Privacy Policy

Effective Date: 5/5/26

Introduction

Kocot Law (“the Firm,” “we,” “our,” or “us”) respects your privacy and is committed to protecting the personal information you share with us. This Privacy Policy explains how we collect, use, disclose, retain, and safeguard information when you visit kocotlaw.com, submit an inquiry, communicate with us, or engage us for legal services.

This Privacy Policy applies to information collected through our website, by email, telephone, video conference, in person, through client portals or secure communication tools, and through any other communication channel with the Firm.

Because our practice is concentrated in cannabis law, an area involving ongoing federal, state, and local legal complexity, we are especially sensitive to the confidentiality, privacy, and security concerns of clients and prospective clients. This Privacy Policy is intended to reflect those concerns while also explaining the practical limits of privacy and security in digital communications.

No Attorney-Client Relationship

Submitting information through the website, by email, through a consultation request, or by any other communication channel does not, by itself, create an attorney-client relationship with Kocot Law. An attorney-client relationship is formed only when the Firm has completed its conflict review, agreed in writing to represent you, and you have executed an engagement agreement or otherwise received written confirmation of representation from the Firm.

Please do not send confidential, privileged, highly sensitive, or time-sensitive information unless and until we have confirmed in writing that no conflict exists and that the Firm has agreed to represent you. Although we treat inquiry information with care and in accordance with applicable professional obligations, information submitted before an attorney-client relationship is formed may not be protected by the attorney-client privilege.

Information We Collect

Information You Provide Directly

We collect information that you voluntarily provide to us when you submit a contact or consultation request, email or call the Firm, schedule a consultation, engage the Firm as a client, respond to correspondence, or otherwise communicate with us.

This information may include your name, email address, telephone number, business or entity name, mailing address, cannabis license number or application number, regulatory agency identifiers, ownership or management information, the nature of your legal matter, and any documents, communications, or other information you choose to provide.

If you become a client, we may also collect information necessary to provide legal services, conduct conflicts checks, verify identity or authority, prepare filings, communicate with regulators or counterparties, manage billing, maintain client files, and comply with legal, regulatory, and professional responsibility obligations.

Information Collected Automatically

When you visit the website, we may automatically collect certain technical and usage information, including your IP address, approximate geographic location, browser type and version, operating system, device type, pages visited, time spent on the website, referring website, and similar diagnostic or analytics information.

We may collect this information through cookies, server logs, analytics tools, and similar technologies. You can configure your browser to refuse cookies or alert you when cookies are being used, although disabling cookies may affect certain website functionality.

Information We Do Not Intentionally Collect Through the Website

We do not intentionally collect Social Security numbers, financial account numbers, payment card numbers, driver’s license numbers, passport numbers, or other government-issued identification numbers through the public portions of the website. If a legal matter requires such information, we will request and collect it through appropriate channels separate from the general website intake process.

The website is intended for adults and business users. We do not knowingly collect personal information from children under 18. If we learn that a person under 18 has submitted personal information through the website without appropriate authorization, we will take reasonable steps to delete that information.

How We Use Information

We use the information we collect to respond to inquiries, evaluate potential conflicts of interest, determine whether we can accept a matter, provide legal services to clients, communicate with you, manage client relationships, process billing and administrative matters, and comply with legal, regulatory, and professional responsibility obligations.

We may also use information to improve the website and our services, maintain the security of our systems, preserve business records, conduct internal administration, and send legal updates or Firm communications if you have requested or consented to receive them.

We do not sell personal information. We do not share personal information with third parties for their own direct marketing purposes.

Confidentiality of Inquiry Information

Information provided to the Firm before an attorney-client relationship is formed may be used to conduct a conflicts check, evaluate whether the Firm can represent you, respond to your inquiry, and communicate with you about potential representation.

Although submission of inquiry information does not create an attorney-client relationship and may not be protected by the attorney-client privilege, the Firm treats prospective-client information with care and in accordance with applicable professional obligations, including duties relating to confidentiality, conflicts, and the protection of prospective-client information where applicable.

You should not submit detailed confidential information, privileged communications, trade secrets, sensitive regulatory information, or other highly sensitive materials until the Firm has confirmed in writing that no conflict exists and that the Firm has agreed to represent you.

Client Confidentiality

Once you become a client, information you provide to the Firm in connection with the representation is handled in accordance with applicable attorney-client privilege principles, the work product doctrine, and the Firm’s professional duties of confidentiality, including those imposed by the rules of professional conduct in jurisdictions where the Firm practices.

The availability and scope of privilege, confidentiality, and work-product protection may depend on the circumstances, the jurisdiction, the nature of the communication, the persons included in the communication, and applicable law.

Cannabis-Industry Confidentiality Considerations

Because cannabis remains subject to substantial federal regulation and, except for limited categories of FDA-approved marijuana products and certain state-medical-license-regulated marijuana products placed in Schedule III, marijuana remains treated as a Schedule I controlled substance in other contexts, cannabis-related client information may present confidentiality, regulatory, enforcement, and disclosure concerns that differ from those presented in conventional business matters.

The Firm takes reasonable administrative, technical, and physical measures to protect client information, including maintaining client files in systems with access controls, using secure communication methods when appropriate, limiting access to client information to persons with a need to know, and retaining information only as necessary for legal services, professional obligations, business operations, conflicts checks, and applicable recordkeeping requirements.

For highly sensitive matters, clients and prospective clients should discuss appropriate communication methods with the Firm before transmitting sensitive information. Depending on the matter, more secure methods may be appropriate for exchanging documents, regulatory materials, ownership information, financial records, or other sensitive information.

No method of transmission or storage is completely secure. Information transmitted over the internet, including by email, may be subject to interception, misdelivery, unauthorized access, or other risks.

The Firm responds to subpoenas, search warrants, court orders, regulatory demands, and other legal process in accordance with applicable law, privileges, protective doctrines, and professional obligations. Where appropriate and legally permitted, the Firm may seek to limit, object to, or provide notice regarding requests for client information.

Information We May Share

We may share information with Firm personnel, contractors, consultants, vendors, and service providers who need access to support the Firm’s legal services, business operations, technology systems, billing, accounting, communications, document management, cybersecurity, scheduling, analytics, or administrative functions.

We require service providers and contractors who access client or personal information to maintain appropriate confidentiality, privacy, and data-security protections, consistent with the nature of the information and the services provided.

We may share information with co-counsel, local counsel, referral counsel, consultants, experts, accountants, lobbyists, or other professionals when reasonably necessary for a matter and, where required, with client authorization or informed consent.

We may share information with courts, regulators, government agencies, counterparties, opposing counsel, transaction participants, or other third parties when necessary to provide legal services, pursue a client’s objectives, comply with law, respond to legal process, or satisfy professional obligations, subject to applicable privileges, confidentiality obligations, and protective measures.

We may disclose information in connection with Firm succession, dissolution, merger, sale, transfer of practice, file transfer, or transition to successor counsel, subject to applicable rules of professional conduct, client notice requirements, confidentiality obligations, and any necessary client consent.

State Privacy Rights

California Residents

If you are a California resident, you may have rights under the California Consumer Privacy Act, as amended by the California Privacy Rights Act, to the extent those laws apply to the Firm and to the personal information at issue.

These rights may include the right to know what personal information is collected, used, disclosed, sold, or shared; the right to request deletion of personal information; the right to request correction of inaccurate personal information; the right to opt out of the sale or sharing of personal information; the right to limit certain uses of sensitive personal information; and the right not to be discriminated against for exercising applicable privacy rights.

The Firm does not sell personal information. The Firm also does not share personal information for cross-context behavioral advertising as that term is used under California privacy law.

Certain information may be exempt from deletion, access, correction, or other requests, including information protected by attorney-client privilege, information maintained for conflicts purposes, information required for legal services, information retained to comply with legal or professional obligations, and information subject to other statutory or regulatory exceptions.

To exercise applicable California privacy rights, please contact the Firm using the contact information below. We may need to verify your identity and authority before responding to a request.

Sensitive Personal Information

Depending on your interactions with the Firm, we may collect sensitive personal information, including government identifiers, account information, precise matter-related details, communications with counsel, regulatory-license information, ownership or financial information, and information concerning legal, business, or compliance matters.

We use sensitive personal information only as reasonably necessary to provide legal services, evaluate prospective representation, communicate with you, maintain security, comply with legal and professional obligations, administer the Firm’s operations, and for other purposes permitted by applicable law.

New York Residents

If you are a New York resident, your information may be protected by New York laws requiring reasonable administrative, technical, and physical safeguards for certain private information. The Firm maintains safeguards designed to protect personal information consistent with applicable legal and professional obligations.

Massachusetts Residents

If you are a Massachusetts resident, your personal information may be protected by Massachusetts data-security regulations, including requirements applicable to persons who own or license certain personal information of Massachusetts residents. The Firm maintains a written information security program and related safeguards designed to protect covered information consistent with applicable requirements.

Other Jurisdictions

If you are located outside California, New York, or Massachusetts, you may have privacy rights under other applicable laws. The Firm will respond to privacy requests in accordance with applicable law, professional obligations, and any relevant exemptions or limitations.

Cookies and Tracking Technologies

The website may use cookies and similar technologies for essential website functionality, security, analytics, performance measurement, and search optimization.

We may use analytics tools, such as Google Analytics or similar services, to understand how visitors use the website and to improve its performance and content. These tools may collect information such as pages visited, time spent on pages, referring websites, approximate location, device information, and browser information.

We do not use cookies for behavioral advertising. We do not knowingly permit third parties to use the website to track visitors across unaffiliated websites for targeted advertising purposes.

You can control cookies through your browser settings. Some browsers also allow you to send “Do Not Track” signals, although there is no uniform industry standard for responding to those signals. If analytics tools are used, additional opt-out mechanisms may be available through those providers.

Security

The Firm uses reasonable administrative, technical, and physical safeguards designed to protect personal information and client information from unauthorized access, disclosure, alteration, or destruction.

These safeguards may include access controls, secure document storage, password protection, encryption where appropriate, confidentiality obligations, vendor review, secure communication practices, and internal procedures for handling sensitive information.

No security system is perfect. The Firm cannot guarantee that information transmitted to or from the Firm, including by email or through the website, will be completely secure.

Data Retention

The Firm retains information for as long as reasonably necessary to fulfill the purposes described in this Privacy Policy, provide legal services, maintain client files, conduct conflicts checks, comply with legal and professional obligations, resolve disputes, enforce agreements, support business operations, and satisfy applicable insurance, accounting, tax, regulatory, and recordkeeping requirements.

Client files are retained in accordance with the Firm’s file-retention policies and applicable professional obligations. Retention periods may vary depending on the nature of the matter, applicable law, client instructions, ongoing relationships, regulatory requirements, malpractice considerations, and other relevant circumstances.

Information from prospective clients who do not become clients may be retained for a period reasonably necessary to conduct conflicts checks, respond to inquiries, maintain records of declined or non-engagement matters, and comply with professional obligations. Such information may then be deleted, archived, or retained in limited form for conflicts and administrative purposes.

Third-Party Links

The website may contain links to third-party websites, including government agencies, courts, regulators, legal resources, and other reference materials. The Firm does not control the privacy, security, or content practices of third-party websites.

This Privacy Policy does not apply to third-party websites. You should review the privacy policies and terms of use of any third-party website you visit.

Data-Security Incidents

If the Firm becomes aware of a data-security incident involving personal information or client information, we will evaluate the incident and provide notices as required by applicable law, professional obligations, and ethical duties.

Changes to This Policy

We may update this Privacy Policy from time to time. The “Last Updated” date identifies the most recent revision.

If we make material changes to this Privacy Policy, we may provide notice through the website or by other appropriate means. Your continued use of the website after changes are posted indicates that you acknowledge the updated Privacy Policy.

Contact

To exercise privacy rights, ask questions about this Privacy Policy, request additional information, or report a privacy concern, please contact:

Kocot Law
Email: Ryan@KocotLaw.com
Phone: 916-572-6445

We will respond to verifiable privacy requests within the timeframes required by applicable law. We may request additional information to verify your identity, confirm your authority to act on behalf of another person or entity, or determine whether an exception or limitation applies.