LisARM is an AI-powered legal intelligence and securities compliance assistant that monitors social media content in real time for regulatory violations. It works as a Chrome extension across supported platforms, scanning posts before publication for SEC, FINRA, and other regulatory risks.

How does LisARM detect compliance violations?

LisARM uses AI-powered keyword scanning to detect high-risk and medium-risk terms in real time as you type. It identifies potential SEC/FINRA violations, forward-looking statements, material non-public information (MNPI) disclosures, and other regulatory risks before content is published.

Does LisARM store or transmit my data?

LisARM performs compliance scanning locally in your browser and uses authenticated server sync for selected workflows such as legal escalation and activity history.

Who is LisARM designed for?

LisARM is designed for investor relations teams, corporate communications, legal and compliance departments, marketing teams, and executives at regulated firms including broker-dealers, investment advisories, hedge funds, and financial institutions.

What regulations does LisARM help with?

LisARM helps organizations comply with SEC regulations, FINRA rules, Regulation Fair Disclosure (Reg FD), SOX requirements, and other securities regulations governing public communications and social media use in the financial industry.

Privacy Policy

Last updated: April 7, 2026

1. Scope

LisARM(“we”, “our”, or “us”) provides a compliance workflow that includes a web dashboard and a browser extension for reviewing draft social posts before publishing. This policy explains what personal information we collect, how we use it, how we share it, and what rights you have. This policy applies to our website, dashboard, extension, and related support and security operations.

2. Personal information we collect

Account and profile data: name, email address, phone number, password hash, account type, role, and for business accounts, company name, role title, and company size.
Authentication and session data: sign in tokens, session cookies, extension authentication tokens, password reset tokens, and login attempt records used for account protection.
Compliance workflow data: detected keyword risk flags, selected review actions, and escalation request payloads. Draft post text is scanned locally in the extension. It is sent to our servers only when you explicitly use server features such as AI review or legal escalation.
Activity and product usage data: event type, event time, source, platform, page path, limited metadata, and a UI identifier generated by the extension. Some events can be logged without account sign in.
Team and legal contact data: team invite details, inviter and invitee emails, legal contact name and email, and team membership state.
Billing and subscription data: plan selections, Stripe customer and checkout references, subscription status, and webhook event IDs used for idempotency. Full payment card numbers are processed by Stripe, not stored by us.
Support and communication data: email content and contact details you provide in support or transactional communications.
Security data: network source details such as IP based identifiers, abuse blocklist checks, and security event logs used to protect accounts and services.

3. How we collect information

Directly from you: sign up forms, settings, payment checkout actions, legal contact setup, support emails, and account requests.
Automatically from product usage: dashboard and extension event logging, account security monitoring, and extension installation status updates.
From extension storage: keyword lists and sign in tokens stored in browser extension storage areas.
From integrated services: authentication and email infrastructure, payment providers, and AI model providers when you invoke those features.

4. Why we use personal information

To provide core services, including account management, team workflows, compliance review, extension setup, and legal escalation.
To process subscriptions and manage billing events.
To maintain security, detect abuse, enforce policies, and keep reliable service operations.
To send service messages such as password reset and account related notifications.
To improve features and user experience through product usage analytics that can be tied to account level settings.
To comply with legal obligations, including record keeping and lawful requests.

5. Legal grounds for processing

Where applicable privacy laws require a legal basis, we rely on contractual necessity, legitimate interests, consent where required, and compliance with legal obligations.

6. Cookies and similar technologies

We use essential cookies and similar technologies for sign in sessions, security, and service operation in the dashboard. We also use browser extension storage to keep extension settings and session state. At this time, behavior based advertising cookies are not a core part of our product flow.

7. How we share personal information

Service providers and processors: hosting, database, email delivery, payment processing, and AI service providers who process data on our behalf.
Payment processing: Stripe processes payment details according to Stripe policies.
Browser platform providers: extension storage sync can involve browser vendor services under their terms.
Legal and safety disclosures: when required by law, to respond to lawful process, or to protect rights, safety, and security.
Business transfers: in connection with a merger, acquisition, financing, or asset transfer, subject to applicable safeguards.

We do not sell personal information for money. We do not share personal information for cross context behavioral advertising.

8. AI feature specific processing

If you use AI compliance review, draft post text, selected risk signals, platform context, and page URL are sent to our AI provider to generate review output and rewrite suggestions. This feature is optional and user initiated. Local keyword screening runs in the extension without sending content to our servers.

9. Data storage and protection

Personal information is stored in managed systems, including database infrastructure and integrated operational services.
Passwords are stored as cryptographic hashes, not plain text.
We use access controls, transport encryption, event logging, input validation, and rate limiting to reduce misuse risk.
We apply least privilege access principles for operational access.

No internet transmission or storage system can be guaranteed as fully secure, but we use reasonable and appropriate safeguards for the data we process.

10. Data retention

Account records: retained while your account is active and for a reasonable period after closure for legal, fraud prevention, and operational needs.
Activity events: retained for up to 365 days by default, with configurable service settings.
Password reset tokens: expire after one hour and are marked as used after redemption.
Consent and legal acceptance logs: retained as necessary for compliance evidence and dispute resolution.
Support records: retained as needed to resolve support requests and maintain service records.

Retention can be extended when required to comply with law, resolve disputes, enforce agreements, or preserve evidence.

11. Cross border transfers

Our primary market is the United States. If you access the service from outside the United States, your personal information may be transferred to and processed in the United States or other countries where our providers operate. Where required, we use appropriate safeguards for international data transfers.

12. Your privacy rights

Depending on your location and applicable law, you may have rights to access, correct, delete, or receive a portable copy of your personal information, and to object to or limit certain processing.

United States residents, including California residents, may have additional rights under state privacy laws, which can include rights to know, delete, correct, and limit certain uses of personal information.

Signed in users can manage profile data and telemetry preferences in dashboard settings and can request account deletion. You can also contact us to exercise rights.

We may need to verify your identity before completing certain requests. You may also designate an authorized agent where permitted by law.

13. Children privacy

LisARM is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child provided personal information, contact us and we will take appropriate steps.

14. Security measures

We maintain technical and organizational safeguards that include password hashing, authentication controls, rate limiting, abuse detection, event logging, and internal access controls. We regularly review and improve these controls as our product evolves.

15. Policy updates

We may update this policy from time to time. Changes will be posted on this page with an updated “Last updated” date. Where required by law, we will provide additional notice.

16. Contact us

For privacy questions, rights requests, or complaints, contact us at support@balogunharold.com. We will respond in line with applicable law.