National Legal Research Group

Privacy Notice

This privacy notice for the National Legal Research Group, Inc. (“NLRG,” “we,” “us,” or “our”), describes how and why we might collect, store, use, and/or share (“process”) your personal consumer information when you engage with us and/or use our services (“Services”), including but not limited to, when you communicate with us via telephone, text message, or email, and when you visit and/or fill out a form on our website, www.nlrg.com.

This policy was last updated on June 1, 2026. We may update and make changes to this policy, so we encourage you to review it periodically.

1.    Introduction

(a)    Who We Are. This Privacy Notice discloses the information practices for National Legal Research Group, Inc. Our corporate address is 2421 Ivy Road, Suite220, Charlottesville, VA 22903. 

(b)    Contact Us. If you have questions or comments about this Notice, you may contact us by email at privacy@nlrg.com, by telephone at (800) 727-6574, or at the address listed above. 


2.    Personal Data We Collect About You

We collect information to provide goods and/or services to you, to help improve your customer experience, and to support our business functions. We will only keep your personal information for as long as it is necessary for the purposes set out in this Privacy Notice, unless a longer retention period is required or permitted by law. We may collect the following categories of consumer personal data:

•    Identifiers: Information that identifies, relates to, describes, or is capable of being associated with, a particular individual such as name, signature, postal address, telephone or mobile number, fax number, and email address. 

•    Personal Information: Education, employment history, gender, and date of birth.

•    Financial Information: Account numbers and credit or debit card numbers. We will not process your financial information without obtaining your consent. 

•    Commercial Information: Transaction information, purchase history, financial details, and payment information. 

•    Internet or other electronic network activity information: Mobile device and online identifiers, Mac address, IP address, cookie IDs, browser activity, search history, operating system, language preferences, referring URLs, country, and  location, and information regarding your interaction with our website, mobile applications, advertisement and marketing materials, email communications, and text messages.

•    Precise or imprecise geolocation data.

•    Information Collected from Other Sources: Information about you from public databases, joint marketing partners, affiliate programs, data providers, social media platforms, and information received from other third parties. This information includes mailing addresses, job titles, email addresses, phone numbers, intent data (or user behavior data), Internet Protocol (IP) addresses, social media profiles, social media URLs, and custom profiles, for purposes of targeted advertising and event promotion. If you interact with us on a social media platform using your social media account, including but not limited to Facebook, LinkedIn, and X), we may receive personal information about you such as your name, email address, and gender. 

•    Sensitive Personal Information: We will not process your Sensitive Personal Information without obtaining your consent. “Sensitive personal information” includes: social security information; drivers’ licenses; state ID cards; passport numbers; account login information; credit card numbers; financial account information, or credentials allowing access to such accounts; precise geolocation; racial or ethnic origin; religious or philosophical beliefs; union membership; the contents of email and text, unless the business is the intended recipient of the communication; genetic data; biometric data; health data; and data concerning sexual orientation and sex life.

3.    Why We Use Your Personal Information

We may use your personal information for the following business purposes:

•    Creating, maintaining, or servicing accounts; providing customer service; processing or fulfilling orders and transactions; verifying customer information; processing payments; or providing similar services;

•    Performing our contract with you or taking steps at your request before entering into a contract;

•    Advertising or marketing;

•    Helping to ensure security and integrity and prevent fraud; 

•    Undertaking activities to verify or maintain the quality or safety of our services or devices and to improve, upgrade, or enhance them;

•    Auditing or monitoring of transactions and engagements;

•    Compliance with our legal and regulatory obligations;

•    Protecting your vital interests or the vital interests of a third party, such as situations involving potential threats to the safety of any person;

•    Conducting other activities for legitimate business purposes or interests; or

•    Where you have given consent. 

4.    Who We Share Your Personal Information With

We may share your personal information with:

•    Consultants, contractors, vendors, and other third-party service providers we use to help deliver our services to you;

•    Other third parties we use to help us run our business, such as marketing agencies or website hosts;

•    Website analytics services such as Google Analytics and Google Maps API;

•    Third parties approved by you, including linked social media sites and third-party payment providers;

•    Credit reporting agencies;

•    Our insurers and brokers;

•    Our bank[s]; or

•    External auditors.

We only allow our third-party service providers to handle your personal information if they have signed our confidentiality and trade secrets agreement and we are satisfied they will take appropriate measures to protect your personal information. We also impose contractual obligations on third-party service providers to ensure they can only use your personal information to provide services to us and to you.

We may disclose and exchange information with law enforcement agencies and regulatory bodies to comply with our legal and regulatory obligations.

We may also need to share some personal information with other parties, such as potential buyers of some or all of our business, or during a re-structuring. We will typically anonymize information, but this may not always be possible. The recipient of the information will be bound by confidentiality obligations.

We do not share your personal information with any other third party.


5.    We Do Not Sell Your Personal Information

We do not sell your personal information to any third parties.

6.    Information Security

We have implemented appropriate and reasonable technical and organizational security measures designed to protect the security of any personal information we process. However, despite our safeguards and efforts to secure your information, no electronic transmission over the Internet or information storage technology can be guaranteed to be 100% secure, so we cannot promise or guarantee that hackers, cybercriminals, or other unauthorized third parties will not be able to defeat our security and improperly collect, access, steal, or modify your information. Although we will do our best to protect your personal information, transmission of personal information to and from our Services is at your own risk. You should only access the Services within a secure environment.

(a)    Payment data. All NLRG payment data is stored by Paysafe. You may find their privacy notice here.  

(b)    Third Party Websites. The inclusion of a link to a third-party website, service, or application does not imply an endorsement by us. We cannot guarantee the safety and privacy of data you provide to any third parties. Any data collected by third parties is not covered by this Privacy Notice. We are not responsible for the content or privacy and security practices and policies of any third parties, including other websites, services, or applications that may be linked to or from the Services. You should review the policies of such third parties and contact them directly to respond to your questions.

7.    Access Rights to Data

(a)    Information Maintained by NLRG. You have a right to access your personal information and to request a correction to it if you believe it is inaccurate. If you have submitted personal information and would like to have access to it, or if you would like to have it corrected, please contact us using the contact information provided above. We may require you to verify your identity before allowing you to access your personal information. Depending on the circumstances, you have a right to know: whether we collect and use your personal information; the categories of personal information that we collect; the purposes for which the collected personal information is used; whether we sell or share your personal information to third parties; the categories of personal information that we sell, share, or disclose for a business purpose; the categories of third parties to whom the personal information was sold, shared, or disclosed for a business purpose; the business or commercial purpose for collecting, sharing, or selling personal information; and the specific pieces of personal information we collected about you.

(b)    Corrections and Changes to Personal Information. Help NLRG to keep customer personal information accurate. If a  customer's personal information changes, or if a customer notes an error upon review of customer information that NLRG has on file, please promptly email NLRG and provide the new or correct information.

(c)    Right to Limit the Use or Disclosure of Sensitive Personal Information. You have the right to limit the use or disclosure of your sensitive personal information. Please note that Sensitive Personal Information that is collected or processed without the purpose of inferring characteristics about a consumer is not covered by this right; neither is publicly available information. To exercise your right to limit use and disclosure of Sensitive Personal Information, please contact us using the contact information provided above.

(d)    Right to Request Deletion of Your Personal Information. On receipt of a verifiable request from you, we will delete your personal information from our records and direct any service providers or contractors to delete your personal information from their records, subject to certain exceptions provided by law, such as (but not limited to) the exercise by another consumer of their right to free speech, our compliance requirements resulting from a legal obligation, or any processing that may be required to protect against illegal activities.

(e) Residents of Virginia. Under the Virginia Consumer Data Protection Act (VCDPA), you have certain rights related to NLRG’s use of your personal information which may be exercised free of charge up to two times per year, provided that in cases where the requests are manifestly unfounded, excessive, or repetitive, we may charge a reasonable fee to cover the administrative costs of complying with the request or decline to comply with the request. You have the right to: confirm whether or not we are processing your personal data and access that data; correct inaccuracies in your personal data; delete personal data provided by or obtained about you; opt-out of any processing of your personal data for targeted advertising; opt-out of the sale of your personal data; and opt-out of profiling performed in furtherance of decisions that produce legal or similarly significant effects. We are required to respond without undue delay but within 45 days of receipt of your request. Depending on factors such as the type and complexity of the request, we may extend the time for response once for an additional 45 days, as long as we notify you within the original 45 days. If we decline to take action regarding your request, we must notify you without undue delay, but within 45 days of the receipt of the notice, and provide information on our appeal process. We are required to provide justification for and information on the appeal process within a reasonable time after the communication of the decision to decline. If you would like to exercise any of your rights as described in this Privacy Notice, you can do so by contacting us using the contact information provided above. If your request is declined, you may appeal by contacting us by email at privacy@nlrg.com. If your appeal is denied, you may contact the Attorney General to submit a complaint.

(f) Residents of European Union, United Kingdom, Switzerland, and Canada. Customers in the above-referenced jurisdictions have certain rights under applicable data protection laws. These may include the right to (i) request access and obtain a copy of your personal information; (ii) request rectification or erasure; (iii) restrict the processing of your personal information or, if applicable, data portability; and (iv) not to be subject to automated decision-making. In certain circumstances, you may also have the right to object to the processing of your personal information. You can make such a request by contacting us using the contact information provided above.

(h)    Verification Process. We may request that you provide additional information reasonably necessary to verify you and your request. If you submit the request through an authorized agent, we may need to collect additional information to verify your identity before processing your request. We are not obligated to make a data access or disclosure decisjon if we cannot verify that the person making the request is the person about whom we collected information or is someone authorized to act on such person's behalf. Any personal information we collect from you to verify your identity in connection with your request will be used solely for the purposes of verification.

(i)    Right to Non-Discrimination for the Exercise of a Consumer’s Privacy Rights. We will not discriminate against you if you exercise your privacy rights.


8.    Terms of Use and Opt-out Rights

(a)    Engagement and Use of Our Services. If a customer chooses to engage with NLRG or use our Services, the customer's action is hereby deemed acceptance of NLRG’s practices described in this Privacy Notice. 

(b)    Withdrawal of Consent. If we are relying on your consent to process your personal information, whether express or implied, you have the right to withdraw your consent at any time. You can withdraw your consent by contacting us using any of the methods specified above. However, please note that this will not affect the lawfulness of the processing before its withdrawal nor, when applicable law allows, will it affect the processing of your personal information conducted in reliance on lawful processing grounds other than consent.

(c)    Opting Out of Marketing and Promotional Communications. You can unsubscribe from our marketing and promotional communications at any time by clicking on the unsubscribe link in the emails that we send, replying “STOP” or “UNSUBSCRIBE” to the SMS messages that we send, or by contacting us using the contact information provided above. You will then be removed from the marketing lists — however, we may still communicate with you to send you service-related messages that are necessary for the administration and use of your account, to respond to service requests, or for other non-marketing purposes.

(d)    Account Information, Correction, or Termination. If you would like to review or change the information in your customer account or terminate your account, you can contact us using the contact information provided above. Upon your request to terminate your account, we will deactivate or delete your account and information from our active databases. However, we may retain some information in our files to prevent fraud, troubleshoot problems, assist with any investigations, enforce our legal terms, and/or comply with applicable legal requirements.

(e)    No Collection of Data from Minors. We do not knowingly solicit data from or market to children under 18 years of age. By using our Services, you represent that you are at least 18, or that you are the parent or guardian of a minor and consent to such minor dependent’s use of our Services. If we learn that personal information from a user under 18 years of age has been collected, we will deactivate the account and take reasonable measures to promptly delete such data from our records. If you become aware of any data we may have collected from children under age 18, please contact us at privacy@nlrg.com.

(f)    Controls for Do-Not-Track Features. Most web browsers and some mobile operating systems and mobile applications include a Do-Not-Track ("DNT") feature, or other setting that can signal your privacy preference not to have data about your online browsing activities monitored and collected. As of the effective date of this Privacy Notice, no uniform technology standard for recognizing and implementing DNT signals has been finalized. As such, we do not currently respond to DNT browser signals or other mechanisms that automatically communicate your choice not to be tracked online. If a standard for online tracking is adopted that we must follow in the future, we will inform you about that practice in a revised version of this Privacy Notice.