Privacy Policy — LOSA Portal

Section 1Scope & who this applies to

The LOSA Employee Portal (the “Portal”) is a restricted internal system operated by The Law Office of Sharon Abaud (“LOSA,” “we,” “us,” or “our”) at portal.abaudlegal.com. Access is limited to authorized LOSA employees and contractors holding valid @abaudlegal.com Google Workspace accounts.

This Privacy Policy describes how we collect, use, disclose, and safeguard information when you use the Portal. It does not apply to LOSA's public website, client-facing services, or marketing communications.

Not for clients or the public. If you are a client or member of the public looking for our public privacy policy, please visit our main website. The Portal is internal-only.

Section 2Information we collect

2.1 Account information (from Google Sign-In)

Your name, email address (must end in @abaudlegal.com), and Google profile photo
An OAuth identity token from Google verifying you signed in successfully

We do not receive your Google password.

2.2 Session data (browser-stored)

A signed session record stored in your browser's localStorage, including your email, role, expiration timestamp, and module access permissions
UI preferences (e.g., expanded panels, last-visited tab)

2.3 Approximate location (with your permission)

If you grant the browser geolocation prompt, we use your approximate latitude/longitude solely to display local weather on the Portal homepage. The location is sent only to the Open-Meteo weather API and is not stored on our servers. If you decline, we fall back to a default city (Torrance, CA).

2.4 Activity data

Which Portal modules you open (Dashboard, SOP Library, AI Tools, etc.)
Standard server logs (IP address, user agent, timestamps) for security & troubleshooting
Edits you make to Portal data (task updates, comments) attributed to your account

Section 3How we use information

We use the information described above to:

Authenticate your identity and authorize access to specific Portal modules based on your role
Personalize your Portal experience (greeting, role display, scheduled events, weather)
Operate internal workflows (case tracking, task management, scheduling)
Provide training and reference materials (SOPs, training center)
Maintain security, prevent unauthorized access, and investigate incidents
Comply with applicable legal, regulatory, and professional obligations

We do not sell, rent, or share your Portal information for advertising or marketing purposes.

Section 4Third-party services

The Portal integrates with the following third-party services. Each is governed by its own privacy policy:

Google Workspace (sign-in, Drive, Sheets, Calendar) — policies.google.com/privacy
Open-Meteo (weather data; receives only approximate coordinates if you grant geolocation) — open-meteo.com/en/terms
Calendly (interview scheduling links) — calendly.com/privacy
HubSpot (asset hosting for icons and images)
Asana (project management dashboard)

We use only the data each service requires to function. We do not provide them with information beyond what is necessary.

Section 5Cookies & local storage

The Portal uses browser localStorage to remember your sign-in session and preferences. We do not use third-party tracking cookies. Clearing your browser storage will sign you out of the Portal.

Section 6Data retention

Session data: kept in your browser until expiration or until you sign out
Activity logs: retained for the duration of your engagement with LOSA and as required by professional, legal, and regulatory obligations
Account access: revoked promptly when you separate from LOSA

Section 7Your rights

As a LOSA employee or contractor, you may:

Request access to the personal information we hold about you in the Portal
Request correction of inaccurate information
Request deletion of your information, subject to our legal and professional obligations
Withdraw geolocation permission at any time through your browser settings

To exercise these rights, contact IT (see Section 10).

Section 8Security

We use industry-standard measures to protect Portal data, including:

HTTPS encryption for all Portal traffic
Google Workspace–managed authentication with @abaudlegal.com domain restriction
Role-based access controls limiting modules to authorized personnel
Server-side API key injection (no client-exposed secrets)

No system is perfectly secure. Report any suspected security issue to IT immediately.

Section 9Changes to this policy

We may update this Privacy Policy from time to time. When we do, we will revise the “Last updated” date at the top of this page. Material changes will be communicated to Portal users.

Section 10Contact us

Questions about this Privacy Policy or your Portal data:

IT & Security: andres@abaudlegal.com
Mailing address: The Law Office of Sharon Abaud — please contact IT for current address

Legal review note for LOSA leadership: This document was scaffolded as a starting point. Please have it reviewed and customized by counsel for accuracy, jurisdiction, and any specific obligations under California, federal, ABA, or applicable bar rules before publication.