Last updated: 11/19/2025

1. Introduction

1.1 Who We Are

Ogmen Law PLLC (“Ogmen Law,” “we,” “us,” or “our”) is a law firm based in the United States, focusing primarily on immigration law and related legal services.

1.2 Purpose of This Privacy Policy

This Privacy Policy explains how we collect, use, store, share, and protect personal information when you:

  • Visit or use our websites, such as https://ogmenlaw.com, https://ogmen.com, and other related domains (including test/staging domains like cibily.com).
  • Use any current or future client-facing portals, web applications, desktop applications, or mobile applications operated by Ogmen Law,
  • Communicate with us by phone, email, SMS, messaging apps, or other channels,
  • Have your information processed in our internal client and case management systems.

By accessing or using our online services, or by providing information to us, you agree to the practices described in this Privacy Policy, to the extent permitted by law.

This Privacy Policy applies to all digital systems, websites, and applications owned or operated by Ogmen Law PLLC, including ogmenlaw.com, ogmen.com, and cibily.com.

1.3 Contact Information

If you have any questions about this Privacy Policy or our data practices, you may contact us at:

2. Scope

This Privacy Policy applies to:

  • Visitors to our websites,
  • Clients and prospective clients whose information we process,
  • Individuals who interact with our portals, online tools, or mobile applications,
  • Other individuals whose personal data we process in connection with our legal services (for example, family members, petitioners, beneficiaries, or opposing parties).

This Policy does not override any more specific confidentiality obligations we owe to our clients under applicable professional rules or specific engagement agreements.

3. Information We Collect

3.1 Information You Provide to Us

We collect information that you provide directly to us, including but not limited to:

  • Contact details (such as name, phone number, email address, mailing address),
  • Identification and immigration-related information (such as date of birth, nationality, passport details, immigration history, case numbers),
  • Information about your family members or dependents, if relevant to your case,
  • Employment, education, and financial information, when needed for your matter,
  • Documents you upload or provide to us (for example, forms, supporting evidence, legal and financial records),
  • Information you submit through online forms, appointment requests, or intake questionnaires,
  • Communications with us, including emails, SMS messages, phone calls, and notes from consultations.

3.2 Information Collected Automatically

When you visit our websites or use our online services, we may automatically collect certain information, such as:

  • Device and browser information (IP address, browser type, operating system),
  • Usage data (pages visited, links clicked, referring URLs, session duration),
  • Approximate geolocation based on IP address (at a general region level),
  • Log data for security, diagnostics, and audit purposes.

3.3 Cookies and Similar Technologies

We may use cookies, pixels, and similar technologies to understand how our Services are used, to improve the user experience, and for security purposes. You can adjust your browser settings to refuse cookies or to indicate when a cookie is being sent. However, some features of the Services may not function properly if cookies are disabled.

3.4 Information from Third Parties

We may receive information about you from third parties, such as:

  • Government agencies or courts (for example, case status updates),
  • Prior or current employers, schools, or other institutions,
  • Other law firms or professionals involved in your matter,
  • Service providers acting on our behalf.

4. Legal Bases for Processing (Where Applicable)

Depending on your location and applicable law (for example, if you are in the European Economic Area or the United Kingdom), we may process your personal data on one or more of the following legal bases:

  • Performance of a contract: To provide legal services and fulfill our obligations to you under an engagement agreement,
  • Legal obligations: To comply with laws, regulations, court orders, and bar rules,
  • Legitimate interests: To operate, improve, and secure our Services, maintain records, manage our business, and communicate with you, where these interests are not overridden by your fundamental rights and freedoms,
  • Consent: Where required, we will obtain your consent for certain processing activities (for example, certain marketing communications or specific types of data sharing). You may withdraw consent at any time, where applicable.

5. How We Use Information

We use the information we collect for purposes including:

  • Providing, managing, and improving our legal services,
  • Evaluating potential cases and conflicts of interest,
  • Managing appointments, consultations, and case workflows,
  • Communicating with you about your matter, including by email, SMS, or phone,
  • Filing applications, petitions, and other submissions with government agencies, including USCIS and other immigration authorities,
  • Maintaining security, monitoring access, and keeping logs of relevant system activities,
  • Complying with legal, regulatory, and professional obligations,
  • Improving our websites, portals, and tools, including through analytics, testing, and research.

We do not sell personal data for any monetary or non-monetary consideration.

6. How We Share Information

We may share your information with the following categories of recipients, as appropriate and permitted by law and professional rules:

  • Ogmen Law attorneys and staff: Individuals who need access to your information to perform their job functions.
  • Service providers and data processors: Third parties that help us operate our business and Services, such as:
    • Cloud infrastructure and storage providers (e.g., Google Cloud Platform),
    • Productivity and communication tools (e.g., Google Workspace, telephony and SMS providers such as RingCentral),
    • Case management, document management, and e-signature providers,
    • Analytics and security monitoring services.
  • Government agencies and courts: To file applications, petitions, and other legal documents or to comply with lawful requests.
  • Other third parties: When necessary to protect our rights, your rights, or the rights of others; to detect or prevent fraud or security issues; or when required or permitted by law.

We require our service providers and data processors, through written agreements, to handle personal data in accordance with our instructions, to protect it appropriately, and to use it only for the purposes for which it was disclosed. Third parties are prohibited from using or disclosing personal data for their own independent purposes without your active consent.

We do not sell personal data for profit or other monetary transactions, and we do not sell your personal data for any non-monetary consideration either.

We do not use your personal data for cross-context behavioural advertising, and we do not permit our service providers to use your personal data for their own advertising or profiling purposes.

7. International Transfers

Our primary systems are hosted in the United States. If you are located outside the United States, your information may be transferred to and processed in the United States or other jurisdictions where our service providers operate. We take appropriate measures to protect personal data in connection with such transfers, consistent with applicable law and professional obligations.

8. Data Retention and Deletion

8.1 General Retention

As a law firm, we retain records to comply with legal, regulatory, and professional obligations, including bar rules and conflict-of-interest requirements. We generally retain client files and related records for a period that is consistent with applicable rules and our internal policies.

For inactive or dormant accounts, we generally retain relevant records for a period that is consistent with our standard client file retention practices, unless a longer retention period is required by law, bar rules, or necessary to protect our legal rights.

8.2 Deletion Requests and Account Closure

You may request deletion of your personal data or closure of your account by contacting us using the information in this Privacy Policy. We will review and respond to your request in accordance with applicable law and professional obligations.

Where permitted by law, we generally aim to respond to and, when approved, complete deletion or account closure requests within 30–45 days, subject to any legal, regulatory, or professional retention requirements that may require us to retain certain records for a longer period.

In some cases, instead of deleting data, we may anonymize it or limit how we use it so that it no longer identifies you, particularly where we must retain certain records to comply with legal or bar requirements, maintain conflict-of-interest information, or address ongoing or potential disputes.

8.3 Backups

We maintain system backups for security, continuity, and disaster recovery. Data deleted or anonymized from active systems may remain in backup archives for a limited period, as required by our backup policies and legal obligations. Backup data is protected and is not used for active processing except for security, recovery, or audit purposes.

8.4 Business Transfers and Changes in Ownership

If Ogmen Law PLLC is involved in a merger, acquisition, reorganization, or similar transaction, personal data may be transferred as part of that transaction, subject to professional and legal obligations. We will take steps to ensure that any successor entity is bound by this Privacy Policy or a policy that provides equal or stronger privacy protections. Where required, we will notify you of such transfers and, if applicable, provide you with options regarding your data, including the ability to request deletion or secure transfer of certain information.

9. Your Rights and Choices

Depending on your location and applicable law, you may have certain rights regarding your personal data, such as:

  • The right to access and obtain a copy of your personal data,
  • The right to request correction of inaccurate or incomplete data,
  • The right to request deletion of your data, subject to legal and professional obligations,
  • The right to object to or request restriction of certain processing,
  • The right to withdraw consent where processing is based on consent.

To exercise any of these rights, you may contact us at [email protected]. We may need to verify your identity before fulfilling your request.

10. CCPA and Similar Laws (If Applicable)

If you are a resident of California or a jurisdiction with similar laws, you may have additional rights under the California Consumer Privacy Act (CCPA) or analogous regulations. These may include the right to know what categories of personal information we collect and use, the right to request deletion (subject to exemptions), and the right not to be discriminated against for exercising your privacy rights.

We do not sell personal information as “sale” is defined under CCPA, and we do not sell personal information for any monetary or non-monetary consideration.

11. Children’s Privacy

Our Services are not directed to children under 13, and we do not knowingly collect personal information directly from children under 13 without appropriate parental consent. If you believe that we have collected information from a child in violation of applicable law, please contact us so that we can take appropriate action.

12. Security

We implement technical, administrative, and organizational measures designed to protect personal data against unauthorized access, loss, misuse, or alteration, including:

  • Encryption in transit (HTTPS/TLS) for web traffic to our websites and portals,
  • Role-based access controls in our internal systems,
  • Authentication and access management (including Google Workspace sign-in for internal systems),
  • Cloud logging and monitoring of system activities,
  • Network protections and additional security layers (such as Cloudflare),
  • Ongoing efforts to strengthen access logs, audit trails, and infrastructure security.

Where our systems integrate with USCIS or other government APIs, we store production API keys and OAuth credentials only in access-controlled server environment variables and never in client-side code, public repositories, or unsecured logs. As part of our ongoing security hardening, we are rolling out dedicated secret-management tooling for these credentials.

No system can be guaranteed to be 100% secure. However, we continuously work to improve the security of our systems and the confidentiality, integrity, and availability of your data.

If we become aware of a data breach that affects your personal information, we will notify you in accordance with applicable law and provide information about any steps you can take to help protect yourself.

13. SMS Privacy, Opt-In, and Opt-Out

When you provide your mobile phone number and consent to receive SMS messages from us, we may process the following information related to SMS communications:

  • Your phone number and associated contact details,
  • Message content and timestamps,
  • Delivery and status information provided by carriers or SMS platforms.

We use SMS data solely for communication related to your inquiries, appointments, and legal representation, and for compliance with applicable requirements (including carrier and provider requirements such as those from The Campaign Registry (TCR) and RingCentral). We do not sell or share SMS-related data with third parties for independent marketing purposes.

You may opt out of SMS messages at any time by replying STOP, or by contacting us via email or phone, as described in our Terms & Conditions.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you through our websites, portals, or applications (for example, via banners, pop-ups, or in-portal notifications) and, where appropriate, request your active consent. In some cases, you may be required to review and accept the updated Privacy Policy before continuing to use certain portals or applications.

For non-material changes, your continued use of our Services after the updated Privacy Policy is posted will constitute your acceptance of the updated Policy.

The “Last updated” date at the top of this page indicates when this Privacy Policy was last revised.