Participate in the Survey

FAQ

L

E

G

A

L

L

E

G

A

L

LEADERS EXPLORING GENERATIVE AI IN LAW

LEADERS EXPLORING GENERATIVE AI IN LAW

Nondisclosure Policy

Purpose and Design Principles

L.E.G.A.L. (Leaders Exploring Generative AI in Law) is a permissioned intelligence system designed by LexFusion Intelligence, an arm of Baretz+Brunelle LLC, to reduce duplicative market questionnaires while enabling longitudinal, behavior-grounded benchmarking about GenAI in legal service delivery. This policy exists to make participation safe by default—through de-identification and/or aggregation, consent-driven disclosure, and strict use limitations.

Core principles:

  • De-identification by default. L.E.G.A.L.’s benchmarking outputs are de-identified and/or aggregated. We do not identify participants in benchmarking outputs unless they affirmatively opt in, in writing, through a separate consent process.
  • Controlled, client-specific disclosure of provider-identified responses (Questions 1–5 only). Certain Provider Survey responses are designated for client-facing disclosure (e.g., Questions 1–5) but only transmitted where the provider has expressly authorized disclosure to a specific Requesting Client.
  • Clients’ survey responses are never shared in client-attributable form. Law department responses are not disclosed to providers or other third parties in any client-identified or client-attributable form. Law department responses may be used only in de-identified and/or aggregated benchmarking outputs (including de-identified visualizations where thresholds are met), such as the composite market report.
  • Persistence with control. Survey responses are retained as an updatable baseline to reduce repeat burden and support longitudinal analysis (with withdrawal options described below).

Key Definitions

  • LexFusion Intelligence/Program Operator (“we/us”): LexFusion Intelligence, an arm of Baretz+Brunelle LLC, serves as the administrator and operator of L.E.G.A.L.
  • Participating Client: A law department that participates in the Client Survey and/or requests responses from Participating Providers (i.e., a Requesting Client).
  • Participating Provider: A firm or legal services provider that participates in the Provider Survey.
  • Requesting Client: A Participating Client seeking provider responses and related client-specific reporting under a client-specific Provider Acknowledgment.
  • Client-Facing Questions (Provider Survey Questions 1–5): The subset of Provider Survey questions designated for controlled, attributed disclosure to Requesting Clients, subject to the provider’s client-specific Provider Acknowledgment for that Requesting Client.
  • Client-Specific Benchmark Report: A benchmark report delivered only to a Requesting Client that contextualizes Provider Survey responses (Questions 1–16). Where authorized, the report may include provider-attributed views of Questions 1–5 (including comparative views). For Questions 6–16, outputs are de-identified and/or aggregated only, potentially including (where thresholds are met) de-identified visualizations in which individual provider responses may appear as unlabeled points that are not attributable to any identified provider.
  • Benchmarking Data: Survey data used in de-identified and/or aggregated form for benchmarking and longitudinal analysis, including the de-identified components of client-specific benchmark reporting and the program-wide composite market report.
  • Composite Market Report: A program-wide, modular report shared with participants—calibrated to their type and level of participation—that presents benchmarking results only in de-identified and/or aggregated form (including de-identified visualizations where thresholds are met) and does not identify participants (whether included or excluded) absent express, written opt-in.
  • Persistent Responses: Responses retained as an ongoing baseline that clients and providers may update over time, rather than reenter from scratch.
  • Submission: The act of saving survey responses to the system to enable persistence and collaboration. Submission does not, by itself, authorize release.
  • Authorization (Survey Acknowledgment): The end-of-survey Acknowledgment (checkbox) through which a participant confirms the applicable survey terms. The Client Survey includes a participant acknowledgment; the Provider Survey includes a client-specific Acknowledgment when a Requesting Client is involved. Authorization is separate from submission/saving.
  • Provider Client-Specific Authorization: A provider’s client-specific permission (e.g., checkbox/Acknowledgment) that controls whether a particular Requesting Client may receive the provider’s client-facing extract (Questions 1–5) and any related client-specific reporting that incorporates the provider’s responses as described in this policy. Provider Client-Specific Authorization is separate from submission.
  • Provider Client-Specific Withdrawal: A provider’s ability to withdraw Provider Client-Specific Authorization for a particular Requesting Client without withdrawing from the L.E.G.A.L. program as a whole. Provider Client-Specific Withdrawal applies prospectively to future client-specific deliveries for that Requesting Client.
  • Fresh Release: A delivery to a Requesting Client of the then-current client-specific outputs covered by an active Provider Client-Specific Authorization (including the client-facing extract of Questions 1–5 and any client-specific benchmarking outputs), after any applicable notice/update window.
What Information We Collect

1. Provider Survey

  • Provider responses
  • Provider-entered Primary Point of Contact for program administration and notices
  • Provider collaborator email addresses (where added) to enable internal collaboration on Provider Survey responses

2. Client Survey

  • Client responses (used only as Benchmarking Data; never shared as client-attributable responses)
  • Client-entered Primary Point of Contact for program administration and notices
  • Client collaborator email addresses (where added) to enable internal collaboration on Client Survey responses

3. Provider contact emails supplied by clients (where provided)

If a Requesting Client supplies provider contact emails to facilitate distribution of the Provider Survey to their providers, those email addresses are used solely to administer the survey for that response cycle and are deleted on the schedule described in “Contact information handling and deletion schedule” section below.

How Provider Survey Responses Are Used

Provider Survey responses may be used in two categories of outputs, with different visibility rules and controls:

1. Client-specific outputs for Requesting Clients (permissioned; client-specific)

When a Participating Client requests client-specific outputs, providers control whether any of their responses are released to that Requesting Client through a single, client-specific Provider Acknowledgment.

Client-specific outputs may include:

  • Client-facing extract (Provider Survey Questions 1–5 only). Questions 1–5 are designated client-facing and may be disclosed to a Requesting Client only where the provider has expressly authorized disclosure to that specific Requesting Client. When disclosed, the extract is treated as confidential provider-to-client information, as if the Requesting Client had administered the survey directly; disclosure does not authorize sharing with other clients or third parties.
  • Client-specific benchmark reporting (Provider Survey Questions 1–16; hybrid identified + de-identified). Separately and in addition, Provider Survey responses may be used to produce client-specific benchmark reports for the Requesting Client:
  • Questions 1–5: Where disclosure to that Requesting Client has been authorized, Questions 1–5 may be reflected in provider-attributed form, including in comparative views within the client-specific benchmark report.
  • Questions 6–16: Individual Provider Survey responses are not disclosed to a Requesting Client in an identifiable (provider-attributable) way. These questions may be reflected only in de-identified and/or aggregated benchmarking outputs, including (where thresholds are met) de-identified visualizations in which individual Provider Survey Responses may appear as unlabeled points that are not attributable to any identified provider.
  • Participation and dataset completeness transparency (client-specific reporting). Client-specific reports may provide transparency at two levels.
  • Panel coverage list: A list of (a) providers included in the client’s report (i.e., providers that have submitted responses and authorized release to that Requesting Client under a Provider Acknowledgment) and (b) providers requested by the client but not included (e.g., did not submit and/or did not authorize release to that Requesting Client).
  • Question-level completeness: Within specific benchmarks, identification of which included providers are not included in that benchmark because they did not answer the relevant question(s). This completeness transparency identifies only nonresponse, not the substance of any non-client-facing response in provider-attributable form.
  • Minimum thresholds. L.E.G.A.L. does not present any client-specific segment (including averages) unless at least five providers are included for that question/segment. De-identified dot plots/distributions are shown only when at least 20 providers are included for that question/segment. Below these thresholds, the attendant benchmarks and visualizations simply are not provided.
  • Fresh release and notice. If a Requesting Client asks for a fresh release while client-specific authorization is active:
  • L.E.G.A.L. will give providers advance notice and an opportunity (but no obligation) to update their responses before delivery or to withdraw authorization for that Requesting Client.
  • Providers are not required to reacknowledge to keep their authorization active; authorization remains in effect until withdrawn.

Providers may withdraw authorization for any particular client at any time. Such withdrawal

  • applies prospectively to future deliveries,
  • does not require program-level withdrawal, and
  • does not affect program-wide composite benchmarking and reporting already produced or delivered.

2. Program-wide composite benchmarking and reporting (de-identified and/or aggregated)

Separately and in addition, Provider Survey Responses (including Questions 1–5 in de-identified form and open-text responses in paraphrased/synthesized form) may be used for program-wide, de-identified and/or aggregated benchmarking and longitudinal analysis across the L.E.G.A.L. community, including the composite report shared with participants. This use does not create organization-specific visibility or attribution and is not tied to any single Requesting Client.

Providers may request program-level withdrawal from program-wide composite benchmarking and reporting. Withdrawal applies prospectively and does not affect composite benchmarking already produced or delivered.

How Client Survey Responses Are Used

Client Survey responses are used only in de-identified and/or aggregated Benchmarking Data (including, where thresholds are met, de-identified visualizations). Client-identified (client-attributable) responses are not shared with third parties, including providers.

Use limitations and “no sale” commitment

We do not sell, license, or provide third parties with access to individual participant-level data as a commercial product, and we do not sell, rent, or trade contact lists. L.E.G.A.L. does not charge for participation. LexFusion Intelligence may monetize L.E.G.A.L.-related programming and services (including events and advisory/collaboration engagements) based on aggregate insights and de-identified and/or aggregated outputs, not on selling individual responses.

Contact information handling and deletion schedule

We deliberately limit collection and retention of personally identifiable information (PII), including contact details.

1. Scope of deletion and system boundary

References in this policy to “deletion” of contact information mean deletion of contact records stored in L.E.G.A.L.-specific systems used to administer the program (the “L.E.G.A.L. Program Database” and related survey administration tools). L.E.G.A.L. does not undertake to locate and delete every instance of contact information that may appear in ordinary-course business communications (e.g., email correspondence) or in enterprise backups maintained under standard retention and security practices.

2. Participant-entered contacts (POCs and collaborators)

  • Point of Contact and collaborator email addresses entered in the Provider Survey and Client Surveys are retained solely for L.E.G.A.L. program administration, including survey access management, collaboration enablement, notices related to client-requested fresh releases, and (where applicable) dashboard enablement.
  • Participant-entered contact information is not shared with third parties for marketing or unrelated outreach but is used for intra-organization coordination. That is, while we do not disclose contact information to third parties, we may use participant-entered contact information to facilitate coordination within your organization (for example, routing subsequent registrations to the organization’s established Primary Point of Contact and connecting colleagues internally).
  • If a participant requests withdrawal of a contact, replacement of an administrative contact, or removal of a collaborator, we will update or delete that contact record in the L.E.G.A.L. Program Database and cease using the superseded contact for program administration going forward.
3. Client-supplied provider contact emails (for outreach)
  • Where a Requesting Client supplies provider email addresses to facilitate distribution to potential Participating Providers, those email addresses are used solely to administer outreach and survey operations for that response cycle (e.g., invitations, reminders, and completion tracking).
  • Following the close of the response period (the stated deadline plus a reasonable follow-up period to complete administration), client-supplied provider email addresses are deleted from the L.E.G.A.L. Program Database and ongoing administration relies on provider-entered points of contact.
4. No marketing use (outside L.E.G.A.L.)
  • Contact information collected for L.E.G.A.L. is used only for L.E.G.A.L.-related purposes, including program administration (e.g., survey delivery, follow-up, notices of fresh releases/dashboards) and communications about L.E.G.A.L.-related events, briefings, and programming (including events that may be sponsored or ticketed).
  • We do not sell, rent, or trade contact lists. Contact information collected for L.E.G.A.L. is not added to general marketing lists and is not repurposed for unrelated outreach, business development, or sales efforts outside L.E.G.A.L.

Client Survey responses are used only in de-identified and/or aggregated Benchmarking Data (including, where thresholds are met, de-identified visualizations). Client-identified (client-attributable) responses are not shared with third parties, including providers.

Data Security and Internal Access Controls

We maintain strict internal controls to protect the confidentiality, integrity, and availability of submitted data. Access to raw submissions is limited to the core L.E.G.A.L. project team on a need-to-know basis, with role-based permissions. Contact information (point of contacts and collaborator emails) is managed separately from benchmarking outputs and reporting datasets.

Security controls include encryption in transit and at rest, role-based access control, SSO/MFA protections for administrative access, audit and monitoring practices appropriate to the platform, and defined retention/deletion operations for L.E.G.A.L.-specific systems (and related backups) consistent with this policy.

Attribution, Case Studies, and Publication (Opt-In Only)

Responses are de-identified and/or aggregated by default in benchmarking outputs, including de-identified visualizations where thresholds are met. Any attributed use—whether naming a participant or using verbatim quotations (including de-identified quotations)—is handled through a separate, consent-driven pathway (typically via optional case studies), with an explicit multistep approval process and no publication without express written permission.

For avoidance of doubt:

  • Provider-identified disclosure to a specific Requesting Client of client-facing Provider Survey responses (Questions 1–5) occurs only where the provider has authorized release to that Requesting Client under a Provider Acknowledgment.
  • Optional open-text responses are paraphrased/synthesized for masked, non-attributed insights by default; verbatim use requires express written permission.
Recipient Obligations for Controlled Disclosures (Questions 1–5)

When a Requesting Client receives authorized release of identified Provider Survey Responses to Questions 1–5 under this policy:

  • The Requesting Client must treat those responses as confidential provider-to-client information as if the Requesting Client had administered the Provider Survey themselves.
  • The Requesting Client may use the responses for internal evaluation and relationship management purposes but may not share or redistribute them outside the Requesting Client’s organization (except to its counsel and advisors bound by confidentiality obligations) and may not use them for marketing, vendor promotion, public attribution, or any other external-facing purpose.
Updates to This Policy

This initiative will evolve over time—expanding questions, outputs, and delivery mechanisms. What will not change is our commitment to the following:

  • De-identification by default
  • Consent-driven disclosure and attribution
  • Protection of participant data
  • Transparency in how insights are used
Questions, Updates, and Withdrawal Requests

For questions or to update participation preferences, contact LexFusion Intelligence at LFIntel@baretzbrunelle.com.

Addendum – Data Processing Summary (Plain English)

This section is intended to answer procurement and privacy questions quickly. It does not expand the scope of this policy; it summarizes it.

The three data buckets and how they are separated

Administrative Contact Data includes point-of-contact information and outreach logistics (e.g., POC and collaborator emails, invitations/reminders, and notice routing). This data is used only to operate L.E.G.A.L., including survey delivery, collaboration enablement, client-specific release workflows, notices (e.g., fresh releases), and participant support.

Survey Response Data consists of organization-level answers. This data is used in the following ways:

  • Client-specific outputs (permissioned; client-specific): Controlled disclosure of Provider Survey Questions 1–5 to a specific Requesting Client, only where the provider has authorized release to that Requesting Client under a Provider Acknowledgment. Client-specific reporting may also include client-specific benchmark reporting across Questions 1–16 (with Questions 1–5 potentially reflected in provider-attributed form where authorized, and Questions 6–16 reflected only in de-identified and/or aggregated form, including de-identified visualizations where thresholds are met).
  • Program-wide benchmarking and reporting (de-identified and/or aggregated): De-identified and/or aggregated benchmarking and longitudinal analysis across the L.E.G.A.L. community, including the composite report shared with participants. No participants are identified in program-wide reporting absent express, written opt-in.

What a Requesting Client can receive and what it cannot

When a provider authorizes release to a specific Requesting Client under a Provider Acknowledgment, that Requesting Client may receive only the provider’s responses to Provider Survey Questions 1–5 in provider-attributed form. That disclosure applies only to that provider and only to that specific Requesting Client; it does not authorize sharing with other clients or third parties.

A Requesting Client may also receive client-specific benchmark reporting that contextualizes results across Provider Survey Questions 1–16, subject to the visibility limits described in this policy: Questions 6–16 are never disclosed in a provider-attributable form and may be reflected only in de-identified and/or aggregated outputs (including de-identified visualizations where thresholds are met).

The following information is always excluded from any client-facing disclosure or client-specific reporting:

  • Provider- or client-entered Point of Contact information (including collaborator emails)
  • Client-supplied provider outreach email lists, if any
  • System Access Data and any other technical or security metadata

All other Provider Survey responses beyond Questions 1–5 are non-client-facing and are used only in de-identified and/or aggregated form.

What we do not collect—and what participants should not provide

L.E.G.A.L. is designed for behavior-grounded market intelligence about the impact of GenAI on legal service delivery. It is not designed to collect or report client-confidential, matter-specific, or privileged information.

We do not request or intentionally collect privileged content, client-confidential matter facts, or other matter-level materials. We also do not request sensitive personal data, including special-category data, government identification numbers, financial account numbers, or HR/personnel records.

Participants should not include sensitive personal data, privileged content, or client-confidential matter details in any free-text field.

If such information is inadvertently submitted, please contact us promptly at LFIntel@baretzbrunelle.com so we can evaluate appropriate handling consistent with this policy and our security documentation.

Use limitations summary

We do not sell, license, or provide third parties with access to individual participant-level data, and we do not sell or rent contact lists. L.E.G.A.L. does not charge for participation.

L.E.G.A.L. data is used for the following purposes: (i) to transmit provider-authorized, provider-attributed responses to Requesting Clients, limited to Provider Survey Questions 1–5; (ii) to produce de-identified and/or aggregated benchmarking and longitudinal analysis (including client-specific benchmark reporting and the program-wide composite market report, subject to the visibility limits described in this policy); and (iii) to support deeper, opt-in collaboration such as briefings, working sessions, or case studies, subject to separate consent.

For retention and deletion details and system-boundary clarifications, see the “Contact information handling and deletion schedule” section above.