Privacy Policy
[ v.1.1 ]
Clause & Affect PLLC (“Clause & Affect,” “we,” or “us”) is committed to protecting your privacy and handling personal data responsibly. This Policy explains how we collect, use, and safeguard personal data when you visit www.clauseandaffect.com, engage our legal services, interact with our content, or participate in our events (collectively, the “Services”).
This Privacy Policy is intended to inform you of our data practices. By continuing to use our Services after reviewing this Policy, you acknowledge the practices described below. This Policy operates in conjunction with our Terms of Service. If there is a conflict between the two, this Policy governs with respect to personal data.
We do not sell personal data. Where we share data with third parties, it is only to provide our Services, support secure operations, comply with legal obligations, or improve our offerings.
I. OUR ROLE IN DATA HANDLING
We primarily act as an independent data controller in connection with the personal data we collect through our Services. This means we determine the purposes and means by which personal data is collected, used, and safeguarded.
In certain limited instances, such as where we process personal data strictly on behalf of a client under written instruction, we may act as a data processor. These situations are governed by separate contractual agreements that define our responsibilities and limitations as required by applicable data protection laws.
Understanding our role is important for you to know how and when you may exercise your data rights. When acting as a controller, we are directly responsible for decisions about your personal data. When acting as a processor, we follow the instructions of the data controller (typically our client), and you should direct any privacy-related inquiries to that controller.
II. DATA COLLECTION
We may collect personal data about you and your use of our Services.
A. Age Requirements
Our Services are not directed to individuals under the age of 13, and we do not knowingly collect personal data from children. If we become aware that a child has provided us with personal data without verified parental consent, we will delete that data as required by applicable law.
We encourage parents and guardians to monitor their children’s internet use and to instruct them never to provide personal data through our Services. If you believe we have collected data from a child, please contact us at compliance@clauseandaffect.com.
B. Data Categories
The types of personal data we collect depend on how you use our Services. Over the past 12 months, we have collected the following categories of data:
- Identifiers / Contact Data: Name, postal address, email address, phone number, and unique personal and device identifiers such as IP address.
- Protected Characteristics: Age and gender.
- Commercial Data: Service history, payment preferences, and responses to surveys or polls.
- Billing Data: Payment method and billing address.
- Internet / Electronic Activity: Browsing history, interaction with our Services, and engagement with our content.
- Device and Usage Data: Device type, operating system, browser type and version, language settings, and usage metrics.
- Audio / Visual Data: Images, avatars, and audio data collected through external platforms (e.g., Discord, Google Meet).
- Sensitive Data: Identification documents and, when necessary, contents of communications related to legal services.
- Geolocation Data: Approximate location inferred from device or IP address.
- Professional or Employment-Related Data: For job applicants, this may include resumes, employment history, and background check information.
III. DATA SOURCES
We collect personal data from the following sources, depending on how you interact with our Services:
A. Directly from You
We collect data you choose to provide, such as when you:
- Engage our legal services;
- Subscribe to updates or communications;
- Submit comments, messages, or feedback;
- Apply for employment or partnership opportunities;
- Participate in events, surveys, or research; or
- Partner with us in a business or legal capacity.
This may include your name, contact details, government-issued ID, payment data, and any information related to your legal matters.
B. From Third Parties
We receive data from external platforms, business partners, and other service providers when you connect or interact with our Services through those systems.
For example, if you engage with us via Discord, social media, or web conferencing platforms, we may receive information such as your username, display preferences, and account data. The type and volume of data depend on your settings with those platforms. We retain only what is necessary to operate our Services.
We may also collect data from individuals who reference you while using our Services, such as in shared messages, posts, or client communications.
C. Automatically Through Your Use
When you visit our website or access our Services, we collect data automatically using cookies, analytics tools, and similar technologies. This includes:
- Device and browser data;
- Site usage metrics;
- IP address and general location;
- Session activity and interaction history.
For more details on cookies and automated tracking, please refer to our Cookie Policy.
D. Cookies
We use cookies and similar tracking technologies to support the functionality, security, and performance of our Website. When you first visit our site, a cookie banner appears that allows you to manage your preferences for non-essential cookies.
Cookies we use may be set by us (first-party) or by trusted service providers (third-party). Some cookies are strictly necessary for the operation of our Website. Others, such as those used for analytics or performance tracking, are optional and only set with your consent.
You can manage your cookie preferences at any time through the banner or your browser settings.
For more detailed information, including a list of the cookies we use and how to control them, please refer to our Cookie Policy.
E. Opt-Out Signals and “Do Not Track” Settings
Some browsers and extensions offer a “Do Not Track” (“DNT“) setting that signals your preference not to be tracked. At this time, our Website does not respond to DNT signals, as there is no consistent industry standard for how to interpret them.
However, we do recognize opt-out preference signals where legally required, such as the Global Privacy Control (GPC). If you have enabled GPC in your browser, we will treat that as a valid request to opt out of the sale or sharing of your personal data, as defined under applicable laws like the California Consumer Privacy Act.
IV. DATA PROCESSING
We process personal data to operate our Services, fulfill legal and contractual obligations, improve user experience, and protect our business and clients. The scope of processing depends on how you engage with our Services.
A. Processing Purposes
We use personal data for the following purposes:
- To provide the Services you request and fulfill our contractual obligations.
- To respond to inquiries, schedule consultations, and deliver legal or professional updates.
- To facilitate integrations with third-party platforms (e.g., video conferencing, legal tech tools) as authorized by you.
- To personalize your user experience and remember your preferences.
- To conduct internal audits, service improvement reviews, and client demographic analyses.
- To detect and prevent fraud, security threats, or unauthorized access.
- To comply with legal obligations, court orders, or regulatory inquiries.
- To enforce our Terms of Service and defend our legal interests.
B. Legal Basis for Processing
Where required by law (such as in the European Union, the United Kingdom, or select U.S. states), we rely on the following legal bases for processing your data:
- Contractual necessity: To provide legal services, respond to requests, or fulfill pre-contractual obligations.
- Legal obligation: To comply with applicable laws, court orders, or regulatory mandates.
- Legitimate interests: To improve our Services, maintain secure operations, and develop business insights, provided such interests are not overridden by your rights.
- Vital interests: To protect your safety or the safety of others, in emergency or life-threatening situations.
- Consent: For optional processing activities, such as marketing communications or non-essential cookies.
We do not use automated decision-making tools that have a legal or similarly significant impact on your rights.
V. DATA SHARING
We do not sell, rent, or otherwise disclose your personal data for direct marketing purposes.
We may share personal data with third parties under limited circumstances to support the delivery of our Services, comply with legal requirements, protect our rights, or improve user experience.
A. Sharing Scenarios
We may share your data:
- With your consent, or when you instruct us to do so.
- With service providers and partners who assist us with operations such as hosting, payment processing, email delivery, analytics, or legal tools.
- To comply with legal obligations, including subpoenas, court orders, or lawful requests from regulatory or law enforcement agencies.
- To protect rights and safety, including investigating or preventing fraud, policy violations, or security threats.
- In connection with business transactions, such as a merger, acquisition, asset transfer, or restructuring. If our firm is involved in such a transaction, your data may be transferred as part of that process.
- As part of joint offerings, such as co-hosted events or promotions, where another party may receive your data for its own use. In such cases, we will notify you at the time of collection and give you a choice to participate.
You retain control over how we share your data. For more information, see Section X: Your Controls.
B. Categories of Third Parties
The types of third parties we may share data with include:
- Authorized Representatives, including your legal or professional agents.
- Affiliates, such as firms under common ownership or control that help us provide Services.
- Service Providers, including vendors supporting web infrastructure, client management, document processing, billing, analytics, or communication.
- Regulatory and Legal Authorities, where required by law or to protect our legal interests.
We expect our partners to follow strong privacy and data security practices. However, our Privacy Policy does not cover the practices of third-party platforms or services we may link to or integrate with. For more on third-party platforms, see Section X: Your Controls.
VI. DATA STORAGE & RETENTION
A. Storage
We primarily store and process personal data on servers located in the United States. As a result, your data may be subject to U.S. laws, which may differ from the privacy protections in your home jurisdiction.
Regardless of location, we implement security and access controls to protect your personal data in accordance with applicable privacy laws and our internal policies.
B. Retention
We retain personal data only for as long as necessary to fulfill the purposes described in this Policy, including:
- Providing and maintaining our Services;
- Complying with legal, regulatory, or contractual obligations;
- Enforcing our rights, resolving disputes, or preventing fraud.
We generally retain data associated with an active user account. If your account becomes inactive, we may retain your information for a reasonable period to allow for potential reengagement, unless you request deletion sooner or the law requires otherwise. Data may also be retained in encrypted backup archives for disaster recovery or business continuity purposes.
If you wish to close your account or request deletion of your personal data, contact us at compliance@clauseandaffect.com. We will process your request in accordance with applicable laws and confirm once it has been fulfilled or if retention is required.
VII. DATA SECURITY
A. Security Measures
We implement administrative, technical, and physical safeguards designed to protect the personal data we collect and process. These measures include:
- Encryption of data in transit and at rest;
- Secure socket layer (SSL) protocols for sensitive transmissions;
- Firewalls and intrusion detection systems;
- Access controls and role-based permissions;
- Periodic audits of our data handling practices;
- Staff training on data protection and information security.
While we apply industry-standard practices to protect your data, no system can be guaranteed 100% secure. Unauthorized access, hardware failure, or human error may still pose risks. We encourage you to use strong passwords, secure your devices, and avoid sharing sensitive data unless necessary.
Our Services may contain links to third-party platforms. We are not responsible for the security or privacy practices of those platforms and recommend reviewing their policies before engaging with them.
B. Data Breach Notification
If we become aware of a security breach that affects your personal data, we will notify you in accordance with applicable legal requirements. When required, we will also report such incidents to regulatory authorities within the relevant timeframe.
To inquire about the status of your personal data, or to report a suspected issue, contact us at compliance@clauseandaffect.com
VIII. YOUR RIGHTS
You have rights over your personal data. Depending on your location and the laws that apply to you, these rights may include:
A. Access & Correction
You may request:
- A copy of the personal data we hold about you.
- Correction or updates to inaccurate or incomplete personal data.
B. Control & Deletion
You may also:
- Request deletion of your personal data, subject to legal or operational retention requirements.
- Request that we restrict the use of your personal data in specific contexts.
- Withdraw your consent at any time, where our processing is based on consent.
C. Portability & Transparency
Where applicable, you may:
- Request a portable copy of the personal data you provided to us.
- Ask for information about how we collect, use, and share your data, including the categories of sources and recipients.
D. Opt-Out Rights
Depending on your jurisdiction, you may:
- Opt out of the sale or sharing of your personal data, including for targeted advertising.
- Limit the use or disclosure of your sensitive personal data, if permitted by law.
To exercise any of these rights, contact us at compliance@clauseandaffect.com and include the nature of your request. To opt out of the sale or sharing of your data, include “Do Not Sell or Share My Personal Data” in the subject line.
We may request verification of your identity before fulfilling your request. You may also designate an authorized agent to act on your behalf. Authorized agents must provide documentation of their authority, such as a signed authorization or a valid power of attorney. We reserve the right to confirm your request directly before proceeding.
We will not discriminate against you for exercising your rights. However, restricting or deleting certain data may affect your ability to access or use parts of our Services.
E. Contacting A Regulator
If you have concerns about how we handle your personal data, you may contact a data protection authority in your jurisdiction. A directory of global privacy regulators is available at:
https://globalprivacyassembly.org/participation-in-the-assembly/list-of-accredited-members
IX. YOUR CONTROLS
We believe privacy should come with choices, and that those choices should be easy to find, understand, and act on. This section outlines how you can manage the personal data we collect and how you interact with our Services.
A. Managing Communications & Preferences
If you receive marketing or informational emails from us, you may unsubscribe at any time using the link provided in the message. Note that transactional communications, such as those related to your legal matters or account activity, will continue regardless of your subscription preferences.
To update your privacy preferences or request changes to the way we handle your personal data, contact us directly at compliance@clauseandaffect.com. We will respond within a reasonable timeframe and, where applicable, confirm your identity before making changes.
If you engage our firm as a client, additional privacy controls may be available through secure client portals or as governed by your engagement agreement.
B. Interactions with Third Parties
Our Services may connect with external platforms for purposes such as communication, collaboration, billing, case management, analytics, or scheduling. These third parties may collect or receive data when you engage with us through their tools or integrations.
We do not control how third parties handle your data outside the context of our Services. Their collection, use, and disclosure practices are governed by their own privacy policies and terms. We encourage you to review those policies and configure your platform settings to align with your preferences.
If you have questions about how a third-party platform is used in connection with our Services, please reach out.
XI. GENERAL PROVISIONS
A. Policy Updates
We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or the Services we provide. If changes are material, we will provide notice through our website or by contacting you directly, where appropriate. The date of the most recent revision will always appear at the top of the Policy.
We encourage you to review this Policy periodically. Continued use of our Services after an update indicates your acceptance of the revised terms.
B. Contact Us
If you have any questions or concerns regarding this Privacy Policy or our data practices, please reach out to:
Compliance Team
Clause & Affect PLLC
712 H Street NE, Suite 2005
Washington, DC 20002
compliance@clauseandaffect.com
Effective Date: November 15, 2025
Last Updated: November 15, 2025
