Skip to main content

Trust Center

Data Protection

Your firm's data. Your rights. Our obligations — documented and current.

Last reviewed: February 2026

All systems operational

Compliance status

GDPR

Compliant

Data Processing Agreements available. Right to access, rectification, erasure, and portability.

DPA available on request

CCPA

Compliant

California Consumer Privacy Act compliance for California-based prospects.

Effective since launch

ABA Model Rule 1.16

Compliant

Signal analysis and verification workflows help attorneys meet 'reasonable inquiry' obligations.

Aligned since launch

How we handle your data

Who owns prospect data?

Your firm owns all prospect data. FirmFirst stores it on your behalf to provide the service. You can export or delete it at any time.

Do you share data with third parties?

Only with vendors required to provide core features (email validation, phone validation, enrichment). All vendors sign Data Processing Agreements (DPAs) and are GDPR/CCPA compliant. We never sell or market with your data.

Where is data stored?

All data is stored in Google Cloud Platform (GCP) in US-based data centers (us-central1). Data never leaves the United States.

How long do you retain data?

Prospect data is retained as long as your FirmFirst account is active. After account cancellation, data is deleted within 30 days unless you request immediate deletion.

Can I export my data?

Yes. You can export all inquiry data as CSV or JSON at any time from your dashboard.

Sub-processors

Third-party vendors that process data on behalf of FirmFirst.

Vendor Purpose Data Processed DPA
Google Cloud Infrastructure & hosting All platform data Signed
Twilio SMS notifications Phone numbers Signed
Postmark Email delivery Email addresses Signed
IPQS Email & phone validation Email, phone, IP address Signed
Fingerprint.com Device & network analysis Device signals, IP address Signed
People Data Labs Person enrichment (premium) Name, email Signed

Privacy or compliance questions?

Our privacy policy covers all data collection, use, and your rights. Contact us for DPA requests.

Read Privacy Policy Contact Us