Privacy Policy

1. Introduction and Scope

Vantage Grid Consulting ("Vantage Grid," "we," "us," or "our") respects your privacy and is committed to protecting the personal information you share with us. This Privacy Policy describes how we collect, use, disclose, store, and protect your personal information when you visit our website, engage our consulting services, communicate with us, or otherwise interact with our business.

This policy applies to all personal information collected by Vantage Grid through our website (including all subpages and subdomains), contact forms, email communications, telephone conversations, in-person meetings, consulting engagements, and any other interactions where personal information is exchanged.

By accessing our website, submitting information through our contact forms, or engaging our services, you acknowledge that you have read and understood this Privacy Policy and consent to the collection, use, and disclosure of your information as described herein. If you do not agree with the practices described in this policy, please do not use our website or provide us with your personal information.

This Privacy Policy is intended to comply with applicable federal and state privacy laws, including the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020 ("CCPA/CPRA"), the Virginia Consumer Data Protection Act ("VCDPA"), the Colorado Privacy Act ("CPA"), and other applicable state privacy regulations.

2. Information We Collect

We collect several categories of information depending on how you interact with us. The types of information we collect include:

Personal Identifiers

This includes your full name, email address, phone number, mailing address, job title, company name, and any other identifying information you voluntarily provide when filling out contact forms, requesting an audit brief, or entering into a consulting engagement.

Professional and Employment Information

In the course of a consulting engagement, we may collect information about your role, responsibilities, organizational structure, reporting relationships, and professional background as necessary to deliver our services effectively.

Business and Financial Information

For billing and payment purposes, we may collect company financial information, billing addresses, tax identification numbers, payment method details, and purchase history. We do not store complete credit card numbers on our systems; payment processing is handled by PCI-compliant third-party processors.

Communications Data

We retain records of our communications with you, including emails, chat messages, phone call summaries, meeting notes, and correspondence related to engagement activities, proposals, and support requests.

Technical and Usage Information

When you visit our website, we automatically collect certain technical information, including your IP address, browser type and version, operating system, referring URL, pages visited, time spent on pages, click patterns, device identifiers, and other diagnostic data.

3. How We Collect Information

We collect personal information through the following methods:

• Direct collection: When you fill out our contact form, request an audit brief, subscribe to our communications, sign a Statement of Work, or otherwise provide information to us voluntarily through our website, email, phone, or in-person meetings
• Automated collection: Through cookies, web beacons, server logs, and similar tracking technologies when you visit and interact with our website. See Section 7 for more details on our use of cookies and tracking technologies
• Engagement activities: During the performance of consulting services, including documents, data, and information provided by the Client for the purposes of delivering contracted services
• Third-party sources: We may supplement the information we collect with information obtained from publicly available sources (such as LinkedIn, company websites, and public filings), business data providers, and referral sources, to the extent permitted by applicable law
• Payment processors: Our third-party payment processors collect payment information on our behalf and share limited transaction details with us for invoicing and accounting purposes

4. How We Use Your Information

We use the information we collect for the following purposes:

• To provide, maintain, and improve our consulting services, including diagnostic audits, framework design, and implementation support
• To communicate with you about your engagement, respond to inquiries, and provide customer support
• To process payments, generate invoices, and manage our financial accounts
• To send you information about our services, industry insights, and business updates that we believe may be of interest to you, subject to your communication preferences
• To personalize your experience on our website and tailor our content and offerings to your interests and needs
• To analyze website usage patterns, monitor the effectiveness of our marketing efforts, and improve the functionality and design of our website
• To protect the security and integrity of our website, systems, and business operations, and to detect and prevent fraud, unauthorized access, and other illegal activities
• To comply with applicable legal obligations, respond to lawful requests from public authorities, and establish, exercise, or defend legal claims
• To develop aggregate, anonymized, or de-identified data for statistical analysis, benchmarking, and research purposes that cannot reasonably be used to identify you
• To evaluate and improve our internal business processes, service quality, and organizational efficiency

5. Legal Bases for Processing

We process your personal information on the following legal bases:

• Contractual necessity: Processing that is necessary for the performance of a contract with you, such as delivering consulting services under a signed SOW
• Legitimate interests: Processing that is necessary for our legitimate business interests, such as improving our services, marketing our offerings, protecting our rights, and conducting business analytics, provided that these interests are not overridden by your fundamental rights and freedoms
• Consent: Processing for which you have given your explicit consent, such as receiving marketing communications. You may withdraw your consent at any time by contacting us
• Legal obligation: Processing that is necessary to comply with applicable laws, regulations, court orders, or legal proceedings

6. Information Sharing and Disclosure

We do not sell, rent, or trade your personal information to third parties for their marketing purposes. We may share your information in the following circumstances:

• Service providers: We engage trusted third-party companies and individuals to perform certain business functions on our behalf, such as payment processing, cloud hosting, email delivery, data analytics, and customer relationship management. These service providers have access to your personal information only to the extent necessary to perform their functions and are contractually obligated to protect your information
• Professional advisors: We may share information with our attorneys, accountants, insurers, and other professional advisors in connection with the management and operation of our business
• Business transfers: In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of our assets, your personal information may be transferred as part of the transaction. We will provide notice before your personal information is transferred and becomes subject to a different privacy policy
• Legal requirements: We may disclose your information when required to do so by law, regulation, court order, or governmental request, or when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a lawful government request
• With your consent: We may share your information with third parties when you have given us explicit consent to do so

When we share information with third-party service providers, we require them to implement appropriate security measures and to use personal information only as directed by us and in accordance with this Privacy Policy. We maintain a list of our material service providers and will make this available upon request.

7. Cookies and Tracking Technologies

Our website uses cookies and similar tracking technologies to enhance your browsing experience, analyze website traffic, and understand where our visitors come from. A cookie is a small data file placed on your device when you visit a website.

Types of cookies we use:

• Essential cookies: Necessary for the website to function properly. They enable core functionality such as page navigation and access to secure areas. The website cannot function properly without these cookies
• Analytics cookies: Help us understand how visitors interact with our website by collecting and reporting information anonymously. We use this data to improve website performance, content, and user experience
• Functional cookies: Enable the website to remember choices you make (such as your preferred language or region) and provide enhanced, personalized features
• Marketing cookies: Used to track visitors across websites to display relevant advertisements. These cookies are typically placed by third-party advertising networks with our permission

You can control and manage cookies through your browser settings. Most browsers allow you to block or delete cookies, set preferences for certain types of cookies, or receive a notification when a cookie is set. Please note that disabling certain cookies may affect the functionality of our website and your ability to use certain features.

We may also use web beacons (also known as pixel tags or clear GIFs) in our emails and on our website to track open rates, click-through rates, and other engagement metrics. Web beacons are tiny, invisible graphic elements that allow us to count users who have visited certain pages or opened certain emails.

8. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes for which it was collected, to comply with our legal obligations, to resolve disputes, and to enforce our agreements. Specific retention periods vary depending on the type of information and the purpose for which it is used:

• Client engagement records: Retained for seven (7) years following the completion of the engagement, as required for financial reporting, tax compliance, and potential legal claims
• Contact form submissions: Retained for three (3) years from the date of submission, or until you request deletion, whichever occurs first
• Financial and billing records: Retained for seven (7) years as required by applicable tax and accounting regulations
• Website analytics data: Retained in aggregated or anonymized form for up to three (3) years
• Marketing communication records: Retained until you unsubscribe or request removal from our marketing lists, plus an additional record of your opt-out preference maintained indefinitely to honor your request
• Confidential engagement data: Handled in accordance with the confidentiality provisions of the applicable SOW and our Terms of Service

When personal information is no longer required for its original purpose and no legal retention requirement exists, we will securely delete, destroy, or anonymize the information using commercially reasonable methods designed to prevent unauthorized access, use, or disclosure.

9. Data Security

Vantage Grid implements appropriate technical, administrative, and physical security measures designed to protect your personal information against unauthorized access, alteration, disclosure, destruction, or other forms of unlawful processing. Our security measures include, but are not limited to:

• Encryption of data in transit using industry-standard TLS/SSL protocols
• Encryption of sensitive data at rest using AES-256 or equivalent encryption standards
• Access controls that limit access to personal information to authorized personnel who need it to perform their job functions
• Multi-factor authentication for access to systems containing personal information
• Regular security assessments, vulnerability scans, and penetration testing
• Employee training on data protection best practices and incident response procedures
• Physical security measures for our office and equipment, including locked facilities, surveillance, and secure disposal of physical records
• Incident response plans to detect, contain, and remediate security breaches in a timely manner

While we take reasonable measures to protect your information, no method of transmission over the internet or method of electronic storage is one hundred percent secure. We cannot guarantee absolute security, and you acknowledge that you transmit information to us at your own risk. In the event of a data breach that affects your personal information, we will notify you and applicable regulatory authorities in accordance with applicable law.

10. Your Privacy Rights

Depending on your jurisdiction, you may have certain rights regarding your personal information. These rights may include:

• Right to access: You may request a copy of the personal information we hold about you
• Right to correction: You may request that we correct any inaccurate or incomplete personal information
• Right to deletion: You may request that we delete your personal information, subject to certain exceptions required by law
• Right to portability: You may request that we provide your personal information in a structured, commonly used, and machine-readable format
• Right to opt out: You may opt out of the sale or sharing of your personal information for targeted advertising purposes
• Right to restrict processing: You may request that we limit the processing of your personal information under certain circumstances
• Right to object: You may object to the processing of your personal information for certain purposes, including direct marketing
• Right to withdraw consent: Where processing is based on your consent, you may withdraw your consent at any time without affecting the lawfulness of processing conducted prior to withdrawal
• Right to non-discrimination: We will not discriminate against you for exercising any of your privacy rights

To exercise any of these rights, please contact us using the information provided in Section 17 of this policy. We will respond to your request within the timeframe required by applicable law, generally within forty-five (45) days of receipt. We may request additional information to verify your identity before processing your request.

11. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have specific rights under the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020 ("CCPA/CPRA"). In addition to the general rights described in Section 10, California residents have the following rights:

• The right to know what categories and specific pieces of personal information we have collected, the categories of sources from which the information was collected, the business or commercial purpose for collecting the information, and the categories of third parties with whom we share the information
• The right to delete personal information we have collected, subject to certain exceptions
• The right to correct inaccurate personal information
• The right to opt out of the sale or sharing of personal information
• The right to limit the use and disclosure of sensitive personal information
• The right not to be discriminated against for exercising your CCPA/CPRA rights

Vantage Grid does not sell personal information as defined by the CCPA/CPRA. We do not share personal information for cross-context behavioral advertising purposes. We do not use or disclose sensitive personal information for purposes beyond what is necessary to provide the services or as otherwise permitted by law.

To submit a verifiable consumer request, California residents may contact us using the information provided at the end of this policy. You may also designate an authorized agent to submit requests on your behalf, provided that the agent provides proof of written authorization and we can verify your identity.

In the preceding twelve (12) months, we have collected the categories of personal information described in Section 2 of this policy. We have disclosed personal information for business purposes to the categories of third parties described in Section 6. We have not sold or shared personal information as defined by the CCPA/CPRA.

12. Children's Privacy

Our website and services are not directed to individuals under the age of eighteen (18), and we do not knowingly collect personal information from children under eighteen. If we learn that we have collected personal information from a child under eighteen without verification of parental consent, we will take immediate steps to delete that information from our systems.

If you are a parent or guardian and believe that your child has provided us with personal information without your consent, please contact us immediately using the information provided at the end of this policy, and we will take appropriate action to remove such information.

13. International Data Transfers

Vantage Grid is based in the United States, and your personal information is processed and stored in the United States. If you access our website or services from outside the United States, please be aware that your personal information may be transferred to, stored, and processed in the United States, where data protection laws may differ from those of your jurisdiction.

By providing your personal information to us, you consent to the transfer of your information to the United States and its processing in accordance with this Privacy Policy. We will take appropriate steps to ensure that your personal information receives an adequate level of protection in the jurisdictions in which we process it.

14. Third-Party Links and Services

Our website may contain links to third-party websites, platforms, or services that are not operated or controlled by Vantage Grid. This Privacy Policy does not apply to such third-party services. We encourage you to review the privacy policies of any third-party websites or services before providing them with your personal information. Vantage Grid is not responsible for the privacy practices, content, or security of third-party websites or services.

15. Do Not Track Signals

Some browsers include a "Do Not Track" ("DNT") feature that signals to websites that the user does not wish to have their online activity tracked. There is no universally accepted standard for how companies should respond to DNT signals. At this time, our website does not respond to DNT signals. However, you can manage your cookie preferences through your browser settings as described in Section 7.

16. Changes to This Policy

Vantage Grid reserves the right to update or modify this Privacy Policy at any time. When we make material changes, we will update the "Last Updated" date at the top of this document and, where required by applicable law, provide additional notice through our website, email, or other appropriate channels.

We encourage you to review this Privacy Policy periodically to stay informed about how we collect, use, and protect your personal information. Your continued use of our website or services after the posting of changes constitutes your acceptance of the revised Privacy Policy.

For material changes that significantly affect how we process your personal information, we will seek your renewed consent where required by applicable law before implementing the changes.

17. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy, your personal information, or our data protection practices, please contact us using the information below. We aim to respond to all legitimate inquiries within a reasonable timeframe, and no later than required by applicable law.