Privacy Policy

1. Introduction

Garnet Grid Consulting LLC ("we," "our," or "us") respects your privacy and is committed to protecting the personal information you share with us. This Privacy Policy explains how we collect, use, disclose, retain, and safeguard your information when you visit garnetgrid.com and any subdomains, portals, or applications operated by us (collectively, the "Site"), including our Garnet knowledge engine and client portal. Please read this policy carefully. By accessing or using the Site, you agree to the terms of this Privacy Policy. If you do not agree, please discontinue use of the Site immediately.

2. Information We Collect

We collect information in the following categories:

• Personal Data: Information you voluntarily provide, including your name, email address, phone number, company name, job title, and any message content submitted through our contact form or client portal registration.
• Account Data: If you create an account on our client portal, we collect your login credentials (email and hashed password) and authentication tokens managed through our identity provider.
• Derivative Data: Information automatically collected when you access the Site, including your IP address, browser type and version, operating system, referring URL, pages visited, time and date of access, time spent on pages, and unique device identifiers.
• Analytics Data: Aggregated and anonymized usage data collected through Google Analytics 4, including page views, session duration, geographic region (country/city level), device category, and user flow through the Site.
• Form Submission Data: Information submitted through our contact forms, which is processed by our third-party form service provider (Formspree) and delivered to us via email.

3. Cookies & Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience on the Site. These include:

• Essential Cookies: Session cookies required for authentication and portal access. These are managed by our identity provider (Supabase) and are necessary for the Site to function.
• Analytics Cookies: Google Analytics 4 places cookies (e.g., _ga, _ga_*) to distinguish unique users and track session information. These cookies expire after 2 years and 24 hours, respectively.
• Preference Cookies: We store your theme preference (light/dark mode) in your browser's local storage. This data never leaves your device.

You can control cookies through your browser settings. Disabling cookies may affect the functionality of certain features, particularly the client portal.

4. Third-Party Services

We use the following third-party services that may collect, process, or store your data:

• Google Analytics 4 (Google LLC) — Website analytics and traffic measurement. Data may be transferred to the United States. Google Privacy Policy.
• Formspree (Formspree, Inc.) — Contact form processing and email delivery. Form submissions are transmitted through Formspree's servers. Formspree Privacy Policy.
• Supabase (Supabase, Inc.) — Authentication, user account management, and database services for our client portal. Supabase Privacy Policy.
• GitHub Pages (GitHub, Inc. / Microsoft Corp.) — Website hosting and content delivery. GitHub Privacy Statement.

We do not sell, rent, or trade your personal data to any third party. These services are used solely to operate and improve the Site.

5. Use of Your Information

We use information collected about you for the following purposes:

• To respond to inquiries and fulfill service requests submitted via the contact form.
• To create and manage client portal accounts and authenticate users.
• To deliver consulting services, reports, and AI-generated insights through our Garnet knowledge engine.
• To analyze website usage, improve Site performance, and optimize user experience.
• To send administrative communications such as engagement confirmations, invoices, and service updates.
• To detect, prevent, and respond to fraud, security incidents, or unauthorized access.
• To comply with applicable legal obligations and enforce our Terms of Service.

6. Disclosure of Your Information

We may disclose your information in the following limited circumstances:

• By Law or to Protect Rights: If required by law, subpoena, court order, or government regulation, or if we believe disclosure is necessary to investigate potential violations, protect our rights, property, or safety, or protect the rights, property, or safety of others.
• Service Providers: To trusted third-party vendors who assist in operating the Site (as listed in Section 4), subject to confidentiality obligations.
• Business Transfers: In connection with any merger, acquisition, sale of assets, or financing, your information may be transferred as part of that transaction. We will notify you via email or prominent notice on the Site of any change in ownership.
• With Your Consent: We may disclose information for any other purpose with your explicit written consent.

We do not sell your personal information. We have not sold personal information in the preceding 12 months.

7. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes described in this policy, unless a longer retention period is required or permitted by law. Specifically:

• Contact form submissions: Retained for 3 years from date of submission, then permanently deleted.
• Client portal accounts: Retained for the duration of your engagement plus 3 years, after which accounts are deactivated and data is anonymized or deleted upon request.
• Analytics data: Google Analytics data retention is set to 14 months. Aggregated, non-identifiable analytics may be retained indefinitely.
• Server logs: Access logs are retained for 90 days for security and troubleshooting purposes.

8. Your Privacy Rights

Depending on your location, you may have the following rights regarding your personal information:

California Residents (CCPA/CPRA)

If you are a California resident, you have the right to:

• Know what personal information we collect, use, and disclose.
• Delete your personal information, subject to legal exceptions.
• Opt out of the sale or sharing of personal information. (Note: We do not sell personal information.)
• Non-discrimination for exercising your privacy rights.

European Economic Area Residents (GDPR)

If you are located in the EEA, you have the right to:

• Access your personal data and receive a copy.
• Rectify inaccurate or incomplete personal data.
• Erase your personal data ("right to be forgotten").
• Restrict processing of your personal data.
• Data portability — receive your data in a structured, machine-readable format.
• Object to processing based on legitimate interests.

To exercise any of these rights, contact us at garnetgrid@gmail.com. We will respond within 30 days (45 days for CCPA requests, with notice of extension if needed).

9. Children's Privacy

The Site is not intended for individuals under the age of 18. We do not knowingly collect personal information from children under 13 (or 16 in the EEA). If we learn that we have collected personal information from a child under these ages, we will promptly delete that information. If you believe a child has provided us with personal information, please contact us at garnetgrid@gmail.com.

10. Security

We implement administrative, technical, and physical security measures to protect your personal information, including:

• HTTPS/TLS encryption for all data transmitted between your browser and our servers.
• Hashed and salted password storage — we never store plaintext passwords.
• Role-based access controls for client portal and administrative systems.
• Regular security reviews and monitoring for unauthorized access.

While we use commercially reasonable measures to protect your information, no method of transmission over the Internet or method of electronic storage is 100% secure. We cannot guarantee absolute security.

11. Do Not Track Signals

Some browsers transmit "Do Not Track" (DNT) signals. We currently do not respond to DNT signals because no uniform standard for handling them has been adopted. If a standard is established in the future, we will update this policy accordingly.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. When we make material changes, we will update the "Last Updated" date at the top of this page. For material changes that significantly affect how we handle your personal data, we will provide prominent notice on the Site or contact you directly via email. Your continued use of the Site after any modifications constitutes your acknowledgment and acceptance of the updated Privacy Policy.

13. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

Garnet Grid Consulting LLC
New York, NY
garnetgrid@gmail.com

For privacy rights requests (CCPA, GDPR), please include "Privacy Rights Request" in the subject line and specify the right you wish to exercise.