Privacy Policy

Effective Date: February 1, 2026  |  Last Updated: February 1, 2026

1. Scope of This Policy

Grand Park Law Group, A.P.C. ("Grand Park," "we," "us," or "our") is a California professional corporation providing legal services with offices in Los Angeles, California and Chicago, Illinois. This Privacy Policy applies to personal information we collect through our website at grandparklawgroup.com and any related subdomains, our online intake forms, email communications, telephone consultations, and in-person interactions.

This Policy does not apply to information collected by third parties, including any websites operated by third parties to which our website may link. Information provided by clients in the course of an attorney-client relationship is subject to professional obligations of confidentiality, including California Business and Professions Code Section 6068(e) and the California Rules of Professional Conduct, Rule 1.6, in addition to the protections described herein.

2. Information We Collect

In the preceding twelve (12) months, we have collected the following categories of personal information:

2.1 Information You Provide Directly

When you fill out a contact form, request a consultation, subscribe to communications, or engage our legal services, you may provide:

• Identifiers: Name, email address, postal address, telephone number, and other contact details.
• Professional or Employment Information: Employer name, job title, and professional background relevant to your legal matter.
• Legal Matter Details: Information about the nature and circumstances of your legal issue, including facts, dates, parties involved, and supporting documentation.
• Financial Information: Billing information, payment card details (processed through secure third-party payment processors), and information relevant to damages or financial claims.
• Communications: Content of emails, messages, and correspondence you send to us.

2.2 Information Collected Automatically

When you visit our website, we may automatically collect:

• Internet or Network Activity: IP address, browser type and version, operating system, referring URL, pages visited, time spent on pages, clickstream data, and other browsing behavior.
• Device Information: Device type, screen resolution, unique device identifiers, and device settings.
• Geolocation Data: Approximate geographic location inferred from your IP address.

2.3 Information from Third-Party Sources

We may receive personal information from courts, government agencies, opposing counsel, expert witnesses, investigators, co-counsel, referral sources, and public records in connection with legal matters.

3. Sources of Personal Information

We collect personal information from the following categories of sources:

• Directly from you, when you contact us, submit forms, or engage our services.
• Automatically, through cookies, analytics tools, and similar technologies when you interact with our website.
• From third parties, including referral sources, courts, government agencies, public records, professional service providers, and co-counsel.
• From publicly available sources, such as court filings, government databases, and professional directories.

4. How We Use Your Information

We use your personal information for the following business and commercial purposes:

• Providing Legal Services: Evaluating potential matters, performing conflicts checks, representing clients, and communicating about legal matters.
• Client Communication: Responding to inquiries, scheduling consultations, and providing case updates.
• Website Operations: Operating, maintaining, and improving our website, ensuring security, and analyzing usage patterns.
• Marketing and Communications: Sending newsletters, firm updates, event invitations, and legal insights (with your consent where required).
• Compliance and Legal Obligations: Complying with applicable laws, regulations, court orders, and professional ethical obligations.
• Business Administration: Managing our firm's operations, including billing, accounting, conflict checking, and quality assurance.
• Security: Detecting, preventing, and responding to fraud, unauthorized access, and other security threats.

5. Disclosure and Sharing of Information

We may disclose your personal information to the following categories of third parties for the business purposes described above:

• Service Providers: Technology vendors, hosting providers, email service providers, payment processors, and other vendors who perform services on our behalf under written contracts that prohibit them from retaining, using, or disclosing personal information for purposes other than performing those services.
• Legal and Professional Parties: Courts, government agencies, opposing counsel, mediators, arbitrators, expert witnesses, and co-counsel as necessary in the course of representing clients.
• Professional Advisors: Our accountants, auditors, insurers, and consultants as necessary for business operations.
• Legal Compliance: Government authorities, law enforcement, or other parties when required by law, subpoena, court order, or legal process.
• Business Transfers: In connection with any merger, acquisition, or sale of firm assets, subject to professional ethical obligations regarding client confidentiality.

6. Sale or Sharing of Personal Information

As a law firm, the confidentiality of client information is a core professional obligation. We do not and will not sell, rent, lease, or trade your personal information to third parties for monetary or other valuable consideration.

7. Sensitive Personal Information

In the course of providing legal services, we may collect categories of information defined as "sensitive personal information" under the CPRA, including:

• Social Security numbers, driver's license numbers, or state identification card numbers
• Financial account information
• Racial or ethnic origin (when relevant to civil rights or employment matters)
• Health or medical information (when relevant to personal injury or medical malpractice matters)
• Information concerning a consumer's sex life or sexual orientation (when relevant to a legal matter)

We use sensitive personal information only as necessary to provide the legal services you have requested and for compliance with our professional and legal obligations. We do not use or disclose sensitive personal information for purposes beyond those permitted under the CPRA, including for the purpose of inferring characteristics about consumers.

8. Data Retention

We retain personal information for as long as reasonably necessary to fulfill the purposes for which it was collected, as described in this Privacy Policy. Specific retention periods are determined based on the following criteria:

• Client Files: Retained in accordance with the California Rules of Professional Conduct and the State Bar of California's guidelines regarding client file retention (generally a minimum of five years after the conclusion of a matter, or longer if required by law or professional obligation).
• Marketing Communications: Retained until you unsubscribe or request deletion.
• Website Analytics: Retained for up to twenty-six (26) months.
• Contact Inquiries: Retained for a minimum of two (2) years from the date of inquiry.
• Advertising Records: Retained for a minimum of two (2) years pursuant to California Rules of Professional Conduct, Rule 7.2.

We may retain de-identified or aggregated information that cannot reasonably be used to identify you for analytical and operational purposes.

9. Your Rights Under California Law (CCPA/CPRA)

If you are a California resident, you have the following rights under the CCPA, as amended by the CPRA:

9.1 Right to Know

You have the right to request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources from which your personal information was collected, the business or commercial purposes for collection, and the categories of third parties with whom we share your personal information.

9.2 Right to Delete

You have the right to request that we delete personal information we have collected from you, subject to certain exceptions, including our obligation to retain client files and information necessary for compliance with legal and professional obligations.

9.3 Right to Correct

You have the right to request that we correct inaccurate personal information that we maintain about you, taking into account the nature of the information and the purposes for processing.

9.4 Right to Opt-Out of Sale or Sharing

You have the right to opt out of the sale or sharing of your personal information. As noted above, we do not sell or share your personal information as those terms are defined under the CCPA/CPRA.

9.5 Right to Limit Use of Sensitive Personal Information

You have the right to limit our use and disclosure of your sensitive personal information to uses necessary to provide the services you have requested. We use sensitive personal information only for such permitted purposes.

9.6 Right to Data Portability

When you exercise your right to know, you may request that we provide the information in a portable and, to the extent technically feasible, readily usable format that allows you to transmit the information to another entity.

9.7 Right to Non-Discrimination

We will not discriminate against you for exercising any of your privacy rights. We will not deny you services, charge you different prices, provide a different level or quality of services, or suggest that you will receive a different price or level of services for exercising your rights.

10. How to Exercise Your Rights

To submit a verifiable consumer request to exercise any of your rights described above, you may contact us by any of the following methods:

We will verify your identity before fulfilling any request. You may be required to provide your name, email address, and additional information to confirm your identity. If you submit a request through an authorized agent, we may require the agent to provide proof of written authorization and may still require you to verify your identity directly with us.

We will respond to verifiable consumer requests within forty-five (45) calendar days of receipt. If we require additional time (up to an additional forty-five days), we will inform you of the reason and extension period in writing. We will not charge a fee to process or respond to your verifiable consumer request unless the request is manifestly unfounded or excessive.

11. Global Privacy Control & Do Not Track

Our website recognizes and honors the Global Privacy Control (GPC) signal as a valid opt-out preference signal pursuant to the CPRA and regulations adopted by the California Privacy Protection Agency. When we detect a GPC signal from your browser, we will treat it as a request to opt out of the sale or sharing of personal information associated with that browser.

We also honor "Do Not Track" (DNT) browser signals. When we detect a DNT signal, we limit our collection of browsing information as described in our cookie practices.

12. Cookies and Tracking Technologies

Our website uses the following categories of cookies and similar technologies:

• Essential Cookies: Necessary for the website to function properly, including session management and security features. These cannot be disabled.
• Analytics Cookies: Help us understand how visitors interact with our website by collecting information anonymously. We use Cloudflare Web Analytics, which is privacy-focused and does not use client-side state (cookies) to collect data.
• Functional Cookies: Enable enhanced functionality and personalization, such as remembering your preferences.

We do not use advertising cookies or tracking technologies for cross-context behavioral advertising. You may manage your cookie preferences through your browser settings. Note that disabling certain cookies may affect website functionality.

13. Third-Party Links and Services

Our website may contain links to third-party websites, including courts, government agencies, bar associations, and legal resource platforms. These third-party sites have their own privacy policies and practices. We are not responsible for the privacy practices, content, or security of any third-party websites. We encourage you to review the privacy policies of any third-party sites you visit.

14. Children's Privacy

Our website is not intended for, nor directed to, children under the age of sixteen (16). We do not knowingly collect personal information from children under 16. If we learn that we have collected personal information from a child under 16 without verification of parental consent, we will delete that information. If you believe we have collected information from a child under 16, please contact us at privacy@grandparklaw.com.

15. Data Security

We implement reasonable and appropriate administrative, technical, and physical safeguards designed to protect the personal information we collect and maintain from unauthorized access, disclosure, alteration, and destruction. These measures include encrypted communications (TLS/SSL), secure server infrastructure, access controls, regular security assessments, and employee training on data protection practices.

While we strive to protect your personal information, no method of electronic transmission or storage is completely secure. We cannot guarantee absolute security, but we are committed to promptly addressing any security incidents in accordance with applicable law.

16. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices, technologies, legal requirements, or for other operational reasons. When we make material changes, we will update the "Last Updated" date at the top of this Policy and, where appropriate, provide additional notice (such as a prominent notice on our website or an email notification). We encourage you to review this Policy periodically.

17. Contact Information

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us: