Cookie Policy
Cookie Policy
Last updated: March 2, 2026
Table of Contents
1. Overview
This Cookie Policy explains how Westlaw Club uses cookies and similar technologies on https://westlaw-club.com/. Because our audience is primarily legal professionals and operations teams, we strive for clarity and restraint: we use only the cookies necessary to operate the site, measure performance, and remember your choices. We do not use cookies for cross-site behavioral advertising, nor do we sell or share cookie-derived data with advertisers.
Under GDPR (as retained in the EU and UK) and similar laws, we act as the controller for first-party cookies we set. For third-party services described below, we review processor terms and data protection addenda to ensure appropriate safeguards. By continuing to browse our site after seeing the cookie banner, you agree to the use of cookies described here, subject to the choices you make within the banner.
2. Types of cookies we use
We categorize cookies based on function and set them only where needed:
- Strictly necessary. These enable core features such as page navigation, load balancing, and security. Our cookie that stores your consent decision falls into this category.
- Performance/analytics. These cookies help us understand aggregated site performance, such as which pages are visited most and how quickly they load. Data are anonymized or pseudonymized, and we do not build user profiles.
- Functional. These remember optional choices, such as preferred language (currently English only) or whether certain informational banners have been dismissed.
We do not set advertising, tracking, or social media cookies.
3. Purposes and lawful bases
Consent. We rely on your consent for performance/analytics cookies. The cookie banner records the consent state in localStorage and a strictly necessary cookie so that we can honor your choice on subsequent visits.
Legitimate interest. Strictly necessary cookies are placed under our legitimate interest in delivering a secure, functional website. These cookies do not require consent under GDPR or most US state privacy laws because they are essential to the service you request.
Performance measurement. Analytics cookies help us improve page load times, identify navigation issues, and prioritize content topics. Metrics are aggregated and not tied to identifiable profiles. We configure analytics tools to avoid collecting full IP addresses where possible and to respect Do Not Track signals when they are provided.
Preference storage. Functional cookies store whether you closed informational banners or set a language preference. Without them, you would see the same prompts repeatedly. These cookies expire automatically after a defined period stated in Section 5.
4. Consent management
Our consent experience is intentionally simple and aligns with GDPR 2026 expectations. When you first visit the site, the cookie banner appears at the bottom of the page with clear Accept and Decline buttons. If you take no action, only strictly necessary cookies load. When you click Accept, we store the value “accepted” in localStorage and set a small cookie to remember that state; when you click Decline, we store “declined.” The Manage Cookies button in the footer clears the stored choice and reopens the banner, giving you continuous control.
No dark patterns. Buttons use equal prominence and plain language. Analytics only run after an affirmative Accept. We do not bundle consent for unrelated purposes, and we do not assume consent from scrolling or continuing to browse.
Signal honoring. If your browser sends a Global Privacy Control (GPC) signal, we interpret it as a Decline for non-essential cookies and store that preference. You can override it by explicitly clicking Accept.
Proof of consent. For compliance purposes, we keep a hashed record of consent state tied to the device and timestamp within the browser storage itself; we do not transmit it to our servers unless necessary to demonstrate compliance during an audit.
5. Retention and deletion
Consent and preference cookies have a default lifespan of 12 months, after which the banner will reappear. Functional cookies related to banner dismissal expire after 90 days. Analytics cookies follow the retention configuration of the analytics provider, currently set to 13 months.
You can delete cookies at any time through your browser or by using the Manage Cookies control, which removes the consent value and resets non-essential cookies. We do not attempt to re-identify visitors whose cookies have been cleared.
6. Third-party cookies
We currently avoid embedding third-party content that would set tracking cookies (for example social widgets). If we embed a video or map from a third-party platform in the future, we will do so with privacy-enhanced modes where available and will update this Policy accordingly.
Our optional analytics provider may set first-party cookies to distinguish sessions and page views. Data are scoped to westlaw-club.com and are not used across other domains. IP addresses are truncated where supported. No advertising IDs are collected, and data are not combined with other datasets for profiling.
Google Maps iframe on the Contact page may read your IP address to deliver map tiles. That request is separate from our analytics cookies and governed by Google’s own privacy terms. The iframe is necessary to display the map you request; if you prefer not to load it, you can disable iframes via your browser settings or contact us for text directions instead.
7. How to control cookies
Within our site. Use the Manage Cookies button in the footer to reopen the consent banner and change your choice. Declining disables analytics cookies and clears any existing analytics identifiers.
Browser controls. You can delete or block cookies through your browser settings. Most browsers allow blocking third-party cookies by default and provide options to clear cookies on exit. Blocking strictly necessary cookies may impact site functionality, such as remembering your cookie preference.
Do Not Track / GPC. We honor Global Privacy Control where detected by treating it as a decline for non-essential cookies. Traditional “Do Not Track” headers are also respected in the same way.
Private browsing. Using private or incognito modes limits how long cookies persist. When you close the session, stored preferences will be removed unless your browser retains them by design.
8. Updates
We review this Cookie Policy at least annually and whenever we introduce new technologies that affect data collection. When we make material changes, we will update the “Last updated” date and may present the banner again to capture refreshed consent where required.
If a change materially expands the categories of cookies or introduces a new third-party service, we will provide advance notice on the site and, where required, obtain fresh consent. Archived versions of this Policy are available on request for audit trails.
9. Contact
If you have questions about cookies or would like more detail about a specific service we use, reach us at privacy@westlaw-club.com or by mail at Westlaw Club, 745 5th Ave, New York, NY 10151, USA.
10. Detailed cookie descriptions
The table below summarizes the main cookies we set as of March 2, 2026. Names may change as we refine implementation, but purposes and lifespans will remain consistent with the descriptions provided here. If we add new cookies, we will update this section before deployment.
- cookieConsent (strictly necessary) — stores whether you accepted or declined optional cookies. Lifespan: 12 months. Stored locally in your browser and not shared with third parties.
- sessionId (strictly necessary) — short-lived identifier used by our hosting provider for load balancing and security. Lifespan: session only. Not linked to personal data.
- performanceId (analytics, optional) — pseudonymous identifier to differentiate sessions for page performance measurement. Lifespan: 13 months. Set only after Accept.
- bannerDismissed (functional) — remembers if you closed non-cookie informational banners. Lifespan: 90 days.
These cookies are intentionally minimal so that you can review them quickly during audits. We avoid naming conventions that obscure purpose, and we keep lifespans short to reduce risk.
11. International considerations
Our servers are located in the United States. If you access the site from the European Economic Area, the United Kingdom, or Switzerland, data associated with cookies will be transferred to the United States. We rely on standard contractual clauses and service provider commitments to safeguard that transfer. Because the data we process via cookies are limited and largely non-identifying, we assess the residual risk as low, but we still provide you with the ability to decline non-essential cookies to minimize transfer.
Where local law requires a records of consent, the consent state is stored in your browser and only replicated to our servers when we need to demonstrate compliance to a regulator or client. We do not build cross-border profiles or attempt to match cookie identifiers with offline data.
12. Compliance mapping (GDPR 2026 and US state laws)
To make audits simpler, this section maps our cookie practices to common legal requirements. Under GDPR, we rely on consent for analytics cookies (Article 6(1)(a)) and legitimate interests for strictly necessary cookies (Article 6(1)(f)). We apply data minimization (Article 5(1)(c)) by limiting cookie scope and lifespans. For US state laws such as the California Consumer Privacy Act, the Colorado Privacy Act, and the Virginia Consumer Data Protection Act, we do not sell or share personal data for targeted advertising, so opt-out provisions related to sales or sharing are not triggered.
We maintain records of processing activities describing each cookie category, purpose, lawful basis, retention, and recipient. We review these records whenever a new third-party script is considered. Security controls include HTTPS enforcement, Content Security Policy that restricts script origins, and Subresource Integrity where applicable. These measures reduce the risk of unauthorized cookie injection.
Because our audience often performs vendor assessments, we provide quick answers: we do not deploy fingerprinting techniques; we do not combine cookie identifiers with offline data; we honor Global Privacy Control; and we provide a single-click decline option. If your organization requires a data protection agreement specific to cookies, contact us and we will provide a short-form addendum describing the limited scope of processing.
13. Definitions
Cookie. A small text file stored on your device that enables site functionality or measurement.
LocalStorage. A browser-based storage mechanism we use to store your consent decision. It is readable only by this site.
Strictly necessary. Cookies essential to deliver the service you request, such as remembering consent.
Performance/analytics. Cookies that help us understand site usage in aggregate to improve reliability and speed.
Functional. Cookies that remember optional settings, such as dismissing a banner.
14. Assurance
We periodically benchmark our cookie governance against guidance from regulators such as the ICO, CNIL, and the EDPB to keep pace with 2026 expectations. If you spot an area where we can improve clarity or control, please tell us—transparent feedback loops are part of our compliance program.