Federal & State Lawfederalstatelaw.com

Privacy Policy

Last updated: April 2026

Federal & State Law ("we," "us," or "our") operates the website federalstatelaw.com (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website and use our services. Please read this policy carefully. By accessing or using the Service, you agree to the collection and use of information in accordance with this policy.

1. Information We Collect

1.1 Account Registration Information

When you create an account on Federal & State Law, we collect the following information through our authentication provider, Supabase:

  • Email address — used as your primary identifier and for account-related communications.
  • Password — stored in hashed form by Supabase. We never have access to your plaintext password.
  • Display name — if you choose to provide one during registration or in your profile settings.
  • Account creation date and last sign-in timestamp — maintained automatically by the authentication system.

1.2 User-Generated Content and Activity Data

As you use the Service, we collect information about your interactions and the content you create:

  • Research folders — folders you create to organize saved legal materials, including folder names, descriptions, and the items you save within them.
  • Bill watchlist — bills and legislation you choose to track, including any notes or alerts you configure.
  • Search history — queries you enter into our search functionality, which we use to improve search relevance and provide personalized suggestions.
  • Bookmarks and saved items — laws, cases, and other legal materials you save for later reference.
  • Community contributions — any annotations, comments, or other contributions you make to the community features of the Service.

1.3 Automatically Collected Information

When you access the Service, certain information is collected automatically:

  • Device information — browser type, operating system, device type, and screen resolution.
  • Log data — IP address, access times, pages viewed, referring URL, and the page you visited before navigating to our Service.
  • Usage patterns — how you navigate the site, which features you use, and how long you spend on various pages.

2. How We Use Your Information

We use the information we collect for the following purposes:

  • Providing and maintaining the Service — to operate our legal research platform, process your account registration, and deliver the features you request.
  • Personalization — to customize your experience, including personalized search results, recommended content based on your research interests, and saved preferences.
  • Service improvement — to understand how users interact with the Service, identify areas for improvement, and develop new features.
  • Communications — to send you account-related emails, bill watchlist alerts, and important updates about the Service. We will never send unsolicited marketing emails.
  • Security — to detect, prevent, and address fraud, abuse, security issues, and technical problems.
  • Legal compliance — to comply with applicable laws, regulations, and legal processes.

3. Cookies and Similar Technologies

We use a minimal number of cookies, strictly limited to those necessary for the operation and functionality of the Service:

  • Supabase authentication session cookies (sb-* cookies) — these essential cookies maintain your authenticated session so you remain logged in as you navigate the site. They are set when you sign in and removed when you sign out or when they expire.
  • Theme preference cookie — set by next-themes to remember your chosen display mode (light, dark, or system). This is a functional cookie that persists your visual preference.

We do not use any advertising cookies, tracking cookies, or third-party analytics cookies. We do not participate in any ad networks and do not sell or share cookie data with third parties.

For more details, please see our Cookie Policy.

4. Third-Party Services

We use a limited number of trusted third-party services to operate the Service:

  • Supabase— we use Supabase for user authentication and database storage. Supabase processes your account information (email, hashed password) and stores your user-generated content (research folders, watchlists, etc.). Supabase's privacy practices are governed by their own privacy policy, available at supabase.com/privacy.
  • Resend— we use Resend for transactional email delivery, including account verification emails, password reset emails, and bill watchlist notifications. Resend processes your email address solely for the purpose of delivering these communications. Resend's privacy practices are governed by their privacy policy at resend.com/legal/privacy-policy.

We do not sell, rent, or share your personal information with any other third parties for their own marketing or commercial purposes.

5. Data Retention and Deletion

We retain your personal information for as long as your account is active or as needed to provide you with the Service. Specifically:

  • Account data — retained until you request account deletion.
  • User-generated content — research folders, watchlists, and saved items are retained until you delete them individually or request full account deletion.
  • Search history — retained for up to 12 months, after which it is automatically anonymized or deleted.
  • Log data — retained for up to 90 days for security and debugging purposes, then automatically deleted.

You may request deletion of your account and all associated data at any time by contacting us at privacy@federalstatelaw.com. Upon receiving a verified deletion request, we will delete your personal data within 30 days, except where retention is required by law.

6. Data Security

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:

  • Encryption of data in transit using TLS/HTTPS.
  • Encryption of sensitive data at rest within our database infrastructure.
  • Password hashing using industry-standard algorithms (bcrypt via Supabase).
  • Row-level security policies on all database tables.
  • Regular security reviews of our codebase and infrastructure.

However, no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee absolute security.

7. Children's Privacy

The Service is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected personal information from a child under 13 without parental consent, we will take steps to delete that information as quickly as possible. If you believe we have collected information from a child under 13, please contact us immediately at privacy@federalstatelaw.com.

8. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal information:

  • Right of access — you may request a copy of the personal information we hold about you.
  • Right to correction — you may request that we correct any inaccurate or incomplete personal information.
  • Right to deletion — you may request that we delete your personal information, subject to certain legal exceptions.
  • Right to data portability — you may request a copy of your data in a structured, commonly used, machine-readable format.
  • Right to object — you may object to our processing of your personal information in certain circumstances.
  • Right to restrict processing — you may request that we limit how we use your personal information.

To exercise any of these rights, please contact us at privacy@federalstatelaw.com. We will respond to your request within 30 days.

9. California Residents — Your CCPA Rights

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

  • Right to know — you have the right to request that we disclose what personal information we have collected about you, the categories of sources, the purposes for collection, and the categories of third parties with whom we share it.
  • Right to delete — you have the right to request deletion of your personal information, subject to certain exceptions.
  • Right to opt out of sale — we do not sell your personal information. We never have and never will.
  • Right to non-discrimination — we will not discriminate against you for exercising any of your CCPA rights.

To submit a CCPA request, contact us at privacy@federalstatelaw.com with the subject line "CCPA Request." We will verify your identity before processing any request and respond within 45 days.

10. International Users

The Service is operated from the United States. If you are accessing the Service from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States. By using the Service, you consent to such transfer, storage, and processing. We will take all steps reasonably necessary to ensure your data is treated securely and in accordance with this Privacy Policy.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes, we will update the "Last updated" date at the top of this page and, where appropriate, notify you via email or a prominent notice on the Service. We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

We will make every effort to respond to your inquiry within 30 days.