Privacy Policy

We collect personal information in three ways:

1. Information you provide directly. When you contact us, request a proposal, or engage us for services, we collect your name, email address, employer or company, and any details you choose to share in your message or in subsequent correspondence.
2. Information collected automatically. When you visit our website, our hosting provider and any analytics tools we use may log technical information such as IP address, browser type and version, operating system, referring URL, pages viewed, and access timestamps. This information helps us understand site usage and maintain security.
3. Information from third parties. We may receive contact details from mutual introductions, professional networks, or publicly available business directories.

We do not knowingly collect sensitive personal information (as defined under the CCPA/CPRA) and we do not collect personal information from children under the age of 16.

We use personal information for the following purposes:

• To respond to inquiries and communicate about prospective work.
• To deliver, administer, and improve our professional services under any engagement we enter with you or your organization.
• To send invoices, process payments, and maintain records required for tax, accounting, or other legal compliance.
• To operate, secure, and improve our website.
• To comply with legal obligations and respond to lawful requests from public authorities.
• To establish, exercise, or defend legal claims.

We do not use personal information to make solely automated decisions that produce legal or similarly significant effects about you, and we do not engage in profiling for targeted advertising.

We do not sell personal information, and we do not share personal information for cross-context behavioral advertising, in each case as those terms are defined under the CCPA/CPRA. We disclose personal information only as follows:

• Service providers. We use a small number of vetted third-party providers — for example, email and calendar hosting, website hosting, analytics, payment processing, and accounting tools — who process information on our behalf under contractual confidentiality and data-protection obligations.
• Professional advisors. Our legal, accounting, and insurance advisors, where access is necessary for them to perform their services for us.
• Legal and safety. Where required by applicable law, subpoena, court order, or other legal process; to enforce our agreements; or to protect the rights, property, or safety of Accordance, our clients, or others.
• Business transitions. In connection with a merger, acquisition, financing, reorganization, or sale of assets, subject to customary confidentiality protections.

Depending on the U.S. state in which you reside, you may have some or all of the following rights with respect to your personal information:

• Right to know / access the categories and specific pieces of personal information we have collected about you, the sources, the purposes, and the categories of recipients.
• Right to delete personal information we have collected from you, subject to legal exceptions.
• Right to correct inaccurate personal information.
• Right to portability — to receive a copy of your personal information in a portable, readily usable format.
• Right to opt out of the sale or sharing of personal information and of certain profiling. (As noted above, we do not sell or share personal information.)
• Right to limit the use of sensitive personal information. (We do not collect sensitive personal information for purposes that would trigger this right.)
• Right to non-discrimination for exercising any of these rights.

To exercise any of these rights, contact us at privacy@accordance.llc. We will verify your identity using information already in our records before responding. You may also designate an authorized agent to make a request on your behalf, accompanied by written authorization that we may verify. We will respond within the timeframes required by applicable law (generally 45 days, with one 45-day extension where permitted).

California residents may also request information about our disclosures of personal information for direct-marketing purposes under California's "Shine the Light" law (Cal. Civ. Code § 1798.83). We do not disclose personal information to third parties for their direct-marketing use.

If you are located in Canada, you have the following rights under PIPEDA and, if you are in Quebec, under Quebec Law 25:

• Access to the personal information we hold about you and information about how it has been used and to whom it has been disclosed.
• Correction of inaccurate or incomplete personal information.
• Withdrawal of consent to our collection, use, or disclosure of personal information, subject to legal or contractual restrictions and reasonable notice.
• Portability (Quebec) — to receive computerized personal information in a structured, commonly used technological format, or to have it transmitted to another organization where technically feasible.
• De-indexing (Quebec) — to request that links to personal information be de-indexed in certain circumstances.
• Information about automated decision-making (Quebec) — we do not currently use personal information to render decisions based exclusively on automated processing.
• Right to file a complaint with the applicable privacy regulator (see § 11 below).

To exercise any of these rights, contact our Privacy Officer at privacy@accordance.llc. We will respond within 30 days as required by PIPEDA and Quebec Law 25.

In Canada, we collect, use, and disclose personal information based on your consent, which may be express or implied depending on the sensitivity of the information and the circumstances. You may withdraw your consent at any time, subject to legal or contractual restrictions and reasonable notice; doing so may limit our ability to provide services to you.

In the United States, we rely on the legal grounds permitted by applicable state law, including performance of a contract, our legitimate business interests, compliance with legal obligations, and — where required — your consent.

We retain personal information only for as long as necessary to fulfill the purposes for which it was collected, including any legal, accounting, tax, or contractual record-keeping obligations. When personal information is no longer required, we securely delete or anonymize it. Typical retention periods:

• Inquiry correspondence with no resulting engagement: up to 24 months.
• Client engagement records: for the duration of the engagement and for seven years thereafter, in line with U.S. and Canadian tax and limitations periods.
• Website logs and analytics: typically up to 14 months.

Accordance is based in the United States. If you are located in Canada, please note that personal information you provide to us, or that we collect about you, will be transferred to and processed in the United States, where it may be subject to lawful access by U.S. authorities. We rely on contractual safeguards with our service providers and on the consent or other legal bases recognized under Canadian law for these transfers. If you are located in Quebec, before transferring personal information outside Quebec, we conduct a privacy impact assessment as required by Quebec Law 25.

We maintain administrative, technical, and physical safeguards designed to protect personal information against unauthorized access, disclosure, alteration, and loss. These include access controls, encryption in transit, two-factor authentication on critical systems, contractual safeguards with our service providers, and a periodic review of our practices. No method of transmission over the internet or method of electronic storage is fully secure, and we cannot guarantee absolute security.

In the event of a confidentiality incident creating a risk of serious harm, we will notify affected individuals and applicable regulators as required by U.S. state breach-notification laws, PIPEDA, and Quebec Law 25.

Our website uses a small number of cookies and similar technologies for essential site functionality and aggregate analytics. We do not use cookies for cross-site tracking, targeted advertising, or to sell or share personal information. Most browsers allow you to refuse cookies; doing so should not materially impair the operation of this site. We honor Global Privacy Control ("GPC") signals as opt-out requests where applicable.

If you have a concern about our handling of your personal information, please contact us first so that we can attempt to resolve it. You also have the right to lodge a complaint with the relevant regulator:

• United States — California: California Privacy Protection Agency (cppa.ca.gov) or the California Attorney General.
• United States — other states: the Attorney General of your state of residence.
• Canada (federal): Office of the Privacy Commissioner of Canada (priv.gc.ca).
• Quebec: Commission d'accès à l'information du Québec (cai.gouv.qc.ca).
• Other Canadian provinces with their own privacy regulators (Alberta, British Columbia): the applicable provincial Information and Privacy Commissioner.

We may update this Policy from time to time. The "Effective" date at the top of the page indicates when it was last revised. Material changes will be communicated by posting a prominent notice on our website and, where appropriate, by direct notice to active clients.