Privacy Policy

Introduction

Shankar & Associates PC ("we," "our," or "us") respects your privacy and is committed to protecting the personal information you share with us. This Privacy Policy describes how we collect, use, disclose, and protect information when you use our website and services.

Data Controller

The data controller responsible for your personal data is:

Shankar & Associates PC
Srinivas Jayashankar, Esq.
518 Plainview Road, Plainview, NY 11803
info@shankarlaw.us | (516) 806-4700

Information We Collect

Information You Provide

• Contact Information: Name, email address, phone number, and mailing address when you contact us or book a consultation.
• Consultation Information: Immigration history, visa category preferences, and case details you share during consultations or through our forms.
• Payment Information: Payment details processed securely through Stripe. We do not store credit card numbers on our servers.

Information Collected Automatically

• Device Information: Browser type, operating system, and device type.
• Cookies: We use essential cookies for site functionality. Analytics cookies are only set with your explicit consent. See our Cookie Policy for details.

Lawful Basis for Processing

We process your personal data under the following legal bases (GDPR Article 6):

How We Use Your Information

• To provide legal consultation services
• To process payments and schedule appointments
• To send booking confirmations and reminders via email
• To respond to your inquiries
• To store and manage case documents securely
• To comply with legal and ethical obligations

Third-Party Services

We use the following third-party services to provide our website and legal services:

• Stripe: Payment processing. Stripe is PCI-DSS compliant; we do not store credit card numbers on our servers. (Stripe Privacy Policy)
• Google Calendar: Appointment scheduling and calendar management.
• Google Drive: Secure document storage for client case files. We store uploaded documents and file metadata on Google Drive for the duration of your legal matter plus the applicable retention period. (Google Privacy Policy)
• Resend: Email communications (booking confirmations, contact form responses).
• Anthropic (Claude AI): AI-powered chat assistant for preliminary immigration guidance. Chat messages are sent to Anthropic for processing and are not stored by Anthropic beyond the request. Messages are not stored server-side unless you are authenticated. AI responses are informational only and do not constitute legal advice. (Anthropic Privacy Policy)
• Supabase: Secure data storage and authentication. (Supabase Privacy Policy)

We use Google Analytics 4 to understand aggregate website usage (pages viewed, approximate geographic location, device type, referral source). Google Analytics is loaded only after you grant explicit consent via our cookie preferences. If you decline or your browser sends a Global Privacy Control (GPC) signal, no analytics scripts are loaded and no events are sent. We have enabled IP anonymization on our Google Analytics property and do not pass any personally identifiable information (name, email, phone) to Google. You can withdraw consent at any time via the "Cookie Settings" link in our website footer. (Google Privacy Policy)

We also use Microsoft Clarity to understand how visitors interact with our pages (anonymous session replays, heatmaps, click and scroll behavior). Like Google Analytics, Microsoft Clarity is loaded only after you grant explicit analytics consent via the same cookie preference. Clarity automatically masks sensitive form fields (email, phone, payment information) by default, and we have configured the booking form to mask all personally identifiable inputs in session recordings. (Microsoft Privacy Statement)

Cross-Border Data Transfers

Our third-party service providers process data on infrastructure hosted in the United States, including Supabase (AWS US) and Google (US). For visitors from the European Economic Area (EEA), these transfers are protected by Standard Contractual Clauses (SCCs) and Data Processing Agreements with each provider.

General immigration information is available on our FAQ page. For personalized legal guidance, please book a consultation.

Data Security

We implement appropriate technical and organizational measures to protect your personal information, including encryption in transit (HTTPS), secure database access controls, row-level security policies, and regular security audits.

Data Retention

We retain data only as long as necessary for the purposes described. When retention periods expire, data is securely deleted or anonymized.

Your Rights

You have the right to:

• Request access to your personal data (GDPR Art. 15 / CCPA Section 1798.110)
• Request correction of inaccurate data (GDPR Art. 16)
• Request deletion of your data (GDPR Art. 17 / CCPA Section 1798.105)
• Restrict or object to processing (GDPR Arts. 18, 21)
• Request data portability (GDPR Art. 20)
• Opt out of sale or sharing of personal information (CCPA Section 1798.120)
• Withdraw consent at any time without affecting prior lawful processing

To exercise any of these rights, please visit our Data Subject Rights page or contact us at info@shankarlaw.us. We will respond within 30 days (GDPR) or 45 days (CCPA).

Non-Discrimination

We will not discriminate against you for exercising any of your privacy rights under the California Consumer Privacy Act or any other applicable law. You will receive the same quality of service and pricing regardless of your privacy choices (CCPA Section 1798.125).

Supervisory Authority

If you are located in the European Economic Area and believe your data protection rights have been violated, you have the right to lodge a complaint with your local Data Protection Authority. A directory of EU/EEA DPAs is available at edpb.europa.eu.

Contact Us

For privacy-related inquiries, contact us at info@shankarlaw.us or call (516) 806-4700.

Shankar & Associates PC
Srinivas Jayashankar, Esq.
518 Plainview Road, Plainview, NY 11803