Privacy Policy

Effective date: April 5, 2026

What does this Policy cover?

Dunand, PLLC, doing business as Dunand Law (“Dunand Law,” “I,” “me,” or “my”), is a Charlotte, North Carolina law practice providing fractional general counsel and employment law services to founders, operators, and HR leaders. When I refer to “this Site,” I mean dunandlaw.com.

This Policy tells you how I collect and use your personal data (also known as personal information) when you visit this Site or communicate with me by email, phone, or other means. It also tells you how I work to keep your data safe and the choices you have, so please make sure you read it.

I want this Policy to be easy to read. I have organized it around the questions you are most likely to have and used plain language wherever I can.

This Site may contain links to other websites. I do not control those sites and encourage you to read their privacy notices.

I encourage you to review this page periodically for the latest information on my privacy practices.

This Site is not intended for individuals under the age of 16.

What data do I collect?

When you use this Site or contact me, I collect data in two main ways:

  1. You give me data when you contact me — such as your name, email address, phone number, company, and a description of the matter you would like to discuss. If you are contacting me on behalf of a business, this may include information about employees or other individuals relevant to the matter.
  2. Data is collected automatically when you visit this Site — such as your IP address, browser type, device information, pages visited, and referring URL.

Here is more detail on each:

Data you provide to me. When you reach out by email or phone, you choose what to share. I only collect what is reasonably needed to evaluate the matter and determine whether I can help. If a contact form is added to this Site in the future, this Policy will apply to data submitted through that form as well.

Data collected automatically. When you visit this Site, certain data is collected automatically by the hosting platform (WordPress) and by tools that support the Site’s functionality. This may include your IP address, browser type and version, device information, operating system, pages visited, time spent on the Site, and the URL that referred you here. WordPress plugins used on this Site — including those related to security, SEO, caching, and site performance — may also collect technical data as part of their normal operation.

Cookies and similar technologies. This Site uses cookies and similar technologies. See the cookies section below for details.

I do not purchase personal data about you from data brokers or third-party sources. I do not collect sensitive personal information such as Social Security numbers, financial account numbers, or government identification through this Site.

How do I use your data?

I use data to respond to you, to operate this Site, and to meet my professional obligations.

Responding to your inquiries. When you contact me, I use the information you provide to evaluate your matter, respond to your questions, and determine whether representation is appropriate.

Operating and improving this Site. I use automatically collected data to understand how visitors use the Site, to maintain its security and availability, and to improve its content and performance.

Complying with legal and ethical obligations. As a licensed attorney, I am subject to the North Carolina Rules of Professional Conduct, which impose specific obligations regarding the handling of client and prospective client information. I use data as needed to comply with those obligations and with applicable law.

Conflict checking. I may retain certain information from inquiries to manage conflicts of interest, as required by the Rules of Professional Conduct.

I do not use your data for automated decision-making, profiling, or targeted advertising. I do not use your data to build models, train algorithms, or infer your interests or preferences.

How do I use cookies?

Cookies are small text files stored on your device when you visit a website. They are widely used to make websites work and to provide information to website operators.

This Site uses the following types of cookies:

Essential cookies. These are necessary for the Site to function properly — for example, maintaining your session as you navigate between pages. WordPress and its plugins set these by default.

This Site does not use analytics cookies, advertising cookies, or any third-party tracking cookies. No data is shared with advertising networks or social media platforms through cookies on this Site.

Managing cookies. You can adjust your cookie preferences through your browser settings at any time. Most browsers allow you to block or delete cookies. Please refer to your browser’s help section for instructions.

Do Not Track and Global Privacy Control. Some browsers offer a Do Not Track (DNT) setting, and some offer Global Privacy Control (GPC). There is currently no universally accepted standard for how websites should respond to these signals. Because this Site does not use analytics or advertising cookies, these signals do not materially change your experience on this Site. I monitor developments in this area and will update this practice if and when a clear legal obligation or workable technical standard applies to my Site.

When do I share data with others?

I do not sell, rent, or trade your personal data to anyone, for any purpose.

I may share data in these limited circumstances:

Service providers. I use third-party services to host this Site and provide email. These providers may process data on my behalf and are contractually restricted from using it except as necessary to provide their services or as described in their own privacy terms. Currently, these include my managed WordPress hosting provider and my business email provider.

Legal and ethical obligations. I may disclose data if required by law, regulation, court order, or subpoena, or if necessary to comply with my obligations under the North Carolina Rules of Professional Conduct.

Professional advisors. I may share data with my own attorneys, accountants, or other advisors as needed for business operations, subject to appropriate confidentiality obligations.

Protecting rights and safety. In rare circumstances, I may disclose data if I believe in good faith that disclosure is necessary to protect the safety of any person or to protect my legal rights.

International data transfers. Some of the service providers described above process data on servers located in the United States. If you access this Site from outside the United States, your data may be transferred to and processed in the United States, where data protection laws may differ from those in your jurisdiction.

I do not share your data with advertising networks, social media platforms, or data brokers for advertising or cross-context behavioral purposes.

How long do I keep your data?

I keep your data for as long as it is needed to provide services, respond to inquiries, and comply with my legal and ethical obligations.

To determine how long I need to keep your data, I consider the type of data, the purpose for which it was collected, and whether I have a legal or professional obligation to retain it.

For current and former clients: I retain engagement records and related communications for at least six years following the conclusion of the matter, or longer if required by applicable records retention obligations or if the records remain relevant to ongoing professional duties.

For prospective clients who do not engage my services: I retain contact information and the substance of your inquiry for up to three years. This is necessary to manage conflicts of interest and to comply with the North Carolina Rules of Professional Conduct regarding prospective client information (Rule 1.18). If you have shared confidential information during an initial consultation, Rule 1.18 imposes specific duties regarding that information even if no engagement results.

For website visitors: Server logs are retained for no more than 90 days.

When data is no longer needed for its stated purpose and no legal or professional obligation requires its retention, I securely delete or anonymize it.

How do I keep your data safe?

I take the protection of your data seriously.

I maintain reasonable administrative, technical, and physical safeguards to help keep personal data safe from unauthorized access, use, or disclosure.

However, no method of electronic transmission or storage is completely secure. While I work to protect your data, I cannot guarantee its absolute security, and you should consider the inherent risks of transmitting information electronically.

A note on email. Email is not a fully secure method of communication. If you contact me by email, please be aware that your message may pass through networks outside of my control. Do not include sensitive information such as Social Security numbers, financial account details, or other highly confidential data in unencrypted email messages. If we enter into an attorney-client relationship, I will discuss secure communication options with you.

How can you control your data?

You have choices about the data I hold about you.

Access. You may request a copy of the personal data I hold about you. I will evaluate and respond to valid requests.

Correction. If your data is inaccurate or out of date, please let me know. I will correct it where I can. In some cases, I may need to retain the original data for legal or professional reasons, but I will note the correction.

Deletion. You may request that I delete personal data I hold about you. In some cases, I am required to retain certain information — for example, to manage conflicts of interest or to comply with records retention obligations under the Rules of Professional Conduct. Where I cannot delete data, I will explain why.

Cookies. You can control cookies through your browser settings at any time.

To make any of these requests, please contact me using the details below. I will respond within a reasonable timeframe, typically within 30–45 days. If I need additional time, I will let you know. I may need to verify your identity before processing a request. If I cannot honor a request, I will explain why.

Children’s privacy

This Site is not directed to individuals under the age of 16. I do not knowingly collect personal data from children. If I learn that I have collected data from a child under 16, I will take reasonable steps to delete it promptly.

State privacy laws

Several U.S. states — including California, Virginia, Colorado, Connecticut, and others — have enacted privacy laws that grant residents specific rights regarding their personal data. My practice may not meet the thresholds that trigger formal compliance obligations under all of these laws. I do not sell personal data, and I do not engage in targeted advertising or profiling.

California (CCPA/CPRA). In the preceding 12 months, I have collected the categories of personal information described in the “What data do I collect?” section above. I have not sold personal information, and I do not share personal information for cross-context behavioral advertising.

Other state laws. If you are a resident of a state with a comprehensive privacy law and believe it applies to my processing of your data, you may contact me using the details below. I will evaluate your request in light of applicable law and respond in good faith.

Complaints

I would appreciate the opportunity to address any concerns you may have about how I handle your data. If something does not seem right, please contact me using the details below and I will do my best to resolve it.

If you are not satisfied with my response, you may have the right to raise a complaint with your state’s attorney general or other applicable regulatory authority.

How can you contact me?

If you have questions about this Policy, would like to make a data request, or have a complaint, please contact me at:

Email: matt@dunandlaw.com
Mail: Dunand, PLLC, 1213 West Morehead Street, 5th Floor #2187, Charlotte, NC 28208

Changes to this Policy

I may update this Policy from time to time to reflect changes in my practices, technology, or legal requirements. When I do, I will revise the effective date at the top of this page. If the changes are significant, I will post a notice on this Site.