Skip to main content

Legal

Privacy Policy

How we handle your firm's information and your clients' protected health information.

Last updated: 3 May 2026

Legal Record Desk, Inc. (“LRD”, “we”, “us”) operates legalrecorddesk.com and the Legal Record Desk service for law firms. This Privacy Policy describes how we collect, use, store, and protect information — including Protected Health Information (PHI) we receive on behalf of your firm under HIPAA.

Information we collect

  • Firm contact information you submit on this website — name, firm, email, phone, state, monthly case volume, and any message you send us.
  • Case data your firm provides to LRD when you submit a record request — patient name, date of birth, provider, date range, and authorisation forms.
  • Protected Health Information (PHI) released to LRD by medical providers in fulfilment of your record request.
  • Technical information standard to web traffic — IP address, browser type, pages visited — collected to operate and secure the website.

How we use this information

Firm contact information is used to respond to your inquiry, set up your account, and send service-related communication. Case data and PHI are used solely to fulfil the record request your firm submitted. We do not use PHI for marketing, do not sell PHI under any circumstances, and do not use PHI to train AI systems. Donna AI operates on de-identified or abstracted data only — actual PHI never enters the AI pipeline.

Business Associate Agreement (BAA)

LRD executes a HIPAA-compliant Business Associate Agreement with every law firm before any case is submitted. The BAA governs how we receive, store, use, and dispose of PHI, and is available on request before your first case.

Where data is stored

All records, case data, and PHI are stored exclusively on U.S.-based encrypted enterprise infrastructure. PHI never leaves U.S. borders. Each delivered record package includes a tamper-proof Verified Certificate locked for 7 years — neither LRD nor the law firm can edit a delivered package after the fact.

Retention and disposal

Verified Certificates are retained for 7 years to support deposition and chain-of-custody verification. Working copies of PHI are retained per the terms of the BAA with your firm and applicable state law, and are destroyed using HIPAA-compliant disposal procedures when retention ends.

Your firm’s rights

Your firm may request access to, correction of, or deletion of non-locked information at any time, subject to the terms of your BAA and applicable law. Verified Certificates are cryptographically immutable and cannot be amended after generation — this is by design, to preserve evidentiary integrity.

Cookies and analytics

This website uses essential cookies and standard web analytics to operate and improve the site. We do not use advertising trackers or share analytics data with advertising networks.

Updates to this policy

We may update this Privacy Policy from time to time. The “Last updated” date at the top of this page reflects the most recent change.

Contact

Questions about this Privacy Policy or how we handle your firm’s information:
info@legalrecorddesk.com · +1 (307) 939-5655
Legal Record Desk, Inc.
1309 Coffeen Avenue STE 1200, Sheridan, Wyoming 82801