Privacy Policy
Last Updated: July 2025
Triple Checklist, LLC ("Triple Checklist", "We", "Us") is sensitive to your concerns about how we use the personal information we collect from you through Triple Checklist's website (the "Site") and our transaction checklist platform (the "Platform"). (The Site and Platform are collectively referred to as "Services".)
Triple Checklist provides software as a service for law firms to create, share, and track transaction checklists. This Privacy Policy explains the personal data we collect, how we use that personal data, and the reasons we may need to disclose personal data to others. It also describes the choices available to you regarding our use of your personal information and how you can access and update this information.
We will update this policy from time to time so please check our website for any updates. By using Triple Checklist's services, you accept the terms of this Privacy Policy. If you have questions or concerns about the Privacy Policy, please contact Customer Care at support@triplechecklist.com.
For purposes of data protection laws, Triple Checklist, LLC is the entity responsible for your information.
What information do we collect?
Information You Provide to Us
Triple Checklist requires each customer to provide us with personal information (collectively "Personally Identifiable Information") to access and use Triple Checklist services. Personally Identifiable Information is collected when a user interacts with Triple Checklist's Services, or communicates over the phone or email with a Triple Checklist employee, and willingly discloses that information. This disclosure may occur when a user registers with a Service, creates or joins a workspace, invites collaborators, contacts customer support, or participates in product feedback sessions, feature requests, or other aspects of services offered by Triple Checklist.
Personally Identifiable Information includes: (i) "Contact Data" (such as your name and email address); (ii) "Billing Data" (such as your subscription information, but not payment card details which are handled by our payment processor); (iii) "Professional Data" (such as your practice areas and firm information).
Information We Collect Automatically
Traffic Data. Triple Checklist or its third-party service providers may collect a variety of visitor data such as IP addresses, browser settings, internet service provider (ISP) information, referring/exit pages, operating systems, date/time stamps, and clickstream data (collectively "Visitor Data"). The Triple Checklist internal servers and software automatically recognize Visitor Data. The Platform may use Visitor Data to compile traffic data about the types of visitors who use the Platform at specific intervals (collectively "Traffic Data").
Cookies. Triple Checklist may use the standard cookie feature of major browser applications and third-party providers, or employ internally developed cookies and similar technologies that allow Triple Checklist to store a small piece of data on a user's computer, or any other device a user uses to access Services, about his or her visit to the Site or use of the Platform. You can control cookies through your browser settings, though some features may not function properly without them.
Location Information. When you use the Services, we may collect general location information (such as general location inferred from an IP address).
Information from Other Sources
We may collect information about you from third parties, such as marketing partners and researchers. Our customers may give us information about you, such as your Contact Data, in order to facilitate collaboration through our Services. We may combine this information with information we collect from you and use it as described in this Privacy Policy.
The role we have in relation to your personal data
Depending on the circumstances, Triple Checklist may be a data controller of your personal data or a data processor. In relation to personal data provided to us from customers to help manage their accounts or from prospective customers who have shown interest in Triple Checklist, we will be the data controller of that data.
In relation to personal data provided to us by our customers that relate to the services we provide to them, our customers are the data controllers and we are the data processor. See "Data we process on behalf of our customers" below.
How do we use the information we collect?
We use information we collect from the Services to: provide you with the Services; communicate with you; manage your subscription and account; manage and remember your preferences and customize the Services; analyze and improve the Services; enhance our customer support; verify your identity; ensure compliance and security; inform you of new features and updates; comply with our legal obligations or as permitted by law; protect the safety and/or integrity of our users, employees, third parties, members of the public, and/or the Services; and prevent fraud and enforce our legal terms.
We may combine information that we collect from you through the Service with information that we obtain from other sources. We may also aggregate and/or de-identify information collected through the Services. We may use de-identified or aggregated data for any purpose, including without limitation for research and marketing purposes.
How do we disclose the information we receive?
Except as disclosed here, we do not rent, sell, or disclose your personal information to third parties. We disclose customer information as follows:
Subscription Processing. Triple Checklist uses third-party payment processors to handle subscription payments. Your Contact Data may be used to send you subscription-related communications, respond to support inquiries, inform you of Service updates, and send you information about Triple Checklist features and best practices.
Third Party Integrations. We do not provide Personally Identifiable Information to third parties for their marketing purposes. However, if you connect third-party services (such as document management systems or practice management platforms) to enhance your use of our Services, we may share necessary information with those platforms solely to enable the integration you have requested.
Required by Law. We may also disclose your personal information: as required by law, such as in response to a subpoena or similar legal process, and when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a legal request.
Service Providers. We may disclose your Personally Identifiable Information to companies that provide support services to us (such as cloud hosting, database services, authentication, email service providers, or payment processors), or help us market our products and services. These companies may need information about you in order to perform their functions. A current list of our subprocessors is available upon request or may be found in your Data Processing Agreement.
Other Transfers. We may disclose Personally Identifiable Information and other data to businesses controlling, controlled by, or under common control with Triple Checklist. If Triple Checklist is merged, acquired, or sold, or if some or all of our assets or equity are transferred, we may disclose or transfer Personally Identifiable Information and other data in connection with the associated transactions.
Consent. In addition to the disclosures described in this Policy, we may disclose information about you whenever you consent to or direct such disclosure.
Analytics
We may use third-party web analytics services to help us analyze how users use the Services. These service providers use cookies and similar technologies to collect information about your use of the Service.
Data we process on behalf of our customers
We receive information from and on behalf of our customers when they use our Services. Because of the nature of the services, this information may contain any type of personal identifiable information, including Contact Data, Professional Data, and Legal Data (such as transaction details, party information, task assignments, deadlines, and documents necessary to manage legal transactions). We process such data only in accordance with our customers' instructions. For such data, the customer is the "data controller" (for purposes of GDPR) or the "business" (for purposes of the CCPA) and is responsible for most aspects of the processing of the personal information. If you have any questions or concerns about how your personal information is processed in these cases, including how to exercise your rights as a data subject, please contact the customer. If we receive any rights requests concerning instances where we act as data processor, we will forward your query on to the relevant customer.
We may also collect the information of third party individuals on behalf of our customers. For example, our customers may use our service to collect counterparty information to populate a checklist. Triple Checklist primarily uses this information for the purpose of administering and improving its services for our customers. Where the third party individual chooses to create a Triple Checklist account with us, however, we will process their information in accordance with this Privacy Policy.
AI and Machine Learning
Our Services use artificial intelligence to provide features like checklist generation and task suggestions. When using AI features:
- We do not use your data to train AI models
- Third-party AI providers are contractually prohibited from retaining or training on your data
- All AI processing occurs through our secure proxy with additional privacy safeguards
Third-Party Websites
Triple Checklist may maintain links to other websites and other websites may maintain links to the Services. This Privacy Policy applies only to triplechecklist.com and not to other websites accessible from Triple Checklist or that you use to access Triple Checklist, each of which may have privacy policies materially different from this Privacy Policy. If you visit other websites, Triple Checklist is not responsible for the privacy practices or content of those sites.
Your Options
Deleting Your Information. If you no longer desire our services, or if you want to remove your Personally Identifiable Information from our Site, you may terminate your account by contacting support@triplechecklist.com.
Opting Out of Marketing. We send promotional emails and newsletters from time to time to users who have registered on the site and to those who have opted in to receive such emails. You can opt-out of promotional communications by following the unsubscribe instructions in any communication or by emailing us at support@triplechecklist.com. Generally, you may not opt-out of service-related or transactional communications, which are not promotional.
Data Retention
We will retain your information for as long as needed to provide you services, and as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements. Customer data is deleted within 90 days after contract termination, though we may maintain point-in-time recovery backups according to our disaster recovery procedures. Customers can request earlier deletion at any time.
For data related to legal transactions that may be subject to attorney-client privilege, work product protection, or professional conduct rules, we will maintain such data for the period required by applicable law, professional rules, or court order.
Data Security
We have implemented physical, electronic, and managerial procedures to safeguard and secure the information we collect. Personal information is transmitted by secure servers using TLS 1.3 encryption, and data at rest is protected with AES-256 encryption. In addition, we implement role-based access controls, multi-factor authentication, regular security assessments, and Data Loss Prevention filtering for AI processing. Unfortunately, no data transmission is guaranteed to be 100% secure and we therefore cannot guarantee the security of information you transmit to or from the Site, Platform, or through the use of our services, and you provide this information at your own risk.
IF YOU BELIEVE YOUR PRIVACY HAS BEEN BREACHED THROUGH USE OF OUR WEBSITE, PLATFORM, OR OTHER SERVICES PLEASE CONTACT US IMMEDIATELY AT support@triplechecklist.com.
EEA, Switzerland, and UK Individuals
Legal Bases for Use of Your Information
Our legal grounds for processing your information are as follows:
- To honor our contractual commitments to you: Much of our processing of personal data is to meet our contractual obligations to our users, or to take steps at users' requests in anticipation of entering into a contract with them.
- Consent: Where required by law, and in some other cases, we handle personal data on the basis of your implied or express consent.
- Legitimate interests: In many cases, we handle personal data on the ground that it furthers our legitimate interests in commercial activities in ways that are not overridden by the interests or fundamental rights and freedoms of the affected individuals.
- Legal compliance: We need to use and disclose personal data in certain ways to comply with our legal obligations.
Data Subject Rights
Residents of the European Economic Area ("EEA"), Switzerland, and the UK can exercise certain data subject rights available to them under applicable data protection laws. Where such rights apply, we will comply with requests to exercise these rights in accordance with applicable law. Please note, however, that certain information may be exempt from such requests in some circumstances. If these rights apply to you, they may permit you to request that we:
- provide access to and/or a copy of certain information we hold about you
- prevent the processing of your information for direct-marketing purposes
- update information which is out of date or incorrect
- delete certain information which we are holding about you
- restrict the way that we process and disclose certain of your information
- transfer your information to a third party provider of services
- revoke your consent for the processing of your information
For more information on how to exercise these rights, please contact us at support@triplechecklist.com. If applicable, you may make a complaint to the data protection supervisory authority in the country where you are based.
In instances where we process personal information on behalf of our customer, rights requests should be directed to the relevant customer.
International Data Transfers
Information submitted to Triple Checklist will be transferred to, processed, and stored in the United States. Where required, we will use appropriate safeguards for transferring data outside of the EEA, Switzerland, and the UK. This includes signing Standard Contractual Clauses that govern the transfers of such data. For more information about these transfer mechanisms, please contact us at support@triplechecklist.com.
Supplemental Privacy Notice for California Residents
This Supplemental Privacy Notice supplements the information in our Privacy Policy above and applies solely to California residents. It does not apply to personal information we process as a service provider.
Summary of Information We Collect
California law requires us to provide you with information about how we collect, use, and disclose your "personal information" as defined in the California Consumer Privacy Act ("CCPA").
We collect these categories of personal information: identifiers (such as name, email address, IP address); commercial information (such as transaction data); internet or other network or device activity (such as browsing history); geolocation information (general location); inference data about you; professional or employment related data; other information that identifies or can be reasonably associated with you. The categories of sensitive personal information are account log-in and password or other credentials allowing access to your account.
We collect personal information from: (1) directly from you; (2) through your use of the Services; (3) affiliates; and (4) third parties.
We use personal information for the business purposes described in our Privacy Policy, including: providing and improving our Services; detecting and preventing fraud; customizing content; analytics and marketing; and compliance with applicable laws.
Consumer Rights
If you are a California resident, you may have certain rights. California law may permit you to request that we:
- Provide you the categories of personal information we have collected or disclosed about you
- Provide access to and/or a copy of certain information we hold about you
- Delete certain information we have about you
- Correct inaccurate personal information that we maintain about you
You also have the right to not be discriminated against for exercising certain of your rights. Certain information may be exempt from such requests under applicable law.
If you would like to exercise any of these rights, you can submit a request at support@triplechecklist.com. You will be required to verify your identity before we fulfill your request.
"Sale" of Personal Information
We do not sell personal information.
"Sharing" of Personal Information
California residents may opt out of the "sharing" of their personal information for cross-context behavioral advertising. We may "share" identifiers and internet activity with advertising platforms. To opt out, please submit a request to support@triplechecklist.com.
Global Privacy Control
We respond to and abide by opt-out preference signals sent through the Global Privacy Control. For more information, see www.globalprivacycontrol.org.
Children Under 16
We do not knowingly "sell" or "share" the personal information of children under 16.
Sensitive Personal Information
The CCPA also allows you to limit the use or disclosure of your "sensitive personal information" (as defined in the CCPA) if your sensitive personal information is used for certain purposes. Please note that we do not use or disclose sensitive personal information other than for purposes for which you cannot opt out under the CCPA.
Children's Privacy
The Services are not directed to children under the age of 13. We do not knowingly collect personal information (as that term is defined in the Children's Online Privacy Protection Act (COPPA)) from children under 13. If we discover that an individual under 13 has provided us with personal information, we will delete the personal information to the extent required by COPPA.
We do not knowingly process data of EU residents under the age of 16 without parental consent. If we become aware that we have collected data from an EU resident under the age of 16 without parental consent, we will take reasonable steps to delete it as soon as possible.
Changes to this Policy
We may update this privacy policy to reflect changes to our information practices. If we make any material changes, we will notify you by email or through the Services before the changes become effective. We encourage you to periodically review this page for the latest information on our privacy practices.
Contact Us
If you have any questions or concerns regarding our Privacy Policy, please contact us at support@triplechecklist.com.