Privacy Policy

What we collect. Account and contact info; bank and financial information you connect via Plaid or upload; case metadata (district, chapter, trustee, bar number for attorneys); AI inputs and outputs; payment tokens (we do not store card numbers); device and log data.

Why we use it. To operate the Service, generate Bundles and AI Output, bill for paid features, communicate with you, secure the Service, comply with law.

Who we share with. Your invited attorney or client; Plaid for account connections; Polar for payments; Resend for email; xAI and Fireworks AI for AI inference; cloud-hosting providers; and legal/government entities under valid process.

How long we keep it. While your Account is active, plus up to seven (7) years after case closure or Account deletion to comply with bankruptcy-record retention norms and applicable law, unless a shorter or longer period is required or permitted.

This Policy applies to personal information we collect through the Service and through email, support channels, and our marketing pages. It does not apply to websites or services operated by third parties, even if linked from the Service. When you connect a bank account or authorize an action that transmits your data to a third party, that third party’s privacy practices apply to what it does with your data.

AI Visionary Group LLC (dba BankruptPro)
1621 Central Ave #54164, Cheyenne, WY 82001, USA
Privacy: privacy@bankruptpro.com
Support: support@bankruptpro.com

We collect the following categories of personal information:

• Identifiers & contact: full name, email address, phone number, postal address, government identifiers you choose to provide for bankruptcy-petition purposes (e.g., the last four digits of a Social Security number, date of birth).
• Authentication: password hashes, security tokens, session cookies, MFA secrets.
• Attorney-professional information: firm name, bar number(s), state(s) of licensure, office address.
• Case metadata: bankruptcy district, chapter (7 or 13), filing status, case number, trustee name, hearing dates, filing notes.
• Financial account information (via Plaid or upload): tokenized account and routing numbers, account holder names, account types, current and available balances, transaction history (typically 24 months) including dates, amounts, merchant names, counterparty identifiers, and categorization labels, statement files (PDF/CSV).
• AI inputs and outputs: text and structured data you or the Service submits to AI models, and the responses returned.
• Communications: emails you send us, support tickets, replies to our transactional emails, and any voluntary feedback.
• Payment information: tokenized payment-method identifier and transaction metadata from our processor, Polar. We do not store primary account numbers (PANs) or CVVs.
• Device and log data: IP address, browser user-agent, device type, approximate location derived from IP, pages viewed, buttons clicked, referring URL, crash logs, security events.
• Cookies and similar: session cookies, preference cookies, limited analytics (see Section 18).

Some of this information is Sensitive Personal Information under California law (account log-in, financial account identifier with access-enabler, precise geolocation if enabled, government ID, racial/ethnic origin if provided). See Section 15.

We collect personal information from:

• You — when you register, complete your profile, upload documents, send a message, or make a payment.
• Your attorney or client — the paired party in your engagement may share case metadata and documents with you through the Service.
• Plaid — when you authorize a bank connection, Plaid provides the financial account information described in Section 3.
• Polar — our payment processor confirms successful charges, refunds, and subscription events.
• Device signals — your browser and device automatically send IP, user-agent, and related diagnostics.
• Service providers acting on our behalf — e.g., hosting providers return infrastructure logs that may contain IPs.
• Public records — where available, we may use PACER or official court records to validate case metadata you enter.

We use personal information for the following business purposes:

• Delivering the Service: creating your Account, organizing transactions, generating Bundles, and displaying your case to your paired attorney or client.
• AI analysis: where you enable AI features, transmitting the necessary inputs to our model providers and returning outputs to you.
• Billing and payments: processing charges, managing subscriptions and credits, issuing receipts, and enforcing collections.
• Communications: sending transactional emails about your Account, verification codes, purchase confirmations, invites, bundle-readiness notices, security alerts, and service announcements.
• Security, fraud, and abuse prevention: detecting and blocking unauthorized access, reverse-engineering, fraudulent signup, payment fraud, and prohibited uses.
• Legal compliance: complying with tax, accounting, bankruptcy, consumer-protection, financial-services, and other laws; responding to lawful process; exercising and defending legal rights.
• Service improvement: diagnosing bugs, understanding aggregate usage patterns, and improving quality. We use aggregated or de-identified data for analytics.
• Corporate transactions: due diligence in connection with a financing, merger, acquisition, reorganization, or sale of all or substantially all of our assets, subject to confidentiality protections.

The Service uses third-party AI model providers, currently including xAI Corp. (Grok models) and Fireworks AI, Inc. (open-model inference). We may add additional AI subprocessors as we introduce features; the current list is in Section 9. When an AI feature runs, we transmit only the data necessary for that feature (for example, transaction descriptions and amounts to produce a category; we do not transmit your Social Security number or your password).

We contractually prohibit our AI subprocessors from using your Content to train their foundation models. AI providers may retain input and output for a limited abuse-monitoring window required by their policies; thereafter, data is deleted subject to that provider’s retention schedule. Fireworks AI’s trust center publishes its SOC 2 Type II report, HIPAA eligibility, and data-handling commitments; we rely on those controls for the portion of AI processing performed by Fireworks AI. xAI’s data-handling commitments are governed by its enterprise API terms, which require that customer content not be used to train foundation models.

AI outputs are stored with your case record and are visible to you and to your paired attorney or client. See the Terms of Service, Section 8, for AI-specific disclaimers.

When you connect a bank account, Plaid acts as our service provider and also operates under its own privacy policy as a controller of certain data it collects directly from you. We receive the categories of data listed in Section 3 under “Financial account information” and use them for the purposes listed in Section 5.

You can disconnect a linked institution at any time from your Account settings. Upon disconnection, we will stop polling for new data. Historical transaction data associated with a generated Bundle will be retained as described in Section 10. You may also request deletion under Section 20. You may separately manage consents with Plaid through Plaid Portal.

We share personal information only for the following purposes:

• With your paired party. A Debtor User’s case data is shared with the attorney they explicitly invite or are paired with; an Attorney User’s case notes are visible to the Debtor User they paired with to the extent the Service displays them.
• With service providers. Hosting, email, payments, bank connections, AI inference, analytics, security, and customer support. See Section 9 for the current list.
• For legal and safety reasons. When we believe in good faith that disclosure is necessary to comply with law, a subpoena, warrant, court order, or other valid legal process; to enforce the Terms; to investigate or prevent fraud, abuse, or a threat to safety; or to protect our rights, property, or users.
• With successors. In connection with a merger, acquisition, reorganization, bankruptcy, sale of assets, or similar transaction, subject to confidentiality obligations.
• With your consent. For any other purpose we describe at the time we collect the information.

We do not sell your personal information. We do not share your personal information for cross-context behavioral advertising.

The following is our current list of subprocessors and their security posture where publicly attested. We update this list from time to time; material changes are announced in this Policy’s change log or by email.

• Plaid, Inc. — bank account connections; USA. SOC 2 Type II, ISO 27001.
• xAI Corp. — AI inference (Grok models) for transaction analysis and text generation; USA. Contractually bound not to train on your Content.
• Fireworks AI, Inc. — AI inference (open-model hosting) for transaction analysis and text generation; USA. SOC 2 Type II and HIPAA-eligible per trust.fireworks.ai. Contractually bound not to train on your Content; prompts and completions are not persisted by default on paid serverless/dedicated endpoints.
• Polar Software Inc. — payments; USA. PCI-DSS via its processor (Stripe).
• Resend, Inc. — transactional email delivery; USA. SOC 2 Type II.
• Cloud infrastructure (self-managed) — primary database (MongoDB) and application servers are operated by AI Visionary Group LLC on cloud infrastructure located in the United States. Underlying data-center physical security, redundancy, and availability controls are inherited from the cloud provider’s SOC 2 / ISO 27001 attestations. Database and application software is administered by our team; access is restricted to authorized personnel under least-privilege principles.
• Sentry — error and performance monitoring; USA. SOC 2 Type II, HIPAA BAA available.

Attestations above are as published by each vendor at the time of writing and may change. For the current status, see the vendor’s trust center (e.g., trust.fireworks.ai).

We keep personal information for as long as needed to provide the Service and to comply with our legal obligations. Our default retention periods are:

• Account and profile data: while your Account is active. After you close your Account, we retain it for up to seven (7) years to support disputes, audits, fraud prevention, and compliance with bankruptcy-record retention norms (the general statute of limitations for actions under 11 U.S.C. §§ 523, 727, and associated malpractice claims).
• Bank connection tokens: revoked within thirty (30) days after you disconnect or close your Account.
• Transaction records and Bundles: retained with the case file for seven (7) years unless you earlier request deletion.
• Billing and tax records: seven (7) years to comply with tax law.
• Security logs: up to two (2) years.
• Marketing-email preferences: until you unsubscribe, plus a suppression record thereafter indefinitely to honor your preference.

Where we have a legal hold, the retention period is extended until the hold is released. Where a shorter retention period is required by law, we follow the shorter period.

We maintain administrative, technical, and physical safeguards designed to protect personal information against loss, misuse, and unauthorized access, including:

• Encryption in transit (TLS 1.2 or higher) and at rest.
• Tokenization of bank account and card numbers at the processor level; PANs are not stored by us.
• Role-based access controls; least-privilege provisioning; multi-factor authentication for administrative access.
• Audit logging of sensitive operations.
• Regular vulnerability scanning, dependency updates, and third-party security assessments.
• Vendor due diligence and written agreements with subprocessors requiring confidentiality and security commitments.
• An incident-response program and staff training.

No system is perfectly secure. If we become aware of a breach affecting your personal information, we will notify you and regulators as required by law.

The Service is not directed to, and we do not knowingly collect personal information from, anyone under eighteen (18). If you believe a child has provided us personal information, contact privacy@bankruptpro.com and we will delete it.

The Service is intended for users in the United States. Personal information is processed in the United States. If you access the Service from outside the United States, you are transferring your information to the United States, where privacy laws may differ from those of your country.

To the extent BankruptPro is a “financial institution” under the Gramm-Leach-Bliley Act, this Policy serves as our GLBA privacy notice regarding our collection, use, and sharing of “nonpublic personal information” (NPI). We limit sharing of NPI to the purposes described in Section 8 and to joint-marketing arrangements (if any) only with your consent. We maintain a written information security program (WISP) under the FTC Safeguards Rule to protect NPI.

If you are a California resident, the California Consumer Privacy Act, as amended by the California Privacy Rights Act (together, “CCPA”), gives you specific rights regarding your personal information. In the preceding 12 months we have collected the categories of information listed in Section 3, from the sources listed in Section 4, for the purposes listed in Section 5, and have disclosed the categories listed in Section 8 to the categories of recipients listed in Section 9.

Your CCPA rights:

• Right to know — request a copy of the specific pieces and categories of personal information we have collected about you.
• Right to correct — request correction of inaccurate personal information.
• Right to delete — request deletion of personal information we have collected, subject to exceptions.
• Right to limit use of sensitive personal information — direct us to use your SPI only for the narrow permitted business purposes listed in CPRA regulation.
• Right to opt out of sale/sharing — we do not sell or share personal information, so there is nothing to opt out of, but you may confirm.
• Right to non-discrimination — we will not discriminate against you for exercising these rights.
• Right to appeal — if we deny a request, you may appeal by replying to our denial.

To exercise these rights, email privacy@bankruptpro.com. We will verify your identity before fulfilling a request. You may use an authorized agent with a valid written authorization. We will respond within 45 days; we may extend once by an additional 45 days with notice.

Global Privacy Control. We honor browser GPC signals as a valid opt-out-of-sharing request.

Shine the Light. California Civil Code § 1798.83 gives California residents the right to request information about our disclosures to third parties for their direct-marketing purposes. We do not make such disclosures.

Residents of Colorado, Connecticut, Virginia, Utah, Texas, Oregon, Montana, Iowa, Delaware, New Hampshire, New Jersey, and Tennessee (among others) have rights similar to the California rights listed in Section 15, including the rights to access, delete, correct, and opt out of certain processing. You may exercise these rights by emailing privacy@bankruptpro.com. State-specific appeal mechanisms apply where your state law requires them.

Federal Rule of Bankruptcy Procedure 9037 requires that filings on the public docket redact full Social Security numbers to the last four digits, full financial account numbers to the last four digits, names of minors to initials, and dates of birth to the year of birth. The Service is designed so that your exported Bundles display transaction and account data in a form that, when combined with the original bank-issued statements, allows your attorney (or you, pro se) to prepare schedules consistent with Rule 9037. You remain responsible for final compliance. We do not file on your behalf.

We use a small set of cookies and similar technologies:

• Strictly necessary: authentication, session continuity, CSRF protection. These cannot be disabled while using the Service.
• Preferences: remembering your display settings (light/dark, sidebar state).
• Service analytics: we use Google Analytics 4 to measure aggregate usage of the Service — for example, how many visitors reach the signup page or which features attorneys use most. This is configured for analytics only: advertising and personalization signals are disabled, Google Signals is off, and we do not permit cross-context behavioral advertising or remarketing. Where your browser sends the Global Privacy Control signal, we suppress analytics entirely for that session.

You can block or delete cookies in your browser. Blocking strictly-necessary cookies will prevent the Service from functioning.

BankruptPro does not sell personal information for money and does not share personal information for cross-context behavioral advertising. No opt-out is necessary, but we will honor any opt-out request, including the Global Privacy Control signal.

• Access & export. Download your bundles and uploaded documents from your dashboard, or email privacy@bankruptpro.com for a portable copy.
• Correction. Edit your profile in settings or email us.
• Deletion. Close your Account from settings or email us. We will delete Content subject to the retention schedule in Section 10 and any required legal hold.
• Disconnect accounts. Remove Plaid connections individually from your Account settings.
• Email preferences. Unsubscribe from non-transactional emails via the footer link; transactional emails (billing, security, verification) cannot be opted out of while your Account is active.
• Appeal. If we deny a privacy request, reply to our denial to start an appeal.

We may update this Policy from time to time. For material changes, we will provide at least thirty (30) days’ advance notice by email or in-product banner and will post the updated version on this page with a new effective date. Your continued use after the effective date constitutes acceptance. Archived versions are available on request.

Privacy questions or requests: privacy@bankruptpro.com
General support: support@bankruptpro.com
Postal: AI Visionary Group LLC, 1621 Central Ave #54164, Cheyenne, WY 82001, USA