Skip to main content

Privacy Policy

Last updated: April 30, 2026 · Version 1.4

1. Introduction

BigLaw Bear (“we,” “us,” or “our”) operates the BigLaw Bear platform at biglawbear.com. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform. We are committed to protecting your privacy and handling your data with transparency. By creating an account or using our services, you consent to the practices described in this policy.

2. Information We Collect

We collect information you provide directly and information generated through your use of the platform.

Profile Information

When you create an account, we collect your name, email address, phone number (optional), law school, expected graduation year, and any additional profile details you choose to provide such as your resume, transcript, practice area interests, and geographic preferences.

Gold Star Selections

We record which firms you designate as Gold Star selections. These selections are a core part of the service and are shared with firms as described in Section 4.

Usage Data and Analytics

We automatically collect information about how you interact with the platform, including pages visited, features used, search queries, session duration, device type, browser type, operating system, IP address, and referring URLs. This data is collected through server logs and analytics tools.

Cookies and Similar Technologies

We use essential cookies to maintain your authenticated session and remember your preferences. We may also use analytics cookies (such as those provided by third-party analytics services) to understand aggregate usage patterns. You can control cookie settings through your browser, but disabling essential cookies may prevent the platform from functioning properly.

3. How We Use Your Information

We use the information we collect to:

  • Operate, maintain, and improve the BigLaw Bear platform and its features
  • Facilitate connections between law students and law firms through the Gold Star matching system
  • Communicate with you about your account, platform updates, and relevant recruiting opportunities
  • Generate aggregate, de-identified analytics about recruiting trends, student interests, and platform usage
  • Ensure the security and integrity of the platform, including fraud prevention and abuse detection
  • Comply with legal obligations and respond to lawful requests from authorities

4. How We Share Your Information

We share your information only in the following circumstances:

With Firms You Select

When you designate a firm as a Gold Star selection, that firm may receive your profile information, including your name, law school, graduation year, resume, and any other details you have chosen to include in your profile. This is the core purpose of the platform: firms see students who have expressed interest in them.

Aggregate Firm Analytics

Firms subscribed to the BigLaw Bear firm portal may see anonymous, aggregated statistics about student interest in their firm. For example, a firm may see how many students from a tier of law schools have indicated interest in them, or how their applicants' practice-area preferences are distributed.

These statistics are aggregated and de-identified using a minimum cohort size of 10 students; smaller cohorts are suppressed and counts are rounded to the nearest 5 to make re-identification impractical. Individual records, demographic data, and identifying details are never shared in this product. Firms are contractually prohibited from attempting to re-identify students from aggregate data (Terms Section 6).

You are included by default. You can opt out at any time from your account settings. Opting out does not affect the core matching service: your Gold Stars still reach the firms you select; you simply don't count in cohort statistics that other firms see.

Other Aggregate and De-Identified Data

Outside the firm-portal analytics product above, we may share aggregate, de-identified data with law schools and other partners for general recruiting-trend research. The same minimum cohort size and rounding apply.

Service Providers

We use third-party service providers for hosting (Vercel), database management (Supabase), email delivery (Resend), inbound email (Mailgun), SMS delivery (Twilio), edge network and bot protection (Cloudflare), error monitoring (Sentry), and analytics. These providers have access to your information only to perform services on our behalf and are obligated to maintain its confidentiality. A complete sub-processor list with each vendor's purpose appears in the Sub-Processors section below.

Business Partners and Affiliates

We may share or make available personal information, including aggregate and de-identified data, to business partners, affiliates, licensees, or other third parties in connection with the operation, improvement, or commercialization of the platform or related services. Where required by applicable law, we will provide notice and obtain any necessary consent before doing so.

Legal Requirements

We may disclose your information if required to do so by law, in response to a subpoena or court order, or when we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

5. Data Retention

We retain your account information for as long as your account is active or as needed to provide you services. If you request account deletion, we will remove your personal data within 30 days, except where we are required by law to retain certain records. De-identified aggregate data may be retained indefinitely for analytical purposes. Uploaded documents (resumes, transcripts) are deleted from our storage within 30 days of account deletion.

6. Your Rights

You have the right to:

  • Access: Request a copy of the personal data we hold about you
  • Correction: Request that we correct inaccurate or incomplete information in your profile
  • Deletion: Request that we delete your account and associated personal data
  • Data Portability: Request a machine-readable export of your profile data
  • Withdraw Consent: Withdraw your consent to data processing at any time by deleting your account

To exercise any of these rights, contact us at hello@biglawbear.com. We will respond to your request within 30 days.

7. Security

We implement industry-standard security measures to protect your personal information. All data transmitted between your browser and our servers is encrypted using TLS. Access to personal data is restricted to authorized personnel on a need-to-know basis. Our infrastructure providers (Supabase, Vercel) maintain SOC 2 compliance and employ encryption at rest for stored data. While no system is perfectly secure, we continuously review and improve our security practices. If we become aware of a data breach that affects your personal information, we will notify you promptly in accordance with applicable law.

8. Third-Party Links

Our platform may contain links to third-party websites, including law firm websites. We are not responsible for the privacy practices of those sites. We encourage you to review the privacy policies of any third-party site you visit.

9. Voluntary Demographic Data

BigLaw Bear offers a voluntary self-identification section where students may optionally share demographic information including race/ethnicity, gender, LGBTQ+ identity, disability status, veteran status, and first-generation college student status.

This data is stored in a separate, access-restricted database table and is never shared with firms individually. Firms only receive anonymous, aggregate statistics (for example, the percentage of applicants who identified as women). Individual demographic records cannot be accessed, exported, or viewed by any firm user. All demographic fields include a “Prefer not to say” option, and students may update or remove their responses at any time.

10. FERPA Statement

BigLaw Bear is not an educational institution and is not subject to the Family Educational Rights and Privacy Act (FERPA). All information on the platform is voluntarily provided by students directly. BigLaw Bear does not receive education records from law schools. Students choose what information to include in their profiles and which firms to share it with.

11. California Privacy Rights (CCPA)

If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with additional rights regarding your personal information:

  • Right to Know: You may request that we disclose the categories and specific pieces of personal information we have collected about you
  • Right to Delete: You may request that we delete your personal information, subject to certain exceptions
  • Right to Opt-Out of Sale or Sharing:To the extent that any disclosure of personal information described in this Privacy Policy constitutes a “sale” or “sharing” under the CCPA, you have the right to opt out. You may exercise this right by contacting us at hello@biglawbear.com or by using any opt-out mechanism we make available on the platform. We will process your request within 15 business days
  • Non-Discrimination: We will not discriminate against you for exercising your CCPA rights

To exercise these rights, contact us at hello@biglawbear.com. We will verify your identity and respond within 45 days.

12. EEA and UK Privacy Rights (GDPR)

If you are located in the European Economic Area, the United Kingdom, or another jurisdiction with similar data protection laws, you have the following rights under the General Data Protection Regulation (GDPR) and equivalent statutes:

  • Right of Access (Article 15): Request a copy of the personal data we hold about you, the purposes of processing, recipients, retention period, and other prescribed information.
  • Right to Rectification (Article 16): Have inaccurate or incomplete personal data corrected.
  • Right to Erasure (Article 17): Have your personal data deleted, subject to certain exceptions.
  • Right to Restriction (Article 18): Restrict processing of your personal data in certain circumstances.
  • Right to Data Portability (Article 20): Receive a machine-readable export of the personal data you provided to us.
  • Right to Object (Article 21): Object to processing based on our legitimate interests.
  • Right to Withdraw Consent: Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of processing prior to withdrawal.

The legal basis for our processing is your consent (account creation, voluntary profile fields), the necessity of performing the recruiting service you requested (Gold Star signals shared with firms you select), and our legitimate interest in operating and improving the platform.

To exercise any of these rights, contact us at privacy@biglawbear.com. We respond within one calendar month and may extend this period by up to two additional months for complex requests, in which case we will notify you of the extension within the first month.

13. Data Sub-Processors

We use the following third-party services to operate the platform:

  • Supabase: Database and file storage. Hosted on Amazon Web Services (AWS) in the US East region. Data encrypted at rest (AES-256) and in transit (TLS 1.2+).
  • Vercel: Application hosting and edge network. SOC 2 Type II compliant.
  • Resend: Transactional email delivery (account verification, notifications, interview invitations).
  • Twilio: SMS delivery for phone-number verification one-time passcodes. Phone numbers are stored hashed and OTP codes are short-lived.
  • Mailgun: Inbound email handling for our hello@, security@, and privacy@ aliases.
  • Cloudflare: Edge network, DNS, and Turnstile bot protection on login and signup forms. No tracking cookies set by Turnstile.
  • Sentry: Error monitoring and performance tracking. Receives anonymized error reports only.

13a. AI features

BigLaw Bear uses AI to assist recruiters with application review and interviewers during live conversations. Every AI-generated signal is reviewed by a human at the firm before it affects a candidate’s outcome, AI does not hire or reject anyone on its own. The methodology, data inputs, bias monitoring, and opt-out paths are documented in detail at /legal/ai-methodology.

For New York City and Illinois, we additionally comply with the AEDT (Local Law 144) and AI Video Interview Act requirements respectively, and capture explicit consent where required. See /legal/nyc-aedt-notice and /legal/ai-interview-consent.

13b. Email communications and onboarding sequences

When you create a Big Law Bear account we send a series of welcome emails over your first two weeks (Day 0 / 2 / 5 / 14) introducing the tracker, Gold Stars, and interview prep resources. Firm admins receive a parallel activation sequence. These messages are not transactional, they describe features rather than confirm an action you took, so you can opt out at any time from /settings without losing transactional communication (interview confirmations, offer letters, application status changes).

Outbound email is delivered through a managed queue with automatic retry. Failed sends are retried up to five times with exponential backoff and then surface in our admin dashboard for manual triage. The queue table is service-role-restricted; firm or candidate accounts have no access.

Per-firm marketing email preferences are independently controllable: from /settings you can opt out of marketing email from any firm you’ve interacted with without affecting transactional messages from that firm.

13c. Operational telemetry

We log per-execution metadata for our scheduled jobs (cron name, duration, status) and inbound webhook events (provider, event id, status) so the on-call team can monitor platform health. These logs do not contain personal data and are retained for 30 days. Read access is restricted to platform admins.

13d. SMS communications

BigLaw Bear uses SMS text messages solely for account verification (two-factor authentication). When you verify your phone number, we send a one-time 6-digit code via Twilio to confirm your identity. No marketing messages, promotional texts, or recurring messages are sent via SMS.

By providing your phone number and clicking “Verify Phone,” you consent to receiving a one-time verification code via text message from BigLaw Bear. Standard message and data rates may apply. You will not receive any further text messages unless you explicitly request a new verification code.

Reply HELP to any SMS for assistance. Reply STOP to opt out of future verification messages. For support, contact hello@biglawbear.com.

14. Children's Privacy

BigLaw Bear is intended for law students and legal professionals who are at least 18 years of age. We do not knowingly collect personal information from individuals under 18. If we learn that we have collected data from someone under 18, we will delete that information promptly.

15. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email or by posting a prominent notice on the platform. Your continued use of BigLaw Bear after any changes indicates your acceptance of the updated policy.

16. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us at:

hello@biglawbear.com