← Back to In Rem

Privacy Policy

Last updated: April 29, 2026

This Privacy Policy governs InRem Legal AI Technologies Inc.'s ("we", "us", "our", or "In Rem") collection, use and disclosure of Personal Information, User Data, and Output.

Privacy and confidentiality are foundational to In Rem. Our customers are lawyers and law firms who bring client matter content into the app; that content is subject to legal professional privilege and the firm's own confidentiality obligations to its clients. We have built In Rem so that, by default, that content stays on the lawyer's device and is never used to train AI models or retained by us or our AI providers beyond the duration necessary to process your request.

Introduction

In compliance with the Personal Information Protection and Electronic Documents Act (PIPEDA), British Columbia's Personal Information Protection Act (PIPA), and other applicable legislation, this Privacy Policy provides transparency regarding our practices with respect to the storage, use, and disclosure of any personal information or data that is requested or generated when you use the In Rem application ("App") and related services (including our website at inrem.ai), as defined in the Terms of Service available at inrem.ai/terms (the "Terms").

Please read this Privacy Policy carefully. By using the App and Services, you consent to the terms of this Privacy Policy. If you do not agree with or consent to any aspect of this Privacy Policy, you should not use the App or the Services.

Purpose of the App

In Rem is an application for lawyers. Its purpose is to:

  1. Provide a chat interface in which a lawyer can perform legal research and draft legal documents with the assistance of a large language model ("AI Assistant"); and,
  2. Allow the AI Assistant to read, search, and create files within a folder on the lawyer's computer that the lawyer has explicitly designated as a workspace.

In Rem is intended to be used by qualified legal professionals as a tool to assist with their work. It does not provide legal advice, and the AI Assistant's outputs are not a substitute for the professional judgment of a lawyer.

Your Data

For the purposes of this Privacy Policy, we distinguish between three categories of data:

Personal Information means information about you as a user of the App: your name, e-mail address, billing information, account metadata such as authentication tokens and usage records, and technical information about your device and use of the App that is associated with your account.

User Data means content you provide to the App, including the contents of files in your designated workspace folder and your prompts to the AI Assistant.

Output means content the AI Assistant generates in response to your prompts, including AI Assistant responses, drafted documents, and any other artifacts produced from your User Data.

For lawyers using In Rem in the course of their practice, User Data and Output will routinely include material that is subject to solicitor–client privilege and the firm's confidentiality obligations to its clients. The handling, retention, and security rules described below apply equally to User Data and Output; references in this Privacy Policy to "User Data" should be read to include Output unless the context requires otherwise.

User Data Stored On Your Device

By default, all User Data lives on your device. Your designated workspace folder is a folder on your local file system that you select; we do not copy, mirror, or back up that folder to our servers. Conversation history, thread metadata, and other application state are stored in a local database on your device.

User Data is not accessible to any other person or device unless you share it.

User Data Sent To Our AI Providers

In order to power the AI Assistant, the App sends your prompts and the relevant portions of files in your workspace to our AI providers via their APIs. Responses from the AI Assistant are returned over the same connection. We refer to this content collectively as "AI Traffic".

We have Zero Data Retention (ZDR) agreements in place with each of our AI providers. Under those agreements:

Within a single working session, the App may use a provider's 5-minute ephemeral prompt cache. This is a transient, in-memory cache that allows the provider's API to avoid re-processing the same context across consecutive requests, which improves performance and reduces cost. Cached entries automatically expire within five minutes of last use and are not written to durable storage. Use of this cache is permitted under our ZDR agreements, and we are disclosing it to you here as part of those terms.

We route AI Traffic through a thin proxy server we operate (the "Proxy"). The Proxy authenticates your account, applies usage limits, and records non-content metadata about each request (timestamp, model, token counts, cost). The Proxy does not store the prompts or responses themselves. The Proxy passes AI Traffic through to the selected AI provider in real time.

Personal Information We Collect

In addition to User Data, we collect a limited set of Personal Information necessary to operate the App and our business:

Using and Disclosing Personal Information

We use Personal Information only to:

  1. Provide, operate, secure, and improve the App and Services;
  2. Authenticate you and protect your account;
  3. Bill you and collect payment;
  4. Provide technical support, although most issues can be resolved without our team viewing any of your Personal Information or User Data;
  5. Communicate with you about the App, including service updates and changes to this Privacy Policy; and,
  6. Comply with applicable laws, regulations, court orders, subpoenas, or other legal process.

We will not use or disclose your Personal Information for any additional purpose unless we obtain your consent, and we will never sell your Personal Information or your User Data.

If we are compelled by law, subpoena, or court order to disclose any Personal Information or User Data (to the extent any such data exists within our systems), we will, to the extent legally permitted, provide you with prompt written notice of the requirement so that you may seek a protective order or assert any applicable privilege before we respond.

Subprocessors

We rely on a small number of service providers ("Subprocessors") to operate the App, including AI model providers (each bound by Zero Data Retention terms), proxy and infrastructure hosting, authentication, and payments. Each Subprocessor is bound by terms that protect your data consistent with this Privacy Policy.

A current list of our Subprocessors, the purposes for which we use them, and the categories of data they process is available to customers on request. Please contact our Privacy Officer at privacy@inrem.ai to receive a copy.

Retaining Data

We retain User Data stored on your device for as long as you choose to keep it. You may delete files from your workspace folder, or delete the local In Rem database, at any time.

We retain Personal Information and usage metadata only as long as necessary to fulfill the purposes set out in this Privacy Policy or as required by law, and to allow you to exhaust any recourse you may have with respect to an access request under this Privacy Policy or any applicable law. When you close your account, we will delete or de-identify your Personal Information within 90 days, except where we are required to retain it for legal, accounting, or audit purposes.

We do not retain AI Traffic itself; as set out above, AI Traffic is processed by our AI providers under Zero Data Retention terms and is not stored by us or by them after the request completes.

Ensuring Accuracy of Personal Information

We rely on you to ensure that the Personal Information you provide while using the App or a related Service is accurate, complete and up-to-date.

Right to Access and Correct Personal Information

You may request access to, make corrections to, or delete your Personal Information at any time, subject to applicable laws or regulations. Upon written request, we will also provide you with a list of individuals or entities who have access to your Personal Information, if applicable. Please contact our Privacy Officer at privacy@inrem.ai for additional information.

Because User Data lives on your device, you control access to and deletion of it directly through your operating system and the App.

Cookies and Web Analytics

We use "cookies" on our website (inrem.ai) to help us analyze web traffic and evaluate and improve the content or functions of the website. A cookie is a small text file which is sent by a website, accepted by a web browser and then placed on your device. You may be able to set your browser to refuse all cookies from this and other websites; some portions of the website may not function properly if you choose to reject cookies. The In Rem App itself does not use cookies.

We may use third-party web analytics services on our website. The analytics providers that administer these services use technologies such as cookies to help us analyze how visitors use the website. The information collected through these technologies (including IP address) is disclosed to these analytics providers, who use the information to evaluate use of the website on our behalf.

Safeguards

We maintain appropriate storage and processing practices and security measures to protect your Personal Information and User Data from unauthorized access, collection, use, disclosure, copying, modification or destruction. We will use appropriate security measures when destroying Personal Information, such as de-identifying or deleting electronically stored information. We will review and update our security policies and controls as technology changes to ensure ongoing security; however, please bear in mind that no internet or email transmission is ever fully secure or error free and no security system is impenetrable. We cannot fully guarantee the confidentiality of any information transmitted to us or to our Subprocessors.

If the App or related Services contains links to other websites, this Privacy Policy does not govern those websites. You should read their privacy policies and make an informed decision about whether you want to use those websites or their services.

Location of Services

In Rem is operated from Canada. Personal Information held in our authentication and billing systems is processed in Canada and the United States by our Subprocessors. AI Traffic is processed by our AI providers in the United States and other jurisdictions where our AI providers operate, under Zero Data Retention terms as described above. By using the App, you consent to your Personal Information being processed in these jurisdictions.

Changes to this Privacy Policy

This Privacy Policy may be updated periodically to reflect changes in our practices. We will post a notice on our website and in our App to notify you of significant changes, and indicate at the top of the Privacy Policy when it was most recently updated. Your continued use of the App or Services after a change to this Privacy Policy constitutes your acceptance of the updated policy.

Questions and Complaints

You may send your privacy-related questions, concerns or complaints to our Privacy Officer, who is responsible for ensuring our compliance with this Privacy Policy and with applicable privacy legislation.

Email: privacy@inrem.ai InRem Legal AI Technologies Inc. 15 Prince Arthur Ave., Suite 200 Toronto, ON M5R 1B2 Canada

If our Privacy Officer is unable to resolve your concern, you may also write to the Office of the Privacy Commissioner of Canada or to the Information and Privacy Commissioner of Ontario.

← Back to In Rem