How we handle your information.

• Habeas Cortex is operated by The Landing Group LLC, a Virginia limited liability company doing business as Sachs & Co. (“Habeas Cortex,” “we,” or “us”).
• We collect information you provide (e.g. email on a demo request), limited product-usage information (e.g. which practice group you selected), and, if you consent, privacy- friendly analytics about site traffic.
• We do notsell or share your personal information for cross-context behavioral advertising. We never connect your training activity to any AI system — the product has no AI inference layer.
• You can exercise your privacy rights by emailing hello@habeascortex.com.

This Privacy Policy covers habeascortex.comand all subdomains (the “Site”) and the Habeas Cortex training product (the “Service”) when accessed through the Site. It does not cover information your firm shares with us outside the Service (for example, under a separate subscription agreement) or third-party sites we link to.

Information you give us

• Demo-request submissions: your email address (required), and, on the longer form, your name, firm name, firm-size range, role, practice groups of interest, and any notes you choose to share.
• Direct correspondence: anything you send us by email or through a support channel.

Information collected automatically

• Site-usage data (if you consent to analytics): aggregated page views, referrers, approximate geography, device and browser type, provided by Vercel Web Analytics. Vercel Web Analytics is cookieless and does not track you across unaffiliated sites. See “Cookies and tracking” below for details and how to opt out.
• Server logs: like most websites, our hosting provider maintains short-lived technical logs that include IP address, user agent, request path, and timestamp. We use these to keep the Site running, investigate abuse, and enforce rate-limits on form submissions.
• Functional cookies: described below.

Information from the Service

When you use the learning Service, we may record which lessons you’ve opened and completed so your PD team can see training progress. We do notsend any of your activity, prompts, or content to an AI model — every simulated back-and-forth in a lesson is pre-scripted.

We use Google Tag Manager (GTM) as a tag-delivery container. GTM itself sets no tracking cookies; it loads the services below based on your consent choice. Analytics tags only fire after you grant consent.

You can change your choices at any time through the Cookie choices link in the footer or in the consent banner.

Strictly necessary

Analytics & session recording (opt-in)

The following cookies are only set after you grant analytics consent. Refusing or withdrawing consent prevents all of these from being set.

Microsoft Clarity records anonymized session replays and heatmaps to help us understand how visitors navigate the site. Clarity does not share data for advertising. See Microsoft’s Privacy Statement and Google’s Privacy Policy.

Error monitoring (legitimate interest — no consent required)

We use Sentry(Functional Software, Inc.) for real-time error monitoring. Sentry’s JavaScript SDK captures technical crash reports — stack traces, browser and OS version, page URL at the time of error — and sends them to Sentry’s servers so we can identify and fix bugs. Sentry sets no persistent browser cookies; it uses a short- lived in-memory session identifier that is not used for advertising or cross-site tracking. We process this data under our legitimate interest in operating a reliable, secure product. See Sentry’s Privacy Policy.

What we do not do

We do not use advertising cookies, retargeting pixels, or any tag that enables cross-site behavioral advertising. GTM is configured to deny ad_storage, ad_user_data, and ad_personalization signals unconditionally — even if you accept analytics cookies.

Customers who log in to the Habeas Cortex product may encounter additional functional cookies (for example, one that remembers their practice-group selection). Those are covered by your firm’s subscription agreement and any accompanying data-processing addendum, not this policy.

• Respond to you. Replying to demo requests, scheduling calls, sending proposals and follow-ups.
• Operate the Service. Serving lessons, tracking completion, and remembering your practice-group choice so the Service actually works.
• Keep the Site safe. Rate-limiting form submissions, investigating suspected abuse, and meeting legal obligations.
• Improve the Site. If you consent to analytics, we look at aggregate patterns to decide what to write next and which pages to fix.

If you are located in the European Economic Area, the United Kingdom, or Switzerland, the legal bases we rely on under the GDPR / UK GDPR are:

• Consent— for analytics and any future optional tracking (Art. 6(1)(a) GDPR).
• Performance of a contract / pre-contractual steps — when you request a demo or quote (Art. 6(1)(b)).
• Legitimate interests— operating and securing the Site, responding to business enquiries, keeping basic server logs (Art. 6(1)(f)).
• Legal obligation— where applicable law requires us to retain or disclose information (Art. 6(1)(c)).

We do not sell your personal information and we do not share it for cross-context behavioral advertising. We share limited information only with:

• Service providers we rely on. These companies process data on our behalf under written contracts that require them to protect it:
  • Vercel, Inc.— website hosting, CDN, and (with your consent) Web Analytics.
  • Postmark (ActiveCampaign, LLC)— transactional email delivery for demo-request notifications and replies.
• Your firm.If your firm has a subscription to the Service, training-completion data is available to your firm’s designated administrators.
• Legal and safety. When required to comply with law, respond to valid legal process, enforce our Terms, or protect the rights, property, or safety of users or third parties.
• Business transfers. If we are acquired or reorganized, information may transfer to the successor, subject to this policy.

We operate in the United States and our service providers do as well. If you access the Site from outside the U.S., your information will be transferred to and processed in the U.S. For transfers of personal data from the EEA, UK, or Switzerland, we rely on the European Commission’s Standard Contractual Clauses (or the UK equivalent) with our service providers, along with supplementary technical and organizational measures where required.

We keep information only as long as we need it:

• Demo-request information:retained for up to 24 months after your last contact with us, then deleted or anonymized, unless you’ve become a customer.
• Customer records:retained for the life of your firm’s subscription and for up to 7 years after termination for accounting, legal, and dispute-resolution purposes.
• Server logs: typically retained for 30 days, longer if needed for abuse investigation.
• Analytics:retained per Vercel’s Web Analytics defaults (aggregated; no persistent individual profile).

Depending on where you live, you may have some or all of the following rights with respect to the personal information we hold about you:

• Access a copy of your personal information.
• Correct information that’s inaccurate or incomplete.
• Delete information we hold about you.
• Object to or restrict certain processing, including direct marketing.
• Receive your information in a portable format, or ask us to transfer it to another controller.
• Withdraw consent at any time (where we process on the basis of consent).
• Appeal our decision on your rights request (Virginia and some other U.S. states).
• Lodge a complaint with your supervisory authority (EEA / UK) or your state attorney general.

U.S. state-specific notices

Virginia residents (VCDPA): you have the right to access, correct, delete, and obtain a copy of your personal data, to opt out of targeted advertising, the sale of personal data, and profiling in furtherance of decisions that produce legal or similarly significant effects, and to appeal our decision on a rights request. We do not sell personal data, we do not engage in targeted advertising, and we do not profile individuals for any decisions producing legal or similarly significant effects.

California residents (CCPA / CPRA): you have the rights to know, delete, correct, opt out of sale or sharing, and limit the use of sensitive personal information. We do not sell or share personal information as those terms are defined under the CCPA / CPRA, and we do not use or disclose sensitive personal information for purposes that require a right to limit.

Other U.S. states (including Colorado, Connecticut, Utah, Texas, Oregon, and similar comprehensive privacy laws): residents may have analogous rights. We honor verified requests regardless of state.

How to exercise your rights

Email hello@habeascortex.com from the address you want the request tied to. We may ask for additional information to verify your identity before acting. We’ll respond within the time required by the law that applies to you (generally 45 days in the U.S.; 1 month under GDPR), and we will not discriminate against you for exercising a right.

We use reasonable technical and organizational measures to protect information, including TLS in transit, access controls, and least-privilege administrative access to our service providers. No method of transmission or storage is perfectly secure; if you think your account or information has been compromised, email us promptly.

Habeas Cortex is a B2B product built for lawyers and professional-development staff at law firms. It is not directed to children under 16, and we do not knowingly collect personal information from anyone under 16. If you believe we have, email us and we will delete it.

We honor the Global Privacy Control (GPC) signal. When our Site receives a GPC signal from your browser, we treat it as an opt-out of any sale or sharing of personal information (none of which we do anyway) and disable non-essential cookies by default. Our browser industry does not have a uniform standard for Do Not Track signals; we do not currently respond to DNT headers distinctly from GPC.

We may update this policy to reflect changes to our practices or the law. When we do, we’ll update the “Effective” date above. Material changes will be communicated through the Site or, where appropriate, by email.

The Landing Group LLC, d/b/a Sachs & Co.
Operator of Habeas Cortex
Email: hello@habeascortex.com