THANK YOU

Thank you for visiting our website (www.LorenzoZesati.com). LorenzoZesati or LorenzoZesati.com ("we," "us," "our," or the "Company") is committed to treating the personal and corporate information of our Site users, customers, and vendors with respect and sensitivity.

We've updated our Privacy Policy and improved our privacy practices so we can better safeguard your data.

LorenzoZesati provides Business Technology Architecture solutions that involve comprehensive business architecture across 13 dimensions  including AI automation, AI integration, smart websites, CRM systems, brand development, financial systems, and strategic architecture solutions aligned with our Business Technology Architect's Blueprint framework. We also provide business consulting, technology implementation, cybersecurity guidance, and software-integration services to clients around the world, with a specific focus on serving Married Christian Businessmen with Children (MCBC). Our goal is to support your Business Technology needs while respecting your privacy.

This Privacy Policy (together with our Terms of Service and any other policies referenced) identifies how we will collect and process any personally identifiable information, such as your name, email, address, phone number, SMS information, financial account information, business information, and data collected through AI interactions and automated systems, that we collect from you, or that you provide to us. It applies to our websites (including www.LorenzoZesati.com), remote-support services, marketing activities, email communications, SMS messaging, AI chatbot interactions, appointment booking systems, newsletter subscriptions, webinars, live events, online forms, and any other services linking to this Policy.

By using our services, submitting information through any format (e.g., website forms, email, telephone, SMS, fax, AI chat interactions, or in person), or continuing to visit our Site, you agree to the practices described here. If you do not agree, please do not use our services.

If you are a California resident, our privacy practices comply with the California Consumer Privacy Act of 2018 ("CCPA"), the California Privacy Rights Act ("CPRA"), and any regulations adopted by the California Privacy Protection Agency ("CPPA"), including regulations governing automated decision-making technology, risk assessments, and cybersecurity audits that became effective January 1, 2026. Any CCPA/CPRA-specific information is identified in this Policy.

If you are a resident of the European Economic Area ("EEA") or United Kingdom ("UK"), this Privacy Policy also outlines additional policies applicable to our collection and processing of your personal information under the General Data Protection Regulation ("GDPR").

If you are a resident of a U.S. state with a comprehensive consumer data privacy law, including but not limited to Virginia, Colorado, Connecticut, Utah, Iowa, Indiana, Kentucky, Rhode Island, Texas, Tennessee, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Delaware, Oregon, or Florida, this Privacy Policy describes how we comply with applicable rights and obligations under those laws. See Section 10 for details.

As our services evolve and we perceive the need or desirability of using your personal data collected in other ways, we may from time to time amend this Privacy Policy. The effective date appears at the beginning of this Privacy Policy. We encourage you to check our Site frequently to review the current Privacy Policy in effect and any changes that may have been made to it.

By providing your Personal Information to us in any format (e.g., via email, telephone, fax, SMS, online forms, AI interactions, or in person) and/or continuing to use any of our services or visiting our Site you accept and consent to the practices described in this Privacy Policy and Information Notice.

TABLE OF CONTENTS

Introduction

Information We Collect

How We Use Your Information

Legal Bases for Processing (GDPR and International Users)

Data Sharing and Onward Transfers

Our Storage of Your Personal Information

Cookies and Tracking Technologies

Your Rights and Choices

California Consumer Rights (CCPA/CPRA)

Multi-State Privacy Law Compliance

GDPR and UK GDPR Rights (EEA/UK Residents)

Children's Privacy (COPPA)

Third-Party Websites and Services

Data Security

International Transfers

Conditions of Use and Changes to Our Privacy Policy

Contact Us

INTRODUCTION

This Privacy Policy describes how the Company collects, uses, and shares information about visitors to our website at www.LorenzoZesati.com, attendees of our programs and webinars, individuals who contact us to purchase materials or request information, subscribers to our newsletters and SMS communications, users of our AI-powered tools and chatbots, those who book appointments through our systems, and other users of our services. The Website and our other programs and services are the "Services." This Policy describes how we obtain and use personal data (which can be used to identify a specific individual) and anonymous data (which cannot).

For purposes of this Policy, "Personal Information" means information (whether stored electronically or in paper-based filing systems) relating to a living individual who can be identified from that data (or from that data and other information in our possession). Personal Information comprises the categories of Personal Information defined by the CCPA, GDPR, and other applicable privacy laws.

AI-Powered Interactions Disclosure: Our website and services may include AI-powered chatbots, automated assistants, and other artificial intelligence tools that interact directly with you. When you engage with these AI systems, you are interacting with automated technology (not a human representative) unless otherwise stated. Information you provide during these interactions is collected and processed in accordance with this Privacy Policy. We use AI as an assistive tool to enhance your experience, and final business decisions and recommendations are reviewed and made by our human team.

Region-Specific Provisions: Certain provisions of this Policy, which are clearly labelled, apply only to users who are citizens or residents of particular regions (e.g., the EU, UK, California, or other U.S. states with comprehensive privacy laws). Otherwise, the Policy applies to all users of our Services, regardless of location.

Children: The Services of LorenzoZesati are not designed for nor are they intended to be used by children. We do not knowingly collect, use, or disclose Personal Information from children under 16 (or under 13 in the United States). If we learn that we have collected the Personal Information of a child without parental consent, we will take steps to delete the information as soon as possible. If you are under 16 (or under 13 in the United States), do not provide any Information about yourself to us, including your name, address, telephone number, or email address. If you become aware that a child has provided us with Personal Information without parental consent, contact us at the location identified below in the Contact Us section.

INFORMATION WE COLLECT

We collect information so that we can deliver services, maintain security, provide personalized experiences, and meet our legal obligations. The categories below apply whether you contact us through the website, speak with a support representative, use our remote-management tools, interact with our AI systems, subscribe to our newsletters, book appointments, submit forms, or engage with our SMS communications.

LorenzoZesati collects only that Personal Information that is relevant for the purposes for which the data is requested. We do not use your Personal Information in any way that is incompatible with the purposes for which it was collected or for which you have consented.

2.1. INFORMATION YOU PROVIDE VOLUNTARILY

Contact and Account Information: When you request information, sign up for a webinar, newsletter, or SMS communications, place an order, create an account, book an appointment, or engage with our AI systems, we may collect your name, company name, mailing address, email address, phone number, and similar identifiers. We ask only for the data needed to perform the requested service.

Payment and Billing Information: If you purchase services or products, we collect billing details (such as credit card number, expiration date, card security code, and billing address) to process your payment. We generally rely on our payment processors to handle this information and do not store full card numbers on our systems.

Business and Professional Information: When you engage our Business Technology Architecture services, we may collect information about your business including business name, industry, revenue information, number of employees, business challenges, technology systems in use, and other information necessary to provide consulting and implementation services.

Support and Troubleshooting Data: While providing remote support or technology implementation services, we may collect device identifiers, system logs, configuration details, user credentials (if you grant us access), and other technical data necessary to troubleshoot problems or implement solutions. We may remotely view or control your device only with your explicit permission, and may record session logs for quality, training, and security purposes. You should avoid sharing any sensitive information not relevant to the support issue.

Assessment and Self-Evaluation Data: When you participate in business assessments, self-assessment quizzes, strategic planning exercises, or utilize our Business Technology Architect's Blueprint framework, we collect the information you input and the results generated. This may include information about your business goals, challenges, aspirations, strategic priorities, and responses to assessment questions.

Communications and Marketing Preferences: If you subscribe to newsletters, SMS updates, or request marketing materials, we collect your email address, phone number, and other information you choose to provide. This includes preferences for how you wish to receive communications from us. You may opt out of marketing at any time (see Section 8).

SMS Information: When you opt-in to receive SMS messages from us, we collect your mobile phone number and carrier information. We use this information solely to send you the text messages you've requested, such as appointment reminders, event notifications, or marketing messages (if you've consented). You can opt-out at any time by texting STOP to any message you receive from us.

AI Interaction Data: When you interact with our AI-powered tools, chatbots, or automated systems on our website or through other channels, we may collect the content of your conversations, questions asked, information provided, and preferences expressed. This data helps us provide personalized responses, improve our AI systems, and better understand client needs. Please note that our AI systems are designed to assist and enhance your experience. They do not make autonomous decisions that produce legal or similarly significant effects on you without human review.

Appointment and Calendar Information: When you book appointments through our scheduling systems, we collect information about your preferred dates and times, time zone, appointment purpose, and any specific topics or questions you wish to discuss.

Event and Webinar Information: When you register for or attend our webinars, workshops, live events, or BreakthruPreneurs mastermind meetings, we collect registration information, attendance records, and may collect information about your participation and engagement.

Employment Information: For those considering careers with LorenzoZesati, we collect professional data and education information such as resume or C.V., salary history, education history, citizenship information, position sought, and other relevant employment information. Additional Personal Information may be collected during the employment process, as set forth in our Employee Privacy Policy.

2.2. INFORMATION COLLECTED AUTOMATICALLY

Usage and Device Data: Our servers automatically record information such as your IP address, browser type and version, operating system, device type, referring URLs, pages visited, time zone setting, browser plug-in types and versions, and how you interact with our site and services. This information includes:

The Internet protocol (IP) address used to connect your computer to the Internet Referring website address Browser type and version Time zone setting Browser plug-in types and versions Operating system and platform Information about your visit, including the full Uniform Resource Locators (URL) Clickstream to, through and from our site (including date and time) Pages on our Site you viewed Page response times Download errors Duration of page visits Page interaction information (such as scrolling, clicks, and mouse-overs) Methods used to browse away from the page Any phone number used to call our customer service number

This helps us maintain security, detect fraud, improve our services, and provide you with better user experience. We do not link usage data to your identity unless needed for security or support purposes.

Cookies and Tracking Technologies: We use cookies and similar technologies to remember preferences, measure usage, personalize content, and provide targeted advertising. Some cookies are necessary for site functionality; others are optional and may be used for analytics or targeted advertising. You can control cookies via your browser settings. Disabling cookies may limit certain features (see Section 7).

Remote Monitoring Data: If you use our remote monitoring and management (RMM) tools (e.g., ConnectWise, Datto, or other technology management platforms), we may collect device performance metrics, installed software versions, security status, system health indicators, and other telemetry needed to ensure your systems are up to date, secure, and functioning optimally. We configure our RMM tools to capture only the data necessary for maintenance and security.

Analytics Data: We use analytics services such as Google Analytics to collect aggregated information on how our services are used and help us improve performance. This includes tracking website traffic, user behavior patterns, conversion rates, and other metrics that help us optimize your experience.

2.3 INFORMATION FROM THIRD PARTIES

We may obtain information from business partners (such as payment processors, marketing platforms, CRM systems), analytics providers, social media platforms, or integrated software platforms that you authorize (e.g., project-management tools, email marketing services, calendar applications, or other business tools). We use this data consistently with this Policy and any restrictions imposed by the original source.

We work closely with third parties, including business partners, promoters, affiliates, sub-contractors in technical services, payment and delivery services, advertising networks, marketing analytics providers, and search information providers. We will notify you when we receive information about you from them and the purposes for which we intend to use that information.

2.4. SPECIAL CATEGORIES OF DATA

We do not intentionally collect sensitive personal data (such as health information, race/ethnicity, religious beliefs, biometric data, or genetic information) unless you choose to provide it, or it is required for service delivery, employment, or legal compliance. If we must process sensitive data, we will request your explicit consent or rely on another lawful basis permitted by law (see Section 4).

For purposes of the CCPA, Personal Information includes the following categories:

Identifiers: Name, address, email, phone, social security number, driver's license, federal tax ID number, or other relevant identifiers

Other Data (California Civil Code § 1798.80(e)): Financial information (bank account number, credit card number, debit card number), medical information, health insurance information, insurance policy number

Protected Classes: Race, gender, age (40 years or older), ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information

Commercial Information: Records of personal property, products or services purchased, obtained, or considered, purchasing or consuming histories or tendencies

Biometric Information: We do not collect or receive biometric information such as fingerprints, retina scans, or face prints

Internet Activity: Browsing history, search history, IP address, website interactions, information on interaction with websites, applications, or advertisements

Geolocation Data: Physical location information

Sensory Data: We do not collect audio, electronic, visual, thermal, or olfactory information unless specifically required for service delivery and with your explicit consent

Professional Data: CV, resume, employment history, current employment information

Education Data: Educational background, grades, scores, degrees obtained

Inferences: Preferences, characteristics, psychological traits, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes drawn from the above categories

The examples given above are not meant to provide an exhaustive list, but are examples of the kinds of data included in each category.

HOW WE USE YOUR INFORMATION

We process personal data for the following purposes and lawful bases:

Provide and Improve Our Services: We use your information to deliver Business Technology Architecture services, business consulting, technology implementation, cybersecurity guidance, integration services, AI-powered solutions, appointment scheduling, event registration, newsletter delivery, SMS communications, and other services you request from us.

We use your information to:

Process payments and manage accounts Schedule and manage appointments Communicate about your requests and service delivery Provide customer support and respond to inquiries Deliver newsletters, webinars, and educational content Administer self-assessments and business evaluations Implement and support technology solutions Provide AI-powered recommendations and assistance Improve our offerings and develop new services Present our Platform and content to you in the most effective manner Assess your suitability for participation in our programs, meetings, live events, and webinars Determine additional materials, services, or events to recommend to you.

These activities are necessary to perform our contract with you or to pursue our legitimate interests in running and improving our business.

Security and Fraud Prevention: We use data to authenticate users, protect against unauthorized access, secure our infrastructure, detect and respond to cyber-threats, prevent fraud, and comply with industry standards (including NIST recommendations). This includes the use of multi-factor authentication for remote sessions, encryption of stored data, monitoring for suspicious activity, and maintaining audit logs.

Compliance with Law: We may process your data to comply with laws, regulations, court orders, or legal requests (e.g., consumer privacy laws, tax obligations, accounting requirements, regulatory reporting). When legally required, we will disclose information to law-enforcement authorities, regulators, or other governmental entities.

Marketing and Communications: With your consent or where allowed by the law, we may send you promotional emails, SMS messages, newsletters, or invitations to webinars and events. We may also tailor marketing based on your interactions with us, business needs, industry, and expressed interests. You can opt out of marketing at any time (see Section 8).

Analytics and Research: We analyze usage patterns to understand how visitors interact with our services and to improve our design, content, and offerings. We conduct research to develop new frameworks, refine our Business Technology Architect's Blueprint, and create educational materials. Aggregated or de-identified data may be used for statistical or research purposes.

Artificial Intelligence and Automation: We may use AI-powered tools to assist with diagnostics, provide personalized recommendations, automate routine tasks, detect security threats, improve user experience, and develop better solutions for our clients. Personal data used for AI training is limited to what is needed for these purposes. We do not use AI to make decisions that have legal or similarly significant effects without human review. When required by law (e.g., certain U.S. states including California and Colorado), you can opt out of automated decision-making (see Section 8). We are committed to using AI responsibly and in compliance with applicable federal and state AI governance requirements, including the California CCPA regulations on automated decision-making technology (effective January 1, 2026), the Colorado Artificial Intelligence Act (effective June 30, 2026), and the Texas Responsible AI Governance Act (effective January 1, 2026).

Training and Quality Assurance: We may use information for training purposes, quality assurance, and to record details about the products and services you order from us to ensure we're delivering excellent service and continuously improving.

Credit Reference and Risk Assessment: We may make inquiries about you for credit reference purposes when necessary to assess financial risks in our business relationships.

Data Analysis: We perform data analyses (including anonymization and aggregation of Personal Information) to understand trends, improve services, and make data-driven business decisions.

LEGAL BASES FOR PROCESSING (GDPR AND INTERNATIONAL USERS)

For residents of the European Economic Area (EEA), United Kingdom, or other jurisdictions requiring a lawful basis, we rely on one or more of the following bases when we process your data:

Contractual Necessity: We process data to perform our contract with you (e.g., providing Business Technology Architecture services, consulting, technology implementation, delivering purchased products) or to take steps at your request before entering a contract.

Legitimate Interests: We have a legitimate interest in operating, securing, and improving our services, communicating with clients, preventing fraud, conducting business development, providing direct marketing of products and services that may interest you, analyzing usage patterns, developing new offerings, maintaining business relationships, and managing our business operations, provided that such interests are not overridden by your rights. This includes legitimate interests of our third-party partners, promoters, affiliates, distributors, suppliers, vendors, and subcontractors.

Consent: We rely on your consent to send marketing communications, deploy non-essential cookies, process sensitive data (if any), conduct certain AI or profiling activities, and for other processing where consent is required by law. You may withdraw your consent at any time without affecting the lawfulness of prior processing.

Legal Obligation: We may process data to comply with our legal obligations (such as tax laws, accounting requirements, regulatory reporting, data retention obligations) or to protect vital interests (e.g., recording necessary information for security purposes, responding to legal requests).

Performance of a Task in the "Public" Interest: In limited circumstances, we may process data to perform a task carried out in the public interest.

In accordance with the purposes for which we collect and use your Personal Information, as set out above, the legal basis for processing your Personal Information will typically be one of the bases described in this section.

DATA SHARING AND ONWARD TRANSFERS

We do not sell personal data. LorenzoZesati does not sell your Personal Information to any third parties.

We may share your information in the following limited circumstances:

5.1 SERVICE PROVIDERS AND CONTRACTORS

To provide the Services, we sometimes disclose Personal Information to service providers for business purposes. We engage trusted third parties, such as hosting providers, cloud storage services (e.g., Amazon Web Services), payment processors, identity verification services, email marketing platforms, SMS delivery services, calendar and scheduling platforms, CRM systems, remote-support platforms (e.g., Anydesk, TeamViewer, ConnectWise, Datto), analytics providers (e.g., Google Analytics), AI service providers, webinar platforms, and other technology vendors, to perform functions on our behalf.

These service providers are contractually obligated to comply with all applicable laws (e.g., the CCPA, GDPR), and all such third parties use your Personal Information only on behalf of LorenzoZesati and under our instructions. They are contractually required to safeguard your data, act only on our instructions, not use your data for their own purposes, and implement appropriate security measures. We take reasonable steps to ensure these third parties use your Personal Information only for the purposes for which they have been engaged by us, that they do not share or sell your Personal Information to anyone else, and that they maintain adequate security.

Under the California Consumer Privacy Rights Act (CPRA), disclosure to service providers for a business purpose is not considered a "sale" or "share."

By enjoying our Services and sharing your Personal Information, you agree that we have the right to share the categories of Personal Information we collect with our service providers for the following business purposes:

Sales and Transaction Processing: For fulfilling requests to purchase goods and services from our Site or at our events, processing payments, managing orders Service Delivery: For delivering Business Technology Architecture services, consulting, technology implementation, remote support, and other professional services Communication: For sending emails, SMS messages, newsletters, appointment reminders, service updates Targeted Advertising: To provide advertising of our programs and services on other Sites and platforms Marketing: For direct marketing of goods and services offered by LorenzoZesati and our affiliates that you may be interested in Self-Assessment Testing: For administering and providing self-assessment testing services, business evaluations, and strategic planning tools Cloud Services: For provision of cloud storage, computing, and infrastructure services Contractual Performance: For the performance of any contract, we enter with you, or they enter with you on behalf of LorenzoZesati Web Analytics: Analytics and search engine service providers that assist us in the improvement and optimization of our site AI Services: For providing AI-powered recommendations, chatbot functionality, automated responses, and intelligent assistance Calendar and Scheduling: For managing appointment bookings, calendar integrations, and scheduling coordination Event Management: For managing webinar registrations, event attendance, and participant communications

5.2. THIRD-PARTY INTEGRATIONS

If you instruct us to integrate your systems with other software (e.g., CRM, project management, accounting, calendar applications, email platforms, ticketing systems, or security tools), we will share only the data necessary to perform that integration. You are responsible for reviewing the privacy practices of any third-party platforms you connect to our services.

5.3. BUSINESS PARTNERS

We may share information with channel partners, resellers, or affiliates who co-market or co-deliver our services, provided they agree to comply with relevant privacy laws and use the information solely for the agreed purpose.

5.4. LEGAL OBLIGATIONS AND PROTECTION OF RIGHTS

We may disclose data where required by law or court order, in response to lawful requests by public authorities (including meeting national security or law enforcement requirements), or to protect our rights, property, or safety and those of our clients or others (e.g., to investigate fraud, cyber-incidents, security breaches, or potential violations of our Terms). We will notify you of such requests when legally permissible.

5.5. CORPORATE TRANSACTIONS

If we merge, sell, or transfer our assets, or undergo any business reorganization, restructuring, dissolution, or other corporate transactions, your data may be transferred to the acquiring entity as part of the purchase, transfer, or sale of services or assets, subject to this Policy and applicable laws. We may also disclose your Personal Information to prospective buyers or sellers during due diligence for such transactions.

5.6. WITH YOUR CONSENT

For any other purpose disclosed by us when you provide the Information, or with your consent for specific purposes.

5.7. AGGREGATED OR DE-IDENTIFIED DATA

We may use and disclose Non-Personal Information (aggregated, anonymized, or de-identified data that cannot be used to identify you) about our users without restriction for research, statistical analysis, marketing, or any other purpose.

5.8. DO NOT SELL OR SHARE MY DATA (CALIFORNIA / CPRA)

We do not sell personal data in exchange for money. CPRA also covers "sharing" personal data for targeted advertising. We do not share data for cross-context behavioral advertising outside the context of our own marketing. If this changes, we will provide a clear "Do Not Sell or Share My Personal Information" link allowing California residents to opt out, and we will honor Global Privacy Control or other legally recognized opt-out signals. We will maintain opt-out preferences for at least twelve months as required by California law.

We only use the data collected to understand clients' needs regarding our website products, programs, and services, and to deliver and improve those services. To provide the Products, Programs, and Services, we sometimes disclose personal data to service providers for business purposes as described in this section.

No mobile information is shared with third parties/affiliates for marketing or promotional purposes.

All other categories exclude text messaging originator opt-in data and consent. This information is not shared with any third parties.

5.9. INTERNATIONAL TRANSFERS

Our servers and many of our service providers are located in the United States. If you are located outside the U.S., your data may be transferred to and processed in the United States or other countries with different privacy laws.

Where required by the GDPR or UK GDPR, we implement appropriate safeguards to ensure adequate protection, such as:

Using Standard Contractual Clauses approved by the European Commission Relying on adequacy decisions where applicable Implementing additional technical and organizational measures to protect your data

If we participate in the EU-U.S. Data Privacy Framework or Swiss-U.S. Data Privacy Framework, we will adhere to their principles, including purpose limitation, choice, data accuracy, security, transparency, individual rights, and restrictions on onward transfers.

By submitting your Personal Information, you agree to this transfer, storing, and processing. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy.

OUR STORAGE OF YOUR PERSONAL INFORMATION

6.1. DATA SECURITY

LorenzoZesati uses reasonable and appropriate administrative, technical, and physical measures to protect your Personal Information from loss, misuse, and unauthorized access, disclosure, alteration, and destruction, taking into due account the risks involved in the processing undertaken and the nature of the Personal Information we collect.

Unfortunately, the internet is not completely secure. Although we are working to protect your Information, we cannot guarantee the security of your Information either in transmission or when stored. We are not responsible for circumvention of any privacy settings or security measures contained on the Platform.

We have implemented measures designed to protect your Information from accidental loss and from unauthorized access, use, alteration, and disclosure. Protecting our clients' information is integral to our mission. Measures include:

Encrypted Communications: Remote-support sessions and data transmissions use peer-to-peer or server-brokered tunnels with TLS/SSL (256-bit or higher encryption) to protect data in transit. All sensitive communications are encrypted.

Multi-Factor Authentication and Session Management: We require multi-factor authentication for remote access and sensitive system accounts, as recommended by NIST. Sessions time out after periods of inactivity, and credentials are unique to our remote-access environment.

Device Health Checks: We assess client devices for up-to-date operating systems, antivirus signatures, and other security baselines before allowing remote connections. Access may be denied to out-of-compliance devices.

Data Encryption at Rest: We use full-disk and file-level encryption on our systems and encrypt sensitive backups, as recommended by NIST. Sensitive paper records are stored in secure facilities or are digitized and securely destroyed when no longer needed.

Access Controls and Logging: Access to personal data is restricted to authorized personnel with a legitimate business need. We maintain audit logs of support sessions, server access, and administrative actions and review them regularly for suspicious activity.

Employee Training: All staff receive privacy and security training, including phishing awareness, secure remote-support practices, data handling procedures, and compliance requirements.

Incident Response and Breach Notification: We maintain an incident-response plan based on FTC guidance and industry best practices that includes identifying and containing security events, assembling a response team, fixing vulnerabilities, and notifying affected individuals and regulators as required by law.

Regular Security Assessments: We conduct regular security reviews, vulnerability assessments, and updates to our security practices to address emerging threats.

6.2. DATA RETENTION

We will keep your personal data for as long as we need it, or as otherwise prescribed by law, for the purposes set out above. This period will vary depending on your relationship with us. We may also keep a record of all correspondence related to you, such as email communications, purchases, returns, and complaints about our Products, Programs, and Services for as long as is necessary to help and protect us from a legal claim.

We retain personal data only as long as necessary for the purposes described in this Policy or as required by law. In general:

Account and Contact Data: Retained for the duration of our relationship and a reasonable period thereafter responding to requests, maintaining business records, and satisfying legal obligations. If you close your account or request deletion, we delete or anonymize your data unless required to retain it for legal reasons (such as ongoing contractual obligations, pending transactions, or legal claims).

IT Support Logs and Remote Sessions: Retained for up to 12 months for troubleshooting, quality control, security audits, and compliance. Logs related to security incidents may be retained longer if needed for investigations or legal proceedings.

Communication Records: Email correspondence, SMS messages, chat transcripts, and other communications are retained for the duration of our relationship and for a reasonable period thereafter to maintain service records and respond to inquiries.

Billing and Financial Records: Retained for at least seven years to comply with accounting, tax requirements, and financial regulations.

Marketing Preferences: Remain active until you opt out, after which we keep a record of your "opt-out" request to ensure compliance and prevent future marketing communications.

Assessment and Evaluation Data: Results from business assessments, self-evaluations, and strategic planning exercises are retained for as long as they are relevant to providing ongoing services and recommendations, unless you request deletion.

AI Interaction Data: Conversations and interactions with our AI systems may be retained to improve service quality, train AI models, and provide personalized experiences, unless you request deletion or as required by law.

When data is no longer required, we securely delete or anonymize it according to industry best practices. We will take appropriate measures to properly destroy your personal data when we reach a point where your personal data is no longer needed.

In some circumstances, you can ask us to delete your data: see your legal rights below for further information. In some circumstances, we will anonymize your Personal Information (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.

To determine the appropriate retention period for Personal Information, we consider the amount, nature, and sensitivity of the Personal Information, the potential risk of harm from unauthorized use or disclosure of your Personal Information, the purposes for which we process your Personal Information, and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting, or other requirements.

In some cases, there is a legal requirement to keep Personal Information for a minimum period of time. Except in those circumstances, we do not keep your Personal Information for any longer than is necessary for the purposes for which the Personal Information was collected or for which it is to be further processed.

6.3 UNSUBSCRIBING FROM COMMUNICATIONS

You may unsubscribe from any of our online email updates and marketing by following the unsubscribe instructions in the body of any email message we have sent to you. For SMS messages, you can reply STOP to any text message to unsubscribe.

We will take commercially reasonable steps to implement your unsubscribe requests promptly, but you may still receive promotional information from us by mail for up to 60 days, and up to 10 days for email. You may also continue to receive information from those third parties to whom we have previously disclosed your Personal Information.

Please note that when you unsubscribe from our marketing communications, we will keep a record of your email address and/or phone number to ensure we do not send you marketing emails or SMS messages in future. You will continue to receive transactional emails and messages related to services you have purchased or requested.