Privacy Notice

Budnik & Reed PLLC

Contact:

• Address: 327 Congress Ave, Suite 500, Austin, TX 78701

• Email: info@budnikreed.com

• Phone: (512) 855-6671

Last Updated: January 30th, 2026

1. Scope

This Privacy Notice describes Budnik & Reed PLLC’s (the “Firm”) privacy practices with regard to how the Firm collects, uses, shares, and protects personally identifiable information from third parties in the course of providing legal services, maintaining labor relationships with its employees, operating its website and client portals, using social media to post about its practice, and employing third-party service providers for intranet management, Electronically Stored Information (ESI) services, discovery management, client communications through third party applications, and AI tools that complement the Firm’s legal services. This notice governs the Firm’s processing practices over Personal Information collected from clients, prospective clients, opposing parties and counsel, witnesses, experts, vendors, job applicants, and website or social media users located in Texas or the United States.

This notice applies only to information processed by the Firm in its capacity as a law firm and does not create contractual rights or obligations beyond those imposed by applicable law or professional rules.

2. Definitions

2.1. Personal Information: personally identifiable information that identifies, relates to, describes, or could reasonably describe or be linked to an identified or identifiable individual, as defined under applicable Texas and U.S. privacy laws;

2.2 Sensitive Personal Information: includes all categories of Personal Information that may contain Social Security numbers, driver’s license numbers, financial account numbers with access codes, geolocation, health data, or biometric identifiers;

2.3 Processing: any operation performed on Personal Information, including collection, use, storage, disclosure, and/or deletion;

2.4 Client Confidential Information: any type of information protected by attorney-client privilege, the work-product doctrine, or professional responsibility rules that is provided by or on behalf of anyone that is a client of this Firm;

2.5 Service Providers/Processors: third parties that process Personal Information on this Firm’s behalf pursuant to specific authorized purposes and through written agreements.

2.6 A2P: refers to “app to person” communications through third-party applications that rely on an internet connection to provide communication that simulates a typical telecommunication carrier’s network conversation through a phone call or SMS text messaging.

3. Information the Firm Collects

3.1 From Clients and prospective Clients: identifiers (name, address, email, phone), government IDs when necessary, employment and financial data to the extent it relates to services provided, matter-related facts and documents, Electronically Stored Information (ESI), communications, and payment information;

3.2 From opposing parties, witnesses, and experts: names, contact data, case-related information, public records, and information produced through initial disclosures, discovery, or otherwise obtained lawfully in connection to litigation or legal services provided for a Client;

3.3 From the Firm’s website, Client portals, and social media: IP addresses, device identifiers, browser data, necessary cookies and similar technologies, usage analytics, and user-generated content on social media posts or messages;

3.4 From A2P communications: phone numbers, message content, delivery and interaction metadata;

3.5 From AI-enabled workflows: model outputs, and tool performance data, subject to confidentiality controls and contractual safeguards as set forth in this notice;

3.6 From job applicants and personnel: employment history, education, background check data, banking information, medical information necessary for processing insurance policies, and other HR-related information;

3.7 Children’s Information: the Firm does not knowingly collect Personal Information from children under 18 without appropriate consent and legal basis.

4. Purposes for Personal Information Processing

The Firm only uses Personal Information for legal purposes, which are necessary, proportionate, or related to the business purposes of the Firm. Such purposes include:

4.1 Legal Services: Client intake, conflict checks, case strategy, investigation, discovery, litigation, transactional advisory, regulatory compliance, legal representation of clients before third parties, and billing;

4.2 Operations: Intranet and knowledge management, ESI processing and hosting, discovery management, document review and management, quality assurance, training, and internal analytics;

4.3 Communications: case-related communications; A2P messaging, where permitted by law and professional rules, to keep track of deadlines, alerts, and as a general form of staying in touch with clients for business purposes when clients prefer it; newsletters or legal updates to existing clients and contact consistent with professional rules;

4.4 Security and Compliance: data security, fraud prevention, incident detection, auditing, and compliance with court orders and legal obligations;

4.5 AI-Supported Services: research assistance, document drafting support, summarization, and pattern detection under confidentiality, access controls, and contractual restrictions;

4.6 Recruitment and Human Resources: evaluation of candidates, onboarding, and HR administration;

4.7 Social Media: publishing Firm updates and engaging with users. The Firm does not market services broadly to the general public but may maintain a presence for informational purposes.

5. Legal Bases and Consent Management

By engaging with the Firm for legal services, all Clients, prospective Clients, and other individuals consent to the processing of their Personal Information in accordance with this privacy notice. Prospective Clients who share their Personal Information before an actual attorney-client relationship exists also consent to such processing for the purposes of determining whether or not the Firm agrees to represent such prospective Client.

Job applicants who engage the Firm to seek job opportunities also consent, by such engagement, to the processing of their Personal Information in accordance with this privacy notice. All employees and personnel of the Firm consent to the processing of their Personal Information in accordance with this notice. Third parties who provide services to this Firm, or engage it for such purposes, also consent to the processing of their Personal Information in accordance with this privacy notice unless the Firm has agreed otherwise through a written document.

The Firm uses A2P applications managed by third party Processors to stay in contact with clients, along with other traditional methods, such as email. A2P applications used by the Firm operate as telephone or SMS means of communication that are, on their face, indistinguishable from actual communication through typical cellphone to cellphone communications. Clients who do not wish to be engaged by the Firm through A2P applications should contact their attorney of record to request the Firm cease such contact or deliver such request directly as set forth in this notice for all other exercises of rights. Clients may opt out of A2P communications at any time by notifying their attorney of record or using any opt-out mechanism provided in the communication.

Processing of Personal Information is at all times governed by attorney-client privilege and other applicable duties of confidentiality.

6. Data Sharing and Disclosures

The Firm may share Personal Information with third parties on a necessary basis and for fulfillment of Firm purposes where convenient. Sharing of such Personal Information may take place with the following categories of third parties:

6.1 Service Providers and Processors: Intranet vendors; ESI processors/hosting providers; discovery management platforms; A2P messaging vendors; AI tool providers; IT and cybersecurity firms; payment processors; and professional advisors, under written agreements with confidentiality, security, and data-use limitations;

6.2 Co‑Counsel and Experts: sharing as reasonably necessary for representation and with appropriate NDAs or engagement letters;

6.3 Courts, Opposing Counsel, and Third Parties: as required by litigation, discovery obligations, protective orders, or law;

6.4 Corporate or Organizational Changes: in the event of a merger or reorganization, subject to confidentiality and legal requirements;

6.5 Legal and Safety: to comply with applicable laws, respond to lawful requests, enforce the Firm’s terms, or protect rights, privacy, safety, or property.

7. Cookies, Analytics, and Online Tracking

The Firm’s website (www.budnikreed.com) may use cookies and similar technologies necessary for basic functionality and performance analytics. The Firm does not use cookies for advertising or behavioral marketing purposes.

Information automatically collected from users who visit the Firm’s website is collected through third parties and is used for website administration, performance monitoring, and improvement. Information collected includes:

• Internet Protocol (IP) address;

• Browser type and operating system;

• Pages viewed and time spent on the Website; and

• Referring website or source

Users visiting the Firm’s website may configure cookies through their browser settings; however, disabling cookies may affect website functionality.

8. AI Use and Safeguards

The Firm may use artificial intelligence (AI) as part of its processes where needed to provide legal services to clients and as a complement to work performed by attorneys, not as a replacement for their judgment. Such use of AI as part of the Firm’s services may include processing of Personal Information when such use would only complement an attorney’s legal services if Personal Information was provided. In all cases, processing of Personal Information is supervised by a human and never used for AI training purposes.

9. Data Security

The Firm deploys reasonable administrative, technical, and physical safeguards to store and process Personal Information, such as role-based access, multi-factor authentication (MFA), encryption at rest and in transit, secure software development practices, vendor security due diligence, and employee training. The Firm shall only request minimal Personal Information necessary to provide legal services or other related activities, such as billing. Clients should not provide Personal Information that has not been requested by the Firm.

10. Data Retention and Disposal

Personal Information shall be retained in accordance with the Firm’s records-retentions policies in order to maintain an attorney-client relationship while one exists. After an attorney-client relationship has terminated, Personal Information shall be retained by the Firm in compliance with applicable rules and regulations for storage of information by law firms and for fulfillment of other obligations, such as tax filings and internal auditing.

Third party vendors holding Personal Information on behalf of the Firm shall be asked to provide evidence of erasure of same in the same manner as Personal Information is subject to erasure when held by this Firm.

11. Individual Rights and Choices

Individuals may request access to, correction of, or deletion of Personal Information, subject to legal, ethical, and privilege exceptions set forth in applicable rules and regulations. For any inquiry regarding privacy rights, please deliver a written request to the contact set forth in this notice indicating what the individual is requesting and any supporting documentation for such request. When necessary, the Firm may request additional information in order to meet action requested, verify whether it may be granted, and/or direct the individual with the appropriate third party who may be better situated to grant such request, if applicable.

Individuals who wish to make any request of the above-mentioned rights regarding personal data processed through A2P communications may proceed as set forth in the above paragraph or by contacting their attorney of record for such request through the A2P platform through which they may be in contact with the Firm.

In certain cases, the Firm may deny or limit requests where required to protect privilege, comply with court orders, or fulfill any other legal obligations.

12. Professional Responsibility and Privilege

Everything set forth in this notice shall at all times be subject to the adherence of applicable rules and regulations in Texas for professional responsibility, attorney-client privilege, and confidentiality. The Firm shall take all reasonable steps to protect Personal Information in its possession where it may have been unknowingly processed in violation of applicable rules and regulations.

Processing of Personal Information in any manner other than reasonably expected processing practices shall only take place under the direction of a court of law’s protective order, a non-disclosure agreement, or any other legal source that requires a different processing practice from those established by the Firm’s Privacy Policy.

13. Cross‑Border Transfers

The Firm shall not transfer Personal Information to any Processors or third parties outside the United States. Any third-party transfer of Personal Information outside the United States will only take place when the nature of the matter handled by the Firm so requires or when specifically requested in writing by a Client.

When the nature of a legal matter handled by this Firm requires the transferring of Personal Information outside the United States, the Client for which such data shall be transferred agrees that the Firm shall not be responsible for any harm caused by the processing occurred outside the United States that was necessary for the legal services provided by this Firm.

Clients and prospective clients may request the Firm to limit such transfers, if such request is compatible with diligent handling of the matter for which it is to be complied with.

14. Third‑Party Links and Social Media

Personal Information shared with this Firm through third party websites or social media platforms, except for sharing through this Firm’s institutional A2P applications, shall be subject to the privacy policies of those websites or platforms.

Clients, prospective clients, job applicants, vendors, and any other individual sharing such information through those means should review website/platform privacy and security settings before sharing Personal Information.

15. Changes to This Notice

The Firm may update this notice in accordance with changes in its Privacy Policy and will revise the “Last Updated” date. Individuals should consult this notice regularly to stay up to date with the Firm’s Personal Information processing practices.

Continued use of the Firm’s legal services after changes have been made to this notice shall indicate an acceptance of changes unless otherwise stated in writing.

16. Sensitive Personal Data

The Firm will never collect Sensitive Personal Information unless the nature of a legal matter for which this Firm is providing legal representation so requires it. In such case, Clients agree that sharing such information constitutes necessary information that shall be processed in accordance with the nature of the legal matter to which it pertains, which shall serve as the legal basis for all reasonable processing of such information by this Firm.

****