Effective Date: March 23, 2026

1. Introduction

Sumner Law LLP (“we,” “us,” or “our”) is committed to protecting your privacy and safeguarding your personal information. This Privacy Policy explains how we collect, use, disclose, and protect information when you visit our websites at www.sumner.law and pay.sumner.law, or when you use our services.

By accessing or using our websites and services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with the practices described herein, please discontinue use of our websites.

2. Information We Collect

2.1 Personal Information

We may collect the following personal information that you voluntarily provide to us:

  • Full name
  • Email address
  • Mailing address
  • Phone number
  • Information related to your legal matter (matter numbers, case references as related to billing)

2.2 Payment Information

When you make payments through our payment portal, we collect payment-related information including credit/debit card numbers and bank account details for ACH. All payment information is processed securely by Stripe, our PCI DSS Level 1 certified payment processor. We never store, access, or have visibility into your full card numbers or bank account credentials.

2.3 Automatically Collected Information

When you visit our websites, we may automatically collect certain technical information, including:

  • IP address
  • Browser type and version
  • Pages visited and time spent
  • Referring websites
  • Device information

2.4 Email Engagement Data

For billing communications only — delivery/open tracking. Not used for marketing.

3. How We Use Your Information

We use the information we collect for the following purposes:

  • Processing payments and financial transactions
  • Sending invoices, receipts, and billing communications
  • Managing client accounts
  • Communicating about legal matters
  • Responding to inquiries
  • Complying with legal obligations
  • Improving website functionality
  • Protecting against fraud and unauthorized access

4. Third-Party Service Providers

We work with trusted third-party service providers to operate our websites and deliver our services:

  • Stripe (stripe.com) — Payment processing, PCI DSS Level 1 certified
  • Resend (resend.com) — Transactional email delivery
  • Cloudflare (cloudflare.com) — Website hosting and security
  • Clerk (clerk.com) — Administrative authentication (admin portal only)

These providers receive only necessary information and are contractually bound to protect it.

We do not sell, rent, or trade your personal information.

5. Data Security

We implement industry-standard security measures to protect your personal information, including:

  • TLS/SSL encryption for all data in transit
  • Stripe handles all card data exclusively — card data never touches our servers
  • Multi-factor authentication (MFA) for all administrative access
  • Security headers including HSTS, CSP, and X-Frame-Options
  • Regular security reviews

No method of transmission over the internet is 100% secure. We cannot guarantee absolute security.

6. Data Retention

  • Payment records: Minimum 7 years per legal requirements
  • Client contact info: Duration of relationship plus professional records requirements
  • Deletion requests: Evaluated case-by-case, subject to legal retention obligations

7. Your Rights

Depending on your jurisdiction, you may have the following rights:

  • Access: Request a copy of the personal information we hold about you
  • Correction: Request correction of inaccurate or incomplete information
  • Deletion: Request deletion of your personal information, subject to retention requirements
  • Opt-out: Opt out of non-essential communications
  • Complaint: Lodge a complaint with the appropriate regulatory authority

To exercise any of these rights, please contact us at office@sumner.law.

8. Cookies and Tracking

  • Essential cookies only for authentication and session management
  • Email open tracking for billing delivery confirmation only
  • No advertising cookies — no cross-site tracking
  • No data sales to advertisers

9. Children’s Privacy

Our websites and services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have collected information from a minor, please contact us at office@sumner.law.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we make changes, we will post the updated policy on this page with a revised effective date.

11. Contact Us

If you have questions or concerns about this Privacy Policy, please contact us:

Email: office@sumner.law

 

Princeton Office
300 Carnegie Center Drive, Suite 150
Princeton, NJ 08540
Phone: (609) 955-6972

 

White Plains Office
245 Main Street, Suite 605
White Plains, NY 10601
Phone: (914) 559-2966

12. State-Specific Disclosures

New Jersey and New York Residents

Residents of New Jersey and New York may have additional rights under their respective state privacy and consumer protection laws.

No Sale of Personal Information

We do not sell personal information. We do not share personal information for third-party marketing.

Automated Decision-Making

We do not use automated decision-making or profiling that produces legal or similarly significant effects.

For questions about state-specific rights, contact us at office@sumner.law.