Privacy Policy
Effective May 18, 2026
Plain-English summary: We’re a small law firm. We collect what we need to evaluate your matter and do the work — your name, contact details, your company, your jurisdiction, and any documents you share with us. We use it to provide legal services. We share it only with service providers who help us run the practice (payment, e-signature, hosting, email). We don’t sell your data. Once we’ve been engaged as your attorneys, the bar-rule duty of confidentiality protects your information beyond what this policy says.
On this page
1. About this policy
This Privacy Policy explains how AIPromptLaw PLLC (“we,” “us,” “AIPromptLaw”) collects, uses, and shares information when you use aipromptlaw.com (the “Site”) and when you engage us for legal services.
It does not replace or limit our professional obligations to engaged clients under applicable bar rules. Where bar rules give you stronger protection than this policy, the bar rules govern.
2. Information we collect
We collect information you give us directly, information collected automatically when you use the Site, and information from third-party service providers.
Information you provide directly
When you submit an intake form, contact us, or engage us for services, we collect:
- Your name, email address, and phone number (if provided)
- Your company name and the state your business operates in (if provided)
- The service you’re requesting and what kind of contract or document is involved
- The jurisdiction governing your contract and what you’re concerned about
- The documents you upload for review
- Payment information (handled by Stripe — we do not see or store full card numbers)
- E-signature data on engagement letters (handled by DocuSign)
- Communications you exchange with us by email
Information collected automatically
When you visit the Site, we and our service providers may collect:
- IP address and approximate location derived from it
- Browser type and operating system
- Pages visited, time on page, and referral source
- Information about clicks and form interactions
We use this information for site analytics and security only. The Site uses Cloudflare for hosting and edge security, which collects some of this data as part of its service. We do not currently use third-party advertising trackers or behavioral advertising cookies.
Information from service providers
- Stripe (payments): confirmation that a charge was successful, the last four digits of the card, and chargeback information.
- DocuSign (e-signature): confirmation that an engagement letter was signed and the date and time.
- Tally (intake forms): the contents of your form submission.
- Google Workspace (email): the contents of emails you send to us via @aipromptlaw.com addresses.
3. How we use information
We use information to:
- Evaluate whether to accept your matter
- Provide the legal services you have engaged us for
- Communicate with you about your matter and our services
- Process payments and send invoices
- Maintain the Site and improve its operation
- Comply with our professional and legal obligations
- Defend our legal interests
For engaged clients, our use of your information is also governed by the engagement letter and the applicable bar rules of confidentiality.
4. How we share information
We share information only with:
- Service providers who help us run the practice, listed below.
- Other professionals (co-counsel, expert witnesses, opposing counsel) where necessary to perform the work you have engaged us for. We obtain your consent for substantive disclosures.
- Authorities when required by law or court order, or where permitted by bar rules’ exceptions to confidentiality.
- Successor entities in connection with a sale or merger of the practice — subject to applicable bar rules.
Our current service providers:
| Provider | Purpose | Data category |
|---|---|---|
| Cloudflare | Site hosting and edge security | IP, request metadata |
| Tally | Intake form collection | Form responses, uploaded documents |
| Stripe | Payment processing | Name, email, payment info |
| DocuSign | E-signature on engagement letters | Name, email, signature metadata |
| Google Workspace | Email contents |
We do not sell your personal information. We do not share your personal information for cross-context behavioral advertising.
5. Attorney-client confidentiality (engaged clients)
Once you sign an engagement letter and we begin work, the relationship is governed by the rules of professional conduct of the relevant state bars — Pennsylvania, New Jersey, and Texas in our case. Those rules impose a duty of confidentiality that is broader than this Privacy Policy. We will not disclose information learned in the course of representing you, except as permitted or required by those rules.
This duty continues even after the engagement ends.
6. How long we keep information
| Category | Retention period |
|---|---|
| Intake submissions where we did not engage | 1 year, then deleted |
| Engaged-client matter files | 7 years after engagement closes (the minimum required by applicable bar rules; some matters require longer) |
| Financial records | 7 years (for tax and accounting purposes) |
| Email correspondence | Retained in Google Workspace, subject to litigation holds and bar-rule requirements |
| Site analytics | Up to 14 months (Cloudflare default) |
You can ask us to delete information earlier, subject to the legal and professional obligations described in Section 7 and applicable retention rules.
7. Your rights
Subject to applicable law and our professional obligations, you can:
- Ask what information we hold about you
- Ask us to correct inaccurate information
- Ask us to delete information (subject to retention requirements)
- Withdraw consent for processing where consent was the basis
- Object to processing where we relied on legitimate interests
- Lodge a complaint with a supervisory authority where applicable
To exercise any of these rights, email hello@aipromptlaw.com. We will verify your identity before responding.
7A. California residents (CCPA / CPRA)
If you are a California resident, you have specific rights under the California Consumer Privacy Act, as amended by the California Privacy Rights Act (collectively, “CCPA”).
Categories of personal information collected (last 12 months)
- Identifiers (name, email, IP address)
- Customer records (company, state of operation, contracts uploaded)
- Internet activity (browsing on the Site)
- Geolocation data (approximate location from IP)
- Professional information (related to the contracts being reviewed)
- Inferences (derived from the information above for matter-evaluation purposes)
Sources
Directly from you, automatically from the Site, and from our service providers.
Business purposes
- Providing legal services you have engaged us for
- Evaluating whether to accept matters
- Operating the Site
- Processing payments
- Complying with legal and professional obligations
Categories of third parties to whom we disclose for business purposes
The service providers listed in Section 4.
Sale or sharing of personal information
We do not sell personal information and we do not share personal information for cross-context behavioral advertising. We have not done so in the past 12 months.
Sensitive personal information
Uploaded contracts may contain sensitive personal information of you or third parties. We use that information only to provide the legal services engaged. We do not use it to infer characteristics about you for any other purpose.
Your CCPA rights
- Right to know what categories and specific pieces of personal information we have collected, used, disclosed, and sold or shared.
- Right to delete personal information we have collected (subject to legal exceptions, including our professional obligation to retain matter files).
- Right to correct inaccurate personal information.
- Right to opt out of sale or sharing (not applicable to us because we do neither).
- Right to limit use of sensitive personal information to authorized business purposes.
- Right to non-discrimination for exercising any CCPA right.
How to submit a request
Email hello@aipromptlaw.com with the subject line “CCPA Request.” We will respond within 45 days, extendable by 45 days if necessary, with notice. We verify identity by matching information you provide against what we already hold; we may require additional verification for sensitive requests.
Authorized agents
You may designate an authorized agent to make a request on your behalf. We require proof of the agent’s authorization and may require you to verify your identity directly.
7B. EU/UK residents (GDPR / UK GDPR)
If you are in the European Economic Area, the United Kingdom, or Switzerland, the following applies in addition to Section 7.
Data controller
AIPromptLaw PLLC, 5900 Balcones Drive #31815, Austin, TX 78731, United States. Contact: hello@aipromptlaw.com.
EU/UK representative
We have not appointed an EU/UK representative under Article 27 GDPR because our processing of EU/UK personal data is occasional, does not include large-scale processing of special categories, and is unlikely to result in risk to the rights and freedoms of natural persons. If we begin offering services regularly to EU/UK clients, we will appoint a representative.
Lawful bases for processing
| Activity | Lawful basis |
|---|---|
| Evaluating and providing legal services | Performance of a contract (engagement letter) and pre-contractual steps |
| Operating and securing the Site | Legitimate interests (running a safe website) |
| Sending you transactional emails about your matter | Performance of a contract |
| Marketing communications (if any) | Consent (you may withdraw at any time) |
| Complying with legal and professional obligations | Legal obligation |
Your GDPR rights
- Access to your personal data
- Rectification of inaccurate data
- Erasure (“right to be forgotten”), subject to legal and professional exceptions
- Restriction of processing
- Data portability (where applicable)
- Objection to processing based on legitimate interests
- Withdrawal of consent (where consent was the basis)
- Lodge a complaint with your local supervisory authority (e.g., the UK ICO, the Irish DPC, your country’s data protection authority)
International transfers
AIPromptLaw is based in the United States. When we process personal data of EU/UK residents, that data is transferred to and processed in the United States. We rely on Standard Contractual Clauses (SCCs) with our service providers where applicable, and we take reasonable measures to protect personal data during transfer.
Automated decision-making
We do not make automated decisions that produce legal or similarly significant effects.
8. Cookies and similar technologies
The Site uses a minimal set of cookies:
- Strictly necessary cookies for site functionality (no consent required)
- Cloudflare cookies for security and performance (no cross-site tracking)
We do not currently use analytics or advertising cookies. If we add analytics in the future, we will update this policy and obtain consent where required.
9. Children’s privacy
The Site is for businesses, not children. We do not knowingly collect personal information from anyone under 16 (or under 18 in some jurisdictions). If you believe we have, contact us and we will delete it.
10. Security
We use commercially reasonable measures to protect personal information: encrypted transit (HTTPS), reputable service providers with their own security commitments, access controls on our internal systems, and minimum-necessary information collection. No system is perfectly secure, and we cannot guarantee absolute security.
11. Changes to this policy
We may update this Privacy Policy from time to time. We will update the Effective date at the top. If we make material changes, we will notify clients by email and post a notice on the Site for at least 30 days.
12. Contact
Questions about this policy, or to exercise a privacy right:
Email: hello@aipromptlaw.com
Subject line: “Privacy” (or “CCPA Request” or “GDPR Request” if applicable)
Mail:
AIPromptLaw PLLC
5900 Balcones Drive #31815, Austin, TX 78731