Privacy Notice
Glass Box Solutions, Inc.
Effective Date: February 23, 2026
Last Updated: February 18, 2026
This Privacy Notice describes how Glass Box Solutions, Inc. ("Glass Box Solutions," "we," "us," or "our") collects, uses, discloses, and protects information when you use the Adjudica.AI platform and related services (collectively, the "Service").
Adjudica.AI is a legal AI platform designed for California Workers' Compensation attorneys. The Service processes documents that may contain Protected Health Information ("PHI") as defined under the Health Insurance Portability and Accountability Act ("HIPAA").
Important: This Privacy Notice supplements our Master Privacy Policy. For general information about Glass Box Solutions' privacy practices, please review our Master Privacy Policy.
Glass Box Solutions operates as a Business Associate under HIPAA when processing PHI on behalf of our customers. We are not a Covered Entity under HIPAA.
When you (a law firm) use Adjudica.AI to process documents containing PHI:
Before processing PHI through Adjudica.AI, you must have a Business Associate Agreement ("BAA") in place with Glass Box Solutions. Our BAA outlines our respective obligations regarding the protection of PHI.
To request a BAA, contact: legal@adjudica.ai
| Data Type | Examples | Purpose |
|---|---|---|
| Identity Information | Name, email, firm name | Account management |
| Professional Information | Bar number, practice areas | Service customization |
| Billing Information | Payment method, billing address | Payment processing |
| Authentication Data | Password (hashed), MFA settings | Account security |
When you use Adjudica.AI, you may upload or input:
| Data Type | Examples | May Contain PHI |
|---|---|---|
| Case Documents | Medical records, QME reports, depositions | Yes |
| Medical Records | Treatment records, diagnostic reports, surgical notes | Yes |
| Legal Documents | Pleadings, correspondence, case summaries | Possibly |
| AI Interactions | Queries, prompts, analysis requests | Possibly |
PHI processed through Adjudica.AI may include:
| Data Type | Examples | Purpose |
|---|---|---|
| Log Data | IP address, browser type, access times | Security, troubleshooting |
| Usage Data | Features used, documents processed | Service improvement |
| Device Information | Operating system, device identifiers | Compatibility |
We use your information to:
We use your information to:
We use de-identified and aggregated data to:
We do not use your PHI or client data to train our AI models without your explicit written consent.
To provide AI-powered analysis, we share data with our AI service providers:
| Provider | Service | BAA Status |
|---|---|---|
| Google Cloud | Gemini AI, Vertex AI, Document AI | Required |
| Pinecone | Vector database | Required |
Our AI provider (Google) is bound by a Business Associate Agreement that prohibits them from using your data to train AI models.
We may share your information:
If you are a patient whose PHI is processed through Adjudica.AI, you have the following rights under HIPAA. These rights should be exercised through your healthcare provider or attorney:
| Right | Description |
|---|---|
| Access | Request a copy of your PHI |
| Amendment | Request correction of inaccurate PHI |
| Accounting of Disclosures | Request a list of certain disclosures of your PHI |
| Restriction | Request restrictions on certain uses or disclosures |
| Confidential Communications | Request communications through alternative means |
To exercise HIPAA rights related to PHI processed through Adjudica.AI, please contact your attorney or healthcare provider, who may then contact us.
If you are a California resident, you have the following rights:
| Right | Description | How to Exercise |
|---|---|---|
| Right to Know | Request disclosure of information collected | Email privacy@adjudica.ai |
| Right to Delete | Request deletion of your information | Email privacy@adjudica.ai |
| Right to Correct | Request correction of inaccurate information | Email privacy@adjudica.ai |
| Right to Opt-Out | Opt-out of sale/sharing (we do not sell) | N/A |
| Right to Limit | Limit use of sensitive personal information | Email privacy@adjudica.ai |
| Non-Discrimination | Not be discriminated against for exercising rights | Automatic |
Response Time: We will respond to verifiable requests within 45 days.
You may request an export of your data in a machine-readable format. Contact support@adjudica.ai to request a data export.
We implement the following security measures to protect your information:
| Measure | Implementation |
|---|---|
| Encryption at Rest | AES-256 encryption for all stored data |
| Encryption in Transit | TLS 1.3 for all data transmission |
| Access Controls | Role-based access with principle of least privilege |
| Authentication | Multi-factor authentication available |
| Audit Logging | Comprehensive logging of all PHI access |
| Key Management | Secure key management via Google Cloud Secret Manager |
All data is stored in secure, SOC 2 Type II certified data centers operated by Google Cloud Platform in the United States.
| Data Type | Retention Period | Basis |
|---|---|---|
| PHI and Case Data | 6 years from last access | HIPAA requirement |
| Audit Logs | 6 years | HIPAA requirement |
| Account Information | Duration of account + 30 days | Business necessity |
| Billing Records | 7 years | Tax/legal requirements |
| Technical Logs | 90 days | Security |
Upon account termination or at your request (subject to legal retention requirements):
Adjudica.AI uses artificial intelligence to:
For detailed information about our AI systems, capabilities, and limitations, please review our AI Transparency Disclosure.
We do not use PHI, document content, or case-specific information to train AI models.
Your medical records, legal documents, and case queries are processed to provide you with AI-powered analysis, but they are never retained or used to train AI models.
We do collect de-identified behavioral signals — such as classification corrections, quality feedback, and usage patterns — to improve platform accuracy. These signals contain no PHI, no document content, and no case-specific information. See our Platform Improvement Data Policy for details.
Our "Hover to Source" feature links AI outputs to their underlying sources (statutes, regulations, case law, medical references) to promote transparency and enable verification.
Adjudica.AI is designed for use by legal professionals and is not directed to individuals under 18 years of age. We do not knowingly collect personal information from children.
All data is stored and processed in the United States. We do not transfer data outside the United States.
This Privacy Notice is governed by the laws of the State of California and applicable federal laws, including HIPAA.
We may update this Privacy Notice from time to time. We will notify you of material changes by:
Your continued use of the Service after changes become effective constitutes acceptance of the revised Privacy Notice.
Email: privacy@adjudica.ai
Email: hipaa@adjudica.ai
Email: dpo@glassboxsolutions.com
Glass Box Solutions, Inc. [INSERT ADDRESS]
This section provides a summary of how we handle Protected Health Information.
We may use and disclose your PHI:
You have the right to:
We are required to:
If you believe your privacy rights have been violated, you may file a complaint with:
We will not retaliate against you for filing a complaint.
This Privacy Notice is effective as of [INSERT DATE]. Glass Box Solutions, Inc. reserves the right to modify this Privacy Notice at any time in accordance with applicable law.