Privacy Policy for CrossYork 


Effective Date: January 1, 2026 Last Updated: December 22, 2025 


Introduction 


CrossYork ("Firm," "we," "us," or "our") is a law firm based in Washington, D.C., providing legal services nationwide through co-counsels in all 50 states. We are committed to protecting the privacy and security of your personal information in accordance with applicable laws, including but not limited to the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), the Virginia Consumer Data Protection Act (VCDPA), the Colorado Privacy Act (CPA), the Connecticut Data Privacy Act (CTDPA), the Utah Consumer Privacy Act (UCPA), the Kentucky Consumer Data Protection Act (KCDPA), the Rhode Island Data Transparency and Privacy Protection Act (RIDTPPA), the Indiana Consumer Data Protection Act (INCDPA), and federal laws such as the Children's Online Privacy Protection Act (COPPA). We also adhere to professional obligations under rules of professional conduct to preserve client confidentiality. 


This Privacy Policy describes how we collect, use, disclose, and protect personal information when you visit our website at https://crossyork.com (the "Website"), interact with us online or offline, or engage our legal services. "Personal information" means any information that identifies, relates to, describes, or is capable of being associated with you or your household. 


By using our Website or services, you consent to the practices described in this Policy. If you do not agree, please do not access or use our Website or services. 


Please note: Communications with us do not establish an attorney-client relationship unless a formal agreement is executed. Information provided before such a relationship may not be confidential. 


Information We Collect 


Information You Provide Directly 


  • Contact Information: Name, email address, phone number, postal address, and other details you provide when contacting us, subscribing to newsletters, registering for events, or inquiring about services. 
  • Professional Information: Job title, employer, business contact details, and information related to legal matters if you are a client or prospective client. 
  • Account Information: Username, password, and preferences if you create an account on our extranets or client portals. 
  • Sensitive Information: In the course of providing legal services, we may collect sensitive data such as financial information, health data, government IDs (e.g., Social Security number, driver's license), or information related to legal proceedings, only as necessary and with your consent or as required by law. 
  • Employment-Related Information: If applying for a position, we collect resumes, references, background checks, and other job application data. 
  • Other Information: Feedback, survey responses, or any other data you voluntarily provide.

 

Information Collected Automatically 


When you visit our Website or interact with our digital services, we may automatically collect: 


  • Device and Usage Data: IP address, browser type, operating system, pages viewed, time spent, referring URLs, and clickstream data. 
  • Location Data: Approximate location based on IP address (we do not collect precise geolocation without consent). 
  • Cookies and Tracking Technologies: We use cookies, web beacons, pixel tags, and similar technologies to enhance functionality, analyze trends, and personalize content. 
  • Log Data: Access times, errors, and security logs. 

We may also receive information from third parties, such as co-counsels, public records, analytics providers, or social media platforms if you interact with us there. 


Pixel Tracking Technologies 


We use pixel tags (also known as web beaconstracking pixels, or clear GIFs) on our Website and in certain email communications to collect information about your interactions with our content. 


  • How Pixel Tags Work: Pixel tags are tiny, transparent images embedded in web pages or emails. When your browser requests the image, the server can collect data such as your IP address, browser type, referring page, time and date of access, and whether you opened an email or clicked a link. 
  • Purposes: We use pixel tags to: 
  • Measure the effectiveness of our marketing emails (e.g., whether emails are opened or links are clicked). 
  • Track user engagement with content on our Website. 
  • Improve user experience and Website performance. 
  • Support analytics provided by third-party services (e.g., Google Analytics, Meta Pixel, LinkedIn Insight Tag). 
  • Third-Party Pixel Tags: We may include pixel tags from third-party service providers, including: 
  • Google (Google Analytics, Google Ads conversion tracking) 
  • Meta (Meta Pixel for advertising and analytics) 
  • LinkedIn (LinkedIn Insight Tag) 
  • Other marketing and analytics platforms 

These third parties may combine the data collected via pixel tags with other information they have about you from other sources and use it for their own purposes, including targeted advertising. We do not control these third-party practices. 


How We Collect Information 


  • Directly from You: Through forms, emails, phone calls, meetings, or client intakes. 
  • Automatically: Via cookies, pixel tags, tracking tools, and server logs when you use our Website or open our emails. 
  • From Third Parties: From partners, vendors, public sources, or as part of legal services (e.g., discovery in cases). 
  • In Legal Contexts: During representation, we collect data necessary for anti-money laundering (AML) compliance, conflict checks, or matter administration. 


How We Use Your Information 


We use personal information for legitimate business purposes, including: 

  • Providing and improving legal services, managing client relationships, and fulfilling contractual obligations. 
  • Communicating with you, responding to inquiries, and sending updates on legal developments, newsletters, or event invitations (you may opt out at any time). 
  • Operating and maintaining our Website, including personalization and analytics. 
  • Measuring the effectiveness of our marketing efforts. 
  • Complying with legal obligations, such as AML checks, regulatory reporting, or professional ethics rules. 
  • Recruiting and human resources management. 
  • Ensuring security, preventing fraud, and debugging technical issues. 
  • Marketing our services, subject to your preferences and applicable laws. 
  • Aggregating data for research or statistical purposes (in de-identified form). 

We process sensitive information only with your explicit consent or as permitted by law, such as for legal advice or compliance. 


Sharing and Disclosure of Information 


We do not sell your personal information. We may share it in limited circumstances: 

  • With Affiliates and Co-Counsels: To provide nationwide services through our network in all 50 states. 
  • Service Providers: Vendors for IT, hosting, analytics, payment processing, or marketing, bound by confidentiality agreements. 
  • Legal and Regulatory Purposes: To comply with laws, subpoenas, court orders, or professional obligations (e.g., bar associations). 
  • Business Transfers: In mergers, acquisitions, or asset sales. 
  • With Your Consent: For any other purpose you approve. 

We may transfer data internationally if necessary for services, using safeguards like Standard Contractual Clauses for EU/UK transfers. 


Cookie and Tracking Technology Policy 


Cookies and pixel tags are small files or code stored on your device. We use: 

  • Essential Cookies: For Website functionality (e.g., session management). 
  • Performance Cookies: To analyze usage (e.g., Google Analytics). 
  • Functional Cookies: To remember preferences. 
  • Targeting Cookies: For personalized content (not for third-party behavioral advertising). 

You can manage cookies and pixel tracking via your browser settings. Many browsers allow you to disable or delete cookies and pixel tags. We honor Do Not Track (DNT) signals and Global Privacy Control (GPC) where required by law. We do not track your activity across third-party sites for behavioral advertising. 

For more details, visit https://www.allaboutcookies.org or the privacy settings of your browser. 


Security Measures 


We implement reasonable physical, technical, and administrative safeguards to protect personal information from unauthorized access, loss, or misuse. However, no system is infallible, and we cannot guarantee absolute security. 


Retention of Information 


We retain personal information as long as necessary for the purposes outlined, or as required by law (e.g., for tax, legal holds, or professional records). Client files are retained per bar rules, typically 7-10 years after matter closure. 


Your Privacy Rights 


Depending on your location and applicable laws (e.g., CCPA/CPRA, VCDPA, CPA, CTDPA, UCPA, KCDPA, RIDTPPA, INCDPA), you may have rights including: 


  • Access: Request details of your personal information we hold. 
  • Correction: Update inaccurate data. 
  • Deletion: Request erasure, subject to exceptions (e.g., legal retention). 
  • Opt-Out: Of sales/sharing (we do not sell), targeted advertising, or profiling. 
  • Non-Discrimination: We will not penalize you for exercising rights. 
  • Limit Sensitive Data: Opt out of processing sensitive information. 
  • Data Portability: Receive your data in a portable format. 


To exercise rights, contact us at privacy@crossyork.com or via the form on our Website. We verify requests using provided information and respond within required timelines (e.g., 45 days under CCPA, extendable). Authorized agents may submit on your behalf with proof. 


For California residents: We collected the following categories in the past 12 months: identifiers, professional info, internet activity, sensitive data (as needed for services). Used for purposes above; shared with service providers and regulators. 

We do not knowingly collect data from children under 13 without parental consent, per COPPA. 


Changes to This Policy 


We may update this Policy to reflect legal changes or practices. Changes are effective upon posting, with the "Last Updated" date noted. Continued use constitutes acceptance. 


Contact Us 


For questions, rights requests, or concerns: 


CrossYork 123 Main Street Washington, D.C. 20001 Email: privacy@crossyork.com Phone: (202) 555-1234 

If unsatisfied, you may complain to relevant authorities (e.g., state attorneys general or FTC).