Privacy Policy

CMG Labs, LLC ("Sortio", "we", "us") is the data controller for personal data processed in connection with our apps, sites, and services.

Address: 3790 El Camino Real, Unit #593, Palo Alto, CA 94306, USA

Privacy contact: marcus@getsortio.com

EU/UK data subjects: Sortio is a US-based sole proprietorship operating under CMG Labs, LLC. We do not currently maintain a formal establishment in the European Economic Area or the United Kingdom. EU and UK residents who use the service may exercise their data-subject rights by contacting marcus@getsortio.com; we commit to responding within the GDPR one-month SLA.

If you choose to sign in with Google, Sortio accesses limited information from your Google account solely for authentication purposes. This section describes our practices specific to Google user data in compliance with the Google API Services User Data Policy.

We may transfer personal data to the United States where our infrastructure and certain providers are located. When we do, we use recognized safeguards, including providers certified under the EU-US Data Privacy Framework and the Standard Contractual Clauses (Module 2, Controller to Processor) for transfers to US sub-processors. The UK International Data Transfer Addendum applies where the UK GDPR governs.

Supplementary measures (Schrems II). In addition to the SCCs, we apply: encryption in transit using TLS 1.2 or higher; encryption at rest on managed data stores (Neon Postgres and Google Cloud Storage); access controls with least-privilege defaults; documented processor terms with each US sub-processor; and an annual review of the supplementary measures in light of evolving Schrems II guidance.

Full processor terms and our DPA template are available at /dpa.

When you use Sortio's AI-powered features (indexing, entity extraction, AI sorting, and chat), extracted text from your documents, along with user and system prompts, is transmitted through our cloud API to third-party large language model providers (including OpenAI) for inference. OpenAI is currently our primary LLM processor; Anthropic and other providers may be used if you select them via Bring-Your-Own-Key (BYOK) settings.

If you configure Sortio to use a local LLM strategy such as Ollama, content does not leave your machine and is not sent to our cloud API or any third-party provider. Third-party LLM providers handle submitted data under their own terms and current provider agreements state they do not train on API data; we cannot guarantee third-party practices and you should review each provider's terms if their handling matters to your use case.

Sortio is not HIPAA-compliant and does not sign Business Associate Agreements. Users must not process Protected Health Information through Sortio, including through AI sorting, entity extraction, knowledge-graph indexing, or chat features.

Healthcare providers and other HIPAA-covered entities use Sortio with PHI entirely at their own risk and in violation of our Terms.

You can request access, correction, deletion, restriction, objection (where we rely on legitimate interests), and data portability (for data you provided to us under consent or contract).

To exercise your rights, email marcus@getsortio.com from the address linked to your account. We respond within one month (extendable in complex cases). We may request information to verify your identity. You can withdraw consent at any time by contacting us.

Website: Non-essential analytics and advertising cookies load only after your opt-in via the Cookie Settings banner (first visit) or the "Your Privacy Choices" footer link (any time). Until you opt in, only strictly necessary cookies are set. See our Cookie Policy for the full per-cookie inventory and our Your Privacy Choices page for the US-state opt-out form.

Desktop app: The app stores settings on your device. Optional diagnostics and telemetry require your opt-in. We are rolling out additional in-app privacy controls for EEA and UK users.

Sortio is not designed to handle data governed by specific regulatory frameworks such as HIPAA, FERPA, ITAR, PCI DSS, or similar laws and standards. You are responsible for ensuring that files you process through Sortio — including filenames, metadata, and any content transmitted when content analysis features are enabled — do not include regulated data unless you have entered into a separate written agreement with us (such as a Business Associate Agreement) that specifically authorizes such processing.

Sortio does not inspect, filter, or classify uploaded data for regulatory compliance. If regulated data is submitted to Sortio without an appropriate agreement, you assume all responsibility and liability for any resulting violations.

When you connect Sortio to a third-party document or practice-management system (currently Google Drive and Clio Manage), Sortio reads the metadata of the documents you choose to organize and writes them, with your approval, into the destination system.

Clio Manage. Sortio reads your matter list and matter metadata from Clio so the matter matcher can propose destinations. Document content stays on your computer during classification. By default, the AI matter matcher sends the filenames you are sorting and your matter metadata (display number, description, client and party names) to Sortio's classifier (which proxies to OpenAI) to propose the most likely destination matter for each file. Classification prompts are retained for up to 30 days for service operation, after which matter party names are redacted. Users who do not want filenames or matter metadata to leave their machine can switch to local-LLM mode in Settings (Sortio supports Ollama and BYOK strategies); when local mode is enabled, no matter-matching content transits Sortio's servers. Files are uploaded directly from your computer to Clio under your account; Sortio's servers do not relay or store the uploaded document contents in any mode. Long-lived Clio access tokens live on your computer; Sortio's servers see them only at the moment of OAuth callback and during refresh-token rotation, never store them durably, and never use them to read your data autonomously. Disconnecting Clio revokes Sortio's tokens and removes Sortio's local cache of your matter list.

Google Drive. Sortio receives drive.file-scoped access (only folders and files you explicitly grant) and reads filenames and basic metadata to build a sort plan. Drive document content is read only when you preview a sort or apply a sort.

Documents previously uploaded into your third-party system remain there after you disconnect.

If you are a resident of California, Colorado, Connecticut, Virginia, Utah, Texas, Oregon, or any other US state with comparable privacy legislation, you have the following rights regarding your personal information:

• Right to Know what personal information we collect, use, disclose, and share.
• Right to Delete personal information we hold about you.
• Right to Correct inaccurate personal information.
• Right to Opt-Out of the sale or sharing of personal information, including cross-context behavioral advertising.
• Right to Limit Use of Sensitive Personal Information.
• Right to Non-Discrimination for exercising your privacy rights.

To exercise opt-out and limit-use rights, use the form on our Your Privacy Choices page. To exercise rights to know, delete, or correct, use our Privacy Requests page or email marcus@getsortio.com.

We honor browser-level Global Privacy Control (GPC) signals as a valid opt-out of sale and sharing for the device in question. We do not sell personal information for money, and we share personal information with advertising partners only when you have granted marketing consent.

Sortio uses generative AI for sorting suggestions, the in-app chat assistant, knowledge graph entity extraction, and integration matchers. For a detailed disclosure of which models we use, what data is sent, retention, limitations, and how to opt out (including switching to a local LLM), see our AI Disclosures page.

2026-05-16: Added Section 18 (US state privacy rights), Section 19 (AI processing) with link to AI Disclosures, expanded Schrems II language in Section 6, rewrote the Cookies section to reflect consent-gated tracker loading, removed SOC 2 compliance claim and replaced with the planned 2026 audit, and tightened the Article 27 representative language. Last updated date: 16 May 2026.

2026-05-05: Added Section 17 (Third-Party Integrations) to disclose Clio Manage and Google Drive data handling specifics. Updated same day to be more explicit that Clio matter-matching prompts (filenames + matter metadata) transit Sortio's classifier by default, and to disclose the local-LLM opt-out via Settings (Ollama / BYOK).

2026-04-18: Added Section 8 (Third-Party LLM Providers) and Section 9 (HIPAA and Protected Health Information); clarified that document content is transmitted to third-party LLM providers (including OpenAI) during AI-powered features; removed prior implication that file contents are always processed locally.

2026-04-06: Added Section 14 (Regulated and sensitive data); updated sorting metadata description to clarify user responsibility for regulated data.

2026-01-27: Added dedicated Google User Data section for Google OAuth sign-in compliance.

2025-10-13: Clarified legal bases, retention, transfers, EEA/UK rights, diagnostics consent, and IP analytics disclosure.