Skip to main content
Back

Durham Lex, Inc.

Privacy Policy

Effective Date: April 24, 2026  ·  Last Updated: April 26, 2026

Durham Lex, Inc. (the "Company," "we," "us," or "our") is committed to protecting the privacy of users of our bar exam preparation service. This Privacy Policy ("Policy") explains how we collect, use, disclose, and safeguard personal information when you visit or use ShepBarPrep.com (the "Site") and our associated services (collectively, the "Services").

This Policy is designed to comply with the California Consumer Privacy Act, as amended by the California Privacy Rights Act (collectively, "CCPA/CPRA"), and extends equivalent privacy rights to all United States residents. This Policy also addresses requirements under other applicable state privacy laws, including those of Virginia, Colorado, Connecticut, Utah, Oregon, Texas, Montana, Iowa, Delaware, Tennessee, and Indiana.

By accessing or using our Site or Services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy and our Terms of Use. If you do not agree with this Policy, please do not access or use the Site or Services.

I. Scope and Applicability

This Privacy Policy applies to Personal Information collected from individuals located in the United States who visit or use ShepBarPrep.com and any associated Services described in our Terms of Use. This Policy does not apply to information collected by third parties, including through any application or content that may link to or be accessible from our Services.

II. Personal Information We Collect

We collect the following categories of Personal Information. This section constitutes our "Notice at Collection" under applicable state privacy laws.

A. Identifiers and Contact Information

Name, email address, account username, and similar identifiers you provide during registration or use of Services. To create an account, we require only your email address. You may optionally provide your name.

B. Account Credentials

Password (stored in encrypted form) for account authentication.

C. Education-Related Information

Bar jurisdiction, planned bar exam administration date, exam track (NextGen UBE or MEE), and other educational background you voluntarily provide to personalize your study experience.

D. Commercial and Billing Information

Records of subscriptions purchased, transaction history, and payment information. Full payment card numbers are processed directly by our PCI-compliant third-party payment processor (Stripe) and are not stored by us; we may retain only the last four digits of your payment card for identification purposes.

E. Internet and Electronic Network Activity

IP address, device type, browser type and version, operating system, referring/exit URLs, pages viewed, links clicked, date and time stamps, and other usage data collected automatically when you access the Services.

F. Geolocation Data

Coarse geolocation derived from your IP address (city or regional level) to customize content and comply with jurisdictional requirements.

G. Inferences

Inferences drawn from your study performance, practice question responses, and usage patterns to personalize study plans, identify areas for improvement, and enhance your learning experience.

H. User-Generated Content

Practice submissions, notes, feedback, and other content you create or submit through the Services.

I. Customer Support Records

Communications with our support team, including email correspondence.

J. Sensitive Personal Information

We collect limited Sensitive Personal Information ("SPI") consisting of: (i) account login credentials combined with password; and (ii) the last four digits of payment card numbers retained by payment processors for transaction identification. We do not store full payment card numbers. We do not collect other categories of SPI such as Social Security numbers, precise geolocation, racial or ethnic origin, religious beliefs, genetic data, biometric data, health information, or sexual orientation.

III. How We Use Personal Information

We collect and use Personal Information for the following business and commercial purposes:

  • Account Creation and Authentication: To create and manage your account, verify your identity, and maintain account security.
  • Service Delivery and Personalization: To provide bar exam preparation content, deliver practice questions, generate personalized study plans, track your progress, and provide study performance analytics.
  • Study Performance Analytics: To analyze your responses, identify strengths and weaknesses, and provide actionable feedback to improve your bar exam preparation.
  • Customer Support: To respond to your inquiries, troubleshoot issues, and provide technical assistance.
  • Billing and Transactions: To process payments, manage subscriptions, issue refunds, and maintain transaction records.
  • Security and Fraud Prevention: To protect the security and integrity of the Services, detect and prevent fraud, and enforce our Terms of Use.
  • Legal Compliance: To comply with applicable laws, regulations, legal processes, and governmental requests.
  • Service Improvement: To analyze usage patterns, conduct research, and improve the quality and functionality of our Services.
  • Communications: To send service-related announcements, updates about your account or subscription, and, where you have opted in, promotional communications about our Services. You may opt out of promotional communications at any time.

IV. No Sale, Sharing, or Targeted Advertising

We do not "sell" or "share" your Personal Information as those terms are defined under California law (CCPA/CPRA). We do not process Personal Information for "targeted advertising" as defined under applicable state privacy laws. We do not disclose Personal Information to third parties in exchange for monetary or other valuable consideration, and we do not engage in cross-context behavioral advertising.

V. Sensitive Personal Information

We use SPI only for the following permitted purposes: (a) to perform services reasonably expected by an average consumer (account security and authentication); (b) to detect and prevent security incidents; and (c) to process payments through PCI-compliant processors. We do not use SPI to infer characteristics about you beyond these limited purposes.

VI. Disclosure to Third Parties

We may disclose Personal Information to the following categories of third parties, each bound by contractual confidentiality and data protection obligations:

  • Cloud Infrastructure and Hosting Providers: To store and process data securely.
  • Payment Processors: PCI-compliant processors to handle subscription payments and billing (e.g., Stripe).
  • Analytics Providers: To understand usage patterns and improve our Services (e.g., PostHog).
  • Communications Providers: To send transactional and promotional emails.
  • Security and Fraud Prevention Vendors: To detect, prevent, and respond to security incidents.
  • Professional Advisors: Attorneys, accountants, and consultants as necessary for business operations.
  • Legal and Regulatory Authorities: When required by law, subpoena, court order, or governmental request, or to protect legal rights.
  • Business Transaction Parties: In connection with a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, your Personal Information may be transferred to the acquiring or successor entity.

VII. Data Retention

We retain Personal Information for the periods described below, or as otherwise required by law:

  • Account and Profile Data: For the life of your account plus three (3) years following account closure or deletion.
  • Study Performance Data: Through your Subscription Term plus eighteen (18) months.
  • Transaction Records: Seven (7) years for accounting, tax, and legal compliance purposes.
  • Customer Support Communications: Three (3) years from the date of communication.
  • Web Logs and Analytics Data: Twenty-four (24) months from collection.
  • Legal Holds: Retention periods may be extended as necessary to comply with legal holds, litigation, regulatory investigations, or other legal obligations.

VIII. Your Privacy Rights

Regardless of your state of residence, we extend the following privacy rights to all users located in the United States, based on the CCPA/CPRA and aligned with similar rights under Virginia, Colorado, Connecticut, Utah, and other applicable state laws:

  • Right to Know/Access: Request disclosure of the categories and specific pieces of Personal Information we have collected about you, the sources, the purposes, and the categories of third parties with whom we shared it.
  • Right to Correction: Request that we correct inaccurate Personal Information we maintain about you.
  • Right to Deletion: Request that we delete Personal Information we have collected from you, subject to certain exceptions provided by law.
  • Right to Portability: Request a copy of your Personal Information in a portable, readily usable format.
  • Right to Opt Out of Sale/Sharing/Targeted Advertising: As stated above, we do not currently engage in these practices. If we change our practices in the future, we will update this Policy and provide the required opt-out mechanisms.
  • Right to Non-Discrimination: You have the right not to receive discriminatory treatment for exercising any of your privacy rights.

IX. How to Exercise Your Rights

To exercise any of the privacy rights described above, please contact us by email at legal@shepbarprep.com. Please include your name and the email address associated with your account.

Verification: To protect your privacy and security, we will take reasonable steps to verify your identity before fulfilling your request by matching information you provide with information we already have on file.

Authorized Agents: You may designate an authorized agent to submit a request on your behalf by providing written authorization signed by you and proof of the agent's identity.

Response Timing: We will acknowledge receipt of your request within ten (10) business days and will respond to your verifiable request within forty-five (45) days of receipt. If we require more time (up to an additional 45 days), we will inform you of the reason and extension period in writing.

X. Appeals Process

If we deny your privacy rights request, you have the right to appeal that decision by emailing us at legal@shepbarprep.com with the subject line "Privacy Rights Appeal." We will respond to your appeal within forty-five (45) days. If your appeal is denied and you remain dissatisfied, you may have the right to file a complaint with your state's Attorney General or other applicable regulatory authority.

XI. Children's and Teens' Privacy

The Services are designed for bar exam candidates who are generally adults. The Services are not directed to children under the age of thirteen (13), and we do not knowingly collect Personal Information from children under 13. If we learn that we have inadvertently collected Personal Information from a child under 13, we will take steps to delete that information as quickly as possible. If you believe we may have collected information from a child under 13, please contact us immediately at legal@shepbarprep.com.

We do not "sell" or "share" Personal Information, and we do not engage in "targeted advertising" as those terms are defined under applicable state privacy laws. In the unlikely event that we become aware that a user is under the age of sixteen (16) and we engage in any of these activities in the future, we will obtain the required consent before doing so.

XII. Cookies and Tracking Technologies

We use cookies, pixels, and similar tracking technologies to collect information about your use of the Services.

A. Types of Cookies We Use

  • Essential Cookies: Strictly necessary for the operation of the Site and Services (e.g., session authentication). You cannot opt out of essential cookies.
  • Functional Cookies: Enable enhanced functionality and personalization, such as remembering your preferences and theme settings.
  • Analytics Cookies: Help us understand how users interact with the Services by collecting information about pages visited, time spent on pages, and other usage metrics. We use PostHog and similar services for this purpose. PostHog may record anonymized session replays (with form inputs masked) to help us identify usability issues; no passwords or payment details are captured in these replays.

B. Managing Your Cookie Preferences

Most web browsers allow you to control cookies through their settings. You may set your browser to refuse cookies, delete cookies, or alert you when cookies are being sent. Please note that if you disable cookies, some features of the Services may not function properly.

C. Global Privacy Control (GPC)

We honor the Global Privacy Control (GPC) signal as a valid opt-out preference signal under applicable state privacy laws. If your browser or device transmits a GPC signal, we will treat it as a request to opt out of the "sale" or "sharing" of Personal Information and "targeted advertising" to the extent we engage in these activities.

D. Do Not Track

We do not currently respond to browser "Do Not Track" (DNT) signals, but we do honor GPC signals as described above.

XIII. Data Security

We implement reasonable and appropriate administrative, technical, and physical safeguards designed to protect Personal Information against unauthorized access, alteration, disclosure, or destruction. Our security measures include: encryption of data in transit and at rest; secure access controls and authentication; regular security assessments and testing; employee training on data protection; and incident detection and response procedures.

While we strive to protect your Personal Information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security. You are responsible for maintaining the confidentiality of your account credentials and for any activity under your account.

In the event of a security incident affecting your Personal Information, we will investigate and take appropriate remedial measures and provide notification as required by applicable law.

XIV. International Visitors

The Services are intended for use in the United States. If you are located outside the United States and choose to use the Services, please be aware that your Personal Information will be transferred to, stored, and processed in the United States. The data protection and privacy laws of the United States may differ from those in your country. By using the Services, you consent to the transfer of your information to the United States.

XV. Financial Incentives

We do not currently offer financial incentives, price differences, or service differences in exchange for the collection, retention, sale, or sharing of Personal Information. If we introduce any financial incentive programs in the future, we will update this Privacy Policy to include the required disclosures.

XVI. Third-Party Links

The Services may contain links to third-party websites, applications, or services that are not owned or controlled by us. This Privacy Policy does not apply to those third-party sites. We encourage you to review the privacy policies of any third-party site you visit.

XVII. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or for other operational, legal, or regulatory reasons. When we make material changes, we will update the "Last Updated" date at the top of this Policy and notify you by email or by posting a prominent notice on the Site at least thirty (30) days before the changes take effect. Non-material changes or clarifications will take effect immediately upon posting. We encourage you to periodically review this Privacy Policy.

XVIII. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:

Durham Lex, Inc.
178 Thompson Street, Apt. 4C
New York, New York 10012
Email: legal@shepbarprep.com
Phone: 678-939-4428