Skip to main content

Privacy Policy

Last updated: April 9, 2026 · Version 1.2

1. Introduction

BigLaw Bear (“we,” “us,” or “our”) operates the BigLaw Bear platform at biglawbear.com. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform. We are committed to protecting your privacy and handling your data with transparency. By creating an account or using our services, you consent to the practices described in this policy.

2. Information We Collect

We collect information you provide directly and information generated through your use of the platform.

Profile Information

When you create an account, we collect your name, email address, phone number (optional), law school, expected graduation year, and any additional profile details you choose to provide such as your resume, transcript, practice area interests, and geographic preferences.

Gold Star Selections

We record which firms you designate as Gold Star selections. These selections are a core part of the service and are shared with firms as described in Section 4.

Usage Data and Analytics

We automatically collect information about how you interact with the platform, including pages visited, features used, search queries, session duration, device type, browser type, operating system, IP address, and referring URLs. This data is collected through server logs and analytics tools.

Cookies and Similar Technologies

We use essential cookies to maintain your authenticated session and remember your preferences. We may also use analytics cookies (such as those provided by third-party analytics services) to understand aggregate usage patterns. You can control cookie settings through your browser, but disabling essential cookies may prevent the platform from functioning properly.

3. How We Use Your Information

We use the information we collect to:

  • Operate, maintain, and improve the BigLaw Bear platform and its features
  • Facilitate connections between law students and law firms through the Gold Star matching system
  • Communicate with you about your account, platform updates, and relevant recruiting opportunities
  • Generate aggregate, de-identified analytics about recruiting trends, student interests, and platform usage
  • Ensure the security and integrity of the platform, including fraud prevention and abuse detection
  • Comply with legal obligations and respond to lawful requests from authorities

4. How We Share Your Information

We share your information only in the following circumstances:

With Firms You Select

When you designate a firm as a Gold Star selection, that firm may receive your profile information, including your name, law school, graduation year, resume, and any other details you have chosen to include in your profile. This is the core purpose of the platform: firms see students who have expressed interest in them.

Aggregate Data

We may share aggregate, de-identified data with firms, law schools, and other partners. This data does not identify individual students and is used to provide insights into recruiting trends and student preferences.

Service Providers

We use third-party service providers for hosting (Vercel), database management (Supabase), email delivery (Resend), payment processing (Stripe), error monitoring (Sentry), and analytics. These providers have access to your information only to perform services on our behalf and are obligated to maintain its confidentiality.

Business Partners and Affiliates

We may share or make available personal information, including aggregate and de-identified data, to business partners, affiliates, licensees, or other third parties in connection with the operation, improvement, or commercialization of the platform or related services. Where required by applicable law, we will provide notice and obtain any necessary consent before doing so.

Legal Requirements

We may disclose your information if required to do so by law, in response to a subpoena or court order, or when we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

5. Data Retention

We retain your account information for as long as your account is active or as needed to provide you services. If you request account deletion, we will remove your personal data within 30 days, except where we are required by law to retain certain records. De-identified aggregate data may be retained indefinitely for analytical purposes. Uploaded documents (resumes, transcripts) are deleted from our storage within 30 days of account deletion.

6. Your Rights

You have the right to:

  • Access: Request a copy of the personal data we hold about you
  • Correction: Request that we correct inaccurate or incomplete information in your profile
  • Deletion: Request that we delete your account and associated personal data
  • Data Portability: Request a machine-readable export of your profile data
  • Withdraw Consent: Withdraw your consent to data processing at any time by deleting your account

To exercise any of these rights, contact us at hello@biglawbear.com. We will respond to your request within 30 days.

7. Security

We implement industry-standard security measures to protect your personal information. All data transmitted between your browser and our servers is encrypted using TLS. Access to personal data is restricted to authorized personnel on a need-to-know basis. Our infrastructure providers (Supabase, Vercel) maintain SOC 2 compliance and employ encryption at rest for stored data. While no system is perfectly secure, we continuously review and improve our security practices. If we become aware of a data breach that affects your personal information, we will notify you promptly in accordance with applicable law.

8. Third-Party Links

Our platform may contain links to third-party websites, including law firm websites. We are not responsible for the privacy practices of those sites. We encourage you to review the privacy policies of any third-party site you visit.

9. Voluntary Demographic Data

BigLaw Bear offers a voluntary self-identification section where students may optionally share demographic information including race/ethnicity, gender, LGBTQ+ identity, disability status, veteran status, and first-generation college student status.

This data is stored in a separate, access-restricted database table and is never shared with firms individually. Firms only receive anonymous, aggregate statistics (for example, the percentage of applicants who identified as women). Individual demographic records cannot be accessed, exported, or viewed by any firm user. All demographic fields include a “Prefer not to say” option, and students may update or remove their responses at any time.

10. FERPA Statement

BigLaw Bear is not an educational institution and is not subject to the Family Educational Rights and Privacy Act (FERPA). All information on the platform is voluntarily provided by students directly. BigLaw Bear does not receive education records from law schools. Students choose what information to include in their profiles and which firms to share it with.

11. California Privacy Rights (CCPA)

If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with additional rights regarding your personal information:

  • Right to Know: You may request that we disclose the categories and specific pieces of personal information we have collected about you
  • Right to Delete: You may request that we delete your personal information, subject to certain exceptions
  • Right to Opt-Out of Sale or Sharing:To the extent that any disclosure of personal information described in this Privacy Policy constitutes a “sale” or “sharing” under the CCPA, you have the right to opt out. You may exercise this right by contacting us at hello@biglawbear.com or by using any opt-out mechanism we make available on the platform. We will process your request within 15 business days
  • Non-Discrimination: We will not discriminate against you for exercising your CCPA rights

To exercise these rights, contact us at hello@biglawbear.com. We will verify your identity and respond within 45 days.

12. Data Sub-Processors

We use the following third-party services to operate the platform:

  • Supabase: Database and file storage. Hosted on Amazon Web Services (AWS) in the US East region. Data encrypted at rest (AES-256) and in transit (TLS 1.2+).
  • Vercel: Application hosting and edge network. SOC 2 Type II compliant.
  • Resend: Transactional email delivery (account verification, notifications, interview invitations).
  • Sentry: Error monitoring and performance tracking. Receives anonymized error reports only.
  • Stripe: Payment processing for firm subscriptions. PCI DSS Level 1 compliant. Processes firm billing data; does not receive student profile data.
  • Cloudflare Turnstile: Bot protection on login and signup forms. No tracking cookies.

13. Children's Privacy

BigLaw Bear is intended for law students and legal professionals who are at least 18 years of age. We do not knowingly collect personal information from individuals under 18. If we learn that we have collected data from someone under 18, we will delete that information promptly.

14. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email or by posting a prominent notice on the platform. Your continued use of BigLaw Bear after any changes indicates your acceptance of the updated policy.

15. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us at:

hello@biglawbear.com