Privacy Policy

At Hoag Law.ai, I take your privacy seriously. This Privacy Policy explains how I collect, use, and protect your personal information when you visit hoaglaw.ai or use my contact form.

By using this website, you agree to the collection and use of information in accordance with this policy.

Contact Form Data

When you submit the contact form, I collect:

• Full Name - To address you properly
• Email Address - To respond to your inquiry
• Company Name - To understand your business context
• Funding Stage - To assess fit for my practice
• Message - To understand your legal needs

Automatically Collected Information

This website uses Google Analytics to understand how visitors use the site. Google Analytics collects:

• IP addresses (anonymized)
• Browser type and device information
• Pages visited and time spent on site
• Referral sources (how you found the site)

Google Analytics uses cookies to track visitor behavior. For more information on how Google uses this data, see Google's Privacy Policy.

I use the information you provide to:

• Respond to your inquiries about legal services
• Assess whether your needs align with my practice areas
• Communicate about potential engagement
• Provide the legal services you request (if we enter into an engagement)

I do not: Sell, rent, or share your information with third parties for marketing purposes. Ever.

Security Measures

Your data security is important to me. This website uses:

• HTTPS encryption for all data transmission
• Secure third-party services for form submission and email delivery
• Limited access - Only I (Marc Hoag) have access to submitted information

Data Retention

I retain contact form submissions:

• Active inquiries: Until resolved or engagement concluded
• Declined inquiries: Up to 1 year for reference
• Client matters: As required by legal ethics rules and professional responsibilities

To deliver the contact form functionality, I use trusted third-party services that may process your data:

• Email delivery service (e.g., Formspree, Resend) - Transmits form submissions to my email
• Hosting provider (Render) - Hosts the website infrastructure

These services have their own privacy policies. I only work with providers that meet industry-standard security and privacy practices.

What Are Cookies?

Cookies are small text files placed on your device by websites you visit. They help websites remember your preferences and understand how you use the site.

How We Use Cookies

This website uses the following types of cookies:

• Essential Cookies: Required for basic website functionality (e.g., remembering your cookie consent choice)
• Analytics Cookies: Google Analytics cookies that help me understand how visitors use the site (anonymized data)

Managing Cookies

You can control and delete cookies through your browser settings. Note that disabling cookies may affect website functionality.

To opt out of Google Analytics tracking, visit Google Analytics Opt-out Browser Add-on.

In operating my practice and representing clients, I may use generative AI tools for tasks such as legal research, drafting, email and file management, and analysis. These tools augment, but do not replace, my professional judgment.

How AI Is Used

• Legal Research: AI may assist in researching legal issues, case law, and regulatory requirements
• Drafting: AI may help draft, review, or refine documents and communications
• Email & File Management: I use Google Workspace (Gmail and Drive), which includes AI features powered by Google Gemini that may assist with drafting, summarizing, and organizing communications and documents. Google's AI features are subject to Google's Privacy Policy.
• Analysis: AI may assist in analyzing documents, contracts, or legal issues

Safeguards & Oversight

Any use of AI tools is consistent with applicable legal ethics rules, including the California State Bar's Practical Guidance on Generative AI. I maintain human oversight of all AI-assisted work product—AI suggestions are reviewed, verified, and refined before being used or delivered. AI does not make decisions; I do.

Confidentiality & Privilege

I take appropriate measures to protect your confidential information and preserve attorney-client privilege when using AI tools. Consistent with California ethics guidance, I do not input confidential client information into any AI tool that would use that information to train its models or share it with third parties.

I select AI tools that offer enterprise-grade security, appropriate data retention policies, and contractual confidentiality protections. If you have questions or concerns about AI use in connection with your matter, please discuss them with me directly.

This website is intended for users who are at least 18 years of age, consistent with the eligibility requirements in our Terms of Service. I do not knowingly collect personal information from minors. If you believe a minor has provided information through this site, please contact me immediately and I will delete it.

You have the right to:

• Access: Request a copy of the information I have about you
• Correction: Request corrections to inaccurate information
• Deletion: Request deletion of your information (subject to legal retention requirements)
• Opt-out: Unsubscribe from future communications at any time

To exercise these rights, contact me via email.

If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

Your California Privacy Rights

• Right to Know: You may request disclosure of the categories and specific pieces of personal information I have collected about you, the sources of that information, the business purpose for collecting it, and the categories of third parties with whom it is shared.
• Right to Delete: You may request deletion of your personal information, subject to certain exceptions (such as legal retention requirements).
• Right to Correct: You may request correction of inaccurate personal information.
• Right to Opt-Out of Sale/Sharing: I do not sell or share your personal information for cross-context behavioral advertising. No opt-out is necessary.
• Right to Non-Discrimination: You will not be discriminated against for exercising your privacy rights.

Categories of Information Collected

In the preceding 12 months, I may have collected the following categories of personal information:

• Identifiers: Name, email address, company name
• Internet Activity: Browsing history on this website, interactions with the site (via Google Analytics)
• Professional Information: Company name, funding stage

How to Exercise Your Rights

To submit a request, email me at marc@hoaglaw.ai with "California Privacy Request" in the subject line. I will verify your identity before processing your request and respond within 45 days.

If you are located in the European Economic Area (EEA) or the United Kingdom, you have rights under the General Data Protection Regulation (GDPR) and UK GDPR:

Legal Basis for Processing

I process your personal data under the following legal bases:

• Consent: When you submit the contact form, you consent to my processing your information to respond to your inquiry.
• Legitimate Interests: I use analytics to improve my website and services, which is a legitimate business interest that does not override your privacy rights.
• Contract: If we enter into an attorney-client engagement, processing is necessary for the performance of that contract.

Your GDPR Rights

• Right of Access: Request a copy of your personal data.
• Right to Rectification: Request correction of inaccurate data.
• Right to Erasure: Request deletion of your data ("right to be forgotten").
• Right to Restrict Processing: Request limitation of how your data is used.
• Right to Data Portability: Receive your data in a structured, commonly used format.
• Right to Object: Object to processing based on legitimate interests.
• Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent.

International Data Transfers

If you are located outside the United States, please be aware that your information will be transferred to and processed in the United States, where data protection laws may differ from those in your country. By submitting your information, you consent to this transfer. When transferring data internationally, I rely on appropriate safeguards such as Standard Contractual Clauses (SCCs) and ensure service providers comply with applicable data protection requirements.

Supervisory Authority

You have the right to lodge a complaint with your local data protection supervisory authority if you believe your rights have been violated.

How to Exercise Your Rights

To exercise any of these rights, email me at marc@hoaglaw.ai with "GDPR Request" in the subject line. I will respond within 30 days.

I may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last Updated" date. Continued use of the website after changes constitutes acceptance of the updated policy.