Privacy policy

Last updated: September 28, 2023


This is Epoq, Inc.'s (referred to as we, our or us) privacy policy.

We respect your privacy and are committed to protecting your personal data. In some States, this is referred to as personal information, but - whichever term is used - it refers, broadly speaking, to information or data that identifies, relates to, describes, is reasonably capable of being associated with, or that can reasonably be linked, directly or indirectly, with a particular individual. We use the term personal data in this policy.

This privacy policy will tell you how we look after your personal data when you visit this website (wherever you visit it from) and when you register, or are registered, for the services offered on the website (Services). We also tell you about your privacy rights and how the law protects you.


  • The law can vary by State; certain rights, requirements, and disclosures detailed in this policy may be subject to exemption or otherwise may not apply to you based on the applicable law where you live.
  • The law generally only protects, and confers rights on, consumers, meaning individuals rather than organizations. Also, in some States, the term consumer is confined to an individual acting in a personal, family or household context and does not extend to an individual acting in a business or employment context.

Please read this privacy policy carefully. If you do not agree with this privacy policy, you should not use the website or our Services.

This privacy policy is provided in a layered format so you can click through to the specific areas set out below. You can also download a pdf version of the policy here



  1. Who this privacy notice affects
  2. This privacy policy may affect you if you are:
    1. a registered customer (i.e. you have a registered account to use the Services offered on this website that are only available to account holders) or are acting on behalf of a registered customer; or
    2. a visitor to this website, to the much more limited extent that personal data about you may be collected by our cookies or similar technologies as a result of your interaction with this website. For more details, please see our Cookie notice.
  3. In certain circumstances, we may (and, if you are a consumer and a registered customer, we will) treat information you provide about another person as your personal data and, in these cases, you warrant that you have the consent of that other person to disclose information about them to us. This happens in the following circumstances.
    1. We have developed technology that allows you to share a document that you have created with a third party (Invitee) online for collaboration purposes. If this technology is offered on this website, any information collected about your Invitee may (and, if you are a consumer and a registered customer, will) be considered to be your personal data.
    2. When you complete one of our automated legal document templates, you may include information about another person. We may (and, if you are a consumer and a registered customer, will) treat that information as your personal data.
  4. Any reference in this privacy policy to you or your may, depending on the context, refer to a registered customer, or an individual acting on behalf of a registered customer, or to an individual visiting this website.
  5. Purpose of this privacy policy
  6. This privacy policy gives you information about how Epoq, Inc. collects and deals with your personal data when you use this website and our Services. In this privacy policy, we use the word process to cover all the different ways in which we handle your personal data, such as collection, use, disclosure, deletion, storage and transfer.
  7. This website is not intended for use by minors and we do not knowingly collect data relating to minors.
  8. It is important that you read this privacy policy, as well as any other privacy notice or policy we may give you on specific occasions when we are processing personal data about you, so you know how and why we are using your personal data.
  9. Controller
  10. Epoq, Inc. (referred to as we, our, us in this privacy policy) decides when, why and how to process your personal data and we are responsible for looking after it and protecting your rights. We refer to this as being a data controller. A group company of ours, Epoq Legal Ltd (based in the UK), processes your personal data for us. Other organisations may also be a data controller of some of your personal data for specific purposes (see section 7).
  11. We have appointed a privacy officer (our data privacy manager) who is responsible for overseeing questions in relation to this privacy policy. The data privacy manager is supported by a data privacy team. If you have any questions about this privacy policy, including any requests to exercise your consumer rights, please contact the data privacy team using the details set out below.
  12. Contact details
  13. Our full details are:

    Full name of legal entity: Epoq, Inc.

    Data privacy team:

    Registered office address: 82 Wendell Avenue, STE 100, Pittsfield, MA 01201

    Postal address: 85 Swanson Road, Suite 160, Boxborough MA, 01719
  14. You may have the right to make a complaint at any time to a State privacy regulator. We would, however, appreciate the chance to deal with your concerns before you approach a privacy regulator, so please contact us first.
  15. Changes to the privacy policy and your duty to inform us of changes
  16. We reserve the right to amend this privacy policy at any time. In the event we make significant changes to this privacy policy, we will notify you in accordance with applicable privacy laws
  17. It is important that the personal data we hold about you is accurate and current. Please tell us if your personal data changes during your relationship with us.
  18. Third-party links
  19. This website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third parties and are not responsible for how they deal with your personal data, so we encourage you to read their privacy policies or notices before allowing them to process your personal data.


  1. Personal data means any information about an individual from which that person can be directly or indirectly identified. It does not include data where an individual's identity has been removed and where measures are taken to ensure that a person cannot associate the data with the individual and where a commitment is made to maintain and use the data only in de-identified form and not to attempt to re-identify the data (de-identified data). Personal data also does not include publicly available data.
  2. We may process different kinds of personal data about you (including information about your Invitees) which we have grouped together as follows:
    1. Contact Data includes address, email address and telephone numbers.
    2. Identity Data includes name(s), date of birth, gender.
    3. Marketing and Communications Data includes your preferences in receiving marketing from us and your communication preferences.
    4. Profile Data includes your interests, preferences, feedback and survey responses. To avoid any doubt, such data will be collected (if at all) only through direct interactions with you (see section 3.1a); it will not be collected through automated technologies or interactions
    5. Service Data includes your username and password, security questions or other information used for the purposes of user identity verification, and identifiers and metadata specific to you.
    6. Support Data includes information passing between you and support teams in connection with the provision of services you have requested.
    7. Technical Data includes internet protocol (IP) address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website.
    8. Template Data includes information you enter when completing our automated legal document templates. When you complete some of our automated legal document templates, you may have to, or choose to, provide sensitive personal data in order to complete your document fully. The meaning of this term (or any equivalent term) is not the same in every State, but sensitive personal data generally includes (1) data revealing racial or ethnic origin, religious beliefs, mental or physical health diagnosis, sexual orientation, or citizenship or immigration status; (2) the processing of genetic or biometric data for the purpose of uniquely identifying a natural person; (3) personal data collected from a known child; and (4) precise geolocation data. For example, you may provide information about your health when completing an advance directive template or information about your financial situation when completing a durable power of attorney template or a will template. In these cases, unless otherwise authorised by, or not required under, applicable privacy and data protection law, you will be asked to expressly consent to us processing this kind of information about you (for the purpose only of creating your document) before being asked to provide it. If you do not give your consent, when necessary, you may not be able to complete your document. Otherwise, we do not collect any sensitive personal data about you; in particular, we do not, at any time, collect any genetic or biometric data about you.
    9. Usage Data includes information about how you use this website, your session activity, and how you use our products and services.
  3. We may collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity, since it is, essentially, a composite of de-identified data relating to a group or category of registered customers. For example, we may aggregate your Usage Data to calculate the percentage of registered customers accessing a specific website feature or the frequency with which certain enquiries are made, so that we develop resources to deal with common questions more efficiently. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be processed only in accordance with this privacy policy and applicable law
  4. If you fail to provide personal data
  5. Where we need to collect personal data by law, or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with products or services). In this case, we may have to cancel a product or service you have with us, but we will notify you if this is the case at the time.


  1. We use different methods to collect data from and about you including through:
    1. Direct interactions. You may give us your personal data by filling in forms on this website; by corresponding with us by post, phone, email or otherwise; or when entering information to create a legal document. This also includes personal data you provide when you:
      1. create an account on our website;
      2. use or enquire about our products or services;
      3. request marketing or our publications to be sent to you;
      4. enter a competition, promotion or survey;
      5. give us some feedback;or
      6. submit a support request
    2. Automated technologies or interactions.As you interact with this website, we may automatically collect Technical Data about your equipment, browser type and operating system and Usage Data about how you use our products and services. Technical Data is used for the purposes only of providing support; it is never used to profile you (where 'profiling' typically refers to the solely automated processing performed on personal data to evaluate, analyze, or predict, e.g., an identified or identifiable natural person's economic situation, health, personal preferences, interests, reliability, behavior, location, or movements). We collect this personal data by, primarily, using server logs and other similar technologies. Although we do use cookies, with the exception of Google reCAPTCHA, these do not collect personal data and are deleted at the end of each session - Please see our Cookie notice for further information.
    3. Third parties We may receive Identity and Contact Data from organizations that have facilitated your access to our products and services. This may be because of an existing relationship you have with that organization; for example, where an employer arranges for its staff, where a membership organization arranges for its members, or an insurer arranges for its insured, to have access to our products and services. Or it may be the result only of an introduction that you have asked them to make. Such organizations may share your Identity and Contact Data with us via a single sign-on mechanism, which allows an account to be created for you on this website without you having to input your details.


  1. We will only use your personal data when and how the law allows us to, including when you have provided your consent to the collection, use or disclosure of personal data as detailed in this privacy policy. Most commonly, we will use your personal data in the following circumstances:
    1. Where processing your personal data is necessary for the performance of a contract that we have with you to provide Services or to take steps at your request before entering into such a contract.
    2. Where processing your personal data is necessary for compliance with a legal or regulatory obligation that we are subject to.
  2. We may, on your initiative, share Template Data that you give to us when completing one of our automated legal document templates with third parties so that they can provide a service or assistance that you have requested. For example, when you create a document on this website, we may offer the facility for you to request that the document be reviewed by a lawyer of your choice. If you request this review service, using the sharing function (section 1.3a), the lawyer can be given online access to your electronic document file, and the associated questionnaire that you completed, so that the lawyer may undertake the requested review. This function may be used in other circumstances, but it will only ever be used to share your document with a third party so that the third party can provide a service or assistance that you have requested, and you will send the invitation to the third party that will initiate the sharing of Template Data in this way.
  3. We will retain any automated legal document template you have completed (or started), and all your previous drafts, for use, if necessary, in connection with the resolution of any complaints, issues or disputes that may arise concerning that document and/or, if that document is a will and there is a challenge to its validity, in connection, e.g., with clarifying your intentions when you made your will. If any complaint, issue or dispute of this nature is raised formally in a legal claim, or you intimate that a legal claim may be made, we will process your personal data in relation to (1) notifying our insurers about any such claim you may make against us or about any circumstances that may give rise to such a claim by you against us, and (2) instructing lawyers to represent us.
  4. We may process your personal data in relation to sending direct marketing communications to you via email or text message. Where required by law, we will only do this if you expressly consent, in which case you have the right to withdraw your consent to receive such communications at any time - you can do this by contact us.
  5. Purposes for which we will use your personal data
  6. We have set out below a description of all the ways we plan to use your personal data:
    1. To create, validate and (if necessary) recover an account for you, we will process Contact Data and Identity Data
    2. To provide or perform the product or service you have requested, we will process Contact Data, Identity Data, Service Data, Support Data and Template Data
    3. To provide management information (including Contact Data, Identity Data and Usage Data) to any organization that has facilitated your access to this website
    4. To share Contact Data, Identity Data, Support Data and Template Data with attorneys or other third parties at your request as part of a document review service (if that service is offered on this website) or, on your initiative, using the Sharing function
    5. To be able to respond to or defend complaints and claims, notify insurers and instruct lawyers, we will process Contact Data, Identity Data, Support Data, Template Data and Usage Data
    6. To send service communications to you and to tell you about changes to our terms, we will process Contact Data, Identity Data and Service Data
    7. To send marketing communications to you by email or text message, we will process Contact Data, Identity Data, Marketing and Communications Data, Profile Data, Support Data and Usage Data
    8. To ensure that we do not send marketing communications to you if you have indicated that you do not wish to receive these, we will process Contact Data, Identity Data, and Marketing and Communications Data
    9. To administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data), we will process Contact Data, Identity Data, Service Data and Technical Data
    10. To identify possible developments and improvements to this website, our products/services, marketing, customer relationships and experiences, we will process Contact Data, Identity Data, Profile Data, Support Data, Technical Data and Usage Data
    11. To make suggestions and recommendations to you about products or services that may be of interest to you, we will process Contact Data, Identity Data, Profile Data, Support Data and Usage Data
    12. To determine whether data entered on this website (e.g. information entered into a contact form) is being provided by a human user or by an automated program, we use Google reCAPTCHA, which processes Technical Data
  7. Marketing to registered customers
  8. We may use your Contact Data, Identity Data, Profile Data, Support Data and Usage Data to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which products, services and offers may be relevant for you (we call this marketing). We do not use Technical Data for marketing purposes; nor do we undertake any profiling by automated means. We do not process your personal data for the purpose of targeted advertising (which means displaying to a consumer an advertisement that is selected based on personal information obtained from that consumer's activities over time and across non-affiliated websites or online applications to predict the consumer's preferences or interests).
  9. If required by law, you may receive marketing communications from us, but only if you have consented to that. Otherwise, you may receive marketing communications from us if you have requested information from us or purchased products or services from us or if you provided us with your details when you entered a competition or registered for a promotion and, in each case, you have not opted out of receiving that marketing.
  10. You can ask us to stop sending you marketing messages at any time by editing your preferences from the 'My Account' page of this website or by following the opt-out/unsubscribe links on any marketing message sent to you or by contacting us at any time. Please note that even if you have indicated your choice not to receive marketing messages from us, we may still communicate with you in connection with services or products you ordered in accordance with applicable law. In addition, it may take up to ten (10) business days to register a change of preference across all our systems.
  11. Marketing to website visitors
  12. We do not send marketing communications to visitors.
  13. Third-party marketing
  14. We do not share your personal data with any outside company for marketing purposes.


  1. We only use sensitive personal data to perform the Services you have requested
  2. We do not collect or process sensitive personal data for the purpose of inferring characteristics about you
  3. We do not knowingly collect personal data from minors; our services are for use by adults


  1. We do not sell your personal data


  1. We may have to share your personal data with the parties set out below for the purposes set out in paragraph 4 above:
    1. Our service providers based in the UK and the Republic of Ireland who provide IT and system administration services, including the group company, Epoq Legal Ltd, that processes your personal data for us.
    2. If applicable, other service providers delivering services offered on this website directly to you.
    3. Any organization that has facilitated your access to this website.
    4. Another website operator that enabled you to access our services through a website that we do not operate, in which case the operator of that website is a data controller of your personal data for the purpose of administering that website and delivering any other services offered to you on that website, in accordance with its own privacy policy.
    5. Professional advisers including lawyers, bankers, auditors and insurers who provide consultancy, banking, legal, insurance and accounting services to us.
    6. Taxation authorities, regulators and other authorities who require reporting of processing activities from us in certain circumstances.
    7. Third parties to whom we may choose to sell, transfer, or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy policy and in accordance with applicable privacy and data protection laws.
    8. The data collected during the analysis performed by Google reCAPTCHA of the behaviour of each website visitor is encrypted and forwarded to Google. Google's privacy policy can be found at:
  2. We require all third-party service providers processing your personal data for us to respect the security of your personal data and to treat it in accordance with the law. We do not allow them to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.


  1. Epoq Legal Ltd processes your personal data for us in the UK and the Republic of Ireland.
  2. We will not transfer your personal data to any other country, territory or jurisdiction except in compliance with all applicable privacy and data protection laws and after having put any appropriate safeguards in place.


  1. We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.
  2. We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.


  1. How long will you use my personal data for?
  2. We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
  3. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
  4. Details of retention periods for different aspects of your personal data are available in our retention policy which you can request from us by contact us.
  5. In summary, however, our data retention policy takes the following approach:
    1. The explicit purpose of the Services and the collection of personal data on this website is to allow for the creation, storage, review and progress logging – plus ongoing online access to – legal templates. This means that it is usually the expectation of both you and us that the documents you create (and any associated data) will remain online and accessible (and hence retained by us) for the duration of the time that you have an account on our systems
    2. However, it is consistent with this purpose, and in our mutual interests, that there should be the ability to review and store relevant data in connection with the resolution of any complaints, issues or disputes that may arise concerning any document you have created and/or, if that document is a will template and there is a challenge to its validity, in connection, e.g., with clarifying your intentions when you made your will. That complaint, issue, dispute or challenge may arise after you cease to have an account on our systems
    3. Certain types of personal data are more temporary (transient) in nature and are deleted in accordance with a rolling program of data deletion according to data type; e.g. on a monthly basis for flattened print files that you generate when you export a document for printing or on a quarterly basis for webserver error logs
    4. In most cases, relevant and more permanent (non-transient) personal data will be retained in order to provide an ongoing service until the service is shut down, you cease to be eligible to access the service or you request the deletion of your personal data
    5. This retention period will be longer for relevant (non-transient) personal data that needs to be held for potential dispute resolution purposes until such time as no legal claim can be made with respect to any potential dispute because it is time-barred
    6. The retention period for dispute resolution purposes will be reviewed on a case-by-case basis and may be curtailed, and the relevant personal data deleted at that time, in appropriate circumstances; e.g. if we are retaining data relating to a will and you can show that you have made a new will revoking the first will
  6. In some circumstances we may de-identify (see section 2.1 for what we mean by de-identified data) your personal data (so that it can no longer be directly or indirectly associated with you), and we commit not to re-identify data that has been de-identified in this way, in which case we may use this data, without further notice to you, in compliance with applicable data protection laws.


  1. We will not process your personal data in violation of State or Federal laws that prohibit unlawful discrimination against consumers.
  2. We will not discriminate against you for exercising any of your consumer rights. Unless permitted by law, we will not, as a result of you exercising any of your consumer rights:
    1. deny you services;
    2. charge you different prices or rates for services, including through granting discounts or other benefits, or imposing penalties;
    3. provide you with a different level or quality of services; or
    4. suggest that you may receive a different price or rate for services or a different level or quality of services.


  1. Under certain circumstances, if you are a consumer, you have rights under applicable privacy and data protection laws in relation to your personal data.
  2. There are some differences between States as to the precise detail of the rights you have as a consumer, but (broadly speaking) you have the right to:
    1. Request access to your personal data. This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
    2. Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
    3. Request deletion of your personal data. We may refuse this request, or refuse this request in part, if we need to retain any of your personal data for potential dispute resolution purposes as explained in section 10.5.
    4. (In some States only; e.g. Delaware and Oregon) Request a list of third parties to whom we have disclosed your personal data.
    5. Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data (or, if permitted by applicable law, a representative summary of your personal data) in a structured, commonly used, machine-readable format. Note that this right only applies to data collected from you in computerized form.
  3. If you wish to exercise any of the rights set out above, or if you have any complaints, questions or concerns with respect to our processing of your personal data, please contact the data privacy team at
  4. Exemptions
  5. Note, however, that neither these rights in particular, nor applicable privacy and data protection laws in general, restrict our ability, amongst other things, to:
    1. comply with federal, state, or local laws, rules, or regulations;
    2. comply with a civil, criminal, or regulatory inquiry, investigation, subpoena, or summons by federal, state, local, or other governmental authorities;
    3. co-operate with law enforcement agencies concerning conduct or activity that we reasonably and in good faith believe may violate federal, state, or local laws, rules, or regulations; or
    4. investigate, establish, exercise, prepare for, or defend legal claims.
  6. No fee usually required
  7. You will not have to pay a fee to access your personal data (or to exercise any of the other consumer rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
  8. What we may need from you
  9. We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
  10. Time limit to respond
  11. The data privacy team aim to respond to all legitimate requests within 45 days of the receipt of your request. Occasionally it may take them longer than 45 days if your request is particularly complex or you have made a number of requests. In this case, the data privacy team will notify you and keep you updated within 45 days.
  12. Right of appeal
  13. If we refuse your request, or refuse your request in part, the data privacy team will explain in detail the reasons for that refusal.
  14. You may then submit an appeal against that refusal to our data privacy manager. You must submit the appeal to the data privacy manager at within 45 days of our refusal.
  15. The data privacy manager will respond to your appeal within 45 days after receiving it.


Our use of cookies

We use necessary cookies to make our site work. We would also like to set some optional cookies. We won't set these optional cookies unless you enable them. Please choose whether this site may use optional cookies by selecting 'On' or 'Off' for each category below. Using this tool will set a cookie on your device to remember your preferences.

For more detailed information about the cookies we use, see our Cookie notice.

Necessary cookies

Necessary cookies enable core functionality such as security, network management, and accessibility. You may disable these by changing your browser settings, but this may affect how the website functions.

Functionality cookies

We'd like to set cookies to provide you with a better customer experience. For more information on these cookies, please see our cookie notice.