Privacy Policy

1. Introduction

Greysolve Consulting ("we," "our," or "us") is committed to protecting the privacy and security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our identity and access management (IAM) services, access management platforms, and related professional services (collectively, the "Services").

By using our Services, you agree to the collection and use of information in accordance with this Privacy Policy.

2. Information We Collect

2.1 Personal Information You Provide

We collect information you voluntarily provide when using our Services:

• Contact Information: Name, email address, phone number, company name, job title
• Account Credentials: Username, password (encrypted), security questions
• Payment Information: Billing name, address, credit card or payment details
• Professional Information: LinkedIn profile, professional background, work history
• Communication Data: Information from your inquiries, support requests, and correspondence with us

2.2 Information Collected Automatically

When you access our Services, we automatically collect:

• Technical Information: IP address, browser type, device information, operating system
• Usage Data: Access logs, feature usage, session duration, pages visited
• Performance Data: System performance metrics, error logs, diagnostic information
• Location Data: General geographic location based on IP address

2.3 Information from Third-Party Sources

We may receive information from:

• Business Partners: Information shared during integrations with Microsoft 365, Azure AD, AWS, Google Workspace, QuickBooks, and other platforms
• Identity Providers: Authentication data from SSO providers
• Public Sources: Publicly available professional information
• Service Providers: Analytics providers, security monitoring services

2.4 Sensitive Data

In providing IAM services, we may process:

• Access Control Data: User permissions, role assignments, access policies
• Audit Logs: Access attempts, authorization decisions, system changes
• Authentication Data: Multi-factor authentication records, login history
• Compliance Data: SOC 2, HIPAA, PCI-DSS related access control information

3. How We Use Your Information

We use collected information for the following purposes:

3.1 Service Delivery

• Provide, operate, and maintain our IAM Services
• Implement access management, SSO, MFA, and PAM solutions
• Monitor and analyze system performance and security
• Conduct automated compliance reviews and audits
• Generate reports and analytics for clients

3.2 Communication

• Respond to inquiries and support requests
• Send service notifications and updates
• Provide technical documentation and training
• Communicate about account status and billing

3.3 Security and Compliance

• Detect, prevent, and respond to security threats
• Investigate fraud, abuse, or policy violations
• Comply with legal obligations and regulatory requirements
• Maintain audit trails and compliance documentation
• Enforce our terms of service and acceptable use policies

3.4 Business Operations

• Process payments and manage billing
• Improve and optimize our Services
• Develop new features and functionality
• Conduct internal research and analytics
• Manage vendor relationships

3.5 Marketing (With Consent)

• Send promotional materials about our Services
• Provide industry insights and best practices
• Conduct surveys and gather feedback
• Invite you to webinars and events

4. How We Share Your Information

We do not sell your personal information. We share information only in the following circumstances:

4.1 Service Providers

We engage trusted third-party service providers who perform services on our behalf:

• Cloud Infrastructure: AWS, Azure, DigitalOcean for hosting and data processing
• Communication Services: RingCentral, email service providers
• Payment Processors: Stripe, credit card processors
• Analytics Providers: Performance monitoring and analytics tools
• Security Services: Threat detection and security monitoring

Third-Party Data Sharing Commitment: We do not share SMS opt-in information, phone numbers collected for SMS purposes, or customer contact information with third parties for their marketing purposes.

4.2 Client Organizations

When providing Services to organizational clients, we share relevant information with:

• Authorized administrators and decision-makers
• IT personnel responsible for system integration
• Compliance officers and auditors as necessary

4.3 Business Transfers

In the event of a merger, acquisition, reorganization, or sale of assets, your information may be transferred as part of that transaction.

4.4 Legal Requirements

We may disclose information when required to:

• Comply with legal obligations, court orders, or subpoenas
• Enforce our terms of service or protect our rights
• Respond to lawful government requests
• Protect the safety and security of our users and the public
• Prevent fraud or investigate security incidents

4.5 With Your Consent

We may share information for other purposes with your explicit consent.

5. Data Security

We implement comprehensive security measures to protect your information:

5.1 Technical Safeguards

• Encryption: Data encrypted in transit (TLS 1.2+) and at rest (AES-256)
• Access Controls: Role-based access control (RBAC) and principle of least privilege
• Network Security: Firewalls, intrusion detection/prevention systems, VPC isolation
• Authentication: Multi-factor authentication for administrative access
• Security Monitoring: 24/7 monitoring, automated threat detection, incident response

5.2 Organizational Safeguards

• Personnel Screening: Background checks for employees with data access
• Training: Regular security and privacy training for all personnel
• Policies: Documented information security policies and procedures
• Access Logging: Comprehensive audit trails of all data access
• Vendor Management: Security assessments of third-party providers

5.3 Compliance Certifications

Our security practices align with industry standards including:

• SOC 2 Type II controls
• ISO 27001 information security management
• NIST Cybersecurity Framework
• HIPAA Security Rule (where applicable)
• PCI-DSS (for payment data)

6. Data Retention

We retain personal information for as long as necessary to:

• Provide ongoing Services to you
• Comply with legal and regulatory requirements
• Maintain audit trails and compliance documentation
• Resolve disputes and enforce agreements

Retention Periods:

• Active Account Data: Duration of service relationship plus 30 days
• Audit Logs: Minimum 7 years (or as required by applicable regulations)
• Financial Records: 7 years from transaction date
• Marketing Data: Until you opt out or request deletion

Upon termination of Services, we will securely delete or anonymize your data in accordance with our data retention schedule and applicable law.

7. Your Privacy Rights

Depending on your location, you may have the following rights:

7.1 Access and Portability

• Request access to personal information we hold about you
• Receive a copy of your data in a portable format

7.2 Correction and Update

• Correct inaccurate or incomplete information
• Update your account details and preferences

7.3 Deletion

• Request deletion of your personal information
• Subject to legal retention requirements and legitimate business needs

7.4 Restriction and Objection

• Restrict processing of your information
• Object to processing based on legitimate interests
• Opt out of marketing communications

7.5 Withdrawal of Consent

• Withdraw consent for processing activities where consent was the legal basis
• Note: Withdrawal may affect our ability to provide certain Services

7.6 Data Protection Authority

• Lodge a complaint with your local data protection authority

Exercising Your Rights: To exercise these rights, contact us at privacy@greysolve.com. We will respond within 30 days.

8. International Data Transfers

Our Services may involve transferring data internationally. We ensure appropriate safeguards are in place:

• Standard Contractual Clauses (SCCs) approved by relevant authorities
• Data Processing Agreements with international service providers
• Compliance with EU-US Data Privacy Framework principles (where applicable)
• Encryption and security measures during transit and storage

9. Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your experience:

9.1 Types of Cookies

• Essential Cookies: Required for Service functionality
• Performance Cookies: Analyze usage and improve performance
• Functional Cookies: Remember preferences and settings
• Analytics Cookies: Understand how users interact with our Services

9.2 Cookie Management

You can control cookies through your browser settings. Disabling certain cookies may affect Service functionality.

10. Third-Party Links and Services

Our Services may contain links to third-party websites and integrate with third-party platforms. This Privacy Policy does not apply to third-party services. We recommend reviewing their privacy policies.

We are not responsible for the privacy practices of:

• Social media platforms
• Client systems we integrate with
• External websites linked from our Services
• Third-party applications used alongside our Services

11. Children's Privacy

Our Services are not directed to individuals under 18. We do not knowingly collect personal information from children. If we become aware of such collection, we will promptly delete the information.

12. SMS/MMS Communications

If you opt in to receive SMS/MMS communications:

• Consent: We obtain written consent before sending marketing or promotional messages
• No Third-Party Sharing: SMS opt-in information and phone numbers collected for SMS purposes are never shared with third parties
• No Purchased Lists: We do not use purchased lists or third-party lead lists for SMS campaigns
• Opt-Out: Reply STOP to any message to unsubscribe. Standard message and data rates may apply.
• Frequency: Marketing messages sent no more than 4 times per month unless urgent
• Support: Reply HELP for support or contact support@greysolve.com

13. California Privacy Rights (CCPA)

California residents have additional rights under the California Consumer Privacy Act:

13.1 Right to Know

Request disclosure of:

• Categories of personal information collected
• Sources of personal information
• Business purposes for collection
• Categories of third parties with whom we share information
• Specific pieces of personal information we hold

13.2 Right to Delete

Request deletion of personal information, subject to exceptions.

13.3 Right to Opt-Out

Opt out of the "sale" of personal information (Note: We do not sell personal information).

13.4 Non-Discrimination

We will not discriminate against you for exercising your CCPA rights.

Do Not Sell My Personal Information: We do not sell personal information as defined by CCPA.

14. European Privacy Rights (GDPR)

For European Economic Area (EEA), UK, and Swiss residents:

14.1 Legal Basis for Processing

We process personal data based on:

• Contract Performance: To provide Services you've requested
• Legitimate Interests: To improve Services, prevent fraud, ensure security
• Legal Obligation: To comply with applicable laws
• Consent: Where you have provided specific consent

14.2 Data Controller

Greysolve Consulting acts as:

• Data Controller: For our own business operations and marketing
• Data Processor: When providing IAM services to client organizations

14.3 Data Protection Officer

For GDPR-related inquiries, contact our Data Protection Officer at dpo@greysolve.com.

14.4 Cross-Border Transfers

We use Standard Contractual Clauses for transfers outside the EEA.

15. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in:

• Our Services and business practices
• Legal and regulatory requirements
• Technology and security standards

Notification: We will notify you of material changes via:

• Email to your registered address
• Prominent notice on our website
• In-app notifications

Your Continued Use: Continued use of Services after changes constitutes acceptance of the updated Privacy Policy.

16. Contact Information

For questions, concerns, or requests regarding this Privacy Policy or our privacy practices:

Greysolve Consulting
Email: privacy@greysolve.com
Support: support@greysolve.com
Phone: [Insert Phone Number]
Address: [Insert Physical Address]

Data Protection Officer: dpo@greysolve.com
Security Incidents: security@greysolve.com

17. Compliance and Certifications

Greysolve Consulting maintains compliance with:

• SOC 2 Type II
• ISO 27001 (in progress)
• HIPAA Business Associate requirements (where applicable)
• PCI-DSS (for payment processing)
• GDPR and CCPA privacy frameworks
• RingCentral Third-Party Requirements (TPR)

For compliance documentation or to request our latest audit reports, contact compliance@greysolve.com.

---

Acknowledgment: By using Greysolve Consulting Services, you acknowledge that you have read, understood, and agree to this Privacy Policy.