How this firm handles your information

1. Scope & who this covers

This policy describes how San Diego DUI Defense — the law practice of R. Robert Punta, Attorney at Law (SBN 220353) — collects, uses, stores, and shares personal information. It applies to people who:

• Visit this website (sdduidefense.com)
• Call the firm's published phone number, including calls answered by the firm's automated intake system
• Leave a voicemail for the firm
• Submit information through the website contact form
• Communicate with the firm by email or other electronic means
• Become clients of the firm

It does not cover information collected by third-party websites or services that may be linked from this site, by court e-filing systems, or by communications conducted in person or by mail.

This policy is informational, not a legal contract. It describes current practices and may be updated as practices evolve. Material changes will be reflected in the "last updated" date and, where appropriate, communicated directly to current clients.

2. Information collected

The firm collects information you provide directly when you contact it or retain it as your attorney. This may include:

• Identity and contact information: name, phone number, email address, mailing address
• Case-related information: details of the matter you are contacting the firm about, including the nature of charges, dates, courts, agencies involved, and other facts you choose to share
• Voice recordings and transcripts: when you call the firm's automated intake line, the call audio and a generated transcript of the conversation (see Section 3); when you leave a voicemail, the recording and a generated transcript (see Section 4)
• Communications: emails, text messages, and letters exchanged with the firm
• Client file content: for retained clients, all documents, records, and communications generated during representation

The firm does not require you to create an online account, does not request financial account information through the website, and does not collect Social Security numbers or other government identifiers through casual contact channels. Information of that sensitivity is collected, when needed, only after representation has been formally established and through appropriate secure channels.

3. AI phone intake

When you call the firm's main published number — (619) 486-8860 — your call may be answered by an automated intake system that uses artificial intelligence to gather information about your matter and either connect you to the attorney or arrange a callback. This section explains how that system works.

What the system does

• Identifies itself as an automated intake assistant at the start of every call
• Discloses that the call is being recorded and gives you the option to decline; if you decline, the system transfers you to voicemail (see Section 4)
• Asks for basic information about you and your matter so the attorney can return your call promptly and prepared
• May connect you live to the attorney during business hours, or arrange a callback if he is unavailable
• Generates a written summary that is sent to the attorney's email after the call ends

What the system does not do

• It does not provide legal advice, legal analysis, or representation decisions
• It does not quote attorney's fees beyond general fee structure information
• It does not establish an attorney-client relationship — that occurs only after the attorney personally reviews the matter and a written engagement is signed
• It does not make decisions about whether the firm will represent you

Service providers involved

The automated phone intake system is built using third-party technology services. When you call, your call audio and the resulting transcript pass through and are processed by the following providers:

• Twilio — provides the underlying telephone network connection and call routing
• ElevenLabs — provides the conversational voice technology that handles the call
• Large language model providers — including Google (Gemini), OpenAI, and Anthropic — provide the underlying language understanding that allows the system to converse naturally and summarize the call. The specific provider used on a given call may vary based on availability and routing.
• Cloudflare — hosts the infrastructure that connects these components and routes post-call summaries
• Resend — transmits the post-call summary email to the attorney's inbox

Each of these providers operates under its own privacy policy and data processing terms, which govern how they handle data passing through their systems. The firm has selected configurations intended to limit retention and prohibit use of your information for purposes unrelated to providing the intake service. Some providers may, depending on the service tier, use anonymized or aggregated information to improve their services. The firm reviews these terms periodically and selects service tiers consistent with its confidentiality obligations as a law office.

Recording and California two-party consent

California is a two-party consent state for call recording (Penal Code §632). The automated intake system discloses recording at the start of every call and offers an immediate opt-out. If you continue with the call after the disclosure, you are providing consent to the recording. If you prefer not to be recorded, the system will transfer you to voicemail, where you can leave a message for the attorney.

Identifying as AI

The automated intake system identifies itself as an automated agent in its opening greeting. If asked at any point during a call whether you are speaking to a human or an AI, the system will confirm that it is an automated assistant.

4. Voicemail handling

If you decline recording on the intake call, ask to leave a voicemail, or are otherwise routed to voicemail, your call is transferred to a separate voicemail-only line that the firm operates for that purpose. The voicemail-only line is not the firm's published number and does not run the AI intake system; it simply records your message.

Voicemails are processed as follows:

• Your message is recorded by the firm's telephony provider (Twilio), up to a length cap of approximately two minutes
• An automated transcription of your message is generated
• A single email is sent to the attorney's inbox containing both the transcript and a button to play the audio recording
• The audio playback link is signed and time-limited (it expires after a set period, currently 30 days from the date of the voicemail)

Voicemails are not shared with the AI intake conversation system or its language model providers. Transcription is performed by the telephony provider, not by the conversational AI vendor.

5. Website data

This website is a static informational site. It does not use behavioral advertising trackers, cross-site advertising pixels, or session-replay technologies.

Standard server logs, maintained by the website's hosting provider, may record information typically associated with web requests — including IP address, browser type, pages visited, and timestamps — for security and operational purposes. The firm does not actively analyze or maintain these logs beyond what is automatically retained by the host.

The contact form on the home page transmits the information you enter directly to the firm's intake email address. It does not store form submissions on a third-party database. The form may be processed by a form-handling service acting solely as a transmission intermediary.

6. Email communications

The firm uses standard email for routine communication. Standard email is not end-to-end encrypted; it travels through multiple servers and is generally accessible to the email service providers operating those servers. By contacting the firm by email, you accept this baseline level of security for routine communication.

For documents or communications involving heightened sensitivity — including but not limited to medical records, mental health records, sealed records, financial details, and certain types of personally identifying information — the firm uses additional protective measures, such as password-protected files transmitted with separately communicated passwords, or other secure transmission methods appropriate to the matter.

If you have a strong preference for a specific secure communication method (for example, encrypted messaging applications), you may discuss that preference with the attorney directly.

7. How information is used

Information you provide is used to:

• Respond to your inquiry and determine whether the firm can assist with your matter
• Conduct conflict-of-interest checks before establishing representation
• Provide legal representation, if you become a client
• Communicate with you about your matter
• Comply with the firm's legal, ethical, and professional obligations as a California attorney
• Maintain records required by the California Rules of Professional Conduct, the State Bar of California, and applicable courts

The firm does not sell your personal information. The firm does not share your personal information with third parties for those parties' own marketing purposes. The firm does not use your personal information to train artificial intelligence models on its own behalf.

8. Who has access

Access to your information is limited to:

• The attorney. R. Robert Punta personally reviews matters and handles cases. The firm is a solo practice; there are no associates or contract attorneys who handle client matters as a regular practice.
• Service providers acting on the firm's behalf. This includes the technology providers that operate the phone intake and voicemail systems (described in Sections 3 and 4), the firm's email and office software providers (such as Microsoft 365), the firm's legal research provider (LexisNexis), and other operational service providers. These providers handle data only as necessary to provide their services and are subject to their own confidentiality and security obligations.
• Persons or entities to whom disclosure is required by law, such as court orders, subpoenas, or — in narrow circumstances permitted by the California Rules of Professional Conduct — to prevent reasonably certain death or substantial bodily harm.

Information protected by the attorney-client privilege is not disclosed to anyone except as authorized by the client or as required or permitted by the Rules of Professional Conduct.

9. Storage & retention

Client files and firm records are maintained on secured local systems controlled directly by the firm, rather than on cloud-based practice management platforms. Cloud-based services are used only as necessary for specific functions — such as email (Microsoft 365), legal research (LexisNexis), court e-filing (One Legal and similar court-mandated systems), and the phone intake and voicemail systems described above.

Client files are retained for the period required by the California Rules of Professional Conduct and applicable trust accounting rules, generally a minimum of five years following the conclusion of representation, with longer retention for certain categories of matters. Files are securely destroyed at the end of the applicable retention period.

Phone intake recordings, voicemail recordings, and transcripts are retained for a limited period sufficient to allow the attorney to review the call, follow up appropriately, and integrate any resulting client matter into the firm's records. Recordings and transcripts not associated with established representation are deleted on a routine schedule. Recordings and transcripts associated with established representation become part of the client file and follow the retention schedule for client files generally.

10. Security practices

The firm takes reasonable steps to protect personal information from unauthorized access, use, or disclosure, consistent with the California Rules of Professional Conduct, applicable State Bar of California formal opinions, and ABA Formal Opinion 477R. These steps include:

• Maintaining client files on secured local systems with access controls
• Using protected, password-restricted accounts for all firm software and online services
• Using transmission methods appropriate to the sensitivity of the information being communicated, including password-protected files and secure transmission services for sensitive documents
• Limiting the use of cloud-based services to those that provide appropriate security and confidentiality protections
• Periodically reviewing the firm's security practices and the practices of the firm's service providers

No method of electronic transmission or storage is completely secure. The firm cannot guarantee absolute security, but it works to maintain practices consistent with the duties of a California attorney handling confidential client information.

11. California rights (CCPA / CPRA)

If you are a California resident, the California Consumer Privacy Act and California Privacy Rights Act provide you with specific rights regarding your personal information. These include:

• Right to know. You may request information about the categories and specific pieces of personal information the firm has collected about you, the sources of that information, the purposes for collecting it, and the categories of third parties with whom it has been shared.
• Right to delete. You may request that the firm delete personal information it has collected from you, subject to exceptions that apply to law firms — including information protected by attorney-client privilege, information required to be retained under the Rules of Professional Conduct, and information necessary to comply with a legal obligation.
• Right to correct. You may request correction of inaccurate personal information.
• Right to limit use of sensitive personal information. Where applicable.
• Right to non-discrimination. The firm will not discriminate against you for exercising any of these rights.
• Right to opt out of sale or sharing. The firm does not sell personal information and does not share personal information for cross-context behavioral advertising. There is therefore no separate "Do Not Sell or Share My Personal Information" mechanism — the default is no sale and no sharing for those purposes.

Some of these rights are subject to exceptions specific to attorneys and law firms, particularly where information is part of a client file, is protected by attorney-client privilege or work product doctrine, or must be retained under professional conduct rules. The firm will respond to requests in accordance with applicable law and professional obligations.

12. Submitting a request

To exercise any of the rights described above, or to ask questions about this policy, contact the firm using the information below. Requests should include enough information for the firm to verify your identity and locate any responsive records — typically your name, the phone number or email address you used to contact the firm, and the approximate date of any relevant communication.

The firm will respond within the timeframe required by applicable law (generally 45 days under the CCPA, with the possibility of a 45-day extension when reasonably necessary).

13. Changes to this policy

This policy may be updated from time to time to reflect changes in practices, technology, or applicable law. The "last updated" date at the top of the policy reflects the most recent revision. Material changes will be highlighted, and clients with active matters will be notified directly of changes that affect their existing representation.

14. Contact

Questions about this privacy policy, requests to exercise California privacy rights, or concerns about how the firm handles your information should be directed to:

R. Robert Punta, Attorney at Law
San Diego DUI Defense
8880 Rio San Diego Drive, Suite 800, PMB 2047
San Diego, CA 92108
Email: info@sdduidefense.com
Phone: (619) 486-8860