Privacy Policy

Information we collect

Through the website (spotlightaicore.com)

The website does not use Google Analytics, Google Tag Manager, Facebook Pixel, or any other third-party analytics or advertising technology. The website does not set cookies of any kind. The website does not load any third-party fonts, scripts, or CDN resources. We collect no information about anonymous website visitors. Standard server logs (IP address, user agent, requested URL, timestamp) are retained for fourteen days for operational and security purposes only, are never used for advertising or profiling, and are not shared.

Through the SpotlightAICore MCP plugin

The MCP plugin exposes a small set of tools to Claude users. The information collected depends on which tool is used:

• get_catalog — public; collects no information.
• get_quote — public; collects only the parameters you supply (deliverable selection, matter size, quality model). The parameters are processed in memory and discarded after the response is returned.
• register_interest — collects the contact information you supply (firm name, contact name, email address) plus any optional fields (matter type, deliverable selection, free-form notes). This information is stored on Webnet Media hardware and is used to contact you about SpotlightAICore. We do not sell, rent, or trade this information.
• submit_matter — requires an authenticated firm key (issued only after an engagement is signed) and collects the matter description, deliverable selection, and contact information necessary to provision the engagement workspace.
• get_status, get_deliverable, list_matters — authenticated; the firm key issued to a customer is required to call these and they return only information about that customer's own matters.

Through email and document channels

When you contact us by email (at webnetmedia@outlook.com or another address we publish), we retain the email content, your email address, and any attachments you send. When an engagement is signed and you upload source documents to a Box folder provisioned for your matter, those documents are governed by the Confidentiality & Compliance page and the executed engagement letter, not by this Privacy Policy.

How we use the information

We use the information we collect for the following purposes:

• To respond to inquiries you make through the website or the MCP plugin.
• To deliver the services you have engaged us to perform.
• To run conflict-of-interest checks before accepting a new matter.
• To maintain internal records of engagements, communications, and decisions for the period required by applicable professional and tax rules.
• To comply with legal obligations, including responses to subpoenas, court orders, and regulatory requirements.

We do not use your information for advertising, profile-based marketing, or sale to third parties.

How we share the information

We share information only as necessary to deliver our services and only with parties subject to confidentiality obligations consistent with this policy:

• Anthropic — our analytical pipeline calls the Anthropic Claude API. Anthropic processes the API request and returns a response. Per our agreement with Anthropic, content sent to the API is not used to train Anthropic's models. Anthropic's own privacy practices apply to the API call itself.
• Box — when we provision a customer's matter workspace, we use Box as the document storage layer. Customer documents are encrypted in transit and at rest by Box. Box's own privacy practices apply to the data while it resides on Box infrastructure.
• Microsoft — our operational mail runs on Microsoft 365. Email correspondence with us is stored on Microsoft infrastructure under Microsoft's enterprise privacy and security practices.
• RFC 3161 timestamp authority — when we cryptographically timestamp a deliverable, a hash (not the document itself) is transmitted to an independent trusted timestamp authority. The authority receives the hash only, not the underlying content.
• Professional advisors — accountants, lawyers, and insurers may receive limited information as required for tax, legal, or insurance purposes. These advisors are bound by professional confidentiality obligations.
• Legal compulsion — we may disclose information when required by court order, subpoena, or other valid legal process, with notice to the affected customer wherever permitted.

We do not sell, rent, or lease personal information to third parties. We do not share information with advertising networks.

Retention

We retain information only as long as we have a lawful and operational reason to do so:

• Lead records (information collected via register_interest or website inquiry) — retained for two years from last contact, then deleted, unless the lead becomes an engaged customer in which case engagement retention applies.
• Engaged-customer records — retained for seven years following the close of the engagement, consistent with professional record-keeping norms.
• Source documents and analytical work product — governed by the Confidentiality & Compliance page; default is destruction ninety days after final delivery, unless the customer requests longer retention in writing.
• Server logs and operational records — fourteen days, then deleted.

Your rights

Webnet Media is incorporated in Florida (United States) and Romania (European Union). Depending on where you are located, the following rights may apply to your information:

• Access — you can request a copy of the information we hold about you.
• Correction — you can request that we correct inaccurate information.
• Deletion — you can request that we delete information we hold about you, subject to any legal or professional obligation to retain it (e.g., active engagement records, tax records).
• Restriction — you can request that we limit the processing of your information to specific purposes.
• Portability — you can request that we provide your information in a portable, machine-readable format.
• Objection — you can object to specific uses of your information, including any direct marketing.

To exercise any of these rights, contact us at webnetmedia@outlook.com. We will respond within thirty days. We do not charge a fee for reasonable requests.

EU and UK residents have additional rights under the General Data Protection Regulation and the UK GDPR, including the right to lodge a complaint with a supervisory authority. California residents have additional rights under the California Consumer Privacy Act and related laws.

Security

We use commercially reasonable administrative, technical, and physical safeguards to protect the information we hold, including encryption of data in transit (TLS) and at rest (where supported by the underlying storage provider), access controls, and operational restrictions on who can read or copy customer information. No system is perfectly secure; we maintain an errors-and-omissions insurance policy that applies to security incidents affecting paid engagements.

Children's information

SpotlightAICore is a business-to-business service for law firms and similar professional organizations. We do not knowingly collect information from anyone under the age of sixteen. If we learn that we have collected such information, we will delete it promptly.

Changes to this policy

We may update this Privacy Policy from time to time. When we do, we will revise the Effective Date at the top of the page and, if the changes are material, notify customers with active engagements by email. The current version of this policy is always available at https://spotlightaicore.com/privacy.html.

Contact

Questions about this policy or your information can be sent to:

M. David Hoyle, Founder
Webnet Media
2090 Baker Rd., Suite 304 #1009
Kennesaw, GA 30144 USA
webnetmedia@outlook.com