Privacy Policy | [Attorney/Firm Name]

PRIVACY POLICY TEMPLATE

FOR BUSINESS SUCCESSION PLANNING COURSEWARE

[ATTORNEY/FIRM NAME]

[WEBSITE URL]

Effective Date: [Date]

Last Updated: [Date]

YOUR PRIVACY MATTERS

This Privacy Policy describes how [Attorney/Firm Name] ("we," "us," or "our") collects, uses, discloses, and protects information when you access our business succession planning educational courseware and related services through our website at [Website URL].

By using our website, accessing our course materials, or booking a consultation, you acknowledge that you have read and understood this Privacy Policy.

1. SCOPE OF THIS POLICY

This Privacy Policy applies only to our business succession planning courseware, lead generation funnel, and consultation booking services. It does not apply to our general law practice or any other legal services we provide.

This is an informational document describing our data practices. It is not legal advice, and your use of our educational materials does not create an attorney-client relationship.

2. INFORMATION WE COLLECT

We collect information in several ways when you interact with our educational courseware and consultation booking system:

2.1 Information You Provide Directly

When you sign up for our business succession planning video course or book a consultation, you may provide:

  • Name (first and last)
  • Business name
  • Email address
  • Phone number
  • ZIP code
  • Any information you provide in contact forms, messages, or consultation requests

2.2 Automatically Collected Information

When you visit our website or access our course materials, we automatically collect:

  • Device information (IP address, browser type, operating system, device identifiers)
  • Usage data (pages visited, time spent on pages, videos watched, course progress)
  • Referral source (how you found our website)
  • Date and time of your visits
  • Geographic location (derived from IP address or ZIP code)

2.3 Information from Third-Party Services

We use various third-party services to deliver our courseware and manage communications. These services may collect and share information with us as described in Section 7 below.

3. HOW WE USE YOUR INFORMATION

We use the information we collect for the following purposes:

3.1 To Provide Our Educational Services

  • Deliver the business succession planning video course you requested
  • Track your course progress and learning experience
  • Provide access to course materials and resources
  • Respond to your questions and support requests

3.2 To Facilitate Consultation Booking

  • Schedule and manage consultation appointments
  • Send appointment reminders via email and SMS
  • Communicate about your consultation requests

3.3 To Communicate With You

  • Send course access information and credentials
  • Provide educational content related to business succession planning
  • Send appointment reminders and follow-up communications
  • Respond to inquiries and provide customer support
  • Notify you of important updates to our services or this Privacy Policy

3.4 To Improve Our Services

  • Analyze how visitors use our website and course materials
  • Understand user preferences and learning patterns
  • Improve course content and user experience
  • Test and develop new features

3.5 For Marketing and Advertising

  • Send relevant educational content about business succession planning
  • Share information about our legal services (with your consent)
  • Display targeted advertisements through platforms like Facebook
  • Conduct market research to better serve business owners

3.6 For Legal and Security Purposes

  • Comply with legal obligations and respond to lawful requests
  • Protect against fraud, unauthorized access, and security threats
  • Enforce our terms of service and protect our legal rights
  • Prevent misuse of our services

4. LEGAL BASIS FOR PROCESSING

If you are located in the European Economic Area, United Kingdom, or Switzerland, we process your personal information based on the following legal grounds:

  • Consent: When you provide consent to receive our course materials or marketing communications
  • Contractual Necessity: To deliver the educational services you requested
  • Legitimate Interests: To improve our services, prevent fraud, and conduct business operations
  • Legal Obligation: To comply with applicable laws and regulations

5. HOW WE SHARE YOUR INFORMATION

We do not sell your personal information for monetary consideration. However, under some state privacy laws (such as California's CCPA/CPRA), sharing data with advertising platforms for targeted advertising may be considered a "sale" or "sharing."

We may share your information in the following circumstances:

5.1 With Service Providers

We share information with trusted third-party service providers who help us deliver our courseware and services (GoHighLevel, Facebook/Meta, Zoom). These providers are contractually obligated to protect your information and use it only for the purposes we specify. See Section 7 for details about specific service providers.

5.2 For Advertising and Marketing

We share information with advertising platforms like Facebook/Meta to:

  • Display relevant advertisements to potential clients
  • Measure advertising campaign effectiveness
  • Create audiences for targeted advertising

Important: Under California and other state privacy laws, this sharing may be considered a "sale" or "sharing for cross-context behavioral advertising." You have the right to opt out of this sharing. See Section 12 for opt-out options.

5.3 For Legal Reasons

We may disclose your information if required by law, legal process, or government request, or if we believe disclosure is necessary to:

  • Comply with legal obligations
  • Protect our rights, property, or safety
  • Protect the rights, property, or safety of others
  • Investigate fraud or security issues

5.4 Business Transfers

If our firm is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change and your choices regarding your information.

5.5 With Your Consent

We may share your information for other purposes with your explicit consent.

6. COOKIES AND TRACKING TECHNOLOGIES

We use cookies and similar tracking technologies to collect information about your browsing activities and deliver targeted advertising. For detailed information about the specific cookies we use, please see our Cookie Policy at [Cookie Policy URL].

6.1 Consent for Non-Essential Cookies

IMPORTANT - Cookie Consent Requirements:

  • If you have visitors from the EU/EEA: You MUST obtain explicit consent before placing non-essential cookies (including advertising cookies like Facebook Pixel)
  • If you have visitors from California: You must provide notice and opt-out rights for cookies used for targeted advertising
  • We recommend implementing a cookie consent banner that blocks advertising cookies until users opt in

6.2 Managing Cookies

You can control cookies through:

  • Your browser settings (most browsers allow you to block or delete cookies)
  • Our cookie consent banner (if implemented)
  • Facebook ad preferences: facebook.com/ads/preferences
  • Industry opt-out tools: optout.aboutads.info or youronlinechoices.com

Please note that blocking cookies may limit your ability to use certain features of our website.

7. THIRD-PARTY SERVICES AND DATA COLLECTION

We use the following third-party services to deliver our courseware and manage communications. Each service may collect and process your information as described below:

7.1 GoHighLevel (GHL) - CRM and Marketing Platform

Purpose: We use GoHighLevel to manage our customer relationship management (CRM), email and SMS communications, appointment scheduling, and course delivery.

Data Collected by GHL:

  • Contact information (name, email, phone number)
  • Account and profile information
  • Communication history (emails sent/received, SMS messages)
  • Appointment and calendar data
  • Course access and usage information
  • Device and browser information
  • IP addresses and location data

How GHL Uses Data: GoHighLevel processes this data on our behalf to provide CRM services, deliver automated communications, manage appointments, and host course content. GHL may use aggregated, non-personally identifiable data for analytics and service improvement.

Data Location: GoHighLevel stores and processes data in the United States. Data may be transferred internationally based on where participants are located.

For more information: Review GoHighLevel's Privacy Policy at https://www.gohighlevel.com/privacy-policy

7.1A Google Sheets (Backup Storage)

Platform: Google Sheets (Google LLC)

Purpose: We maintain automated backup of compliance records and lead information for legal and professional responsibility purposes.

What data is backed up:

  • Contact information (name, email, phone, business name, ZIP code)
  • Consent records (email consent, SMS consent, timestamps)
  • Consent metadata (source URL, exact consent language, form version)
  • Course enrollment information
  • Engagement data (course progress, consultation bookings)

Important distinction: Unlike other third-party services that process data on our behalf, the Google Sheets backup is stored in our own Google Drive account. This means:

  • We own and control the backup data directly
  • We have continuous access to the backup independent of other service providers
  • We are responsible for securing our Google account
  • The backup data remains in our possession even if we change courseware platforms
  • We control backup data retention according to our legal obligations

Data location: Backup data location depends on our Google account configuration and Google's data center locations. Data may be stored in the United States or other locations based on Google's infrastructure and our account settings.

Google's role: Google provides the infrastructure (Google Sheets/Drive) where we store backup data. Google's processing of this data is subject to Google's own privacy policies and data protection practices. However, we control what data is backed up and how long it is retained.

Security: Google implements industry-standard security measures for Google Workspace and Google Drive, including encryption in transit and at rest, access controls, and security monitoring. We enhance this security through our own account protection measures including strong passwords, two-factor authentication, and limited access permissions.

More information:

7.2 Facebook/Meta - Advertising and Analytics

Purpose: We use Facebook advertising tools to reach potential clients who may benefit from business succession planning education. This includes Facebook Pixel for website tracking and Facebook Lead Ads for course sign-ups.

Data Collected by Facebook:

  • Information from your Facebook profile (if you interact with our ads while logged in)
  • Website activity and interactions via Facebook Pixel (pages visited, buttons clicked, forms completed)
  • Device information (IP address, browser type, operating system)
  • Ad interaction data (ads viewed, clicked, or engaged with)
  • Information you provide in Facebook Lead Ads forms

How Facebook Uses Data: Facebook uses this data to:

  • Display our ads to relevant audiences (business owners approaching retirement age)
  • Measure ad performance and campaign effectiveness
  • Create analytics reports for our use
  • Build advertising profiles for targeted advertising across Meta platforms
  • Personalize user experiences on Facebook and Instagram

Important Notes:

  • Facebook does not share your personal information directly with us unless you submit a lead form
  • Facebook may combine data collected from our website with data from other sources
  • Facebook uses cookies and similar tracking technologies
  • You can control Facebook's use of your data through your Facebook privacy settings
  • The Facebook Pixel can potentially link collected data to your Facebook or Instagram profile even if you're not currently logged in

IMPORTANT - Consent Requirements: In many jurisdictions (including the EU and some US states), we must obtain your consent before the Facebook Pixel places cookies on your device. If you visit from these jurisdictions, you will be presented with a cookie consent banner before any tracking occurs.

Data Location: Facebook/Meta operates globally and may transfer and process your data in the United States and other countries.

For more information: Review Meta's Privacy Policy at https://www.facebook.com/privacy/policy and Cookie Policy at https://www.facebook.com/policies/cookies

7.3 Zoom - Video Consultation Platform

Purpose: We use Zoom to conduct video consultations with prospective clients who complete our courseware and book appointments.

Data Collected by Zoom:

  • Account information (name, email address)
  • Meeting participant information (name, email, join/leave times)
  • Device information (IP address, device type, operating system)
  • Audio and video content from meetings (if recorded with notice)
  • Meeting usage data (duration, features used)
  • Technical and diagnostic information

How Zoom Uses Data: Zoom processes this data to:

  • Facilitate video meetings and consultations
  • Provide meeting features (screen sharing, chat, recording)
  • Ensure service quality and reliability
  • Improve and develop Zoom services
  • Provide customer support

Important Notes:

  • Zoom does not use meeting content (audio, video, or chat) for marketing purposes without consent
  • Meeting recordings are only made with participant notice and consent
  • Zoom encrypts meeting data in transit using 256-bit AES encryption
  • We may record consultations for quality assurance with your explicit consent

Data Location: Zoom operates globally and may process data in the United States and other countries where Zoom maintains facilities.

For more information: Review Zoom's Privacy Statement at https://www.zoom.com/en/trust/privacy/privacy-statement

8. DATA RETENTION

We retain your personal information for as long as necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law.

Typical Retention Periods:

  • Course participant data: [3 years] after last contact or course completion
  • Consultation booking data: [3 years] after appointment date
  • Marketing communications data: Until you opt out or [2 years] of inactivity
  • Analytics and usage data: [18 months] in aggregated form

We may retain information for longer periods if required for legal, regulatory, or business purposes (such as resolving disputes, enforcing agreements, or complying with legal obligations).

You may request deletion of your personal information at any time by contacting us (see Section 12). We will honor your request subject to legal exceptions.

8.1 Backup Data Retention

In addition to the data retention periods described above for our courseware platform (GoHighLevel), we automatically back up your information to a Google Sheet in our Google Drive account. This backup serves important compliance, legal, and professional responsibility purposes.

Why we maintain backups: We retain backup data according to:

  • [STATE] state bar advertising and recordkeeping requirements (typically 3-7 years)
  • Federal TCPA requirements for SMS consent records (minimum 3 years)
  • CAN-SPAM Act requirements for email consent records
  • Our professional document retention policies
  • Potential litigation holds or legal obligations
  • Professional liability insurance requirements

Why backup data may be retained longer: Even if you delete your course account or request data deletion from the primary platform, we may be legally required to retain backup records documenting:

  • Your consent to receive marketing communications (TCPA compliance)
  • Attorney advertising compliance documentation (state bar requirements)
  • Records necessary for legal defense or dispute resolution
  • Professional responsibility compliance evidence

How long we retain backup data: We retain backup data for [X YEARS] from your last interaction with our services, or longer if required by:

  • Applicable state bar rules
  • Federal telecommunications regulations
  • Active litigation or regulatory investigations
  • Other legal obligations

Requesting deletion of backup data: If you request deletion of your information, we will promptly delete or anonymize your data from our primary courseware platform. However, we may be legally required to retain certain backup records even after a deletion request, particularly records related to:

  • Consent documentation (proving you agreed to receive communications)
  • Attorney advertising compliance (demonstrating proper disclosures were made)
  • Professional responsibility obligations

In such cases, we will retain only the minimum information necessary to fulfill our legal requirements, and we will secure this information with appropriate safeguards to limit access and use.

9. DATA SECURITY

We implement reasonable administrative, technical, and physical security measures to protect your personal information from unauthorized access, disclosure, alteration, or destruction. These measures include:

  • Encryption of data in transit and at rest
  • Regular security assessments and updates
  • Access controls and authentication procedures
  • Employee training on data protection

However, no method of transmission over the internet or electronic storage is completely secure. While we strive to protect your information, we cannot guarantee absolute security.

10. INTERNATIONAL DATA TRANSFERS

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that differ from the laws of your country.

Our primary data processing occurs in the United States. If you are located in the European Economic Area, United Kingdom, or Switzerland, please be aware that your information will be transferred to the United States, which may not provide the same level of data protection as your home country.

When we transfer your data internationally, we implement appropriate safeguards, including:

  • Relying on third-party service providers who participate in recognized data protection frameworks
  • Implementing Standard Contractual Clauses approved by relevant authorities
  • Obtaining your explicit consent where required

11. CHILDREN'S PRIVACY

Our services are not directed to children under 13 years of age (or under 16 in the European Economic Area). We do not knowingly collect personal information from children under these ages.

If we learn that we have collected personal information from a child under the applicable age limit, we will take steps to delete that information as soon as possible. If you believe we have collected information from a child, please contact us immediately using the information in Section 15.

12. YOUR PRIVACY RIGHTS AND CHOICES

Depending on your location, you may have certain rights regarding your personal information:

12.1 Access and Portability

  • Request a copy of the personal information we hold about you
  • Request that we provide your information in a portable format

12.2 Correction

  • Request that we correct inaccurate or incomplete information

12.3 Deletion

  • Request that we delete your personal information (subject to legal exceptions)

12.4 Opt-Out of Marketing

  • Unsubscribe from marketing emails by clicking the unsubscribe link
  • Opt out of SMS messages by replying STOP
  • Contact us directly to opt out of all marketing communications

12.5 Opt-Out of Targeted Advertising (California and Other States)

If you are a California resident or resident of another state with similar privacy laws, you have the right to opt out of the "sale" or "sharing" of your personal information for targeted advertising purposes.

To opt out of targeted advertising:

  • Adjust your Facebook ad preferences: facebook.com/ads/preferences
  • Use browser settings to block third-party cookies
  • Visit industry opt-out pages: optout.aboutads.info or youronlinechoices.com
  • Contact us directly to request opt-out from targeted advertising

12.6 Limit Use of Sensitive Personal Information

Under some state privacy laws, you may have the right to limit how we use and disclose sensitive personal information. We do not use or disclose sensitive personal information for purposes other than those permitted by law.

12.7 Non-Discrimination

We will not discriminate against you for exercising any of these privacy rights. This means we will not:

  • Deny you services
  • Charge different prices or rates
  • Provide a different level or quality of services

12.8 How to Exercise Your Rights

To exercise any of these rights, please contact us using the information in Section 15. We will respond to your request within the timeframe required by applicable law (typically 30-45 days).

We may need to verify your identity before processing your request. We will never charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded.

Important Note About Backup Data

When you exercise your privacy rights (access, correction, deletion), we will fulfill your request promptly for data in our primary course delivery platform (GoHighLevel and related systems). However, we also maintain compliance backup records in our Google Drive account.

How we handle backup data requests:

  • Access requests: We will provide you with information from both our primary platform and backup systems
  • Correction requests: We will correct inaccurate information in both systems
  • Deletion requests: We will delete your data from the primary platform immediately, but may be required to retain certain compliance records in our backup system

Legal obligations for backup retention: We may be legally required to retain certain backup records even after a deletion request, including:

  • Consent documentation (TCPA requirement: 3+ years)
  • Attorney advertising records (state bar requirement: [X] years)
  • Professional responsibility compliance documentation
  • Records subject to litigation holds or regulatory investigations

What we retain: If we must retain backup data after a deletion request, we will:

  • Retain only the minimum information required by law
  • Secure the information with restricted access
  • Use the information only for legal compliance purposes
  • Delete the information as soon as legal obligations permit
  • Provide you with documentation explaining what was retained and why

Dual custody structure: This data management approach means:

  • Primary platform (GoHighLevel): Provides course delivery and user experience
  • Backup system (Google Sheets): Preserves compliance and legal records
  • We control both systems and fulfill your privacy rights across both
  • Legal obligations may require different retention periods for each system
  • We will always explain our retention decisions and legal basis

13. CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. We will notify you of any material changes by:

  • Posting the updated Privacy Policy on our website
  • Updating the "Last Updated" date at the top of this Privacy Policy
  • Sending an email notification if the changes are significant

Your continued use of our services after such updates constitutes acceptance of the revised Privacy Policy. We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

14. DO NOT TRACK SIGNALS

Some web browsers have a "Do Not Track" (DNT) feature that signals to websites that you do not want to have your online activity tracked. Our website does not currently respond to DNT signals because there is no universally accepted standard for how to respond to them.

However, you can use the opt-out methods described in Section 12 to control tracking and targeted advertising.

15. CONTACT US

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

[ATTORNEY/FIRM NAME]

[STREET ADDRESS]

[CITY, STATE ZIP]

Email: [EMAIL ADDRESS]

Phone: [PHONE NUMBER]

IMPORTANT LEGAL NOTICES

Attorney Advertising: This website and the information contained herein are intended for informational and educational purposes only and do not constitute legal advice.

No Attorney-Client Relationship: Access to or use of our business succession planning courseware does not create an attorney-client relationship. An attorney-client relationship is established only through a written engagement agreement signed by both parties.

Prior Results: Any descriptions of results obtained for clients, if mentioned in our course materials, do not guarantee similar outcomes. Every legal matter is unique.

Confidentiality: Do not send confidential information through our website, course platform, or via unsecured communications until an attorney-client relationship has been established.

ATTORNEY CUSTOMIZATION CHECKLIST

DISCLAIMER: The following checklist provides practical implementation guidance for using this template. It is not legal advice. Each attorney must review this policy, determine its appropriateness for their specific practice and jurisdiction, and consult with privacy counsel or their professional liability carrier as needed before adopting any privacy policy.

Before publishing this Privacy Policy, please:

  • ☐   Replace all bracketed placeholders [LIKE THIS] with your specific information
  • ☐   Specify data retention periods in Section 8 appropriate for your practice
  • ☐   Verify that all third-party service descriptions match your actual usage
  • ☐   Add any additional services or tools you use (e.g., payment processors)
  • ☐   CRITICAL: Implement cookie consent banner if you have EU/CA visitors or use Facebook Pixel
  • ☐   Enable GoHighLevel's cookie consent banner feature in your funnel settings
  • ☐   If you practice in CA, VA, CO, CT, or UT, consult privacy counsel about state-specific requirements
  • ☐   If you target EU clients, consult privacy counsel about GDPR and international data transfer requirements
  • ☐   Have this reviewed by your professional liability insurance carrier
  • ☐   Consider having this reviewed by privacy counsel familiar with your jurisdiction
  • ☐   Ensure the privacy policy URL is added to all lead forms, course sign-up pages, and consultation booking pages
  • ☐   Add link to privacy policy in email footers and SMS disclaimers
  • ☐   Create and link your Cookie Policy (see Cookie Policy template)
  • ☐   Set calendar reminder to review and update this policy at least annually
  • ☐   Verify Google Sheets backup disclosure (Section 7.1A) accurately describes your backup system
  • ☐   Confirm backup data retention periods (Section 8.1) match your state bar requirements
  • ☐   Insert your specific retention period in Section 8.1 backup retention section
  • ☐   Update contact information throughout backup-related sections
  • ☐   Verify state-specific bar rules regarding attorney advertising record retention
  • ☐   Review Google account security settings (2FA enabled, strong password, limited access)
  • ☐   Document your backup data retention policy in writing for your records

IMPLEMENTATION NOTES

Cookie Consent Banner (CRITICAL):

  • If you use Facebook Pixel and have EU visitors: You MUST implement a cookie consent banner that blocks the pixel until users opt in
  • GoHighLevel has a built-in cookie consent banner - enable it in Settings → Tracking Code → Cookie Consent
  • The banner should block ALL non-essential cookies (especially Facebook Pixel) until consent is given
  • Test to ensure the pixel doesn't fire before consent
  • For high-volume practices, consider using a dedicated consent management platform (CMP)

Privacy Policy Links:

  • The privacy policy link should be clearly visible on your course sign-up form
  • Include a link in the footer of all emails sent through GHL
  • Reference the privacy policy in your consultation booking confirmation
  • Facebook Lead Ads specifically require a privacy policy URL - ensure this is included
  • Add to website footer alongside Terms of Service

State-Specific Considerations:

  • California (CCPA/CPRA): Must provide clear opt-out mechanism for sale/sharing of data
  • Virginia, Colorado, Connecticut, Utah: Have similar requirements for opt-out rights
  • If significant volume of clients from these states, consider adding state-specific sections

Annual Review:

  • Review privacy policy at least annually
  • Update when adding new third-party services
  • Update when privacy laws change
  • Consider a "Privacy Policy Updated" notification workflow in GHL if you make material changes

Professional Liability Carrier:

  • Notify your malpractice carrier about your digital marketing funnel
  • Get their approval for privacy policy and disclaimers
  • Some carriers may have specific requirements or recommended language

Google Sheets Backup (New):

  • Consider explaining the backup system to users in your course welcome email: "For legal compliance, we maintain secure backup records of enrollment and consent information."
  • Train yourself/staff on handling backup-related data requests before launch
  • Document your backup data retention policy in writing (sample: "We retain backup data for [X] years to comply with [STATE] bar advertising rules and federal TCPA requirements")
  • Review Google account security quarterly (verify 2FA enabled, strong password, limited access)
  • Set calendar reminder to review backup retention compliance annually
  • Keep records of when you delete data from primary platform vs. retain in backup (document legal basis)
  • If you receive backup data deletion request, document: (1) what was deleted, (2) what was retained, (3) legal basis for retention
  • Consider creating FAQ document: "Why do you keep backup records?" Answer: "State bar and federal law require us to retain evidence of consent for marketing communications and compliance with attorney advertising rules."

---

End of Privacy Policy Template