Privacy Policy

Effective Date: Apr 9, 2025

1. Introduction

Ellis Legal, P.C. and Ellis Technologies, Inc. (together, "Ellis," "we," "our," or "us") operate a modern immigration law practice and proprietary case‑management platform that enables clients and beneficiaries to provide information, collaborate with counsel, and receive legal services. This Privacy Policy explains what personal data we collect, how we use and share it, the choices you have, and the safeguards we maintain. By engaging our services or using our platform, you acknowledge that you have read and understood this Policy.

2. Scope

This Policy applies to personal data we process when you:

  • engage Ellis to provide legal or related services;
  • access or use our websites, portals, mobile or desktop applications; or
  • communicate with us by any means.

It does not override attorney‑client privilege or confidentiality obligations, which continue to apply to the extent more protective.

3. Categories of Data We Collect

Depending on your relationship with us and the services requested, we may collect:

  • Identifiers and Contact Details – name, postal address, email, telephone number, date of birth, signature, IP address, online identifiers.
  • Government‑Issued Identifiers – passport number, I‑94 record, visa number, Social Security number, driver's license number, Alien Registration number.
  • Immigration and Employment Records – prior petitions, travel history, work history, academic credentials, professional licenses, performance reviews.
  • Financial Information – payment card details (processed by our PCI‑compliant processor), billing address, account balance, tax identifiers.
  • Medical Information – vaccination records, medical examinations, disability accommodations, only where relevant to an immigration benefit.
  • Geolocation Data – coarse location derived from your IP address or device settings when you access our platform.
  • Device and Usage Data – browser type, operating system, referring URLs, clickstream data, access times, error logs.
  • Contacts and References – names and contact details of employers, relatives, or other individuals you provide.
  • Audio, Electronic, or Visual Information – call recordings, voicemails, video conference footage with your consent.
  • Inferences – risk assessments or recommendations we derive from the data above.

We collect data directly from you, from your representatives, from government agencies (e.g., U.S. Customs and Border Protection for I‑94 history), from publicly available sources, and from service providers acting on our behalf.

4. How We Use Personal Data

We process personal data only for lawful purposes, including to:

  • provide, manage, and improve our legal services and technology platform;
  • verify identity, complete immigration forms, and submit filings to government agencies;
  • retrieve travel history and I‑94 records on your behalf when you authorize us to do so;
  • communicate with you and your designated contacts;
  • process payments and maintain accounting records;
  • detect, prevent, and investigate fraud, security incidents, or misuse;
  • train and refine our artificial‑intelligence drafting tools, using de‑identified text with zero data retention commitments from all AI vendors;
  • comply with legal and ethical obligations, including know‑your‑client, anti‑money‑laundering, tax, and professional‑responsibility rules;
  • enforce our Terms of Service and protect our rights, privacy, safety, or property.

5. Sharing of Personal Data

We do not sell personal data for monetary consideration or otherwise. We disclose personal data only:

  • to government agencies (e.g., U.S. Citizenship and Immigration Services, Department of Labor) as you direct or as required to perform legal services;
  • to service providers bound by written contracts that impose confidentiality and data‑protection obligations consistent with this Policy, including cloud‑hosting vendors, secure e‑signature providers, and AI model providers that operate under zero‑retention agreements;
  • to professional advisors (e.g., auditors, insurers) under confidentiality duties;
  • when you instruct us to share information with third parties such as expert witnesses or translators;
  • when required by law, court order, or bar rules, or to defend legal claims;
  • with your active, informed consent.

We may share de‑identified, anonymized, or pseudonymized data for statistical analysis, product improvement, or legal research. Such data cannot reasonably be re‑identified, and third parties are contractually prohibited from attempting to do so or from using it for any purpose beyond those expressly authorized by us and you.

6. Prohibition on Third‑Party Use Without Consent

Any third party receiving personal data from Ellis may use or disclose that data—including de‑identified, anonymized, or pseudonymized forms—solely to perform the contracted service for Ellis and only as explicitly permitted by this Policy. Any other use or disclosure, including for advertising, analytics, or independent research, is forbidden absent your prior active consent. Third parties are bound to these restrictions by contract.

7. Your Choices, Risks, and Benefits

You may decline to provide certain data; however, doing so may limit our ability to represent you effectively. We will present clear options for any elective data sharing and explain foreseeable risks and benefits, including potential impacts on relatives or employers. For example, sharing genetic or family‑history information could reveal sensitive traits about biological relatives. We will obtain your explicit consent before sharing such data.

8. Impact on Others

When you submit personal data about another individual (e.g., a family member's medical history), you represent that you have the authority to do so and that you have informed that individual of this Policy. We will process that data with the same safeguards and notify you of any material risks that data sharing may pose to them.

9. Data Security and Breach Notification

We employ administrative, technical, and physical safeguards designed to protect personal data, including encryption in transit and at rest, access controls, regular penetration testing, and staff training. If we discover a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to personal data, we will notify affected individuals without undue delay and within 72 hours where legally required. Our notice will describe the nature of the breach, the data involved, steps we are taking, and actions you may take to mitigate potential harm.

10. Data Retention

We retain personal data for as long as necessary to fulfill the purposes described above, to comply with legal, ethical, and accounting requirements, and to preserve evidence for potential disputes. Unless a longer period is required by law or professional‑conduct rules, we will delete or irreversibly anonymize personal data:

  • seven (7) years after the termination of our representation;
  • two (2) years after an online account becomes dormant; or
  • within sixty (60) days of your verified deletion request, whichever is later.

Back‑ups are overwritten on a rolling ninety‑day cycle. When deletion is not technically feasible, we will securely isolate and protect the data from further processing until deletion becomes possible.

11. Your Rights and How to Exercise Them

Subject to applicable law, you have the right to:

  • access the personal data we hold about you;
  • request correction of inaccurate or incomplete data;
  • request deletion or anonymization of your data;
  • object to or restrict certain processing;
  • receive a copy of your data in a portable format;
  • withdraw consent at any time where processing is based on consent.

To exercise these rights, close your account, or permanently delete your data, please submit a request via our secure client portal or email legal@ellis.com. We will verify your identity before acting on the request and will respond within the timeframe required by law.

12. Transfer of Ownership or Business Cessation

If Ellis undergoes a merger, acquisition, restructuring, or asset sale, we will:

  • notify you at least thirty (30) days in advance via email and in‑app notice;
  • require the successor entity to honor this Privacy Policy or obtain your active consent to materially different terms; and
  • offer you the choice to
    • have your personal data securely transmitted to you or a lawyer of your choice,
    • download your records in a structured format, or
    • have your data securely destroyed, subject to our legal retention obligations.

13. Policy Changes and Active Consent

We may update this Policy to reflect changes in law, technology, or our practices. We will notify you of any material changes by email and in‑app banner, provide a plain‑language summary of the revisions, and request your active consent (e.g., a checkbox or acknowledgement) before the changes take effect. If you do not consent, you may discontinue use of our services and request deletion of your data.

16. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us.

Ellis Technologies, Inc.
105 N 13th St #401
Brooklyn, NY 11249, USA
Email: legal@ellis.com

Contact Us