1. Scope & roles

This Privacy Policy explains how Cliont handles personal information (“PI”) for (i) website visitors; (ii) law‑firm clients and their staff; and (iii) individuals who submit intake information, recordings, or documents through Cliont forms.

For law‑firm intake data, Cliont acts as a service provider/processor and processes PI at the law firm’s direction.

For our own operations (security, debugging, analytics, billing, limited marketing), Cliont may act as a business/controller.

We provide a California Notice at Collection and honor browser‑based opt‑out signals recognized under applicable law (see §7).

2. Notice at Collection (California) — categories, purposes, retention (summary)

We collect the following PI categories (examples vary by your use of the Service):

Category | Examples | Purposes | Default retention (see §10)
Identifiers | Name, email, phone, account ID, IP | Account, authentication, support, security | Life of account + up to 3 years
Commercial data | Subscription, transactions | Billing, tax, account mgmt | 7 years (accounting)
Internet/activity | IP, device IDs, logs, usage | Security, fraud, analytics | Logs 24 months; analytics up to 26 months
Geolocation (coarse) | Region/city from IP | Localization, compliance | Up to 24 months
Audio/Video/content | Voice/video recordings, transcriptions; uploaded docs/images | Intake, triage, routing to law firm; quality | Matter life + up to 3 years (or earlier on request)
Sensitive PI (state‑defined) | Biometric identifiers/templates (if created), precise geo, CHD | Provide features; security; no sale | Limited to purpose; see §6 and §10
Inferences | Triage scores/tags | Routing, anti‑fraud | Account life + up to 24 months

3. Sources

You (forms/uploads), your device (cookies/SDKs), your law firm, our service providers, and public sources.

4. How we use PI

To provide and improve the Service; authenticate users; prevent fraud/security incidents; process and transcribe recordings; route and notify law firms; provide support; measure performance; comply with law; and with your consent for optional communications or research.

5. Disclosures to service providers and third parties

We share PI with vendors who help us deliver the Service (e.g., hosting, storage, transcription, analytics, support). We prohibit them from selling your PI and require appropriate security and deletion commitments.

6. Sensitive/regulated data

Biometric information (if enabled). If Cliont or its vendors create or use biometric identifiers (e.g., voiceprints or face geometry) from recordings, we provide written notice, obtain any required written consent, restrict use to the stated purpose, and publicly post a retention/destruction schedule. Biometric identifiers/templates are destroyed when the purpose is satisfied or within 3 years of the last interaction, whichever occurs first, consistent with Illinois BIPA §15(a). We do not sell or profit from biometric information.

Consumer health data. Intake submissions may contain health‑related details. For data outside HIPAA, we apply additional restrictions consistent with Washington’s My Health My Data Act (policy transparency, consent, and consumer rights).

7. “Sale,” “sharing,” targeted advertising & signals

Cliont does not sell law‑firm intake data. For our sites/apps, we may use analytics/ads. To the extent this constitutes a “sale” or “sharing” (California) or “targeted advertising” (other states), you may opt out in Your Privacy Choices and by enabling the Global Privacy Control (GPC) signal, which we honor. We also honor Colorado‑recognized Universal Opt‑Out Mechanisms (currently including GPC).

8. Your privacy rights

Depending on your state, you may have rights to access, correct, delete, opt out of sales/sharing/targeted ads, portability, limit sensitive PI (CA), and appeal decisions. Submit requests at [email protected] or via Your Privacy Choices. We verify your identity and accept authorized‑agent requests as required.

9. Children

Cliont is not directed to children under 13 and we do not knowingly collect PI from them. If we learn of such collection, we will delete it. Learn more about COPPA at the FTC.

10. Retention

We retain PI only as long as needed for the purposes above, to meet legal obligations, or as directed by our law‑firm customers. Defaults: billing 7 years; logs 24 months; analytics up to 26 months; intake materials while the matter is active + up to 3 years; biometric identifiers/templates as in §6.

11. Security

We implement administrative, technical, and physical safeguards appropriate to the data and risks (e.g., encryption in transit/at rest, access controls, audit logs, vulnerability management). No system is 100% secure.

12. International transfers

Data is primarily hosted in the United States. If transfers occur, we use appropriate safeguards.

13. Changes

We may update this Policy and will post the new effective date.

14. Contact

Frankfort Law Group | 10075 W Lincoln Hwy Floor 1, Frankfort, IL 60423 | [email protected] | (708) 766-7333
California assistance: DCA at (800) 952‑5210, 1625 North Market Blvd., Sacramento, CA 95834.