Privacy Policy
U.S. Multi-State Privacy Notice
Effective Date:
Last Updated:
Privacy at a Glance
This section provides a plain-English overview of our privacy practices. The detailed legal terms follow below.
What We Collect
We collect information you provide directly (name, email, website URL) when you request an assessment or contact us. We also collect standard technical data (IP address, browser type) through cookies — but only after you consent.
How We Use It
We use your information to provide our services, respond to your inquiries, improve our website, and comply with legal obligations. We do not use your data for purposes incompatible with these uses.
We Do Not Sell Your Data
Unified Stack LLC does not sell, rent, or share your personal information for monetary or other valuable consideration. We do not engage in cross-context behavioral advertising. This applies to all users, regardless of state of residence.
Your Rights
Depending on your state of residence, you may have the right to access, correct, delete, or transfer your personal information. You may also opt out of certain data practices. We honor these rights for all U.S. residents, regardless of whether your state has enacted privacy legislation.
How to Exercise Your Rights
Submit a request through our Secure Privacy Request Form or email privacy@unifiedstack.io. We respond to all verified requests within 45 days.
Global Privacy Control
We honor Global Privacy Control (GPC) signals. If your browser sends a GPC signal, we will treat it as a valid opt-out request for the sale or sharing of your personal information.
Detailed Privacy Policy
1. Introduction and Scope
Unified Stack LLC ("Unified Stack," "Company," "we," "our," or "us") is a web compliance and infrastructure consultancy. We are committed to protecting the privacy and security of personal information entrusted to us by our clients, website visitors, and other individuals.
This Privacy Policy applies to personal information collected through our website at unifiedstack.io and its subdomains, as well as information collected in the course of providing our professional services.
This Policy is designed to comply with applicable U.S. state privacy laws, including but not limited to:
- California Consumer Privacy Act / California Privacy Rights Act (CCPA/CPRA)
- Virginia Consumer Data Protection Act (VCDPA)
- Colorado Privacy Act (CPA)
- Connecticut Data Privacy Act (CTDPA)
- Utah Consumer Privacy Act (UCPA)
- Texas Data Privacy and Security Act (TDPSA)
- Oregon Consumer Privacy Act (OCPA)
- Montana Consumer Data Privacy Act (MTCDPA)
- Tennessee Information Protection Act (TIPA)
- Iowa Consumer Data Protection Act (ICDPA)
- Indiana Consumer Data Protection Act (INCDPA)
- Delaware Personal Data Privacy Act (DPDPA)
- New Jersey Data Privacy Act (NJDPA)
- Kentucky Consumer Data Protection Act (KCDPA)
- Nebraska Data Privacy Act (NDPA)
- New Hampshire Privacy Act (NHPA)
- Maryland Online Data Privacy Act (MODPA)
- Minnesota Consumer Data Privacy Act (MNCDPA)
- Rhode Island Data Transparency and Privacy Protection Act (RIDTPPA)
As additional state privacy laws take effect, we will update this Policy to ensure continued compliance.
2. Categories of Personal Information We Collect
2.1 Information You Provide Directly
When you interact with our website or services, you may provide the following categories of personal information:
| Category | Examples | Purpose |
|---|---|---|
| Identifiers | Name, email address, company name | To respond to inquiries and provide services |
| Contact Information | Email address, phone number (if provided) | To communicate about services and assessments |
| Professional Information | Job title, company website URL, industry | To provide relevant consulting services |
| Communications Content | Messages, inquiries, feedback you submit | To address your questions and concerns |
2.2 Information Collected Automatically
When you visit our website, we may automatically collect certain technical information through cookies and similar technologies, but only after you provide consent through our cookie consent mechanism:
| Category | Examples | Purpose |
|---|---|---|
| Device Information | IP address, browser type, operating system, device identifiers | Security, analytics, and website optimization |
| Usage Data | Pages visited, time on site, referring URL, click patterns | To improve website functionality and content |
| Location Data (Approximate) | City or region derived from IP address | Analytics and content localization |
2.3 Sensitive Personal Information
We do not intentionally collect sensitive personal information (such as Social Security numbers, financial account information, precise geolocation, racial or ethnic origin, religious beliefs, health information, sexual orientation, or genetic data) through our website. If you are a client engaging our HIPAA compliance consulting services, any protected health information (PHI) you share is handled in accordance with applicable Business Associate Agreements and HIPAA regulations, not this general Privacy Policy.
2.4 Information We Do Not Collect
We do not collect:
- Biometric information
- Genetic data
- Information from children under 16 years of age
- Information for the purpose of selling or sharing for targeted advertising
3. How We Use Personal Information
We use the personal information we collect for the following business and commercial purposes:
3.1 Service Delivery
- To respond to your inquiries and requests
- To provide digital risk assessments and consulting services
- To communicate with you about your project or engagement
- To deliver reports, recommendations, and deliverables
3.2 Website Operations
- To operate, maintain, and improve our website
- To analyze usage patterns and optimize user experience
- To detect and prevent security threats, fraud, or abuse
- To debug and repair errors in our systems
3.3 Communications
- To send service-related communications (e.g., confirmations, updates)
- To respond to your comments, questions, and support requests
- With your consent, to send marketing communications about our services
3.4 Legal and Compliance
- To comply with applicable laws, regulations, and legal processes
- To enforce our terms of service and other agreements
- To protect our rights, privacy, safety, or property
We do not use personal information for purposes materially different from those disclosed at the time of collection without providing you notice and, where required, obtaining your consent.
4. Sale and Sharing of Personal Information
Our Commitment: We Do Not Sell or Share Your Personal Information
Unified Stack LLC does not sell personal information. We do not exchange personal information for monetary compensation. We do not share personal information for cross-context behavioral advertising purposes.
This commitment applies to all categories of personal information and to all individuals, regardless of state of residence. We have not sold or shared personal information in the preceding 12 months and have no intention of doing so in the future.
4.1 Disclosure for Business Purposes
We may disclose personal information to service providers who assist us in operating our business. These disclosures are not "sales" or "sharing" under applicable privacy laws because they are made pursuant to written contracts that restrict the service provider's use of the information to the specific purposes of our engagement.
Service providers we use include:
- Web3Forms: Form submission processing
- Google Analytics: Website analytics (consent-based only)
- Vercel: Website hosting and content delivery
4.2 Other Disclosures
We may disclose personal information in the following circumstances:
- Legal Requirements: When required by law, subpoena, court order, or government request
- Protection of Rights: To protect our rights, privacy, safety, or property, or that of our users or the public
- Business Transfers: In connection with a merger, acquisition, bankruptcy, or sale of assets, subject to standard confidentiality requirements
- With Your Consent: When you have given us explicit permission to share your information
5. Your Privacy Rights
Depending on your state of residence, you may have certain rights regarding your personal information. As a matter of policy, Unified Stack extends the following rights to all U.S. residents, regardless of whether your state has enacted comprehensive privacy legislation:
5.1 Right to Know / Access
You have the right to request that we disclose what personal information we have collected about you, including:
- The categories of personal information collected
- The specific pieces of personal information collected
- The categories of sources from which information was collected
- The business or commercial purposes for collection
- The categories of third parties with whom information was shared
5.2 Right to Delete
You have the right to request that we delete personal information we have collected from you, subject to certain exceptions (such as information necessary to complete a transaction, detect security incidents, comply with legal obligations, or exercise free speech).
5.3 Right to Correct
You have the right to request that we correct inaccurate personal information we maintain about you, taking into account the nature of the information and the purposes of processing.
5.4 Right to Data Portability
You have the right to request a copy of your personal information in a portable, readily usable format that allows you to transmit the data to another entity.
5.5 Right to Opt Out
You have the right to opt out of:
- The sale of personal information (we do not sell personal information)
- Sharing for targeted advertising (we do not share for this purpose)
- Profiling in furtherance of automated decision-making (we do not engage in such profiling)
5.6 Right to Non-Discrimination
We will not discriminate against you for exercising any of your privacy rights. We will not deny goods or services, charge different prices, provide different quality of service, or retaliate against you for exercising your rights.
5.7 Right to Appeal
If we decline to take action on your request, you have the right to appeal that decision. To appeal, email privacy@unifiedstack.io with "Privacy Appeal" in the subject line. We will respond to appeals within the timeframe required by applicable law.
6. How to Exercise Your Privacy Rights
6.1 Submitting a Request
To exercise any of the rights described above, you may:
- Submit a Secure Privacy Request Form: [Secure Privacy Request Form]
- Email Us: privacy@unifiedstack.io
When submitting a request, please provide sufficient information to allow us to verify your identity and locate your records. This typically includes your name, email address, and the nature of your request.
6.2 Verification Process
To protect your privacy and security, we must verify your identity before fulfilling your request. We will use the information you provide in your request to verify your identity against information we already maintain.
We may request additional information to confirm you are the individual whose personal information is the subject of the request. This may include:
- Confirmation of information we have on file (e.g., confirming your email address)
- A signed declaration under penalty of perjury (for deletion or access to specific pieces of information)
- Additional identifying information if we cannot reasonably verify your identity with the information provided
We will not fulfill requests if we cannot verify the requestor's identity to a reasonable degree of certainty.
6.3 Authorized Agents
You may designate an authorized agent to submit a request on your behalf. We may require the agent to provide proof of written authorization and may still require you to verify your identity directly with us, unless the agent has a valid power of attorney.
6.4 Response Timing
We will acknowledge receipt of your request within 10 business days and provide a substantive response within 45 days of receiving a verified request. If we require additional time (up to an additional 45 days), we will notify you of the extension and the reason for it.
7. Global Privacy Control (GPC) and Do Not Track
We honor Global Privacy Control (GPC) signals. If your browser or device transmits a GPC signal, we will treat that signal as a valid request to opt out of the "sale" or "sharing" of your personal information, as those terms are defined under applicable state privacy laws.
Because we do not sell or share personal information for targeted advertising, honoring a GPC signal primarily serves as confirmation of our existing practices. However, we recognize and respect GPC as a valid expression of your privacy preferences.
We do not currently respond to "Do Not Track" (DNT) browser signals, as there is no industry-wide standard for DNT compliance. We may update this practice as standards evolve.
9. Data Retention
We retain personal information only for as long as necessary to fulfill the purposes for which it was collected, including to satisfy legal, accounting, or reporting requirements.
9.1 Retention Periods
| Data Category | Retention Period | Rationale |
|---|---|---|
| Assessment request data | Duration of business relationship + 3 years | Service delivery, legal compliance, potential disputes |
| Email communications | 3 years from last communication | Business records, legal compliance |
| Analytics data | 26 months (Google Analytics default) | Website optimization, trend analysis |
| Cookie consent preferences | 12 months (stored in your browser) | Remember your choices |
9.2 Deletion
When personal information is no longer necessary for the purposes for which it was collected, we will securely delete or anonymize it. If deletion is not immediately possible (for example, because the information is stored in backup archives), we will securely store the information and isolate it from further processing until deletion is possible.
10. Data Security
We implement appropriate technical and organizational measures designed to protect personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:
- TLS/HTTPS encryption for all data in transit
- Secure hosting infrastructure with enterprise-grade providers
- Access controls limiting personnel access to personal information
- Regular security assessments and monitoring
- Content Security Policy (CSP) and other security headers
- Vendor security assessments for service providers
No method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee absolute security.
11. Children's Privacy
Our website and services are not directed to individuals under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal information from a child under 16 without verification of parental consent, we will take steps to delete that information promptly.
If you believe we have collected information from a child under 16, please contact us at privacy@unifiedstack.io.
12. International Data Transfers
Unified Stack LLC is based in the United States. If you access our website from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States and other countries where our service providers operate.
By using our website or providing us with your information, you acknowledge that your personal information will be processed in accordance with this Privacy Policy and applicable U.S. law.
13. Third-Party Links and Services
Our website may contain links to third-party websites or services. This Privacy Policy does not apply to those third-party sites. We encourage you to review the privacy policies of any third-party sites you visit.
Third-party services we integrate with include:
- Google Analytics: Google Privacy Policy
- Web3Forms: Web3Forms Privacy Policy
14. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes, we will:
- Update the "Last Updated" date at the top of this Policy
- Provide notice on our website or through other appropriate means
- Where required by law, obtain your consent to material changes
We encourage you to review this Privacy Policy periodically. Your continued use of our website after changes are posted constitutes your acceptance of the updated Policy.
15. State-Specific Disclosures
15.1 California Residents (CCPA/CPRA)
If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA). In addition to the rights described in Section 5, you have the right to:
- Know whether we sell or share your personal information (we do not)
- Limit the use and disclosure of sensitive personal information (we do not collect sensitive personal information)
- Not be discriminated against for exercising your CCPA/CPRA rights
California "Shine the Light" Law: California Civil Code Section 1798.83 permits California residents to request information about disclosure of personal information to third parties for their direct marketing purposes. We do not disclose personal information to third parties for their direct marketing purposes.
15.2 Virginia, Colorado, Connecticut, and Other State Residents
Residents of Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Utah (UCPA), Texas (TDPSA), Oregon (OCPA), and other states with comprehensive privacy laws have rights substantially similar to those described in Section 5. We honor these rights for all U.S. residents as a matter of policy.
If you are a resident of a state with privacy legislation and wish to exercise your rights, please use the contact methods described in Section 6.
15.3 Nevada Residents
Nevada residents may opt out of the sale of certain "covered information" under Nevada Revised Statutes Chapter 603A. We do not sell covered information as defined under Nevada law. If you wish to submit an opt-out request, please email privacy@unifiedstack.io.
16. Contact Information
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
Unified Stack LLCPrivacy Inquiries
Email: privacy@unifiedstack.io
Privacy Request Form: [Secure Privacy Request Form]
We aim to respond to all privacy-related inquiries within 10 business days.