Skip to main content

Legal

Privacy Policy

Effective Date: March 26, 2026

Nomos Insights LLC (“Firm,” “we,” “us,” or “our”) is committed to protecting the privacy and confidentiality of our clients, prospective clients, and website visitors. This Privacy Policy describes how we collect, use, disclose, and safeguard your information when you use our website, client portal, partner portal, and related services (collectively, the “Platform”).

As an Illinois law firm, our obligations regarding client confidentiality extend beyond this Privacy Policy and are governed by the Illinois Rules of Professional Conduct, including Rule 1.6 (Confidentiality of Information) and Rule 1.15 (Safekeeping Property).

1. Information We Collect

1.1 Information You Provide

  • Intake forms: Name, email, phone, mailing address, spouse information (if applicable), business name, entity details, property descriptions, matter descriptions, opposing party names, referral source, county, and other details relevant to your legal matter.
  • Consultation scheduling: Name, email, phone, practice area selection, and responses to custom intake questions (e.g., property location, transaction type, entity type).
  • Contact form: Name, email, and message content.
  • Portal registration: Email address and password (client and partner portals). Multi-factor authentication credentials if you opt in.
  • Documents: Files you upload through the client portal, including contracts, deeds, entity documents, estate planning instruments, and other legal documents.
  • Messages: Communications sent through the portal messaging system.
  • Billing information: Payment information processed through our third-party payment processor. We do not store credit card numbers or bank account details on our servers.

1.2 Information Collected Automatically

  • IP addresses: Collected when you submit intake forms or contact forms, for rate limiting and spam prevention.
  • Analytics data: We use Vercel Analytics, a privacy-focused analytics service, to collect aggregated page view and performance data. This does not use third-party tracking cookies and does not create individual user profiles.
  • Session data: Authentication session tokens stored in cookies to maintain your login state on the client and partner portals. These are essential functional cookies and are not used for advertising or tracking purposes.

1.3 Information We Do Not Collect

We do not use third-party advertising trackers, social media pixels, or behavioral targeting technologies. We do not sell, rent, or trade your personal information to third parties for marketing purposes.

2. How We Use Your Information

We use the information we collect to:

  • Evaluate potential new matters, including running conflict checks against existing clients and contacts.
  • Provide legal services under executed engagement letters.
  • Communicate with you about your matters, including status updates, document requests, scheduling confirmations, and billing notifications.
  • Manage our client portal and partner portal, including authentication and access control.
  • Process payments and maintain trust accounting records in compliance with ARDC requirements.
  • Improve our services and Platform functionality through aggregated, de-identified analytics.
  • Comply with legal and regulatory obligations, including professional conduct rules and recordkeeping requirements.

3. AI-Assisted Processing and Data Sanitization

We use artificial intelligence tools (specifically, Anthropic Claude) to assist with document analysis, summarization, clause review, drafting assistance, and other legal research functions under attorney supervision.

3.1 PII Sanitization

Before any client information is transmitted to AI systems, we apply a multi-layer sanitization process:

  • Tier 1 data (never transmitted): Social Security numbers, Employer Identification Numbers (EINs), bank account numbers, routing numbers, credit card numbers, and other financial account identifiers are stripped from all text before any external processing.
  • Named entity anonymization: For clause library and document analysis features, we apply an additional anonymization layer that replaces party names, company names, addresses, property descriptions, and dollar amounts with generic placeholders (e.g., “[PARTY A],” “[ENTITY B],” “[ADDRESS]”).

3.2 Attorney Review

All AI-generated analysis is reviewed by a licensed Illinois attorney before being relied upon, communicated to clients, or incorporated into legal documents. AI tools assist the attorney but do not replace professional judgment.

4. Third-Party Service Providers

We use the following third-party services in the operation of our Platform. Each provider is selected for its security practices and compliance posture:

ProviderPurposeData Shared
Microsoft 365Email, calendar, document storage (SharePoint), consultation scheduling (Bookings)Email content, documents, calendar events, booking details
SupabaseDatabase hosting and portal authenticationAll structured data (client records, matters, time entries, etc.)
VercelWebsite hosting and analyticsAggregated page view data (no PII)
Anthropic (Claude)AI-assisted legal analysisSanitized and anonymized text only — no Tier 1 PII
StripePayment processingPayment information (processed by Stripe; not stored on our servers)
DocuSignElectronic signature for engagement lettersEngagement letter content, signer name and email

We do not sell your personal information to any third party. Data shared with service providers is limited to what is necessary for their specific function and is subject to their respective privacy policies and our contractual obligations.

5. Data Sharing with Professional Partners

With your explicit, informed consent, we may share limited, non-privileged client information with professional partners (such as your CPA, financial advisor, or banker) through our Partner Portal. This sharing is governed by Illinois Rule of Professional Conduct 1.6 and operates as follows:

  • You will receive a detailed disclosure document identifying the partner, the purpose of sharing, and the specific categories of information that will be shared.
  • You must affirmatively approve the disclosure before any information is shared.
  • Consent is limited to the specific categories you approve (e.g., entity updates, estate changes, compliance alerts).
  • Consent expires automatically after twelve months unless renewed.
  • You may revoke consent at any time through the Client Portal, and revocation takes effect immediately.

Information Never Shared with Partners

Regardless of consent, the following information is never disclosed to professional partners:

  • Social Security numbers, EINs, or tax identification numbers
  • Bank account or routing numbers
  • Home addresses or personal contact information
  • Privileged attorney-client communications
  • Attorney work product or legal strategy documents

6. Data Security

We implement reasonable administrative, technical, and physical safeguards to protect your information, including:

  • Encryption of data in transit (TLS/HTTPS) and at rest.
  • Row-level security (RLS) in our database ensuring portal users can only access their own data.
  • Multi-factor authentication available for portal accounts.
  • Comprehensive audit logging of all material actions, including login attempts, document access, data sharing events, and administrative changes.
  • Per-IP rate limiting on public-facing forms to prevent abuse.
  • Leaked password protection checking credentials against known breach databases.
  • Separation of attorney authentication (Microsoft Entra ID / Azure AD) from portal authentication (Supabase), ensuring portal credentials cannot access attorney-level functions.

No system is completely secure. While we take reasonable measures to protect your information, we cannot guarantee absolute security. If you become aware of any unauthorized access to your account, please notify us immediately.

7. Cookies and Tracking

The Platform uses only essential cookies required for authentication and session management:

  • Authentication cookies: Maintain your login session on the client portal, partner portal, and attorney dashboard. These are strictly necessary and cannot be disabled without losing access to authenticated features.
  • CSRF protection cookies: Prevent cross-site request forgery attacks on form submissions.

We do not use advertising cookies, social media tracking pixels, or third-party analytics cookies. Our analytics provider (Vercel Analytics) operates without cookies and does not track individual users across sessions.

8. Data Retention

We retain client data in accordance with our professional obligations and applicable law:

  • Client matter files: Retained for a minimum of seven years after matter closure, consistent with Illinois ARDC guidance and the Illinois Rules of Professional Conduct.
  • Trust accounting records: Retained for a minimum of seven years, per ARDC Rule 1.15.
  • Intake submissions (not retained as clients): Declined intake submissions are retained for conflict-checking purposes for a period consistent with our professional obligations.
  • Audit logs: Retained indefinitely for compliance and security purposes.
  • Website analytics: Aggregated data retained by Vercel per their data retention policies; no individual user data is retained.

9. Your Rights

You have the right to:

  • Access: Request a copy of the personal information we hold about you.
  • Correction: Request correction of inaccurate personal information.
  • Data sharing control: Approve, decline, or revoke consent for data sharing with professional partners at any time through the Client Portal.
  • Communication preferences: Opt out of non-essential electronic communications by contacting us.
  • Account deletion: Request deletion of your portal account. Note that we may be required to retain certain information to comply with our professional obligations and applicable law, even after account deletion.

To exercise any of these rights, contact us using the information in Section 12 below. We will respond within a reasonable timeframe, typically within 30 days.

10. Children’s Privacy

The Platform is not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we learn that we have collected personal information from a child under 18, we will take steps to delete that information promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be posted on this page with an updated effective date. For registered portal users, we will provide notice of material changes via email or portal notification. Your continued use of the Platform after the posting of changes constitutes acceptance of the updated Privacy Policy.

12. Contact

If you have questions about this Privacy Policy or wish to exercise your rights under it, please contact us:

Nomos Insights LLC
Email: rmichaelsen@nomos-insights.com
Website: www.nomos-insights.com