Privacy Policy

Privacy Policy

Last updated: March 2, 2026

Table of Contents

  1. Scope and audience
  2. Information we collect
  3. How we use information
  4. Data security
  5. Third-party services
  6. Your rights
  7. Contact information

1. Scope and audience

Westlaw Club is an informational site focused on research techniques, Practical Law usage, and analytics within the Westlaw ecosystem. This Privacy Policy explains how we collect, use, store, and disclose personal data when you browse our pages, submit contact forms, subscribe to updates, or engage with us as a prospective or existing client. It applies to visitors in the United States and other regions where our content is accessed. Because we do not sell products or operate a public user account system, our data collection is intentionally minimal and tied to legitimate interests such as site performance, security, and responding to your requests.

We rely on transparent communication. Throughout this Policy we describe the categories of data involved, the lawful bases we rely on, and the retention periods we apply. If you are located in a jurisdiction with specific requirements—such as the California Consumer Privacy Act (CCPA), the Virginia Consumer Data Protection Act (VCDPA), or the EU/UK General Data Protection Regulation (GDPR)—the rights described in Section 6 apply to you. If you disagree with any portion of this Policy, please discontinue use of the site and contact us so we can address your concern.

2. Information we collect

We collect information in three ways: (a) data you provide directly through forms or email, (b) technical data collected automatically when you interact with the site, and (c) limited data derived from third-party platforms you choose to engage with.

Data you provide. When you complete our contact form, we collect your name, email address, optional phone number, and the content of your message. If you request a tailored walkthrough, we may also request your practice area, jurisdictional focus, and timeline so that we can respond accurately. We do not request sensitive personal information such as government IDs, payment data, or health information.

Technical data. Our site uses server logs to record IP address, user agent, timestamp, referring URL, and pages viewed. We use this information to maintain security, diagnose performance issues, and understand aggregate usage patterns. Logs are retained for a limited period consistent with Section 4. We also deploy first-party cookies to remember your cookie preferences and maintain basic analytics. Cookies set through our consent banner are small text files stored on your device; you can delete or block them at any time via your browser settings.

Third-party sources. If you follow us on professional networks (for example LinkedIn) or schedule a meeting through a calendar tool, those platforms may share limited metadata such as your profile name or meeting status based on their own privacy policies. We do not combine social profile data with technical data for profiling or advertising. We do not purchase lead lists or enrich your data using data brokers.

Children. Westlaw Club is intended for professional audiences. We do not knowingly collect personal information from children under 16. If you believe a child has submitted personal data to us, please contact us using the details in Section 7 so that we can delete it promptly.

3. How we use information

We process personal data to deliver and improve the services you request. The primary purposes include: (a) responding to inquiries; (b) scheduling and delivering consultations; (c) maintaining site functionality and security; and (d) producing aggregated, non-identifying metrics to improve content relevance.

Responding to inquiries. When you contact us, we use your name, email address, and message content to understand your request and provide an appropriate response. The lawful basis under GDPR is Article 6(1)(b) (performance of a contract or pre-contractual steps) and Article 6(1)(f) (legitimate interests in providing requested information). For US visitors, we consider this processing reasonably expected and proportionate.

Service delivery. For prospective engagements we may use your practice area, jurisdictional focus, and timelines to draft an appropriate scope of work. This information is stored in project notes and email threads limited to personnel assigned to the engagement.

Site performance and security. Technical data such as IP address and user agent help us detect abusive activity (for example repeated failed form submissions) and maintain service availability. We do not use IP addresses to infer precise location beyond what is necessary to understand regional compliance obligations.

Analytics. We use privacy-focused analytics to measure page performance, time on page, and navigation paths. Data are aggregated, not used for targeted advertising, and do not include cross-site identifiers. Where analytics cookies are involved, we honor your choices expressed through the cookie banner.

Legal obligations. We may retain certain records to comply with accounting, auditing, or legal obligations, including demonstrating consent where required. We do not sell personal data and we do not use it for automated decision-making that produces legal or similarly significant effects.

4. Data security

We implement administrative, technical, and physical safeguards intended to protect personal data from accidental loss, misuse, or unauthorized access. Our measures include TLS encryption in transit, hardened server configurations, principle of least privilege for access to form submissions, and periodic log review. Access to contact form submissions is restricted to team members who need the information to respond to you.

Retention. Contact form submissions and related correspondence are retained for up to 24 months to support follow-up, audit requests, and conflict checks, unless a longer period is required by law or you request deletion. Technical logs are typically retained for 90 days unless needed to investigate a security incident.

Data minimization. We intentionally avoid collecting sensitive categories of data. If you provide information that is not necessary for your request, we will delete it once we identify it as unnecessary. We do not store payment data because we do not process payments through this site.

Incident response. In the unlikely event of a data incident affecting personal data, we will investigate promptly, mitigate impact, and notify you and applicable authorities as required by law. We maintain playbooks that define roles, communication channels, and timelines for notification.

No security practice can guarantee absolute protection. You can help by avoiding the transmission of confidential client information through the contact form; instead, request a secure channel and we will provide one.

5. Third-party services

We use a small number of service providers to operate the site and communicate with you. Each provider is vetted for security practices and data processing terms. We do not permit our vendors to use your data for their own marketing.

Hosting and infrastructure. Our hosting provider supplies servers, networking, and storage. Server logs are generated within this environment and are accessible only to authorized personnel. Data centers are located in the United States.

Analytics. We may use a lightweight analytics platform to measure page performance and aggregated usage. Cookies used for analytics are controlled by the cookie consent banner and respect your choice to decline. IP addresses are truncated or pseudonymized where possible.

Communication tools. When you email us or schedule time via a calendar service, those platforms process your contact details under their own privacy policies. We limit the fields we request to the minimum needed to coordinate a call.

Legal disclosures. We may disclose information if required to comply with applicable law, enforce our Terms of Service, or protect the rights, property, or safety of Westlaw Club, our users, or the public. We do not share data with advertisers, data brokers, or social media companies for behavioral profiling.

6. Your rights

Your rights depend on your location but we aim to honor reasonable requests from all users. You can exercise these rights by emailing the address in Section 7. We may verify your identity before responding and will reply within the timelines required by applicable law.

Access and portability. You can request confirmation of whether we process your personal data and receive a copy of the data we hold about you. Where technically feasible, we will provide it in a portable format.

Correction. You may request that we correct inaccurate or incomplete personal data. Because we collect minimal information, corrections typically relate to your name, email, or practice details.

Deletion. You may request deletion of your personal data. We will honor the request unless retention is required for legal obligations, dispute resolution, or security investigations. Deletion will include contact form entries and related internal notes.

Objection and restriction. You may object to processing based on legitimate interests or request that we restrict processing while an objection is evaluated. If you decline analytics cookies, we will honor that choice by limiting data collection to strictly necessary cookies.

Do Not Sell / Share. We do not sell personal data. If you are a California resident, we also do not share personal data for cross-context behavioral advertising as those terms are defined under California law.

Withdrawal of consent. Where we rely on consent (for example optional analytics cookies), you may withdraw consent at any time via the cookie banner or by clearing cookies in your browser.

Complaints. You may lodge a complaint with your local data protection authority. We would appreciate the opportunity to address your concerns directly first.

7. Contact information

If you have questions about this Policy, want to exercise your rights, or need a secure channel for sharing case-specific information, contact us at:

When you contact us, please include the context of your request so we can respond efficiently. For data requests, we may ask for information necessary to verify identity and locate records.