Effective Date: June 2025

Burrey Law Group is committed to protecting the privacy and confidentiality of your information. This Privacy Policy explains how we collect, use, disclose, and safeguard your data, particularly with the recent integration of AI features into our communication systems and your interactions with our website and services. It outlines the types of information we process, how it is utilized, the safeguards in place, and your rights concerning your data. Our dedication to safeguarding sensitive legal information remains paramount, ensuring that all technology integrations align with the highest standards of data protection.

As the primary entity determining the purposes and means of processing your data, Burrey Law Group acts as the data controller. This fundamental role means we retain ultimate responsibility and control over sensitive information, even when engaging third-party service providers for AI features or website functionalities. This clear designation reinforces our accountability and assures you that Burrey Law Group remains the principal guardian of your confidential legal matters.

1. Information We Collect

We collect various types of information depending on how you interact with Burrey Law Group, whether through our AI Assistant, website, or other services.

A. Information We Collect with Our AI Assistant

This section details the types of personal data processed by our AI Assistant when interactions occur with Burrey Law Group, and how this data is handled. A distinction is made between data related to the firm’s staff (Users) and data related to clients and other participants in communications (AI Assistant Guests).

• For Burrey Law Group Staff (Users): The categories of personal data processed include:
  • Account Data: Such as name and user ID.
  • Usage Data: Which encompasses language settings, last activity date, device and operating system information (e.g., type, version), account extension ID, call metadata and logs (e.g., call transfer status, originating/terminating numbers, date and time), and fraud data.
  • Customer-Generated Content: Such as audio streams and anything included in messages, including AI-composed drafts.
• For Clients and Third Parties (AI Assistant Guests): The processed data primarily includes:
  • Usage Data: Specifically phone numbers that may appear in transcripts.
  • Customer-Generated Content: Such as audio streams from calls.

B. Information Automatically Collected (Website & Services)

When you visit, use, or navigate our Website or other services, we automatically collect certain information. This information does not reveal your specific identity (like your name or contact information) but may include device and usage information. This data is primarily needed to maintain the security and operation of our Website, and for our internal analytics and reporting purposes.

The information we automatically collect includes:

• Log and Usage Data: Service-related, diagnostic, usage, and performance information our servers automatically collect when you access or use our Website. This log data may include your IP address, device information, browser type and settings, and information about your activity on the Website (such as date/time stamps, pages and files viewed, searches, and other actions you take).
• Device Data: Information about your computer, phone, tablet, or other device you use to access the Website. Depending on the device, this may include your IP address (or proxy server), device application identification numbers, browser type, hardware model, Internet service provider, mobile carrier, and operating system configuration information.
• Location Data: We collect information about your device’s location, which can be either precise or imprecise. How much information we collect depends on the type and settings of the device you use to access the Website. For example, we may use GPS and other technologies to collect geolocation data based on your IP address. You can opt out of allowing us to collect this information by refusing access or disabling your Location settings on your device. Note, however, if you choose to opt out, you may not be able to use certain aspects of our services.

C. Information You Provide

In addition to information collected through our AI Assistant and automatically, we also collect information you directly provide to us, such as when you:

• Contact Us: Through email, phone, or contact forms on our website.
• Create an Account: If applicable, for client portals or other services.
• Provide Testimonials: With your explicit consent.
• Engage in Communications: Beyond what’s processed by the AI Assistant, such as emails or direct messages.

2. How We Use Your Information

We process your personal information for various business purposes based on our legitimate business interests, the fulfillment of our contract with you, compliance with our legal obligations, and/or your consent.

A. How We Use Information with Our AI Assistant

Personal data is processed by our AI Assistant on Burrey Law Group’s behalf for clearly defined purposes.

• Providing and Configuring AI-Powered Features: Such as generating summaries, notes, and transcripts.
• Responding to Support Requests: Related to the AI service.
• Service-Related Notifications: Providing you with updates or information about the AI features.
• Internal Analytics and Business Intelligence: To monitor and improve the quality of the service.
• Complying with Applicable Laws and Regulations.
• Fraud and Threat Analysis: For client-generated content, processing also includes performing fraud and threat analysis and detecting or preventing spam or unlawful or abusive activity.

These specified purposes of processing are narrowly defined for service delivery and security, avoiding broad secondary uses. This demonstrates adherence to the principle of purpose limitation, assuring clients that their data is used strictly for the stated benefits of the AI features and the security of the service, rather than for unrelated commercial exploitation.

B. General Uses of Your Information

We use the information we collect or receive for the following purposes:

• To Facilitate Account Creation and Logon Process: If you choose to link your account with us to a third-party account (such as your Google or Facebook account), we use the information you allowed us to collect from those third parties to facilitate account creation and logon.
• To Post Testimonials: We post testimonials on our Website that may contain personal information. Prior to posting, we will obtain your consent to use your name and the testimonial.
• To Request Feedback: We may use your information to request feedback and to contact you about your use of our Website or services.
• To Enable User-to-User Communications: We may use your information to enable user-to-user communications with each user’s consent.
• To Manage User Accounts: We may use your information for the purposes of managing our account and keeping it in working order.
• To Send You Marketing and Promotional Communications: We and/or our third-party marketing partners may use the personal information you send to us for our marketing purposes, if this is in accordance with your marketing preferences. You can opt-out of our marketing emails at any time (see the “Your Privacy Rights” section below).
• To Deliver Targeted Advertising to You: We may use your information to develop and display personalized content and advertising (and work with third parties who do so) tailored to your interests and/or location and to measure its effectiveness.
• For Other Business Purposes: We may use your information for other business purposes, such as data analysis, identifying usage trends, determining the effectiveness of our promotional campaigns, and to evaluate and improve our Website, products, marketing, and your experience. We may use and store this information in aggregated and anonymized form so that it is not associated with individual end users and does not include personal information. We will not use identifiable personal information without your consent.

3. Our Approach to Artificial Intelligence and Your Data

Burrey Law Group’s use of AI is governed by strict privacy principles, addressing critical concerns regarding how AI interacts with and protects client data.

We utilize an AI Assistant, which in turn leverages third-party AI services for specific functionalities such as speech-to-text conversion and the generation of notes, transcriptions, and summaries. A cornerstone of our commitment to data privacy in AI is that client personal data is explicitly not used to train the AI models leveraged by the firm, nor do our service providers permit third parties to use client data for AI model training. This ensures that confidential legal communications do not inadvertently contribute to the development of AI systems. This policy directly mitigates the critical risk of client data being used for purposes beyond the immediate service or becoming part of a retrievable dataset, providing profound reassurance to clients.

Furthermore, where technically feasible, our AI service providers implement a “zero data retention policy” for AI interactions. This means that the requests and responses involved in AI processing (e.g., the audio stream converted to text, the text used for summarization) are not persistently stored or logged to any storage mechanism. They exist only in memory for the duration necessary to serve the immediate request and are then discarded. This “zero data retention” policy, alongside the “no model training” assurance, directly addresses the most significant public privacy concerns regarding AI, particularly for a law firm handling highly sensitive and privileged client information.

To ensure transparency, visual indicators are provided within the communication platform used by our staff to alert them when a generative AI tool is active during a call or message interaction. This proactive measure ensures that staff are aware of AI processing and can communicate its use to clients as appropriate.

4. Data Handling, Storage, and Discard Policies

The handling of client data involves specific storage and discard policies to ensure privacy.

• For Phone Calls with AI Notes Activated: Audio streams are processed in real-time for transcription and are then immediately discarded. The resulting transcripts and generated call notes or action items are stored and accessible to the relevant Burrey Law Group user. This practice of discarding raw audio, which could contain sensitive biometric information, while retaining only the necessary textual output, represents a crucial data minimization measure. It significantly reduces the privacy risk associated with long-term retention of raw voice data, aligning with data minimization principles under data protection laws.
• For Messages and SMS: Content is processed to provide summaries of unread messages or to aid in drafting. Summaries of unread messages are deleted and not stored after being read, and draft messages generated by the AI are also not stored.
• For Video Meetings: Audio streams processed for closed captions or live transcriptions are immediately discarded after transcription, while the generated transcripts are stored and accessible to the relevant Burrey Law Group user.

5. Will Your Information Be Shared with Anyone?

We only share information with your consent, to comply with laws, to provide you with services, to protect your rights, or to fulfill business obligations.

We may process or share your data that we hold based on the following legal grounds:

• Consent: We may process your data if you have given us specific consent to use your personal information for a specific purpose.
• Legitimate Interests: We may process your data when it is reasonably necessary to achieve our legitimate business interests.
• Performance of a Contract: Where we have entered into a contract with you, we may process your personal information to fulfill the terms of our contract.
• Legal Obligations: We may disclose your information where we are legally required to do so in order to comply with applicable law, governmental requests, a judicial proceeding, court order, or legal process, such as in response to a court order or a subpoena (including in response to public authorities to meet national security or law enforcement requirements).
• Vital Interests: We may disclose your information where we believe it is necessary to investigate, prevent, or take action regarding potential violations of our policies, suspected fraud, situations involving potential threats to the safety of any person and illegal activities, or as evidence in litigation in which we are involved.

More specifically, we may need to process your data or share your personal information in the following situations:

• Business Transfers: We may share or transfer your information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company.
• Business Partners: We may share your information with our business partners to offer you certain products, services or promotions.

6. Data Security and Access Controls

Burrey Law Group is deeply committed to the security of your data. We ensure that our data processors, including those providing AI features, have implemented robust technical, organizational, and contractual safeguards to protect personal data processed through the AI Assistant and other services. These comprehensive measures are designed to protect against unauthorized access, disclosure, alteration, and destruction of your information.

Access to personal data is strictly limited through restricted administrative access mechanisms. Only trained and authorized personnel at our service providers and their subprocessors are granted access, and only when there is a legitimate business need to perform their obligations to Burrey Law Group. This adherence to the principle of “least privilege” significantly reduces the risk of internal data breaches, accidental exposure, or misuse of sensitive information. For a law firm, where confidentiality is paramount, this detail provides a strong assurance that client data is protected from unnecessary internal exposure within the service provider’s environment.

Our service providers employ stringent access control mechanisms, including Multi-Factor Authentication (MFA) for administrative access to production environments and Identity Access Management (IAM) to tightly control user permissions. Naming specific technical controls like MFA and IAM enhances the credibility of security assurances beyond generic statements. For clients, particularly those with a degree of technical understanding, providing concrete evidence of a sophisticated and mature security posture builds greater confidence in the technical safeguards protecting their data and demonstrates Burrey Law Group’s due diligence in selecting a processor with strong security practices.

7. Data Retention and Deletion

Burrey Law Group is committed to retaining personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by law.

• AI Assistant Data: Personal data processed by our AI Assistant on the firm’s behalf will be retained for the duration of Burrey Law Group’s active use of the AI features, or as otherwise required by applicable law or specific agreements. Upon termination of Burrey Law Group’s account with the service provider for these AI features, the account will be disabled on the last day of the billing cycle. Subsequently, all associated personal data will typically be deleted within 30 days, unless a longer retention period is specifically agreed upon with Burrey Law Group or mandated by law. This specific 30-day deletion window after account termination provides a clear, measurable commitment to data minimization.
• General Data: We will only keep your personal information for as long as it is necessary for the purposes set out in this privacy notice, unless a longer retention period is required or permitted by law (such as tax, accounting, or other legal requirements). When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize such information, or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.

8. Data Storage Locations and International Data Transfers

Understanding where data is stored is crucial. As Burrey Law Group’s account is based in the United States, customer-generated content processed by our AI Assistant is stored within the United States.

In some instances, personal data may be transferred and processed outside of certain regions, such as the European Economic Area (EEA), Switzerland, or the United Kingdom, to locations where our service providers, their affiliates, or their subprocessors maintain data processing operations. To ensure adequate protection during such transfers, our service providers rely on robust legal mechanisms.

• For transfers from the EEA, UK, and Switzerland to the United States: Our service providers adhere to the EU-U.S. Data Privacy Framework Principles, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework Principles, respectively.
• For transfers of personal data originating from the EEA, Switzerland, or the UK to countries not recognized as providing an adequate level of data protection: Our service providers rely on the European Commission’s Standard Contractual Clauses, supplemented by additional safeguards and specific Swiss and UK clauses.

Explicitly detailing the specific legal mechanisms for international transfers demonstrates robust compliance with complex global data protection laws. For a law firm potentially serving clients subject to various data protection regimes, this section is critically important. By naming the specific legal frameworks used to legitimize transfers, Burrey Law Group demonstrates its (and its processor’s) adherence to stringent international data protection requirements, providing strong legal assurance to clients about the continued protection of their data, even when it crosses geographical borders.

9. Special Categories of Data

It is important to understand that our AI Assistant is not designed to process or recognize certain highly sensitive types of personal data. Specifically, the service is not intended to handle:

• Special categories of data or sensitive data (as defined in GDPR or other applicable data protection laws).
• Voiceprints or other biometric data.
• Personal data concerning children or minors.
• Data related to criminal convictions and offenses.

Explicitly stating what the AI is not designed to process manages client expectations and highlights a design choice aligned with privacy principles. By clearly stating that the AI is not intended for sensitive data, Burrey Law Group addresses potential client concerns about the AI’s capabilities and scope. This reinforces the principle of data minimization and privacy by design, indicating that the technology’s scope is intentionally limited to reduce privacy risks. Burrey Law Group undertakes to ensure that any processing of special categories of personal data, if it occurs through other means, is done lawfully and with a valid legal basis in accordance with applicable data protection laws.

10. Automated Decision-Making

Burrey Law Group assures its clients that our AI Assistant is not designed to make decisions based solely on automated processing, particularly those that produce legal effects on individuals or similarly significant effects. The AI features are assistive tools intended to support legal professionals in their work, such as generating summaries or drafting messages. They do not replace human judgment, legal analysis, or decision-making regarding legal matters.

Directly addressing automated decision-making mitigates a significant privacy and ethical concern under modern data protection laws, especially for a law firm. Clients need to know that their legal outcomes, advice, and case strategies are not determined by an algorithm. By clearly stating that the AI is merely an assistive tool and not an autonomous decision-maker, Burrey Law Group upholds fundamental principles of human oversight, fairness, and professional responsibility, which are paramount in the provision of legal services.

11. Your Privacy Rights

Individuals who interact with Burrey Law Group have specific rights regarding their personal data, designed to provide control over their information. While our service providers for these AI features provide technical means for the firm’s staff to manage their accounts, Burrey Law Group, as the data controller, is responsible for facilitating these rights. These rights may include:

• Right to Access: The right to request a copy of the personal data held about an individual.
• Right to Rectification: The right to request the correction of inaccurate or incomplete data.
• Right to Erasure (Right to be Forgotten): The right to request the deletion of personal data under certain circumstances.
• Right to Restriction of Processing: The right to request that the firm limit the way personal data is used.
• Right to Object: The right to object to certain types of processing of personal data.
• Right to Data Portability: The right to receive personal data in a structured, commonly used, and machine-readable format.

Empowering individuals to exercise their data rights reinforces Burrey Law Group’s commitment to privacy by design and by default. Explicitly listing these rights and providing clear instructions on how to exercise them through the firm demonstrates compliance with data protection principles that mandate individuals’ control over their data. This builds trust by showing that Burrey Law Group respects and actively enables these fundamental rights, rather than simply relying on its processor’s capabilities.

If you are a resident in the European Economic Area and you believe we are unlawfully processing your personal information, you also have the right to complain to your local data protection supervisory authority. You can find their contact details here.

If you are a resident in Switzerland, the contact details for the data protection authorities are available here: https://www.edoeb.admin.ch/edoeb/en/home.html.

To exercise any of these rights, individuals are encouraged to contact Burrey Law Group directly using the contact information provided in the “Contact Us” section.

12. Cookies and Other Tracking Technologies

We may use cookies and similar tracking technologies (like web beacons and pixels) to access or store information. Specific information about how we use such technologies and how you can refuse certain cookies is set out in our Cookie Notice (if you have one, otherwise this might need to be created or integrated here).

Most Web browsers are set to accept cookies by default. If you prefer, you can usually choose to set your browser to remove cookies and to reject cookies. If you choose to remove cookies or reject cookies, this could affect certain features or services of our Website. To opt-out of interest-based advertising by advertisers on our Website visit http://www.aboutads.info/choices/.

Controls for Do-Not-Track Features

Most web browsers and some mobile operating systems and mobile applications include a Do-Not-Track (“DNT”) feature or setting you can activate to signal your privacy preference not to have data about your online Browse activities monitored and collected. At this stage, no uniform technology standard for recognizing and implementing DNT signals has been finalized. As such, we do not currently respond to DNT browser signals or any other mechanism that automatically communicates your choice not to be tracked online. If a standard for online tracking is adopted that we must follow in the future, we will inform you about that practice in a revised version of this privacy notice.

13. Do California Residents Have Specific Privacy Rights?

Yes, if you are a resident of California, you are granted specific rights regarding access to your personal information.

California Civil Code Section 1798.83, also known as the “Shine The Light” law, permits our users who are California residents to request and obtain from us, once a year and free of charge, information about categories of personal information (if any) we disclosed to third parties for direct marketing purposes and the names and addresses of all third parties with which we shared personal information in the immediately preceding calendar year. If you are a California resident and would like to make such a request, please submit your request in writing to us using the contact information provided below.

If you are under 18 years of age, reside in California, and have a registered account with the Website, you have the right to request removal of unwanted data that you publicly post on the Website. To request removal of such data, please contact us using the contact information provided below, and include the email address associated with your account and a statement that you reside in California. We will make sure the data is not publicly displayed on the Website, but please be aware that the data may not be completely or comprehensively removed from all our systems (e.g., backups, etc.).

14. SMS Terms of Service

This section of our Privacy Policy outlines how Burrey Law Group (“Burrey Law Group,” “we,” “us,” or “our”) may communicate with you, including through Short Message Service (“SMS”) text messages. By providing us with your contact information, including your mobile phone number, you consent to these communication practices.

SMS Text Message Communications: Purpose and Consent

If you provide us with your mobile phone number, you expressly consent to receive informational and transactional SMS messages from Burrey Law Group at that number. We use SMS to communicate with clients and vendors for purposes such as, but not limited to: appointment reminders and scheduling confirmations; brief, non-sensitive updates regarding your case or matter; notifications about documents shared via secure channels (which may include a link to our secure client portal or our website); requests for quick, simple information or confirmations; and communication with vendors regarding scheduling, confirmations, and urgent requests. Our SMS messages may occasionally include URLs/web links to our resources or third-party sites like map services for directions, or our email address for follow-up communication. Your consent to receive SMS messages is not a condition of engaging our legal services, though it may be used for efficient communication related to your matter.

Managing Your SMS Preferences: Opt-Out and Support

You have the right to control the SMS messages you receive from us. You may opt-out of receiving SMS messages from Burrey Law Group at any time by texting STOP to the phone number or short code from which you are receiving our messages. Upon sending “STOP,” you will receive a confirmation SMS message verifying your unsubscription, and you will no longer receive SMS messages from us unless you re-initiate contact or provide renewed consent. If you require assistance regarding our SMS communications, or if you wish to re-subscribe, text HELP to the number from which you are receiving messages, or contact us directly at (925) 317-3467 or in**@*******aw.com.

Message Details: Frequency, Cost, and Carrier Liability

The frequency of SMS messages you receive will vary based on your interactions with Burrey Law Group, the status of your case or matter, scheduled appointments, or vendor engagement. We strive to ensure message frequency is reasonable and relevant. Please be aware that message and data rates may apply to any SMS messages sent to you from us and to us from you; Burrey Law Group is not responsible for any charges from your mobile carrier. Our SMS services may not be available on all wireless carriers or compatible with all mobile phone models. Burrey Law Group and the wireless carriers are not liable for delayed or undelivered messages.

Important Disclaimers Regarding SMS Communications

It is important to understand the nature and limitations of SMS communications. SMS messages from Burrey Law Group are intended for informational and logistical purposes only. These messages do not constitute legal advice, nor do they, by themselves, create an attorney-client relationship. An attorney-client relationship with Burrey Law Group is established only through a mutually signed engagement letter. You should not rely on SMS messages as a substitute for obtaining specific legal advice from a qualified attorney regarding your individual situation. Furthermore, while we take reasonable precautions, SMS is not an inherently secure method of communication. Therefore, you should avoid sending highly sensitive, personal, or confidential information via SMS. For sharing confidential details related to your case, please use more secure channels such as our client portal, encrypted email, telephone, or an in-person meeting. Burrey Law Group is not liable for the security or confidentiality of information you choose to transmit via SMS.

15. Changes to This Privacy Policy

Burrey Law Group reserves the right to update this Privacy Policy from time to time to reflect changes in its practices, technology, or legal requirements. We will notify you of any significant changes by posting the updated policy on our website or through other appropriate communication channels. We encourage you to review this policy periodically to stay informed about how your information is being protected. Your continued use of our services after such changes will constitute your acceptance of the new terms.

16. Contact Us

For any questions, concerns, or requests regarding this Privacy Policy, the use of our AI Assistant, or how personal data is handled, please do not hesitate to contact Burrey Law Group.

Burrey Law Group is committed to addressing inquiries promptly and transparently.

Email: in**@*******aw.com Postal Address: Burrey Law Group, Inc. 4 Orinda Way, Suite 110-D Orinda, CA 94563 United States

Conclusion

The integration of AI features into Burrey Law Group’s operations reflects a commitment to leveraging advanced technology to enhance client service and operational efficiency. This updated Privacy Policy serves to transparently communicate how your information is handled in this new technological landscape, alongside our established practices for website data and general privacy.

The policy emphasizes Burrey Law Group’s role as the data controller, ensuring that ultimate responsibility for data protection remains with the firm. Key safeguards, such as the immediate discard of audio streams after transcription, the non-retention of message summaries and AI-generated drafts, and the explicit commitment that client data is not used for AI model training by our service providers, are designed to provide robust privacy assurances. The implementation of strong security measures, including MFA and IAM, along with clear data retention, deletion, and cross-border transfer protocols, further underscores the firm’s dedication to data security and compliance with global privacy regulations. By clearly outlining data processing activities, storage locations, and legal frameworks for international transfers, Burrey Law Group aims to build and maintain client trust.

This comprehensive update ensures that you are fully informed about the use of AI in your legal interactions and our broader data handling practices, reinforcing Burrey Law Group’s unwavering commitment to confidentiality, transparency, and the protection of sensitive legal information.