PRIVACY POLICY

We use the information we collect for the following purposes:

(a) Service Delivery: To design, develop, deploy, host, and maintain your website; to perform MEO/AEO optimization; to generate website content; and to provide ongoing support and maintenance.

(b) Credential Verification: To verify attorney bar status, admissions, and credentials through publicly available state bar databases, ensuring website accuracy and compliance with advertising rules.

(c) Communication: To respond to your inquiries, provide project updates, send invoices, and communicate about your account and our services.

(d) Payment Processing: To process payments through our payment processor (Stripe, Inc.).

(e) Service Improvement: To analyze usage patterns, improve our services, and develop new features.

(f) Legal Compliance: To comply with applicable laws, regulations, and legal processes.

We do not sell your personal information. We may share your information only in the following circumstances:

(a) Service Providers: We share information with third-party service providers who assist us in delivering our Services, including:

• Stripe, Inc. — Payment processing. Stripe's privacy policy governs their handling of payment data.
• Cloudflare, Inc. — Website hosting, CDN, SSL, and security services.
• Formspree — Form submission processing (intake forms).
• AI Model Providers — Content generation and optimization may involve processing data through AI model APIs (e.g., Anthropic). We do not transmit attorney-client privileged information to AI providers.

(b) Public Website Content: Information you approve for publication on your website (attorney names, credentials, practice areas, testimonials, photos) will be publicly accessible on the internet.

(c) Legal Requirements: We may disclose information if required by law, subpoena, court order, or governmental regulation, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

(d) Business Transfers: In the event of a merger, acquisition, or sale of substantially all of our assets, Client information may be transferred to the acquiring entity, subject to the same privacy protections described in this Policy.

We retain your information for as long as necessary to provide our Services and fulfill the purposes described in this Policy. Specifically:

(a) Active Clients: We retain all Client data for the duration of the service relationship.

(b) Post-Cancellation: Following cancellation, we retain Client data for thirty (30) days to facilitate source code export requests. After thirty (30) days, website files and Client-provided content may be deleted.

(c) Billing Records: We retain billing and transaction records for seven (7) years for tax and accounting compliance purposes.

(d) Intake Submissions: Intake form submissions from non-clients are retained for twelve (12) months, after which they are deleted unless the submitter becomes a client.

We implement commercially reasonable administrative, technical, and physical security measures to protect your information, including:

• SSL/TLS encryption for all data in transit
• Cloudflare DDoS protection and Web Application Firewall
• Encrypted payment processing through Stripe (PCI-DSS compliant)
• Access controls limiting employee access to Client data on a need-to-know basis

While we implement industry-standard protections, no method of electronic storage or internet transmission is completely secure. We cannot guarantee absolute security.

Our website may use the following technologies:

(a) Essential Cookies: Required for website functionality (e.g., form state, navigation).

(b) Analytics: We may use privacy-focused analytics to understand how visitors interact with our website. We do not use invasive tracking pixels or sell data to advertising networks.

You may control cookies through your browser settings. Disabling cookies may affect website functionality.

Depending on your jurisdiction, you may have the following rights regarding your personal information:

(a) Right to Access: Request a copy of the personal information we hold about you.

(b) Right to Correction: Request correction of inaccurate or incomplete information.

(c) Right to Deletion: Request deletion of your personal information, subject to legal retention requirements and our legitimate business interests.

(d) Right to Portability: Request a copy of your data in a structured, machine-readable format.

(e) Right to Opt Out of Sale: We do not sell personal information. If this changes, we will provide a clear opt-out mechanism.

To exercise any of these rights, contact us at legal@webhaus.ai. We will respond to verified requests within thirty (30) days. We will not discriminate against you for exercising your privacy rights.

If you are a California resident, the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), provides you with additional rights:

• Right to know what personal information we collect, use, and disclose
• Right to delete personal information
• Right to correct inaccurate personal information
• Right to opt out of the sale or sharing of personal information (we do not sell or share personal information for cross-context behavioral advertising)
• Right to non-discrimination for exercising your rights

To submit a request, email legal@webhaus.ai with "California Privacy Request" in the subject line.

Important: Webhaus AI is not a law firm and does not provide legal services. Information you provide to us in connection with website design services is not protected by attorney-client privilege.

Do not submit privileged, confidential, or sensitive client information through our intake forms or to our team. The information we collect is limited to what is necessary for building and optimizing your professional website — firm details, credentials, public-facing content, and marketing materials.

If you inadvertently submit privileged information, notify us immediately at legal@webhaus.ai and we will delete it promptly.