Privacy Policy

How we collect, use, and protect your information

1. Information We Collect

1.1 Information You Provide Directly

We collect information you provide when you:

  • Contact Forms & Consultations: Name, email, company, phone number, project requirements
  • Assessment Tools: Business metrics, operational data, revenue information, strategic insights
  • Service Agreements: Financial information, business processes, confidential data
  • Payment Processing: Billing information processed securely through Stripe
  • Communications: Email correspondence, consultation notes, meeting recordings

1.2 Automatically Collected Information

  • Website Analytics: IP address, browser type, device information, page views
  • Cookies & Tracking: Session data, user preferences, marketing attribution
  • Performance Data: Service usage metrics, response times, error logs

2. Legal Basis for Processing (GDPR)

We process personal data based on:

  • Consent: Marketing communications, cookies, optional data collection
  • Contract Performance: Service delivery, payment processing, support
  • Legitimate Interest: Business operations, security, service improvement
  • Legal Compliance: Tax reporting, regulatory requirements, dispute resolution

3. How We Use Your Information

We use collected information to:

  • Service Delivery: Provide AI consulting, revenue intelligence, mathematical frameworks
  • Business Operations: CRM management, project coordination, quality assurance
  • Communication: Client updates, technical support, service notifications
  • Marketing: Newsletter delivery, case study development (with consent)
  • Legal Compliance: Contract fulfillment, regulatory reporting, dispute resolution
  • Service Improvement: Performance optimization, methodology enhancement

4. Information Sharing and Third Parties

We share information only as specified below:

4.1 Service Providers

  • Stripe: Payment processing (PCI DSS compliant)
  • SendGrid: Email delivery and marketing automation
  • Google Analytics: Website performance and user behavior (anonymized)
  • Cloud Infrastructure: Secure data storage and processing

4.2 Legal Requirements

  • Court orders, subpoenas, or legal process
  • Protection of Sophizo rights and property
  • Prevention of fraud or security threats
  • Compliance with applicable laws and regulations

4.3 Business Transfers

In case of merger, acquisition, or sale, personal data may be transferred to the new entity with appropriate safeguards.

5. Data Retention

  • Client Data: Retained during service period plus 7 years for legal compliance
  • Marketing Data: Until unsubscribe or consent withdrawal
  • Payment Records: 7 years for tax and financial compliance
  • Website Analytics: 26 months (Google Analytics default)
  • Support Communications: 3 years for service quality and dispute resolution

6. Data Security

We implement comprehensive security measures:

  • Encryption: Data in transit (TLS 1.3) and at rest (AES-256)
  • Access Controls: Role-based permissions, multi-factor authentication
  • Infrastructure: Enterprise-grade cloud providers, regular security audits
  • Monitoring: Continuous threat detection, incident response procedures
  • Staff Training: Regular security awareness and confidentiality training
  • Cyber Security Insurance: Coverage for data breaches and cyber incidents
  • Business Continuity: Disaster recovery and service continuation guarantees

7. Your Privacy Rights

7.1 GDPR Rights (EU Residents)

  • Access: Request copies of your personal data
  • Rectification: Correct inaccurate or incomplete data
  • Erasure: "Right to be forgotten" (subject to legal retention requirements)
  • Portability: Receive your data in machine-readable format
  • Restriction: Limit processing under certain circumstances
  • Objection: Opt out of processing based on legitimate interest
  • Withdraw Consent: Revoke consent for marketing or optional processing

7.2 CCPA Rights (California Residents)

  • Know: Categories and specific pieces of personal information collected
  • Delete: Request deletion of personal information
  • Opt-Out: Sale of personal information (we do not sell data)
  • Non-Discrimination: Equal service regardless of privacy rights exercise

8. Cookies and Tracking Technologies

8.1 Cookie Types

  • Essential: Website functionality, security, session management
  • Analytics: Google Analytics for website performance (anonymized)
  • Marketing: Campaign attribution, lead tracking (with consent)
  • Preferences: User settings, language, accessibility options

8.2 Managing Cookies

You can control cookies through browser settings or our cookie preference center. Note that disabling essential cookies may affect website functionality.

9. International Data Transfers

Data may be processed in countries outside your residence. We ensure adequate protection through:

  • EU Standard Contractual Clauses (SCCs)
  • Adequacy decisions by relevant authorities
  • Contractual safeguards and data processing agreements
  • Binding corporate rules where applicable

10. AI-Specific Privacy Protections

10.1 AI Training Data Exclusion

Client data protection for AI development:

  • Explicit Opt-out: Client data will not be used for AI model training without explicit consent
  • Algorithmic Decision-Making: Disclosure when automated decision-making affects users
  • AI Data Processing: Specific handling of data used in mathematical frameworks and algorithms
  • Model Output Privacy: Protection of insights generated from client data

10.2 Data Processing Transparency

  • Processing Records: Downloadable summary of all data processing activities
  • Algorithm Transparency: Disclosure of mathematical framework methodologies
  • Data Bias Protection: Safeguards against algorithmic bias in recommendations
  • Real-time Consent: Ability to modify consent preferences anytime

11. Industry-Specific Compliance

11.1 Financial Services (GLBA)

For financial sector clients, additional protections include:

  • Enhanced data encryption and access controls
  • Regulatory reporting compliance assistance
  • Third-party vendor risk assessments
  • Annual security and privacy audits

11.2 Healthcare (HIPAA Considerations)

For healthcare consulting engagements:

  • Business Associate Agreements (BAAs) when required
  • Enhanced PHI protection standards
  • Breach notification compliance
  • Employee HIPAA training and certification

11.3 Government Contracts

For government and public sector clients:

  • Enhanced security clearance procedures
  • Federal information security standards compliance
  • Regular security assessments and audits
  • Incident reporting to appropriate authorities

12. Privacy Dashboard and User Control

12.1 Self-Service Data Management

Access your privacy dashboard at sophizo.net/privacy-dashboard to:

  • View Data: See all personal data we have collected
  • Download Data: Export your data in machine-readable format
  • Modify Consent: Update marketing and processing preferences
  • Request Deletion: Submit data removal requests
  • Processing History: Review how your data has been used

12.2 Cookie Consent Management

Granular cookie control available through our consent center:

  • Essential Cookies: Required for website functionality (cannot be disabled)
  • Analytics Cookies: Website performance tracking (opt-in required)
  • Marketing Cookies: Campaign attribution and lead tracking (opt-in required)
  • Preference Cookies: User settings and customization (opt-in required)

13. Children's Privacy

Our services are not directed to individuals under 16 years of age. We do not knowingly collect personal information from children under 16.

14. Data Protection Officer

For privacy-related inquiries, contact our Data Protection Officer:

  • Email: privacy@sophizo.net
  • Response Time: 30 days maximum (GDPR requirement)
  • Escalation: Relevant supervisory authority if unsatisfied with response

15. Regulatory Monitoring and Compliance

We continuously monitor and adapt to regulatory changes:

  • Automatic Updates: Privacy policy updates for changing regulations
  • Legal Monitoring: Regular review of privacy law developments
  • Compliance Assessment: Annual privacy compliance audits
  • Cross-Border Harmonization: Multi-jurisdiction privacy compliance

16. Changes to Privacy Policy

We may update this policy periodically. Material changes will be communicated via:

  • Email notification to registered users
  • Prominent website notice
  • Updated "Last Modified" date

17. Contact Information

For privacy questions or rights requests:

  • Email: privacy@sophizo.net
  • Website: Contact form with "Privacy Request" option
  • Response Commitment: 30 days maximum

Last updated: 6/23/2026
Effective Date: 6/23/2026
Version: 2.0 (Comprehensive GDPR/CCPA Compliant)