Privacy Policy

inCamera exists to provide legal professionals with AI-powered tools that respect the confidentiality obligations inherent to the practice of law. This Privacy Policy explains how our architecture ensures that your client matters, legal research, document drafts, and communications with AI systems remain private by design—not merely by policy.

The inCamera application is a locally-installed desktop client built using the Tauri framework, available for macOS (current, 2025), Windows (release planned Q1 2026), and Linux (release planned Q1 2026). This client runs entirely on your computer.

When you interact with AI models through inCamera, your prompts travel directly from your local client to the AI provider's servers. Your prompts do not pass through inCamera's servers. Your prompts are not logged, stored, cached, or processed by inCamera at any point.

The local client stores all of the following exclusively on your device:

• Your conversation history
• Your documents and attachments
• Your prompt templates and preferences
• Your AI-generated responses
• Any other substantive content

inCamera maintains contractual Zero Data Retention ("ZDR") agreements with our AI provider partners. Under these agreements, AI providers contractually commit that:

• They will not store, log, or retain any prompts or responses processed through API keys issued under our enterprise agreements
• They will not use any data processed through our API keys for model training, improvement, or any other purpose
• They will not maintain any record of the substance of requests made through our service

These agreements are legally binding contracts that govern the AI providers' handling of all traffic from inCamera-issued API credentials.

Regardless of which AI provider you use through inCamera, your prompts travel directly from your device to the provider's servers. Our servers never see, log, or process your actual content. What differs is how we provision the credentials that make this possible:

• For some providers, we issue short-lived access tokens delivered through an encrypted, cryptographically-signed channel. These tokens refresh automatically in the background. For other providers, you receive API credentials tied to our enterprise agreements. In both cases, the credentials activate Zero Data Retention protections with the provider while keeping your prompts off our infrastructure entirely.

We provide the key; the AI provider provides the room; you have a private conversation we cannot hear.

We collect and retain only the following categories of information:

To verify that our service is being used by licensed legal professionals, we collect:

• Your full legal name
• Your email address
• Your jurisdiction(s) of licensure
• Your bar number(s)
• The state bar(s) with which you are registered

We verify your bar status through publicly available bar directories and verification services. We may retain records of verification checks performed, including the date of verification, the bar authority queried, and the status returned (active, inactive, suspended, etc.).

We collect and retain billing records including:

• Your subscription tier and status
• Payment amounts and dates
• Usage metrics sufficient to calculate billing (such as token counts or API call volumes—but not the content of those calls)
• Payment method information (processed through our payment processor; we do not store full payment card numbers)

If you contact us for technical support, we will retain records of that communication. We strongly advise you not to include any client-confidential information in support requests, as such communications would be stored on our systems.

We want to be explicit about what we do not have:

• Your prompts or queries to AI systems
• AI-generated responses
• Documents you upload, analyze, or create
• Your conversation history
• Your client names, matter information, or any case details
• Your local application settings or preferences
• Any substantive content related to your legal work

If inCamera receives a subpoena, court order, or other legal process demanding user information, the only information we are capable of producing is the account and billing information described in Section 3 above.

We cannot produce prompts, responses, documents, or any substantive content because we do not possess it. A demand for such information would be technically impossible for us to satisfy.

inCamera serves multiple legal professionals through shared enterprise agreements with AI providers. From the AI provider's perspective—even if they were to violate their ZDR commitments—traffic from inCamera users is aggregated under shared credentials. Disaggregation and attribution to individual users based on information held by the AI provider is more costly under the inCamera architecture.

Because all substantive data resides locally on your device, you are responsible for:

• Securing your local device and maintaining appropriate access controls
• Implementing backup procedures for any data you wish to preserve
• Ensuring your local environment meets your jurisdiction's requirements for protecting client confidential information

inCamera provides the privacy architecture; you provide the local security.

For the limited data we do hold (account information, bar credentials, billing records), we implement industry-standard security measures including:

• Encryption in transit and at rest
• Access controls limiting employee access to user data
• Regular security assessments
• Secure data handling procedures

Your local data is secured by the mechanisms you implement on your own systems. The inCamera client stores data using your operating system's standard security features, but ultimate responsibility for local security rests with you.

We retain account information for the duration of your subscription plus a reasonable period for billing reconciliation and legal compliance (typically 7 years for financial records as required by law).

Upon account termination, we will delete your account information except as required for legal or regulatory compliance.

Data stored locally by the inCamera client remains on your device. Uninstalling the application or deleting its data directory will remove this information. We have no ability to delete, preserve, or access your local data.

Our current AI provider partners operating under Zero Data Retention agreements are listed on our ZDR Agreements page. We may add or change providers; any provider we use will be subject to ZDR agreements with equivalent protections.

We use third-party payment processors to process payments. Your payment information is handled according to their privacy policy and PCI-DSS requirements.

We may use third-party services to verify bar status. These services receive only the information necessary to perform verification (name, bar number, jurisdiction) and return only status information.

We do not sell, rent, or share your information with any other third parties except as required by law.

We may update this Privacy Policy from time to time. We will notify you of material changes via email to your registered address. Your continued use of the service after notification constitutes acceptance of the updated policy.

inCamera is owned and operated by Mela Roo, Inc., a Louisiana corporation.

Mailing Address:
Mela Roo, Inc.
PO Box 11
Hammond, LA 70404

Physical Location:
102 N Magnolia Street
Hammond, LA 70401

For privacy-related inquiries, contact us at [email protected].