Privacy policy

1. Who this policy covers

This policy applies to consumers, proprietors, business contacts, job applicants, subcontractors, webinar attendees, and others who interact with us in the United States or who contact us while abroad unless a separate agreement explicitly supersedes it (for example certain B2B data-processing addenda).

2. Personal information we collect

Depending on how you interact with us, we may collect:

• Identifiers:name, postal address, email address, phone numbers (including caller ID equivalents), fax if you still use fax, Zoom or Teams handles, Telegram/WhatsApp identifiers if you explicitly opt-in, social handles if you message us publicly, device/browser fingerprints created by analytics tools, hashed email or phone for matched audiences unless you opt out as described below, taxpayer names as they appear on IRS correspondence, dependents' first names sometimes needed for contextual intake even before formal representation.
• Government identifiers (when voluntarily supplied or lawfully necessary): SSN, ITIN, EIN components, Passport numbers when needed for narrowly tailored compliance or identity verification, but not unless there is an operational justification consistent with minimization, Alien registration numbers occasionally when immigration cross-issues arise requiring counsel, not collected by intake unless relevant.
• Financial and tax-resolution context: wage data, business income, deductions, dependents, withholdings, digital asset transaction exports you upload, lien/levy/garnishment amounts, payoff targets, creditor pressure narratives, summaries of transcripts you download from IRS portals, summaries of installment agreements/OIC/other program statuses, even if verbally described during calls then typed by staff into CRM duplicates or triplicates notwithstanding reasonable deduplication workflows that may glitch.
• Commercial info: services considered, quotations requested, objections raised, objections overcome or not overcome, propensity-model scores inferred by vendors from lawful inputs.
• Internet/other electronic activity: IP addresses, cookie IDs, pixels, referrer URLs if not stripped upstream, session replay if enabled on specific pages behind consent banners when required, telemetry from mobile apps only if ever launched with privacy nutrition labels updated per store rules, currently website-focused but reserved.
• Geolocation (coarse): inferred from IP; not continuous precise GPS unless future mobile releases request OS-level prompts with separate disclosures.
• Professional/employment-related info: job title when you represent a company, payroll provider names, bookkeeping platform names, HR contacts for garnishment liaison when relevant.
• Inferences: propensity to convert, risk flags from fraud vendors screening synthetic identities, sentiment labels from quality-assurance reviews of calls, never sole automated grounds for denial of protected-class benefits where law forbids.
• Audio/video/written communications content: voicemails, call recordings where lawfully recorded, SMS/MMS/RCS message bodies, email bodies, portal chat logs, videoconference recordings only if you consent per platform prompts, machine-generated transcripts with known error rates, AI summarizations with human review intended but not guaranteed every time staffing is thin.
• Payment data: card last-four, tokenized payment credentials processed by PCI compliant processors, generally not full PAN on our servers if integration is correct; misconfigurations remediated upon discovery with notification when law requires after investigation.

We generally do not collect biometric identifiers (faceprints, fingerprints, retina scans) deliberately; if biometric voiceprints are inadvertently created when a vendor stores voice biometric templates notwithstanding our contractual instruction to minimize such processing, instruct us to escalate deletion requests to vendors as law requires.

3. How we collect information

• You provide it: forms, phone calls you place, texts you send, uploads, emails you initiate.
• Automatic technologies: cookies, pixels, SDKs inside embeds, server logs capturing user agents, IDS/IPS logs correlated with security incidents.
• Others: lead partners who claim consented introductions subject to contractual compliance reps and indemnities; advertising networks delivering attributed clicks; telecom carriers conveying CNAM and LRN metadata subject to lawful availability; enrichment vendors appending firmographic guesses you may disprove; credit bureaus or alternative data vendors evaluating financing offers orchestrated through separate finance companies with separate GLBA/FCRA disclosures if consumer reports are ever pulled, this policy does not govern consumer reports except to say we comply with permissible purpose rules when advised by counsel directing that pull.

4. Why we use personal information

• To respond to inquiries and deliver requested information.
• To operate, secure, troubleshoot, authenticate, audit, investigate fraud, resist credential stuffing bots, escalate DDoS remediation with cloud vendors, reconcile billing disputes referencing communications metadata.
• To coordinate introductions to professionals aligned with intake facts.
• To perform contracts you enter with us, including invoicing, collections of unpaid, but lawful, balances subject to UDAP carve-outs.
• To send transactional messages (appointments, password resets only if ever applicable, portal alerts, compliance-required finance disclosures ancillary to campaigns).
• To send marketing, with consent/opt-out as required, including retargeted display/social/email/SMS respecting frequency caps imperfectly calibrated by automation.
• To comply with subpoenas, summons, warrants, preservation requests, National Security Letters if ever received subject to gag challenges if permitted, civil discovery narrowly resisted when overbroad motions succeed intermittently producing partial productions only.
• To exercise or defend legal claims, arbitration, indemnity pursuits, insurance tenders, reputational-defense litigation when rare defamation occurs.
• For analytics, attribution, budgeting, forecasting, experimentation, personalization of web experiences, with modeling that may hallucinate flawed content recommendations benignly, but never medical credit underwriting here.

5. SMS / text messaging

If you subscribe to informational or marketing SMS/MMS campaigns, carrier message and data rates may apply. Frequency varies by program. Reply STOP to opt out from campaigns that honor short-code STOP semantics; transactional messages may persist where law permits (for example receipts for payments you initiated). HELP may return contact instructions when supported by the program. Third-party aggregator privacy policies additionally govern telecom metadata they retain for lawful billing and fraud suppression. Visit our Terms, Disclosures, or contact via /contact for revocation nuances if STOP fails because of spoofing upstream of us, we will escalate with carriers when technically feasible yet cannot guarantee instantaneous global revocation across every mirror short code ever leased historically.

6. Disclosure of personal information

We may disclose information to subsidiaries or affiliates under common control; and to vendors that provide services we need, for example hosting, content delivery / security filtering, VoIP carriers, texting aggregators, email delivery, calendars, ticketing, CRM, e‑sign tooling, bookkeeping for our own business, auditors, bankers, insurers, IT and managed service providers, quality assurance tooling, cybersecurity assessments, analytics, attribution, modeling, transcription, translations, forensic vendors under court order, mediators/arbitrators you separately engage, with limitations set by confidentiality and data-processing commitments. Disclosure also occurs when required by lawful civil or criminal process, or when necessary in good faith to address imminent threats to health or safety.

Mergers, acquisitions, asset sales, financing events, reorganizations, or analogous transactions may result in succession to some or all records. Where law requires transitional notice, or where your consent or opt-out rights apply, we will comply with governing statutes and timelines.

We do not sell personal information for money in colloquial “data broker marketplace” parlance absent future programs with a conspicuous “Notice of Sale/Sharing” layered consent UI if law requires, if we later introduce personalized advertising categorized as “sale” under some state laws, we will update this policy and expose opt-outs (including Limit the Use of Sensitive PI toggles required in certain states) before activation.

7. Targeted advertising, cookies, and global privacy control signals

Cookie banners, when deployed, expose category toggles rejecting non-essential cookies/analytics/marketing stacks; mis-toggles attributable to ambiguous UX copy may accidentally leave marketing pixels firing until you revise selections; ad blockers distort measurement so retargeting may persist unknowingly biased; Global Privacy Control and analogous browser signals honored only where statutes mandate and our CMP vendor implements interpretive mapping without lag, consult browser vendor release notes concurrently.

8. Security

We implement commercially reasonable administrative, technical, and physical safeguards, TLS in transit ideally everywhere, segmentation in cloud VPCs meant to segregate workloads, MFA for staff admins, least-privilege IAM policies rotated quarterly-ish when staffing permits backups to succeed, phishing-resistant FIDO keys where budget allows, SOC2 aspirational roadmap sometimes delayed by cash flow, even with best efforts breaches may occur requiring notifications under timelines defined by jurisdictions where affected residents reside. No online transmission is flawless; snail mail theft of transcripts you courier may occur, use tracked delivery always.

9. Data retention

We retain records pursuant to contractual necessity, statutes of limitation for fee disputes, professional responsibility rules impacting downstream licensees, subpoena/defense holds freezing deletion even past nominal retention sunsets until released by counsel, telemetry minimization aspirations balanced against ML training holdouts some vendors stealthily impose until contract renegotiations excise those clauses, even if subtly embedded in SOC addenda footnotes unread by busy purchasers.

When retention periods expire securely wipe or shred subject to logistical realities of RAID rebuild windows and offsite tape vault rotations vendors maintain with delayed destruction batches.

10. Your privacy rights

Depending on residency, you may have rights to access, correct, delete, port, appeal denials within tight windows defined by statutes, restrict certain processing, opt out of profiling with legal thresholds, opt out of sales/shares/targeted ads, limit use/disclosure of sensitive personal information categories, revoke prior consents without retaliation for lawful revocations, even if retaliation is subtle like delayed callback priorities we strive to forbid via internal audits but cannot warrant perfection. Submit privacy requests via /contact labeling the subject line “Privacy Request” so triage avoids sales queues. Appeals may escalate to supervisory authorities listing contact links we supply upon denial letters PDF-signed by privacy counsel when volume justifies, not every micro-denial gets PDF luxury if staffing predicts trivial resolution after verbal clarification apologies.

We verify requests to a reasonable degree of certainty, government ID uploads may be required when risk models flag impersonation, even though uploading IDs ironically risks new exposure; alternatively answer knowledge-based quizzes law permits, choose least invasive path workable.

Authorized agents under California privacy rules must submit documentation permitted by statute (often a signed authorization from you). We may verify requests by callback or other safeguards to reduce spoofing.

11. Children

Services are not directed at children under 16. We delete child data gleaned inadvertently upon verified parental or guardian notices consistent with COPPA-aligned spirit even outside strict COPPA scope when we lacked actual knowledge requisite for COPPA-triggered obligations, consult counsel distinguishing actual knowledge doctrines.

12. International users

Servers may reside primarily in the United States. If transfers require SCCs/GDPR mechanisms for stray EU/UK inbound inquiries, supplemental measures might include encryption or ephemeral processing, implementations contingent on lawful basis and DPA stack.

13. Automated decision-making

We do not use solely automated decisions with legal/similarly significant effects absent human review gateways unless future credit decisioning mandates otherwise with fresh disclosures, you will receive notice before enabling.

14. Employment/applicants

Applicant monitoring may collect résumés, referrals, clearance forms, occupational licensing numbers, malpractice insurance certificates for licensed hires, sanction screenings through vendors, those practices may be summarized in standalone notices at collection when volume grows; until then inbound résumés inherit this baseline policy narrowed by context.

15. Updates

Changes post here with refreshed “Last updated.” Material changes prompting re-consent for texting/email will obtain fresh consents respecting safe harbor timelines under TCPA/FCC interpretations as amended, we watch regulatory dockets sporadically; not instantaneous advice.

16. Contact

Privacy requests and questions: Confidential contact channels · Phone 1 (888) 927-6275. Postal address: provide via onboarding when required; absent public street presence for virtual-first teams, filings may designate registered agent addresses per state charters, consult corporate kit if you subpoena wrongly routed mailrooms delaying compliance.

Regulatory complaints may be filed with the Federal Trade Commission, state Attorneys General, or the FCC (for spoofed or abusive calling). We cooperate with lawful traceback and enforcement requests where feasible.