Privacy Policy
Collatio Labs LLC ("we," "us," "our," or "Company") respects your privacy and is committed to protecting your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you interact with our consulting and research services.
Contents
- 1. Information We Collect
- 2. How We Use Your Information
- 3. How We Share Your Information
- 4. Data Security
- 5. Data Retention
- 6. Your Privacy Rights
- 7. Cookies and Similar Technologies
- 8. Third-Party Links
- 9. Children's Privacy
- 10. International Data Transfers
- 11. California Privacy Rights (CCPA)
- 12. Changes to This Policy
- 13. Contact Us
1. Information We Collect
We collect information only as necessary to provide our consulting and research services. This includes:
A. Contact Information
- Name, title, and organizational affiliation
- Email address and phone number
- Mailing address and business location
- Preferred communication methods
B. Engagement Information
- Project scope, timeline, and deliverables
- Service line selected (consulting or research)
- Engagement type (assessment, implementation sprint, fractional executive retainer, formal verification, etc.)
- Relevant business context and objectives
C. Communications
- Email correspondence related to service delivery
- Meeting notes and call recordings (only when explicitly authorized and documented)
- Feedback and satisfaction survey responses
D. Transaction Information
- Invoicing details and payment method information (processed securely through third-party providers; we do not store raw payment card data)
- Engagement dates and service hours
E. Automatically Collected Information
- IP address and device type (when visiting our website)
- Browser type and operating system
- Pages visited and time spent on each page
- Referring website
What We Do Not Collect: We do not engage in extensive behavioral tracking, targeted advertising networks, or cookie-based profiling. We do not collect sensitive information such as social security numbers, biometric data, or health information unless explicitly required for a specific engagement and only with your written consent.
2. How We Use Your Information
We use the information we collect for the following purposes:
- Service Delivery: To engage with you, understand your needs, scope projects, schedule meetings, and deliver consulting and research services.
- Communication: To respond to inquiries, provide project updates, send invoices, and communicate important engagement information.
- Billing and Payment Processing: To prepare invoices, process payments, and maintain financial records.
- Legal and Compliance: To comply with applicable laws, regulations, tax obligations, and contractual requirements.
- Website Improvement: To understand how you use our website and improve its functionality and content.
- Aggregate Analytics: To generate anonymized, aggregate reports about website traffic and user behavior (not tied to individuals).
- Security and Fraud Prevention: To detect, prevent, and address fraud, abuse, and security incidents.
Legitimate Basis: We process your information based on: (1) performance of our contract with you, (2) your explicit consent, (3) our legitimate business interests in operating and improving our services, and (4) legal compliance obligations.
3. How We Share Your Information
A. Data We Do Not Sell
We do not sell, rent, or lease your personal information to any third party under any circumstances. Your data is not a commodity, and we do not participate in data broking or similar practices.
B. Limited Sharing with Service Providers
We may share your information with trusted third-party service providers who assist us in delivering services, provided they:
- Are contractually obligated to protect your information
- Only access information necessary to perform their specific function
- Are prohibited from using your information for their own purposes
- Are subject to data protection agreements consistent with this policy
Categories of service providers include:
- Email and communication platforms (for engagement coordination)
- Payment processors (for invoice and payment handling)
- Accounting and tax service providers (for financial record-keeping and compliance)
- Cloud infrastructure providers (for secure data storage)
- Website analytics platforms (minimal, aggregated data only)
C. Legal Requirements and Safety
We may disclose your information if required by law, legal process (e.g., subpoena, court order), or governmental authority. We will provide reasonable advance notice when legally permissible and will disclose only the minimum information required.
We may also disclose information when we believe in good faith that disclosure is necessary to protect our legal rights, your safety, the safety of others, or to investigate and prevent fraud or violations of our terms of service.
D. Business Transitions
In the event of a merger, acquisition, bankruptcy, or sale of substantially all assets, your information may be transferred as part of that transaction. We will provide notice of any such change and any choices you may have regarding your information.
E. Client Consent
For certain research projects, we may share anonymized or aggregated findings with the broader research community. We will not identify you or your organization in such publications without your explicit written consent.
4. Data Security
We implement reasonable administrative, technical, and physical safeguards to protect your personal information against unauthorized access, disclosure, alteration, and destruction. These measures include:
- Encryption in transit: Data transmitted between your devices and our systems is encrypted using TLS/SSL protocols.
- Encryption at rest: Sensitive data stored on our systems is encrypted.
- Access controls: Only authorized personnel with legitimate business need have access to your information.
- Secure authentication: We require strong passwords and multi-factor authentication for accounts that access sensitive information.
- Regular security audits: We conduct periodic reviews of our security practices and systems.
- Incident response procedures: We have established protocols to respond to any security incidents.
Important Limitation: While we implement industry-standard security measures, no system is completely secure. We cannot guarantee absolute security of your information. If a security incident occurs, we will notify affected individuals as required by law.
5. Data Retention
We retain your information for as long as necessary to provide our services and fulfill the purposes outlined in this policy. Retention periods vary depending on the type of information and the basis for processing:
- Engagement information: Retained for the duration of the engagement and for 7 years thereafter to comply with tax and legal requirements.
- Communications and project records: Retained for the duration of the engagement and for a reasonable period (typically 3-7 years) to handle disputes and document service delivery.
- Website analytics: Aggregated data is retained for 24 months; individual identifiers are removed after processing.
- Payment records: Retained for a minimum of 7 years for tax and accounting purposes.
After the retention period expires, we securely delete or anonymize your information. You may request deletion of your information at any time, subject to legal and contractual obligations (see Section 6 below).
6. Your Privacy Rights
Depending on your location and applicable law, you may have the following rights regarding your personal information:
A. Right of Access
You have the right to request access to the personal information we hold about you. Upon request, we will provide a copy of your information in a portable format within 30 days.
B. Right to Correction
You have the right to request correction of inaccurate or incomplete information. We will correct information upon verification of the inaccuracy.
C. Right to Deletion
You have the right to request deletion of your personal information, subject to certain exceptions. We cannot delete information when: (1) it is necessary to complete an ongoing engagement, (2) deletion would violate legal or contractual obligations, or (3) we have a legitimate legal basis for retention. We will inform you of any reason we cannot comply with a deletion request.
D. Right to Restrict Processing
You may request that we restrict how we use your information while a dispute or request is pending.
E. Right to Withdraw Consent
When we process information based on your consent, you may withdraw that consent at any time by contacting us. This will not affect the lawfulness of processing that occurred before withdrawal.
F. Right to Opt-Out of Certain Uses
You may opt out of receiving marketing communications from us at any time by clicking the unsubscribe link in any such communication or by contacting us directly.
G. Exercising Your Rights
To exercise any of these rights, please contact us using the information in Section 13. We will respond to all requests within 30 days. We may need to verify your identity before processing your request.
7. Cookies and Similar Technologies
We use cookies and similar technologies on our website in a minimal, transparent manner:
A. Types of Cookies We Use
- Essential/Functional Cookies: These are required for basic website functionality, such as maintaining your session and security. They do not track you across other sites.
- Analytics Cookies: We use anonymized analytics to understand aggregate traffic patterns and improve our website. We do not use these cookies to build a profile of your individual behavior.
B. Cookies We Do Not Use
We do not use advertising or targeting cookies. We do not participate in cross-site tracking or behavioral advertising networks.
C. Cookie Management
Most browsers allow you to refuse cookies or alert you when a cookie is being set. You can disable cookies through your browser settings. Be aware that disabling essential cookies may affect website functionality.
8. Third-Party Links
Our website may contain links to third-party websites and services that are not operated by Collatio Labs. This Privacy Policy applies only to information we collect directly. We are not responsible for the privacy practices of third-party websites or services. We encourage you to review the privacy policies of any third-party services before providing your information.
9. Children's Privacy
Our services are not directed at individuals under 13 years of age, and we do not knowingly collect personal information from children under 13. If we become aware that we have collected information from a child under 13, we will delete such information promptly. If you believe we have inadvertently collected information from a child, please contact us immediately.
10. International Data Transfers
Collatio Labs is based in the United States. If you are located outside the United States, please note that your information will be transferred to, stored in, and processed in the United States. By providing your information to us, you consent to such transfers, storage, and processing.
When we transfer personal information internationally, we implement appropriate safeguards, including standard contractual clauses and other mechanisms recognized under applicable data protection laws, to ensure your information is protected to the same extent as required by this policy.
11. California Privacy Rights (CCPA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):
- Right to Know: You may request what personal information we collect, use, share, and sell.
- Right to Delete: You may request deletion of personal information collected from you, subject to certain exceptions.
- Right to Opt-Out: You may opt out of the sale or sharing of your personal information. (Note: We do not sell or share personal information for targeted advertising purposes.)
- Right to Correct: You may request correction of inaccurate personal information.
- Right to Limit Use: You may request that we limit our use of sensitive personal information.
- Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.
To exercise your California privacy rights, please contact us at the information provided in Section 13. We will verify your identity and respond within 45 days. You may also authorize an agent to submit requests on your behalf.
12. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, law, or other factors. We will notify you of material changes by updating the "Effective Date" at the top of this policy. If we make material changes that affect how we handle your information, we will provide prominent notice and obtain your consent where required by law.
Your continued use of our services after changes become effective constitutes your acceptance of the updated Privacy Policy. We encourage you to review this policy periodically to stay informed about how we protect your information.
13. Contact Us
If you have questions about this Privacy Policy, wish to exercise your privacy rights, or have concerns about how we handle your information:
We will respond to all inquiries within 30 days. If you are not satisfied with our response to a privacy concern, you may have the right to lodge a complaint with the data protection authority in your jurisdiction (if applicable).