Privacy Policy

Introduction

This Global Privacy Policy (the "Policy") describes how Legal Connect ("Company," "we," "our," or "us") collects, uses, discloses, and safeguards personal information across all current and future websites, subdomains, and online services (collectively, the "Services"). This Policy sets a global standard for privacy compliance and data protection in accordance with the highest international legal frameworks, including but not limited to the General Data Protection Regulation (EU) 2016/679 ("GDPR"), the California Consumer Privacy Act and Privacy Rights Act (CCPA/CPRA), the Virginia Consumer Data Protection Act (VCDPA), the Canadian Personal Information Protection and Electronic Documents Act (PIPEDA), and the Brazilian General Data Protection Law (LGPD). It applies to all users regardless of geographic location.

1. Scope and Applicability

This Policy applies to all visitors, customers, and users of our Services, and to all data collected online or offline through any form of interaction. By using our Services, you consent to the practices described herein.

2. Information We Collect

We collect personal data directly and automatically, including:

• Identifiers: Name, email, phone number, address, bar number (for attorneys)
• Commercial Data: Transactions, consultations, payment methods, billing information
• Biometric and Health Data: Where applicable and with explicit consent
• Geolocation: Jurisdiction and practice area information
• Internet Activity: Browsing history, IP address, device identifiers
• Behavioral Analytics: User interactions, preferences, platform usage patterns
• Professional Data: For attorneys - bar admissions, experience, practice areas, conflict of interest information

3. Automated and AI-Based Processing

We utilize Artificial Intelligence and Machine Learning ("AI/ML") technologies to analyze behavioral data, enhance service personalization, perform automated conflict screening, detect fraud, and improve user experience. Automated decision-making may influence attorney-client matching recommendations or fraud prevention mechanisms, never without appropriate human oversight and legal safeguards. All automated conflict checks include transparent logging and human review capabilities.

4. How We Use Information

We process data for legitimate business purposes:

• Service delivery and client-attorney matching
• Account management and user authentication
• Communication and customer support
• Legal compliance and regulatory obligations
• Analytics and platform improvement
• Marketing (with opt-in consent)
• Conflict of interest screening and verification
• Platform security and fraud prevention

Processing is always grounded in a lawful basis under applicable law.

5. Disclosure and Data Sharing

We do not sell personal data. We share information only with:

• Trusted service providers and payment processors
• Affiliated entities (with equivalent privacy obligations)
• Analytics and security vendors
• Legal authorities when required by law or valid legal process

Each third-party partner is contractually obligated to maintain equivalent data protection standards and use data only for specified purposes.

6. International Data Transfers

Data may be processed and stored in the United States and other jurisdictions. All transfers comply with GDPR Chapter V and equivalent safeguards through Standard Contractual Clauses, adequacy decisions, or binding corporate rules. For users in the EU or other regions with transfer restrictions, we employ Privacy Shield frameworks and additional safeguards where applicable.

7. Data Retention

Personal data is retained only for as long as necessary to fulfill the purposes for which it was collected or as required by law. For clients: data is retained for the duration of legal representation plus applicable statute of limitations periods. For attorneys: profile data is retained while the account is active, with inactive accounts reviewed annually. Retention schedules are periodically reviewed for compliance and data minimization.

8. Children's Privacy

We comply with the Children's Online Privacy Protection Act (COPPA) and do not knowingly collect data from children under 13 years old (or 16 in applicable jurisdictions) without verifiable parental consent. Our Services are intended for adults seeking or providing legal services. Parents may contact us to review or delete their child's data at any time using the contact information below.

9. Your Rights

Depending on your jurisdiction, you may have the right to:

• Access: Obtain a copy of your personal data in a commonly used format
• Correct: Update or correct inaccurate information
• Delete: Request deletion ("right to be forgotten")
• Restrict: Limit how your data is processed
• Object: Opt-out of specific processing activities
• Port: Receive your data in a portable format
• Withdraw Consent: Withdraw previously granted consent at any time

Requests can be submitted using the contact information below. We will respond within 30 days (or as required by applicable law).

10. Security and Safeguards

We employ administrative, technical, and physical safeguards that meet or exceed industry standards, including:

• End-to-end encryption for communications and sensitive data
• Pseudonymization and data minimization techniques
• Role-based access controls and least-privilege principles
• Multi-factor authentication for user accounts
• Continuous security monitoring and threat detection
• Regular security audits and penetration testing
• Employee training and confidentiality agreements

11. Cookies and Tracking Technologies

We use cookies, web beacons, and similar technologies for site functionality, analytics, and marketing. Users can control cookie preferences via browser settings or our Cookie Management Tool. See our separate Cookie Policy for detailed information.

12. Cross-Border Compliance

This Policy incorporates global privacy principles such as lawfulness, fairness, transparency, purpose limitation, data minimization, accuracy, integrity, and accountability. These principles apply uniformly across all operations, subsidiaries, and service providers worldwide.

13. Data Protection Officer and Contact

We maintain a designated Data Protection Officer ("DPO") to oversee compliance and handle data protection inquiries. Users may exercise their rights or submit complaints via:

14. Updates to This Policy

We may update this Policy to reflect legal, technical, or business developments. The latest version will always be available on our website, with a new 'Last Updated' date. Continued use of our Services constitutes acceptance of any modifications. For material changes, we will provide prominent notice or seek your consent.

15. California Privacy Rights (CCPA/CPRA)

California residents have specific rights under the CCPA and CPRA, including the right to know, delete, and opt-out. We do not sell personal information as defined by the CCPA. You may opt-out of any future sales by contacting us at privacy@legalconnect.com.