Legal

Privacy Policy

Effective May 18, 2026

Plain-English summary: We’re a small law firm. We collect what we need to evaluate your matter and do the work — your name, contact details, your company, your jurisdiction, and any documents you share with us. We use it to provide legal services. We share it only with service providers who help us run the practice (payment, e-signature, hosting, email). We don’t sell your data. Once we’ve been engaged as your attorneys, the bar-rule duty of confidentiality protects your information beyond what this policy says.

1. About this policy

This Privacy Policy explains how AIPromptLaw PLLC (“we,” “us,” “AIPromptLaw”) collects, uses, and shares information when you use aipromptlaw.com (the “Site”) and when you engage us for legal services.

It does not replace or limit our professional obligations to engaged clients under applicable bar rules. Where bar rules give you stronger protection than this policy, the bar rules govern.

2. Information we collect

We collect information you give us directly, information collected automatically when you use the Site, and information from third-party service providers.

Information you provide directly

When you submit an intake form, contact us, or engage us for services, we collect:

Information collected automatically

When you visit the Site, we and our service providers may collect:

We use this information for site analytics and security only. The Site uses Cloudflare for hosting and edge security, which collects some of this data as part of its service. We do not currently use third-party advertising trackers or behavioral advertising cookies.

Information from service providers

3. How we use information

We use information to:

For engaged clients, our use of your information is also governed by the engagement letter and the applicable bar rules of confidentiality.

4. How we share information

We share information only with:

Our current service providers:

Provider Purpose Data category
Cloudflare Site hosting and edge security IP, request metadata
Tally Intake form collection Form responses, uploaded documents
Stripe Payment processing Name, email, payment info
DocuSign E-signature on engagement letters Name, email, signature metadata
Google Workspace Email Email contents

We do not sell your personal information. We do not share your personal information for cross-context behavioral advertising.

5. Attorney-client confidentiality (engaged clients)

Once you sign an engagement letter and we begin work, the relationship is governed by the rules of professional conduct of the relevant state bars — Pennsylvania, New Jersey, and Texas in our case. Those rules impose a duty of confidentiality that is broader than this Privacy Policy. We will not disclose information learned in the course of representing you, except as permitted or required by those rules.

This duty continues even after the engagement ends.

6. How long we keep information

Category Retention period
Intake submissions where we did not engage 1 year, then deleted
Engaged-client matter files 7 years after engagement closes (the minimum required by applicable bar rules; some matters require longer)
Financial records 7 years (for tax and accounting purposes)
Email correspondence Retained in Google Workspace, subject to litigation holds and bar-rule requirements
Site analytics Up to 14 months (Cloudflare default)

You can ask us to delete information earlier, subject to the legal and professional obligations described in Section 7 and applicable retention rules.

7. Your rights

Subject to applicable law and our professional obligations, you can:

To exercise any of these rights, email hello@aipromptlaw.com. We will verify your identity before responding.

7A. California residents (CCPA / CPRA)

If you are a California resident, you have specific rights under the California Consumer Privacy Act, as amended by the California Privacy Rights Act (collectively, “CCPA”).

Categories of personal information collected (last 12 months)

Sources

Directly from you, automatically from the Site, and from our service providers.

Business purposes

Categories of third parties to whom we disclose for business purposes

The service providers listed in Section 4.

Sale or sharing of personal information

We do not sell personal information and we do not share personal information for cross-context behavioral advertising. We have not done so in the past 12 months.

Sensitive personal information

Uploaded contracts may contain sensitive personal information of you or third parties. We use that information only to provide the legal services engaged. We do not use it to infer characteristics about you for any other purpose.

Your CCPA rights

How to submit a request

Email hello@aipromptlaw.com with the subject line “CCPA Request.” We will respond within 45 days, extendable by 45 days if necessary, with notice. We verify identity by matching information you provide against what we already hold; we may require additional verification for sensitive requests.

Authorized agents

You may designate an authorized agent to make a request on your behalf. We require proof of the agent’s authorization and may require you to verify your identity directly.

7B. EU/UK residents (GDPR / UK GDPR)

If you are in the European Economic Area, the United Kingdom, or Switzerland, the following applies in addition to Section 7.

Data controller

AIPromptLaw PLLC, 5900 Balcones Drive #31815, Austin, TX 78731, United States. Contact: hello@aipromptlaw.com.

EU/UK representative

We have not appointed an EU/UK representative under Article 27 GDPR because our processing of EU/UK personal data is occasional, does not include large-scale processing of special categories, and is unlikely to result in risk to the rights and freedoms of natural persons. If we begin offering services regularly to EU/UK clients, we will appoint a representative.

Lawful bases for processing

Activity Lawful basis
Evaluating and providing legal services Performance of a contract (engagement letter) and pre-contractual steps
Operating and securing the Site Legitimate interests (running a safe website)
Sending you transactional emails about your matter Performance of a contract
Marketing communications (if any) Consent (you may withdraw at any time)
Complying with legal and professional obligations Legal obligation

Your GDPR rights

International transfers

AIPromptLaw is based in the United States. When we process personal data of EU/UK residents, that data is transferred to and processed in the United States. We rely on Standard Contractual Clauses (SCCs) with our service providers where applicable, and we take reasonable measures to protect personal data during transfer.

Automated decision-making

We do not make automated decisions that produce legal or similarly significant effects.

8. Cookies and similar technologies

The Site uses a minimal set of cookies:

We do not currently use analytics or advertising cookies. If we add analytics in the future, we will update this policy and obtain consent where required.

9. Children’s privacy

The Site is for businesses, not children. We do not knowingly collect personal information from anyone under 16 (or under 18 in some jurisdictions). If you believe we have, contact us and we will delete it.

10. Security

We use commercially reasonable measures to protect personal information: encrypted transit (HTTPS), reputable service providers with their own security commitments, access controls on our internal systems, and minimum-necessary information collection. No system is perfectly secure, and we cannot guarantee absolute security.

11. Changes to this policy

We may update this Privacy Policy from time to time. We will update the Effective date at the top. If we make material changes, we will notify clients by email and post a notice on the Site for at least 30 days.

12. Contact

Questions about this policy, or to exercise a privacy right:

Email: hello@aipromptlaw.com
Subject line: “Privacy” (or “CCPA Request” or “GDPR Request” if applicable)

Mail:
AIPromptLaw PLLC
5900 Balcones Drive #31815, Austin, TX 78731