revised 2023-09-09 added Square payment processor
revised 2023-03-17 updated contact information, phone app and WP plugin information
revised 2019-11-27 added bank checks stored in a fireproof safe until shredded
revised 2018-07-06 added Analytify info, removed Slimstat on SiteGround
revised 2018-05-28 added Relevanssi, Jetpack info
revised 2018-05-26 added Akismet info
revised 2018-05-25 added WP Smush, FreeConferenceCall.com, Automatic Call Recorder info
1.0 Who we are
ABC Legal Docs, LLC
Colorado Springs, CO
Our website address is https://abclegaldocs.com.
Our products and services are offered primarily to Colorado residents and businesses, and to U.S. residents and businesses only. Do not use our website if you live in another country.
When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.
If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.
We use WP plugin WP Smush for image compression. It sends images to the developer, WPMU DEV servers, to optimize them for web use. This includes the transfer of EXIF data. The EXIF data will either be stripped or returned as it is. It is not stored on the WPMU DEV servers.
2.3 Contact forms
We use WP plugin Contact Form 7 (GDPR compliant) for our contact form. It is for use by U.S. residents and businesses only. Do not use our contact form if you live in another country. Personal data is stored when you submit a contact form, for an unlimited time for customer service purposes, and is not used for marketing purposes without your consent. Do not submit any nonpublic personal information (NPI) or personal medical information using the contact form. The contact form does not use encryption.
If you leave a comment on our site you may opt-in to save your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.
If you have an account and you log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.
2.5 Embedded content from other websites
Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
2.7 WP Courseware
We use WP plugin WP Courseware (GDPR compliant) for online courses. It only collects name, e-mail address, and mailing address when a purchase is made. If a course is offered for free, the user’s registration information is only stored in the WordPress users table. WP Courseware does not collect any credit card data. Data collected from an order is used to process transactions, and enroll users into courses. Data collected like name and email address is used to send out email notifications for purchases or course notifications.
2.9 Android app Automatic Call Recorder [discontinued, app no longer works]
We use WP plugin WP Relevanssi for internal site searches. All searches performed are logged in the database, including the following information: the search query, the number of hits found, user ID for users who are logged in, date and time and the IP address. The IP address is stored for security and auditing purposes. The search logs are stored indefinitely.
We use WP plugin Jetpack.
Activity Log This feature only records activities of a site’s registered users, and the retention duration of activity data will depend on the site’s plan and activity type.
Data Used: To deliver this functionality and record activities around site management, the following information is captured: user email address, user role, user login, user display name, WordPress.com and local user IDs, the activity to be recorded, the WordPress.com-connected site ID of the site on which the activity takes place, the site’s Jetpack version, and the timestamp of the activity. Some activities may also include the actor’s IP address (login attempts, for example) and user agent.
Activity Tracked: Login attempts/actions, post and page update and publish actions, comment/pingback submission and management actions, plugin and theme management actions, widget updates, user management actions, and the modification of other various site settings and options. Retention duration of activity data depends on the site’s plan and activity type.
Data Synced: Successful and failed login attempts, which will include the actor’s IP address and user agent.
Gravatar Hovercards Data Used: This feature will send a hash of the user’s email address (if logged in to the site or WordPress.com — or if they submitted a comment on the site using their email address that is attached to an active Gravatar profile) to the Gravatar service (also owned by Automattic) in order to retrieve their profile image.
Jetpack Comments Data Used: Commenter’s name, email address, and site URL (if provided via the comment form), timestamp, and IP address. Additionally, a jetpack.wordpress.com IFrame receives the following data: WordPress.com blog ID attached to the site, ID of the post on which the comment is being submitted, commenter’s local user ID (if available), commenter’s local username (if available), commenter’s site URL (if available), MD5 hash of the commenter’s email address (if available), and the comment content. If Akismet (also owned by Automattic) is enabled on the site, the following information is sent to the service for the sole purpose of spam checking: commenter’s name, email address, site URL, IP address, and user agent.
Activity Tracked: The comment author’s name, email address, and site URL (if provided during the comment submission) are stored in cookies. Learn more about these cookies.
Data Synced: All data and metadata (see above) associated with comments. This includes the status of the comment and if Akismet is enabled on the site, whether or not it was classified as spam by Akismet.
Protect Data Used: In order to check login activity and potentially block fraudulent attempts, the following information is used: attempting user’s IP address, attempting user’s email address/username (i.e. according to the value they were attempting to use during the login process), and all IP-related HTTP headers attached to the attempting user.
Activity Tracked: Failed login attempts (these include IP address and user agent). We also set a cookie (jpp_math_pass) for 1 day to remember if/when a user has successfully completed a math captcha to prove that they’re a real human. Learn more about this cookie.
Data Synced: Failed login attempts, which contain the user’s IP address, attempted username or email address, and user agent information.
Subscriptions Data Used: To initiate and process subscriptions, the following information is used: subscriber’s email address and the ID of the post or comment (depending on the specific subscription being processed). In the event of a new subscription being initiated, we also collect some basic server data, including all of the subscribing user’s HTTP request headers, the IP address from which the subscribing user is viewing the page, and the URI which was given in order to access the page (REQUEST_URI and DOCUMENT_URI). This server data used for the exclusive purpose of monitoring and preventing abuse and spam.
Activity Tracked: Functionality cookies are set for a duration of 347 days to remember a visitor’s blog and post subscription choices if, in fact, they have an active subscription.
2.12 Bank Checks
If you pay by check, we may save the physical check or an encrypted digital image of the check as long as needed, in our secure financial records, in case we may need the account information for a bad check, debt collection or check fraud. Physical checks that are returned to us for insufficient funds or that we deposit electronically are stored in a fireproof safe as long as needed, then destroyed by shredding.
We do not sell to or share user data with any other parties, except as needed for debt collection, legal evidence or compliance, security purposes, or as otherwise required by law.
If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.
For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.
For students that register for a class on our website, we store the personal information they provide in their student records. Student records are kept indefinitely. Classes are open to U.S. students only.
If you have an account on this site or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.
WP Courseware is GDPR compliant in which users can request a copy of their data or can request to have their data anonymized through the core WordPress GDPR tools.
We use WP security plugins Wordfence (GDPR compliant) and Sucuri Security (GDPR compliant) to view and block IP addresses of hackers, attackers, malware and malicious software.
Akismet anti-spam service collects information about visitors who leave comments on our site. The information collected depends on user settings, but typically includes the commenter’s IP address, user agent, referrer, and site URL (along with other information directly provided by the commenter such as their name, username, email address, and the comment itself).
For privacy-related questions and matters, privacy contact
8.1 How we protect your data
We use reasonable security measures to protect user data from unauthorized access, use, modification, disclosure, or destruction, appropriate to the size and nature of our business and records, including long, strong, unique account passwords, security software, encryption of confidential files, file backup, locked record storage, a fireproof safe, restricted access, and staff training in data protection.
Per CRS 6-1-713 (House Bill HB 18-1128), our policy for the destruction or proper disposal of unneeded documents containing personal identifying information is to shred unneeded paper records and securely erase unneeded electronic documents.
Our active paper notary journal is kept secure as required by notary law, in a locked office or locked vehicle, when not in use. Our archive of inactive paper notary journals is stored in locked secure storage or may be delivered to the Colorado State Archives when we end our notary services.
8.2 What data breach procedures we have in place
With the exception of paper checks, encrypted images of bank checks and voluntary thumbprints in our notary journal, we do not store “personal identifying information”, defined by CRS 6-1-713 as: a social security number; a personal identification number; a password; a passcode; an official state or government-issued driver’s license or identification card number; a government passport number; biometric data; an employer, student, or military identification number; or a financial transaction device.
Paper checks that are not deposited in our bank account are stored in a fireproof safe until they are no longer needed and are then destroyed by shredding.
Under Colorado data breach law CRS 6-1-716, “Breach of the security of the system” means the unauthorized acquisition of unencrypted computerized data that compromises the security, confidentiality, or integrity of personal information maintained by an individual or a commercial entity.
“Personal information” does not include data elements that are encrypted, redacted, or secured by any other method rendering the name or the element unreadable or unusable or publicly available information that is lawfully made available to the general public from federal, state, or local government records or widely distributed media. If the encryption key is compromised along with encrypted data, that is considered a security breach.
We do not currently use an electronic notary journal, so remote access or online data breach is not possible. If we use an electronic notary journal, access will be restricted according to notary law and data will be encrypted.
8.3 What third parties we receive data from
We do not normally receive data about users from third parties. For extending credit or debt collection, we may seek data from public records, employers, collection agencies or credit bureaus. For due diligence, we may also seek information available in an Internet search.
8.4 What automated decision making and/or profiling we do with user data
We do not use a service that includes automated decision making, other than auto-block security software to help protect against unwanted advertising, spam, hackers, attacks, and malware.
8.5 Industry regulatory disclosure requirements
We primarily serve Colorado resident customers and occasionally other U.S. resident customers or foreign resident visitors needing service in Colorado. We do not serve residents or businesses located in foreign countries.
For notary services, we follow Colorado notary public laws, including keeping our notary journal secure.