we do not sell or share personal information as those terms are defined under California law.

14Individuals referenced in signal data

We reference named individuals only where they have made their professional role and activity public. We do not build behavioural profiles of individual lawyers, infer private information, or process special-category data. Any individual can object to processing or request removal of their name via our contact page or at privacy@lawfirmsignals.com; we review and action valid requests promptly. If you believe a signal misstates a fact about you, flag it and we will return it to our editorial queue.

15Cookies

We use only the cookies necessary to run the product and understand aggregate usage. We do not use advertising cookies or sell behavioural data.

16Children's privacy

Our product is for business use and is not intended for anyone under 18. We do not knowingly collect personal information from children.

17Changes to this policy

We may update this policy from time to time. Material changes will be reflected in the "last updated" date above and, where appropriate, notified to account holders.

18Contact us

Questions or requests about this policy can be sent to privacy@lawfirmsignals.com or via our contact page.

Sure Scale Private Limited (trading as Law Firm Signals)
Data Protection Officer: Nicholas Watson
160 Robinson Rd, #14-04 SBF Center, Singapore 068914

Questions about this document? Get in touch.