Privacy Policy

Statewide Record Services, Inc. ("Statewide Records," "we," "us," or "our") respects your privacy and the privacy of the individuals whose records we are asked to obtain. This Privacy Policy explains what information we collect, how we use and share it, how long we keep it, and the choices and rights you have. It applies to statewiderecords.net and the records-request and contact services we provide through this site.

Because our work involves preparing subpoenas, retrieving and reproducing medical, employment, billing, legal, and similar records on behalf of attorneys, adjusters, and authorized parties, the information we receive often includes sensitive personal information about third parties (the "subject" of the request). We treat all such information as confidential and process it only as needed to perform the services you have engaged us to provide.

Table of contents

1. Information we collect
2. How we use information
3. How we share information
4. Third-party services we rely on
5. Cookies and similar technologies
6. Data retention
7. Data security
8. Your privacy rights, including California residents
9. Do Not Track and Global Privacy Control
10. Children's privacy
11. External links
12. Changes to this policy
13. Contact us

1. Information we collect

1.1 Information you provide directly

We collect information you submit through our contact form, our online records-request ("Order") form, by email, by phone, by fax, or through file uploads to our designated secure-transfer service. This may include:

• Requester information: name, email address, phone number, mailing address, employer, firm or company name, and any message you send.
• Case information: case number, plaintiff name, employer, attorney or adjuster name, opposing counsel name and address, billing party and address, claim number, party representation, and similar matter-related details.
• Subject information (the individual whose records are sought): name, aliases, date of birth, date of injury, Social Security Number when provided by the requester, medical record number, billing identifiers, and other identifiers needed to identify the records to be retrieved.
• Records-request details: location and address of records custodians, types of records requested, delivery format (paper, CD, digital), shipping instructions, special instructions, deadlines, and priority designation.
• Files you upload via our designated secure-upload service (currently provided by Hightail) for transmittal to us.

You are responsible for ensuring you have the legal authority to submit information about third parties to us, including any required authorization, subpoena, court order, or consent. See our Terms & Conditions for the representations and warranties that apply when you submit information through our forms.

1.2 Information we collect from records custodians and legal process

In the course of fulfilling a records request, we receive copies of records and accompanying materials from healthcare providers, employers, schools, billing offices, insurers, public agencies, and other custodians. These records may contain extensive personal information about the subject of the request, including but not limited to protected health information, financial information, employment history, and educational records. We act as your service provider in obtaining, copying, and delivering those records to you or to the recipient you direct.

1.3 Information collected automatically

When you visit our website, we and our hosting and security providers automatically collect limited technical information, including:

• Internet Protocol (IP) address and approximate, IP-derived geographic location
• Browser type and version, operating system, and device type
• Pages requested, referring URL, and timestamps of requests
• Diagnostic and security telemetry from our content-delivery and bot-protection providers

We do not use this site for behavioral advertising, profiling, or cross-site tracking, and we do not load advertising or analytics tags from third-party advertising networks.

2. How we use information

We use the information described above to:

• Receive, review, prepare, and process records requests, subpoenas, and related legal documents you submit to us.
• Communicate with you, custodians, and other parties as necessary to retrieve and deliver records.
• Issue invoices, accept payment, and maintain billing and accounting records.
• Respond to inquiries you submit through our contact form, by email, or by phone.
• Operate, maintain, secure, and improve our website and services, including detecting and preventing spam, fraud, and abuse.
• Comply with applicable laws, court orders, subpoenas, and other legal obligations, including the California Code of Civil Procedure and rules governing the production of consumer, medical, and employment records.
• Establish, exercise, or defend legal claims.

3. How we share information

We do not sell personal information, and we do not share personal information with third parties for their independent marketing or advertising purposes. We share information only as described below.

3.1 With records custodians and parties to your matter

To fulfill a records request, we share request and subject information with the records custodians to whom requests are addressed, with shippers and couriers (such as the United States Postal Service, FedEx, and UPS), and with the recipient you designate (for example, the requesting party, opposing counsel, or another party named in your order).

3.2 With service providers

We rely on a limited number of vendors to host our website, send transactional email, protect our forms from spam and abuse, store records-related submissions, and accept secure file uploads. These vendors process information only on our behalf and only for the purposes for which we engage them. Our principal service providers are listed in Section 4 below.

3.3 For legal compliance and protection

We may disclose information when we reasonably believe disclosure is required or permitted by law, by valid legal process (including subpoenas and court orders), to cooperate with law enforcement, to protect the rights, property, or safety of Statewide Records, our customers, or the public, or to investigate or prevent suspected fraud, misuse, or violations of our Terms.

3.4 In the event of a business transaction

If we are involved in a merger, acquisition, financing, reorganization, sale of assets, or transition of services to another provider, information we hold may be transferred as part of that transaction, subject to the surviving or successor entity's obligation to honor this Privacy Policy or to provide notice of any material changes.

4. Third-party services we rely on

We engage the following service providers in operating this site and in delivering our services. Each provider's own privacy practices apply to their handling of information on our behalf.

• Cloudflare, Inc. — website hosting, content delivery, network and application security, and bot protection (including Cloudflare Turnstile and Cloudflare R2 object storage used to retain a copy of submitted order forms for our records). See Cloudflare's privacy policy.
• Resend — transactional email delivery for confirmation and notification messages we send through the website. See Resend's privacy policy.
• Google Fonts — web font delivery. Google receives the IP address of visitors who load fonts from its servers. See Google's privacy policy.
• Hightail (OpenText) — secure third-party file-upload service used through the "Upload" link to send files to us. See OpenText/Hightail privacy information.
• Shipping carriers such as the United States Postal Service, FedEx, and UPS, when records are delivered in physical form.

5. Cookies and similar technologies

Our website uses a small number of cookies and similar technologies that are necessary for the site to function and to be protected from abuse:

• Strictly necessary cookies set by Cloudflare to deliver the site, manage traffic, and detect and block bot activity (for example, the __cf_bm and _cfuvid cookies).
• Form-protection tokens issued by Cloudflare Turnstile to verify that form submissions are made by humans, not automated scripts.
• Local storage on the records-request page is used by your browser to autosave a draft of the order form on your device so you do not lose your progress if the page reloads. Drafts are stored only on your device and are removed when you submit the form or clear the saved draft.

We do not use advertising, retargeting, or cross-site tracking cookies. You can configure your browser to block or delete cookies, but blocking strictly necessary cookies may prevent the site or its forms from working correctly.

6. Data retention

We retain personal information only for as long as is necessary for the purposes for which it was collected, unless a longer retention period is required by law or is needed to establish, exercise, or defend legal claims. In general:

• Records-request submissions are retained in working systems for the duration of the engagement and thereafter in archival storage for as long as we are required to maintain them under applicable law and our professional obligations as a bonded legal photocopy service in California.
• Contact-form messages are retained in our email systems for normal business correspondence purposes and are purged or archived in accordance with our internal retention practices.
• Server logs and security telemetry are retained for short rolling periods consistent with diagnosing operational and security issues.

When information is no longer required, we delete or de-identify it using reasonable methods.

7. Data security

We implement administrative, technical, and physical safeguards designed to protect the information we hold from loss, misuse, unauthorized access, disclosure, alteration, or destruction. These safeguards include encryption of data in transit using HTTPS, access-controlled storage of order-form submissions, locked physical storage for paper records, and limiting employee and contractor access to a need-to-know basis. No method of transmission or storage is perfectly secure, however, and we cannot guarantee absolute security. If we become aware of a security incident affecting your personal information, we will notify affected individuals and applicable authorities as required by law.

8. Your privacy rights

8.1 California residents (CCPA / CPRA)

If you are a California resident, the California Consumer Privacy Act, as amended by the California Privacy Rights Act ("CCPA"), gives you the following rights with respect to personal information we collect about you:

• Right to know the categories and specific pieces of personal information we have collected about you, the categories of sources, the purposes of collecting or sharing the information, and the categories of third parties with whom we share it.
• Right to delete personal information we have collected from you, subject to legal exceptions (including our obligation to maintain records of legal services we have provided).
• Right to correct inaccurate personal information we maintain about you.
• Right to opt out of "sale" or "sharing" of personal information for cross-context behavioral advertising. We do not sell or share personal information for these purposes.
• Right to limit use of sensitive personal information. We use sensitive personal information only for the purposes permitted by the CCPA, including providing the services you have requested.
• Right to non-discrimination for exercising any of the above rights.

Categories of personal information we have collected in the prior 12 months: identifiers (name, email, phone, IP address); customer records information; commercial information related to records-service engagements; internet or other electronic activity information (limited site analytics and security telemetry); geolocation (general, IP-based); professional or employment-related information you provide; sensitive personal information (Social Security Number and similar identifiers when provided in records requests; health information when you provide it or when it appears in records we are engaged to retrieve).

Sources, business purposes, and recipients for each category are described in Sections 1, 2, and 3 above.

To exercise your rights, contact us using the information in Section 13. We will verify your request before responding, generally by confirming the email address or phone number on file or by asking you to confirm specific details about a request you submitted. You may designate an authorized agent to make a request on your behalf; we may require the agent to provide proof of authorization and may require you to verify your identity directly with us.

8.2 Other state privacy rights

Residents of certain other U.S. states may have similar rights under state privacy laws. We will respond to verifiable requests received from residents of such states to the extent required by applicable law.

8.3 Subjects of records requests

If you are the subject of records that have been requested through our service (rather than the requester), please understand that we obtain and reproduce records on behalf of authorized parties such as attorneys, adjusters, and litigants. The legal basis for the production of those records is established by the requester (for example, by an executed authorization, a properly issued subpoena, or a court order). Questions about the legal basis for a particular records request should generally be directed to the requester or their legal counsel. You may also contact us with concerns and we will evaluate them in light of our obligations.

9. Do Not Track and Global Privacy Control

Our website does not respond to "Do Not Track" browser headers in a uniform manner because no widely adopted standard exists. We do, however, treat a Global Privacy Control ("GPC") signal from a California resident's browser as a valid request to opt out of the "sale" or "sharing" of personal information. As noted above, we do not sell or share personal information for cross-context behavioral advertising.

10. Children's privacy

Our website and services are intended for use by attorneys, adjusters, claim professionals, and similar adult users in connection with legal matters. We do not knowingly collect personal information directly from children under 16. If you believe a child has submitted personal information to us through this site, please contact us and we will take appropriate steps to delete it.

11. External links

Our site links to external resources, including the State Bar of California, the California Department of Industrial Relations, the California Department of Consumer Affairs, our secure-upload provider, and other third-party sites. We are not responsible for the privacy practices of those sites; please review their policies.

12. Changes to this policy

We may update this Privacy Policy from time to time. The most current version will be posted on this page with an updated effective date. Your continued use of the site or our services after the effective date of any update constitutes acceptance of the updated policy. For material changes, we will provide additional notice as required by law.

13. Contact us

Questions, requests, or concerns about this Privacy Policy or about how we handle personal information should be directed to:

Statewide Record Services, Inc.
Attn: Privacy
PO Box 15617
Sacramento, CA 95852
Phone: (916) 344-0446
Email: info@statewiderecords.net