Privacy Policy

Effective Date: January 12, 2025

FinTech Law ("FinTech Law," "we," "us," or "our") is a technology-driven law firm providing legal services to investment advisers, private funds, mutual funds, ETFs, crypto-related companies, and other technology companies. We are committed to protecting your privacy and handling your personal information with care and transparency.

This Privacy Policy describes how we collect, use, disclose, and protect personal information. By using our website or engaging our legal services, you acknowledge that you have read and understood this Privacy Policy.

If you have any questions about this Privacy Policy or our privacy practices, please contact us at privacy@fintechlaw.ai.

1. Information We Collect

We collect personal information in two primary contexts: (1) through our website, and (2) through our legal services engagement.

1.1 Information Collected Through Our Website

Our website collects only the information you voluntarily provide when you complete our Contact Us form:

Name

Email address

Analytics

We use Google Analytics to understand how visitors interact with our website. Google Analytics collects information such as:

• IP address (anonymized)
• Browser type and version
• Device information
• Pages visited and time spent on pages
• Referring website

This information is collected through cookies placed by Google Analytics. You can opt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on (available at https://tools.google.com/dlpage/gaoptout) or by adjusting your browser settings to reject cookies. For more information about how Google uses data, visit Google’s Privacy Policy at https://policies.google.com/privacy.

1.2 Information Collected Through Legal Services

When you inquire about or engage FinTech Law for legal services, we collect additional personal information. Before an engagement letter is signed, we collect information necessary to perform conflict of interest checks, which may include your name, company name, and the names of related parties. After an engagement letter is signed, we collect additional information necessary to provide legal services, which is typically provided through email, telephone, video conferencing, or other communication channels. Client information may include:

• Full name and contact information (address, phone number, email)
• Company name and business information
• Professional or employment information
• Financial information, including tax identification numbers
• Legal documents and information relevant to your matter
• Communications, including emails and meeting recordings (with consent)
• Other information you choose to provide in connection with our legal services

2. How We Use Your Information

2.1 Website Contact Form Information

We use the name and email address you provide through our Contact Us form to:

• Respond to your inquiries and requests
• Provide information about our legal services
• Facilitate potential client engagement

2.2 Client Information

We use information provided by clients to:

• Provide legal services as described in your engagement letter
• Communicate with you about your legal matters
• Comply with legal and professional obligations
• Process billing and payments
• Maintain records as required by law and professional rules
• Improve our legal services

2.3 AI-Assisted Legal Services

We utilize artificial intelligence systems to support our attorneys in delivering efficient and high-quality legal services. For detailed information on how we utilize AI in legal services and how client information may be used to train and enhance our proprietary AI systems, please refer to our AI Training and Data Use Disclosure, which supplements this Privacy Policy.

3. How We Share Your Information

We do not sell your personal information. We do not share your personal information for cross-context behavioral advertising.

We may share your information in the following limited circumstances:

AI Training and Improvement

With appropriate safeguards in place, we may utilize client documents to train and enhance our proprietary AI systems. This use is subject to anonymization requirements, attorney-client privilege protections, and your opt-out rights as described in our AI Training and Data Use Disclosure.

Affiliated Entities

We may share anonymized or de-identified information with our affiliates for purposes of improving legal technology tools and services. Any such sharing is conducted in accordance with applicable Rules of Professional Conduct and does not include information that could reasonably identify you or any specific legal matter. Information protected by attorney-client privilege is never shared.

Service Providers

We may share information with service providers who assist us in operating our business, such as cloud storage providers, billing systems, and communication platforms. These providers are contractually obligated to protect your information and use it only for the services they provide to us.

Legal Requirements

We may disclose your information when required by law, court order, or legal process, or when necessary to protect our rights, your safety, or the safety of others. Any such disclosure will be made consistent with our professional obligations and applicable Rules of Professional Conduct.

Business Transfers

If FinTech Law undergoes a merger, acquisition, or sale of assets, your information may be transferred to the successor entity. We will notify you of any such change and any choices you may have regarding your information.

4. Data Retention

We retain personal information for as long as necessary to fulfill the purposes for which it was collected and to comply with legal and professional obligations:

Information Type and Retention Period

• Contact form submissions: 24 months from submission, or until you become a client
• Client matter files: 7 years after matter closure, or as required by state bar rules
• Billing and financial records: 7 years per IRS requirements
• AI-derived patterns (anonymized): Indefinite – see note below

Note Regarding AI-Derived Information

When client documents are used to train our AI systems, the training process extracts generalized patterns, legal reasoning structures, and document frameworks that can be applied to similar documents. Once training is complete, these learned patterns exist within the AI model in a form that:

• Cannot be reversed to reconstruct the original client documents
• Cannot be used to identify specific clients or matters
• Does not constitute "personal information" under applicable privacy laws

Because these anonymized patterns are not personal information, they are not subject to deletion requests or retention schedules. However, you may opt out of having your documents used for future AI training. For more information, see our AI Training and Data Use Disclosure.

5. Data Security

We implement appropriate administrative, technical, and physical safeguards designed to protect your personal information from unauthorized access, disclosure, alteration, or destruction.

Technical Safeguards

• Encryption of data at rest using AES-256 or equivalent standard
• Encryption of data in transit using TLS 1.2 or higher
• Role-based access controls limit data access to authorized personnel on a need-to-know basis
• Multi-factor authentication for systems containing client information
• Secure cloud infrastructure with SOC 2 Type II certification or equivalent
• Comprehensive audit logging of data access and system activities
• Regular vulnerability assessments and security testing

Administrative Safeguards

Employee training on privacy, security, and professional responsibility

Background checks for personnel with access to client information

Confidentiality agreements for all staff and contractors

Documented incident response procedures

Regular review and updates of security policies and practices

Physical Safeguards

• Physical access controls for on-premises systems and infrastructure
• Secure disposal of physical media containing client information

No method of data transmission or storage is completely secure. We continually evaluate and improve our security measures in response to evolving threats. If you have questions about the security of your personal information, please contact us at privacy@fintechlaw.ai.

6. Your Privacy Rights

Depending on your location, you may have certain rights regarding your personal information.

6.1 California Residents

If you are a California resident, you have the following rights under the California Consumer Privacy Act of 2018 (CCPA), as amended by the California Privacy Rights Act of 2020 (CPRA):

Right to Know: You may request disclosure of the categories and specific pieces of personal information we have collected about you, the categories of sources, the business purposes for collection, and the categories of third parties with whom we share information.

Right to Delete: You may request deletion of personal information we have collected from you, subject to certain exceptions (such as information required for legal compliance or to complete our legal services).

Right to Correct: You may request correction of inaccurate personal information we maintain about you.

Right to Non-Discrimination: We will not discriminate against you for exercising any of these rights.

Right to Opt-Out of Sale/Sharing: We do not sell or share your personal information as those terms are defined under the CCPA/CPRA. Therefore, no opt-out is required.

Categories of Personal Information Collected (Past 12 Months):

Collected from You

• Identifiers such as name, email, phone, address
• Customer Records such as financial information, SSN/TIN
• Professional Information such as job title, company, role

Categories Sold or Shared: None. We do not sell or share personal information.

Sensitive Personal Information: We may collect sensitive personal information such as Social Security numbers and financial account information solely as necessary to provide legal services. We do not use or disclose this information for purposes other than providing legal services.

6.2 Residents of Other States

If you reside in Virginia, Colorado, Connecticut, Utah, or another state with a comprehensive privacy law, you may have similar rights to access, delete, and correct your personal information. Please contact us at privacy@fintechlaw.ai to exercise these rights.

7. How to Exercise Your Rights

To submit a request to exercise your privacy rights, please contact us using one of the following methods:

Email: privacy@fintechlaw.ai

Verification

To protect your privacy, we will verify your identity before processing your request. For access and deletion requests, we will ask you to provide information that matches our records, such as your name, email address, and details about your interactions with us. We will respond to your request within 45 days. If we need additional time (up to 90 days total), we will notify you.

Authorized Agents

You may designate an authorized agent to submit a request on your behalf. The authorized agent must provide written authorization from you and we may require you to verify your identity directly with us.

8. Do Not Track and Global Privacy Control Signals

Do Not Track: Some browsers offer a “Do Not Track” (DNT) setting. There is no industry consensus on how to respond to DNT signals, and we do not currently respond to DNT signals.

Global Privacy Control: We honor Global Privacy Control (GPC) signals. When we detect a GPC signal from your browser, we will treat it as a valid opt-out request for the sale or sharing of personal information. Because we do not sell or share personal information as defined under the CCPA/CPRA, no additional action is required on our part.

9. Children's Privacy

Our services are not directed to individuals under the age of 18, and we do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child, we will take steps to delete that information promptly.

10. Attorney-Client Relationship and Confidentiality

When you become a client of FinTech Law, information you provide is subject to attorney-client privilege and the applicable Rules of Professional Conduct, in addition to this Privacy Policy. The confidentiality protections provided by the attorney-client relationship may exceed the protections described in this Privacy Policy.

In our capacity as your legal counsel, FinTech Law acts as a service provider (as defined under the CCPA) processing personal information on your behalf and at your direction. For visitors to our website who have not engaged our legal services, FinTech Law is the business responsible for the collection and processing of personal information.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will update the "Effective Date" at the top of this policy. We encourage you to review this Privacy Policy periodically.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:

• Email: privacy@fintechlaw.ai
• Mail: FinTech Law, LLC, Attn: Privacy, 6224 Turpin Hills Dr., Cincinnati, Ohio 45244
• Website: https://fintechlaw.ai/contact

13. California Shine the Light

Under California Civil Code Section 1798.83, California residents may request information about our disclosure of personal information to third parties for their direct marketing purposes. We do not share personal information with third parties for their direct marketing purposes. If you have questions, please contact us at privacy@fintechlaw.ai.