Privacy Policy

1. Overview

Telos Brothers, LLC ("Telos Brothers," "we," "our," or "us") is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy describes how we collect, use, disclose, store, and protect information obtained from users of our website, platform, and services (collectively, the "Services").

As a veteran-owned consulting firm specializing in management consulting, technology solutions, and business automation, we recognize the critical importance of maintaining the confidentiality, integrity, and availability of client information. This Privacy Policy reflects our commitment to transparency and compliance with applicable data protection laws and regulations.

This Privacy Policy applies to all information collected through:

• Our website at telosbrothers.com and any related subdomains
• Our web-based platform and applications
• Email, telephone, and other electronic communications
• In-person interactions and meetings
• Third-party platforms where we maintain a presence

By accessing or using our Services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with our policies and practices, you should not use our Services.

2. Information We Collect

We collect information that you provide directly to us, information we obtain automatically when you use our Services, and information from third-party sources. The categories of information we collect include:

2.1 Personal Information You Provide

When you interact with our Services, we may collect the following types of personal information:

2.2 Information Collected Automatically

When you access or use our Services, we automatically collect certain information about your device and usage patterns:

2.3 Information from Third-Party Sources

We may receive information about you from third-party sources, including:

• Business partners and referral sources who recommend our services
• Professional networking platforms (e.g., LinkedIn) when you connect with us
• Public databases, government records, and business directories
• Data enrichment services that help us maintain accurate contact information
• Analytics providers and marketing platforms
• Social media platforms (when you interact with our content)

We combine information from third-party sources with information we collect directly to provide better service, verify information accuracy, and improve our understanding of your needs.

3. How We Use Your Information

We use the information we collect for legitimate business purposes, including:

3.1 Service Provision and Delivery

• Providing, maintaining, and improving our consulting and technology services
• Creating and managing your account
• Processing and fulfilling service requests
• Responding to inquiries, questions, and support requests
• Scheduling consultations, meetings, and project milestones
• Delivering proposals, reports, and project deliverables
• Managing client relationships and project workflows
• Providing technical support and troubleshooting

3.2 Business Operations and Administration

• Processing payments and managing billing
• Maintaining accurate financial and business records
• Conducting internal analytics and business intelligence
• Performing quality assurance and service improvement initiatives
• Managing vendor and partner relationships
• Conducting audits and maintaining compliance

3.3 Communications and Marketing

• Sending service-related notifications and updates
• Providing industry insights, newsletters, and thought leadership (with your consent)
• Sharing relevant business opportunities and service offerings
• Conducting customer satisfaction surveys
• Responding to customer service inquiries
• Sending administrative information about policy changes or service updates

3.4 Research, Development, and Innovation

• Conducting market research and competitive analysis
• Developing new services, features, and capabilities
• Testing and implementing improvements to existing services
• Analyzing trends and usage patterns
• Creating anonymized and aggregated data for research purposes

3.5 Legal Compliance and Protection

• Complying with applicable laws, regulations, and legal processes
• Responding to lawful requests from government authorities
• Enforcing our terms of service and other agreements
• Protecting against fraud, security threats, and illegal activities
• Defending our legal rights and interests
• Investigating and preventing potential policy violations

3.6 Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA), United Kingdom, and Switzerland, we process personal data based on the following legal grounds:

• Consent: When you have given explicit consent for specific processing activities (e.g., marketing communications)
• Contractual Necessity: When processing is necessary to perform our contractual obligations to you
• Legal Obligation: When we must process data to comply with applicable laws and regulations
• Legitimate Interests: When processing is necessary for our legitimate business interests, balanced against your rights and interests (e.g., fraud prevention, business analytics, service improvement)
• Vital Interests: In rare cases, when processing is necessary to protect someone's life or physical safety

4. Information Sharing and Disclosure

We may share your information only in the following limited circumstances:

4.1 Service Providers and Business Partners

We engage carefully vetted third-party service providers who perform services on our behalf. These providers are contractually obligated to protect your information and use it only for the purposes we specify. Categories of service providers include:

• Cloud infrastructure and hosting providers (e.g., Supabase, Vercel)
• Payment processors and financial services providers
• Customer relationship management (CRM) platforms
• Email delivery and communication services
• Analytics and performance monitoring tools
• Security and fraud prevention services
• Professional services (legal, accounting, auditing)
• IT support and maintenance providers

4.2 Professional Collaborators

With your prior consent or as necessary to deliver services, we may share information with:

• Strategic partners involved in joint service delivery
• Subcontractors and specialists working on your projects
• Professional advisors (attorneys, accountants, consultants) bound by confidentiality obligations
• Industry experts and subject matter specialists

4.3 Legal and Regulatory Compliance

We may disclose your information when required by law or when we believe in good faith that disclosure is necessary to:

• Comply with applicable laws, regulations, legal processes, or enforceable governmental requests
• Enforce our Terms of Service or other agreements, including investigation of potential violations
• Detect, prevent, or address fraud, security, or technical issues
• Protect against harm to the rights, property, or safety of Telos Brothers, our users, or the public as required or permitted by law
• Respond to claims that content violates the rights of third parties

4.4 Business Transfers and Corporate Transactions

In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or substantially all of our assets, your information may be transferred as part of that transaction. In such cases:

• We will provide notice before your information is transferred and becomes subject to a different privacy policy
• The acquiring entity will be required to honor the commitments made in this Privacy Policy
• You will have the opportunity to opt out of the transfer if the new entity's privacy practices materially differ from ours

4.5 Aggregated and De-Identified Information

We may share aggregated, anonymized, or de-identified information that cannot reasonably be used to identify you. Such information may be used for:

• Industry research and benchmarking
• Market trend analysis and reporting
• Service improvement and innovation
• Academic and scientific research

4.6 With Your Consent

We may share your information for purposes not described in this policy when we have your explicit consent to do so. You may withdraw your consent at any time by contacting us.

5. Data Security

We implement comprehensive administrative, technical, and physical security measures designed to protect your information from unauthorized access, disclosure, alteration, and destruction. Our security program includes:

5.1 Technical Safeguards

• Encryption: Data in transit is protected using TLS 1.2 or higher encryption. Sensitive data at rest is encrypted using industry-standard algorithms (AES-256 or equivalent)
• Secure Infrastructure: Our services are hosted on secure, SOC 2 compliant infrastructure with regular security audits
• Access Controls: Implementation of role-based access controls (RBAC) and principle of least privilege
• Authentication: Multi-factor authentication (MFA) for administrative access and optional MFA for user accounts
• Network Security: Firewalls, intrusion detection systems (IDS), and intrusion prevention systems (IPS)
• Vulnerability Management: Regular security patches, updates, and vulnerability scanning
• Security Monitoring: 24/7 monitoring for suspicious activities and security incidents
• Secure Development: Security by design principles and secure coding practices

5.2 Administrative Safeguards

• Access Limitation: Information access is restricted to authorized personnel who require it to perform their job functions
• Confidentiality Agreements: All employees, contractors, and partners sign comprehensive confidentiality and data protection agreements
• Security Training: Regular mandatory training on data privacy, security best practices, and incident response
• Background Checks: Thorough background screening for personnel with access to sensitive information
• Incident Response: Documented incident response plan with defined roles, procedures, and escalation paths
• Vendor Management: Due diligence reviews and ongoing assessment of third-party service providers
• Policy Framework: Comprehensive information security policies and procedures regularly reviewed and updated

5.3 Physical Safeguards

• Controlled access to office facilities with badge systems and visitor logs
• Secure storage of physical documents containing sensitive information
• Secure disposal procedures for physical media (cross-cut shredding, certified destruction)
• Environmental controls and disaster recovery measures
• Video surveillance in sensitive areas

5.4 Breach Notification

In the unlikely event of a data breach that may compromise your personal information, we will:

• Promptly investigate and assess the nature and scope of the breach
• Notify affected individuals without undue delay, as required by applicable law
• Report the breach to relevant regulatory authorities within required timeframes
• Provide information about the breach, affected data, and recommended protective measures
• Take immediate steps to contain and remediate the breach

5.5 Limitations and User Responsibility

While we implement robust security measures, please note:

• No method of transmission over the internet or electronic storage is 100% secure
• You are responsible for maintaining the confidentiality of your account credentials
• Use strong, unique passwords and enable MFA when available
• Do not share your account access with others
• Notify us immediately of any unauthorized access or security concerns
• Keep your contact information current so we can reach you about security matters

6. Your Privacy Rights

We respect your rights regarding your personal information. Depending on your jurisdiction, you may have some or all of the following rights:

6.1 Universal Rights

The following rights apply to all users, regardless of location:

• Right to Access: You may request a copy of the personal information we hold about you, including details about how we collect, use, and share your information
• Right to Correction: You may request correction of inaccurate, incomplete, or outdated personal information
• Right to Deletion: You may request deletion of your personal information, subject to certain legal exceptions (e.g., compliance obligations, legitimate business needs)
• Right to Opt-Out of Marketing: You may unsubscribe from marketing communications at any time using the unsubscribe link in emails or by contacting us
• Right to Object: You may object to certain processing of your information, particularly for direct marketing purposes

6.2 GDPR Rights (EEA, UK, and Swiss Residents)

If you are located in the European Economic Area, United Kingdom, or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR):

• Right to Data Portability: You may request transfer of your personal data to another service provider in a structured, commonly used, and machine-readable format
• Right to Restriction: You may request restriction of processing under certain circumstances (e.g., while we verify accuracy of contested data)
• Right to Withdraw Consent: When processing is based on consent, you may withdraw that consent at any time without affecting the lawfulness of processing before withdrawal
• Right to Lodge a Complaint: You have the right to lodge a complaint with your local data protection authority if you believe we have violated your privacy rights
• Rights Regarding Automated Decision-Making: You have the right to request human review of automated decisions that have legal or similarly significant effects on you

6.3 CCPA/CPRA Rights (California Residents)

California residents have specific rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

• Right to Know: You may request disclosure of the categories and specific pieces of personal information we have collected about you, the sources of that information, our business purposes for collecting it, and the categories of third parties with whom we share it
• Right to Delete: You may request deletion of personal information we have collected from you, subject to certain exceptions
• Right to Opt-Out of Sale: You have the right to opt out of the "sale" of personal information. Note: We do not sell personal information
• Right to Opt-Out of Sharing: You may opt out of sharing personal information for cross-context behavioral advertising
• Right to Correct: You may request correction of inaccurate personal information
• Right to Limit Use of Sensitive Personal Information: You may request limitation on use of sensitive personal information to only what is necessary to provide services
• Right to Non-Discrimination: You have the right to not receive discriminatory treatment for exercising your CCPA/CPRA rights
• Right to Designate an Authorized Agent: You may designate an authorized agent to make requests on your behalf

6.4 Other State Privacy Laws

Residents of other states with comprehensive privacy laws (including Virginia, Colorado, Connecticut, Utah, and others) may have similar rights to those outlined above. Please contact us to exercise your rights under applicable state law.

6.5 Exercising Your Rights

To exercise any of these rights, please contact us at privacy@telosbrothers.com. When submitting a request:

• Provide sufficient information to allow us to verify your identity
• Specify which right(s) you wish to exercise
• Provide any additional details that will help us process your request

We will respond to verified requests within the timeframes required by applicable law:

• GDPR requests: Within one month (extendable by two months for complex requests)
• CCPA/CPRA requests: Within 45 days (extendable by 45 days with notice)
• Other jurisdictions: As required by applicable law, typically 30-45 days

We do not charge a fee to process or respond to your verified requests unless they are excessive, repetitive, or manifestly unfounded. In such cases, we may charge a reasonable fee or refuse to act on the request.

7. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to collect information about your browsing activities and to distinguish you from other users of our Services. This helps us provide you with a better experience and improve our Services.

7.1 What Are Cookies?

Cookies are small text files that are placed on your device when you visit a website. They are widely used to make websites work more efficiently and provide information to website owners. Similar technologies include:

• Web beacons (pixel tags)
• Local storage objects
• Session storage
• Browser fingerprinting

7.2 Types of Cookies We Use

7.3 Third-Party Cookies

We may allow third-party service providers to place cookies on your device for the purposes described above. These providers include:

• Google Analytics (website analytics)
• Social media platforms (when you interact with social features)
• Marketing and advertising platforms

7.4 Managing Cookies

You have several options for managing cookies:

Important Note: Disabling cookies may affect the functionality of our Services. Essential cookies cannot be disabled if you want to use the core features of our platform.

7.5 Do Not Track Signals

Some browsers include a "Do Not Track" (DNT) feature that signals to websites you visit that you do not want your online activities tracked. Because there is currently no industry standard for how to respond to DNT signals, we do not currently respond to DNT browser settings. We will continue to monitor developments in DNT technology and industry standards.

8. Third-Party Services and Links

Our Services may integrate with, link to, or provide access to third-party websites, applications, and services. This Privacy Policy does not apply to those third-party services.

8.1 Third-Party Service Providers

We work with the following categories of third-party service providers:

• Infrastructure Services: Supabase (database, authentication, storage), Vercel (hosting, deployment)
• Analytics and Monitoring: Google Analytics, performance monitoring tools
• Communication Services: Email service providers, video conferencing platforms
• Payment Processing: Third-party payment processors (we do not store full payment card details)
• Social Media: LinkedIn, Twitter, and other social platforms for content sharing and professional networking
• Marketing Tools: CRM systems, email marketing platforms, advertising networks

8.2 External Links

Our Services may contain links to third-party websites, applications, or resources. When you click on these links:

• You will be directed away from our Services
• Those third parties' privacy policies will govern their collection and use of your information
• We are not responsible for the privacy practices or content of these third parties
• We encourage you to read the privacy policies of any third-party sites you visit

8.3 Social Media Features

Our Services may include social media features, such as share buttons or interactive mini-programs. These features may:

• Collect your IP address and the page you are visiting
• Set cookies to enable the feature to function properly
• Be hosted by the third-party social media platform or hosted directly on our Services

Your interactions with these features are governed by the privacy policy of the company providing them.

8.4 Data Processing Agreements

Where required by applicable law (such as GDPR), we maintain data processing agreements with third-party service providers that process personal data on our behalf. These agreements ensure that:

• Data is processed only for specified purposes and in accordance with our instructions
• Appropriate technical and organizational security measures are implemented
• Confidentiality obligations are maintained
• Subprocessors are only engaged with our authorization and under similar contractual restrictions
• We can audit their compliance with data protection obligations

9. International Data Transfers

Telos Brothers is based in the United States. Your personal information may be transferred to, stored, and processed in the United States and other countries where we or our service providers operate.

9.1 Cross-Border Data Transfers

When we transfer personal data from the European Economic Area (EEA), United Kingdom, or Switzerland to countries that do not provide an adequate level of data protection, we implement appropriate safeguards, including:

• Standard Contractual Clauses (SCCs): We use EU Standard Contractual Clauses (also known as Model Clauses) approved by the European Commission
• UK International Data Transfer Agreement (IDTA): For transfers from the UK, we use the UK IDTA or UK Addendum to SCCs
• Swiss Federal Act on Data Protection: For transfers from Switzerland, we comply with the Swiss Federal Act on Data Protection
• Adequacy Decisions: We may transfer data to countries deemed to provide adequate protection by relevant authorities
• Certification Mechanisms: We may rely on approved certification mechanisms, such as the EU-U.S. Data Privacy Framework (if applicable)
• Consent: In certain circumstances, we may rely on your explicit consent for specific transfers

9.2 Data Privacy Framework

We monitor and comply with applicable data privacy frameworks, including the EU-U.S. Data Privacy Framework and the Swiss-U.S. Data Privacy Framework, where relevant to our operations.

9.3 Requesting Information About Transfers

If you would like more information about our international data transfers and the safeguards we have in place, please contact us at privacy@telosbrothers.com.

10. Data Retention

We retain personal information for as long as necessary to fulfill the purposes for which it was collected, comply with legal obligations, resolve disputes, enforce our agreements, and support business operations.

10.1 Retention Periods by Data Category

10.2 Retention Criteria

When determining retention periods, we consider:

• The nature and sensitivity of the personal information
• Legal and regulatory requirements (e.g., tax, corporate, employment law)
• Contractual obligations to retain data
• Statute of limitations for potential legal claims
• Legitimate business needs and purposes
• The potential risk to individuals from continued retention
• Whether the purposes for which we collected the data still exist

10.3 Secure Disposal

When personal information is no longer needed, we securely delete or anonymize it using industry-standard methods:

• Electronic data: Secure deletion protocols, overwriting, or cryptographic erasure
• Physical records: Cross-cut shredding or certified destruction services
• Backup systems: Scheduled automated deletion as backups rotate
• Third-party systems: Contractual requirements for secure deletion

10.4 Archiving and Legal Holds

In certain circumstances, we may need to retain information beyond standard retention periods:

• To comply with a legal hold or preservation order
• For pending or ongoing litigation or regulatory investigations
• For audit or compliance purposes
• To protect against legal claims

11. Children's Privacy

11.1 Age Restrictions

Our Services are not intended for, nor designed to attract, individuals under the age of 18. We do not knowingly collect personal information from children under 18 years of age.

11.2 COPPA Compliance

In compliance with the Children's Online Privacy Protection Act (COPPA), we:

• Do not knowingly collect personal information from children under 13
• Do not knowingly allow children under 13 to create accounts
• Do not knowingly display interest-based advertising to children under 13
• Will delete any information we discover was collected from a child under 13

11.3 Parental Rights

If you are a parent or legal guardian and believe we have inadvertently collected information from your child under 18, please contact us immediately at privacy@telosbrothers.com. We will:

• Promptly investigate the matter
• Take steps to delete the information from our systems
• Ensure the child cannot continue using our Services
• Provide confirmation once the information has been deleted

11.4 School and Educational Settings

If we provide services in an educational context where minors may be present, we will:

• Obtain appropriate consent from the educational institution
• Comply with the Family Educational Rights and Privacy Act (FERPA) where applicable
• Limit data collection to what is necessary for educational purposes
• Implement additional safeguards for student data

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other operational factors.

12.1 Notification of Changes

When we make changes to this Privacy Policy, we will:

• Update the "Last Updated" date at the top of this policy
• Post the revised policy on our website
• For material changes that significantly affect your rights or how we process your data:
  • Provide prominent notice on our website or via email
  • Give you at least 30 days' notice before the changes take effect
  • Obtain your consent if required by applicable law

12.2 What Constitutes a Material Change

Material changes include, but are not limited to:

• Significant expansion of the types of personal information we collect
• Changes in the purposes for which we use your information
• New categories of third parties with whom we share information
• Changes to your rights or how you can exercise them
• Modifications to our data retention practices
• Changes in our legal basis for processing your information (for GDPR purposes)

12.3 Your Options

If you do not agree to the changes in our Privacy Policy:

• You may discontinue use of our Services
• You may request deletion of your personal information (subject to legal exceptions)
• For material changes requiring consent, you may withhold consent (though this may limit your ability to use certain features)

12.4 Reviewing the Policy

We encourage you to review this Privacy Policy periodically to stay informed about:

• How we collect, use, and protect your information
• Your rights and choices regarding your personal data
• Any changes to our privacy practices

Your continued use of our Services after the effective date of a revised Privacy Policy constitutes your acceptance of the terms.

13. Contact Us

We are committed to resolving any questions, concerns, or complaints about our privacy practices and this Privacy Policy. If you have any inquiries or wish to exercise your privacy rights, please contact us: