Privacy Policy

Last updated: March 15, 2026

1. Introduction

ExpertPractice (“Service”) is operated by WatneySoft LLC (“Company,” “we,” “us,” or “our”). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

We understand that expert witnesses handle sensitive case data and privileged information. We take the privacy and security of your data seriously. Please read this Privacy Policy carefully. By using the Service, you consent to the practices described herein.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

  • Name and email address
  • Professional credentials (title, specialty area)
  • Firm or practice name
  • Contact information (address, phone number)
  • Invoice preferences (payment terms, invoice prefix, notes)

2.2 Case Data

When you use the Service, you may enter:

  • Case names, numbers, and descriptions
  • Attorney and law firm contact information
  • Court and jurisdiction details
  • Engagement type and status
  • Rate structures per case

2.3 Time Entries and Invoices

  • Activity types, hours worked, and billing rates
  • Work descriptions and entry dates
  • Generated invoices, invoice numbers, and payment status
  • Invoice totals and financial calculations

2.4 Documents

  • Files you upload to the Service (engagement letters, reports, correspondence)
  • Document metadata (file name, size, type, upload date)

2.5 Usage and Analytics Data

  • Pages visited and features used
  • Browser type, device type, and operating system
  • IP address (anonymized for analytics)
  • Referring URLs and session duration

2.6 Payment Information

Payment processing is handled by Stripe. We do not store your credit card numbers or bank account details on our servers. Stripe's handling of your payment information is governed by their Privacy Policy.

3. How We Use Your Information

We use the information we collect to:

  • Provide the Service — Store your cases, time entries, invoices, and documents; generate invoice PDFs; and enable all core features.
  • Improve the Product — Analyze aggregate usage patterns to improve features, fix bugs, and enhance the user experience. We do not use your case data or invoice content for product improvement.
  • Send Transactional Emails — Account verification, password resets, subscription confirmations, and critical service notifications.
  • Process Payments — Manage subscriptions, process charges, and handle billing inquiries through Stripe.
  • Provide AI Features — When you use the AI Practice Assistant, your queries are sent to our AI provider (Groq) for processing. We do not send your case data, time entries, or invoices to AI providers unless you explicitly include that information in your query.
  • Respond to Support Requests — Address your questions, troubleshoot issues, and provide customer support.

4. Data Storage and Security

Your data is stored in a PostgreSQL database hosted by Supabase, which operates on SOC 2-compliant infrastructure (Amazon Web Services). We implement the following security measures:

  • Encryption in Transit — All data transmitted between your browser and our servers is encrypted using TLS 1.2 or higher.
  • Encryption at Rest — Database storage is encrypted at rest using AES-256 encryption.
  • Row-Level Security — Database access controls ensure that you can only access your own data. No other user can view, modify, or access your cases, time entries, invoices, or documents.
  • Authentication — Secure authentication with PKCE flow, password hashing, and session management.

While we implement commercially reasonable security measures, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security of your data.

5. Third-Party Services

We use the following third-party services to operate the Service. Each has its own privacy policy governing how they handle data:

ServicePurposeData Shared
SupabaseDatabase, authentication, file storageAll application data
VercelWeb hosting and deploymentWeb requests, IP addresses
StripePayment processingEmail, payment details
ResendTransactional emailsEmail address, email content
PostHogProduct analyticsAnonymized usage events, page views
GroqAI Practice AssistantUser queries (only when AI feature is used)

6. We Never Sell Your Data

We do not sell, rent, lease, or trade your personal information or case data to third parties. Period.

We do not share your data with third parties for their marketing purposes. We do not monetize your data in any way other than providing the Service to you. This commitment applies to all data you enter into the Service, including case information, time entries, invoices, and documents.

7. Cookies and Analytics

We use the following cookies and tracking technologies:

  • Session Cookies — Essential cookies required for authentication and maintaining your login session. These are strictly necessary and cannot be disabled.
  • Theme Preference — A cookie to remember your dark/light mode preference.
  • PostHog Analytics — We use PostHog for product analytics to understand which features are used and how we can improve the Service. PostHog collects anonymized usage data including page views, feature interactions, and session duration. No case data, time entry details, or invoice content is sent to PostHog.

8. Data Retention and Deletion

8.1 Active Accounts. We retain your data for as long as your account is active and you maintain an active subscription.

8.2 Canceled Accounts. After your subscription ends, we retain your data for 90 days to allow you to reactivate your account. After 90 days, your data may be permanently deleted.

8.3 Deletion Requests. You can delete all your data at any time using the “Delete All My Data” button in your account Settings. This immediately and permanently removes all your cases, time entries, invoices, documents, expenses, payments, and account data. You may also contact us at support@myexpertpractice.com for assistance. Some data may be retained in backups for up to 90 additional days before being permanently deleted.

8.4 Legal Obligations. We may retain certain data as required by applicable law, including for tax, legal, or regulatory compliance purposes.

9. Your Rights

You have the following rights regarding your data:

  • Access — You can access all your data through the Service at any time. Your cases, time entries, invoices, and documents are always available to you while your account is active.
  • Correction — You can update or correct your personal information and case data through the Service at any time.
  • Deletion — You can request deletion of your account and all associated data by contacting us.
  • Export — You can request an export of your data in a machine-readable format by contacting us. We will provide your data within 30 days of the request.
  • Restriction — You can request that we restrict processing of your data in certain circumstances.
  • Objection — You can object to processing of your data for certain purposes, including analytics.

To exercise any of these rights, contact us at support@myexpertpractice.com.

10. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

  • Right to Know — You can request disclosure of the categories and specific pieces of personal information we have collected about you.
  • Right to Delete — You can request deletion of your personal information, subject to certain exceptions.
  • Right to Opt-Out of Sale — We do not sell personal information. This right is automatically satisfied.
  • Non-Discrimination — We will not discriminate against you for exercising your CCPA rights.

To exercise your CCPA rights, contact us at support@myexpertpractice.com.

11. European Privacy Rights (GDPR)

If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR):

  • Legal Basis — We process your data based on: (a) your consent, (b) performance of our contract with you (these Terms), (c) our legitimate interests in operating and improving the Service, and (d) compliance with legal obligations.
  • Data Portability — You have the right to receive your data in a structured, commonly used, machine-readable format.
  • Right to Lodge a Complaint — You have the right to lodge a complaint with your local data protection authority.
  • International Transfers — Your data is stored and processed in the United States. By using the Service, you consent to the transfer of your data to the United States.

12. Children's Privacy

The Service is not intended for use by anyone under the age of 18. We do not knowingly collect personal information from individuals under 18. If we learn that we have collected personal information from a person under 18, we will take steps to delete that information promptly. If you believe we have collected information from a minor, please contact us at support@myexpertpractice.com.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the updated policy on the Service and updating the “Last updated” date. For material changes, we will also send you an email notification. Your continued use of the Service after any changes constitutes acceptance of the updated Privacy Policy.

14. Contact Information

If you have questions about this Privacy Policy or our data practices, please contact us at:

support@myexpertpractice.com

WatneySoft LLC
Commonwealth of Virginia, United States