Privacy Policy

1. Types of Personal Data Collected

We collect various categories of personal information depending on your relationship with us:

1.1 Personal Identifiers

• Name, title, and contact information (email, phone, business address)
• Company name and professional affiliations
• Online identifiers (IP address, device identifiers)

1.2 Professional and Employment Information

• Job title, role, and responsibilities
• Company information and industry details
• Professional background and experience
• Business relationships and network connections

1.3 Commercial Information

• Service interests and engagement history
• Records of services provided
• Client preferences and requirements
• Transaction history and billing records

1.4 Payment Information

• Credit card or bank account details (when provided for payment processing)
• Billing addresses and payment preferences
• Transaction records and payment history

1.5 Internet and Network Activity

• IP addresses and browser information
• Website usage data and navigation patterns
• Device type, operating system, and browser version
• Cookies and similar tracking technologies
• Pages visited, time spent, and user interactions

1.6 Communications Data

• Email correspondence and attachments
• Meeting notes and call recordings (with consent)
• Forms submissions and survey responses
• Support requests and feedback

1.7 Public Source Information

• Publicly available business information
• Social media profiles and public posts
• Professional directory listings
• News articles and press releases

2. How Personal Data Is Collected

2.1 Direct Collection

• During client onboarding and service agreements
• Through service delivery and ongoing engagements
• Via email, phone, and in-person communications
• From forms, surveys, and intake processes
• During meetings, calls, and consultations

2.2 Online Interactions

• Website visits and user interactions
• Contact forms and download requests
• Cookie and analytics technologies
• Newsletter subscriptions and marketing interactions

2.3 Third-Party Sources

• Business partners and referral sources
• Service providers and technology platforms
• Public databases and professional directories
• Social media platforms and online sources
• Client-authorized third-party integrations

3. Use of Personal Data

3.1 Service Delivery

• Providing strategic financial advisory services
• Conducting analysis, modeling, and research
• Preparing deliverables, reports, and recommendations
• Managing client relationships and communications
• Coordinating meetings and project activities

3.2 Business Operations

• Account management and client service
• Billing, invoicing, and payment processing
• Internal training and quality assurance
• Service improvement and development
• Record keeping and compliance

3.3 Marketing and Communication

• Sending service-related communications
• Marketing our services (with appropriate consent)
• Conducting surveys and collecting feedback
• Newsletter distribution and content sharing
• Networking and business development activities

3.4 Website and Technology

• Website analytics and performance monitoring
• Security monitoring and fraud prevention
• Technical support and troubleshooting
• User experience optimization
• Cookie and preference management

3.5 Legal and Compliance

• Complying with applicable laws and regulations
• Responding to legal process and government requests
• Protecting our rights and business interests
• Enforcing agreements and preventing fraud

4. Legal Basis for Processing

4.1 Contractual Necessity

Processing necessary to perform our Services Agreement and deliver contracted services.

4.2 Legal Obligations

Processing required to comply with applicable laws, regulations, and legal requirements.

4.3 Legitimate Interests

Processing necessary for our legitimate business interests, including providing and improving our services, marketing and business development, security and fraud prevention, and internal operations and administration.

4.4 Consent

Processing based on your explicit consent, which you may withdraw at any time.

5. Sharing and Disclosure of Personal Data

5.1 Internal Sharing

• With employees and contractors directly involved in service delivery
• Among affiliated entities under common control
• For administrative, legal, and compliance purposes

5.2 Service Providers

We share information with trusted third-party service providers, including technology infrastructure and hosting providers, payment processing and billing services, marketing and analytics platforms, professional services (legal, accounting, insurance), and communication and collaboration tools. All service providers are contractually required to protect your information and use it only for specified purposes.

5.3 Legal and Regulatory Disclosure

We may disclose information when required by court orders, subpoenas, legal process, government agencies and regulatory authorities, law enforcement investigations, and legal obligations or to protect our rights.

5.4 Business Transactions

In connection with mergers, acquisitions, or sale of business assets, personal information may be transferred to the acquiring entity, subject to confidentiality protections.

5.5 With Your Consent

We may share information with third parties when you provide explicit consent, such as referrals to other professional service providers, introductions to potential business partners, or collaborative engagements with your other advisors.

5.6 We Do Not Sell Your Personal Data

We do not sell, rent, or trade your personal information to third parties for monetary or other valuable consideration. We do not share your personal information with third parties for their own independent marketing or advertising purposes without your explicit consent.

6. Cookies and Tracking Technologies

6.1 Cookie Usage

Our website uses cookies and similar technologies for essential website functionality and navigation, analytics and performance monitoring, user preference storage and customization, security and fraud prevention, and marketing and advertising optimization.

6.2 Third-Party Analytics

We use third-party analytics services to understand website usage and improve user experience. These services may collect page views and navigation patterns, device and browser information, general geographic location, and referral sources. Our current analytics provider operates without cookies and does not track individual users across sites.

6.3 Cookie Management

You can manage cookies through browser settings, cookie consent tools on our website, opt-out mechanisms provided by analytics services, and third-party privacy tools and extensions.

7. Data Retention

7.1 Retention Periods

• Active Client Relationships: Throughout the duration of our engagement
• Financial Records: Seven (7) years after engagement completion
• General Business Records: Five (5) years after last interaction
• FounderFinance.ai Submissions: Seven (7) years after delivery, consistent with standard financial records retention, unless you request earlier deletion
• Marketing Information: Until you opt out or we determine retention is no longer necessary
• Website Analytics: As determined by third-party service provider policies

7.2 Secure Deletion

When retention periods expire, we securely delete or anonymize information using industry-standard methods and procedures.

8. Data Security

8.1 Security Measures

• Encryption of data in transit and at rest
• Multi-factor authentication and access controls
• Regular security assessments and monitoring
• Employee training on data protection protocols
• Secure backup and disaster recovery procedures
• Vendor security assessments and agreements

8.2 Access Controls

Access to personal information is limited to employees with legitimate business needs, authorized service providers under contract, senior management for oversight purposes, and legal and compliance personnel when necessary.

8.3 Limitations and Responsibilities

While we implement robust security measures, no system is completely secure. You are responsible for protecting your own devices and accounts, using secure communication methods when sharing sensitive information, and promptly notifying us of any suspected security incidents.

9. International Data Transfers

Personal information may be transferred to and processed in countries other than your country of residence, including the United States. When we transfer data internationally, we ensure appropriate safeguards are in place, such as contractual protections and data processing agreements, compliance with applicable data protection frameworks, and implementation of technical and organizational security measures.

10. Your Privacy Rights

10.1 Right to Know and Access

Request confirmation of what personal information we maintain about you, obtain copies of your personal information, and receive information about our data practices and sharing.

10.2 Right to Correction

Request correction of inaccurate or incomplete personal information, and update your contact information and preferences.

10.3 Right to Deletion

Request deletion of your personal information, subject to legal and contractual limitations, and withdraw consent for processing based on consent.

10.4 Right to Restrict or Object

Restrict certain types of processing, object to processing for marketing purposes, and opt out of marketing communications.

10.5 Right to Data Portability

Receive your personal information in a portable format and transfer information to another service provider (where applicable).

10.6 Exercising Your Rights

To exercise these rights, email legal@thelhgrp.com with subject line “Privacy Rights Request.” Include your name, contact information, and specific request. We may request additional information to verify your identity and will respond within 30 days of receipt.

10.7 Appeals Process

If your privacy rights request is denied, you may appeal by contacting us at legal@thelhgrp.com with subject line “Privacy Rights Appeal” within 30 days of our response.

10.8 California Residents

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), including the right to know what personal information we collect, use, disclose, and sell; the right to delete personal information we have collected from you (subject to certain exceptions); the right to correct inaccurate personal information; the right to opt out of the sale or sharing of personal information (we do not sell or share personal information as described in Section 5.6); the right to limit use and disclosure of sensitive personal information; and the right to non-discrimination for exercising your privacy rights. To exercise your California privacy rights, email legal@thelhgrp.com with subject line “California Privacy Rights Request.” We will respond within 45 days as required by California law.

11. Children's Privacy

Our services are not directed to individuals under 18 years of age, and we do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child, we will take steps to delete such information promptly.

12. Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our business practices or services, new legal or regulatory requirements, enhanced privacy protections, and feedback from clients and stakeholders. We will notify you of material changes by email (if you are an active client) and by posting the updated policy on our website with a new effective date.

13. Contact Information

For questions, concerns, or requests regarding this Privacy Policy or our privacy practices:

The Lighthouse Group LLC
Privacy Contact: legal@thelhgrp.com

We are committed to addressing your privacy concerns promptly and transparently. Please allow up to 30 days for a response to privacy-related inquiries.