Legal & Governing Documents

Privacy Policy

This policy describes how DadOfTheClan Consulting Group, LLC collects, uses, stores, and protects information across our public platforms and client engagements.

Effective Date

February 1, 2026

Last Reviewed

March 1, 2026

Applies To

All DadOfTheClan Platforms

Plain English Summary

We collect only what we need to do the work. We do not sell your information, share it with advertisers, or use it for any purpose unrelated to our engagement with you. Client data is treated with the same care we'd want applied to our own. The full policy below governs all interactions with our platforms and services.

The plain English summary above does not constitute a legal agreement. The full policy text below governs all matters.

1. Scope and Applicability

This Privacy Policy applies to all websites, platforms, portals, applications, and services operated by DadOfTheClan Consulting Group, LLC, including but not limited to:

dadoftheclan.com

Public marketing and information site

go.dadoftheclan.com

Lead generation and audit request portal

my.dadoftheclan.com

Client portal and service management platform

idp.my.dadoftheclan.com

Identity and authentication services

Mobile applications

Android applications distributed under the DadOfTheClan brand

This policy applies to all visitors, prospective clients, active clients, and any individual who interacts with our platforms or engages our services, regardless of the nature or duration of that engagement. Use of any DadOfTheClan platform constitutes acceptance of this policy.

2. Information We Collect

We collect information in two ways: information you provide directly, and information collected automatically through platform interactions. We collect only what is necessary to deliver, improve, and secure our services.

2.1 Information You Provide

Contact information

Name, email address, phone number, and business name submitted via contact forms, audit requests, or direct communication.

Account credentials

Username, email address, and authentication data created during portal registration or application onboarding.

Service and project details

Technical information, business context, and documentation shared during the course of an engagement.

Communications

The content of emails, messages, tickets, and other correspondence submitted to or through our platforms.

Payment information

Billing details processed through our payment processors. DadOfTheClan does not store full payment card data directly.

2.2 Information Collected Automatically

Log and usage data

IP address, browser type, operating system, referring URL, pages visited, and timestamps associated with platform interactions.

Authentication tokens

Session tokens and JWT credentials issued by our identity platform for the purpose of authenticating access to protected services.

Device information

Device type, operating system version, and application version when accessing services through our mobile applications.

Platform analytics

Aggregated, anonymized usage patterns used to understand how our platforms are being used and where improvements are needed.

3. How We Use Information

Information collected through our platforms is used exclusively for the following purposes. We do not use client or visitor information for advertising, profiling, or any purpose outside the scope of our services and operations.

🔧 Service delivery

To perform managed services, project-based work, emergency response, and all other consulting engagements.

🔐 Authentication and access control

To verify identity, manage sessions, and control access to protected platforms and client data through our identity services.

📋 Support and communication

To respond to inquiries, manage tickets, track project progress, and communicate with clients regarding active or prospective engagements.

🛡️ Security and integrity

To detect, investigate, and respond to unauthorized access, fraud, abuse, or security incidents affecting our platforms or clients.

⚙️ Platform operation and improvement

To maintain, troubleshoot, and improve the reliability and functionality of our platforms based on aggregated usage data.

📑 Legal and compliance obligations

To fulfill obligations under applicable law, including HIPAA where client engagements involve protected health information, and to maintain records required for regulated industry compliance.

4. Data Sharing and Disclosure

DadOfTheClan does not sell, rent, or trade personal information. We do not share information with third parties for advertising or marketing purposes. Disclosure occurs only in the following limited circumstances:

Service infrastructure providers

Hosting, monitoring, backup, and security tool providers that process data on our behalf under contractual data protection obligations. Current infrastructure includes Cloudflare (network and security), N-able (managed service tooling), and Contabo (hosting). These providers are bound by their own privacy and data handling commitments.

Authorized personnel

Members of the DadOfTheClan consulting team with a legitimate need to access information in the course of delivering services. Access is limited to what is necessary for the task.

Legal obligations

When required by applicable law, court order, regulatory requirement, or to protect the rights, property, or safety of DadOfTheClan, its clients, or the public.

Client-directed disclosure

When a client explicitly instructs or authorizes disclosure to a third party as part of a service engagement.

5. Data Retention

We retain information for as long as necessary to fulfill the purpose for which it was collected, to maintain accurate records of completed engagements, and to comply with applicable legal, regulatory, and contractual obligations.

Active client data

Retained for the duration of the engagement and for a minimum of three years following termination, unless a longer period is required by applicable regulation.

Authentication and access logs

Retained for a minimum of twelve months for security auditing and incident investigation purposes. HIPAA-regulated engagement logs are retained in accordance with applicable requirements.

Contact and inquiry data

Retained for up to two years from the date of last contact for prospective clients who did not enter a formal engagement.

Anonymized analytics

May be retained indefinitely as aggregate, non-identifiable data used to improve platform performance and service quality.

6. Security Measures

We apply the same security standards to our own infrastructure that we deploy for clients operating in regulated industries. Measures in place include:

Transport encryption

All data in transit is encrypted via TLS. Platform access is enforced over HTTPS with certificates managed through Cloudflare Advanced Certificate Manager.

Authentication controls

Access to protected platforms requires authentication through our centralized identity provider. JWT tokens use asymmetric RS256 signing with short-lived access windows and refresh token rotation.

Network security

Cloudflare WAF, DNS filtering, and DDoS mitigation are applied across all public-facing platforms. Internal systems are further segmented from public infrastructure.

Access limitation

Personnel access to client data is granted on a need-to-know basis and reviewed on an ongoing basis. No standing administrative access to client production environments.

Monitoring

Platform infrastructure is monitored continuously. Security events trigger automated alerts reviewed by responsible personnel.

7. HIPAA and Regulated Industry Engagements

For clients operating in regulated industries — including healthcare, government, and financial services — additional obligations apply beyond this general privacy policy.

Where DadOfTheClan serves as a Business Associate under HIPAA, a signed Business Associate Agreement (BAA) governs the handling of Protected Health Information (PHI). The terms of the applicable BAA take precedence over this general policy with respect to PHI. DadOfTheClan does not access, process, or store PHI outside of engagements covered by an executed BAA.

Clients subject to CJIS, GLBA, or other regulatory frameworks should confirm applicable requirements with qualified legal counsel. DadOfTheClan builds to compliance standards within the scope of each engagement as agreed in the applicable service agreement.

8. Your Rights and Choices

You have the following rights with respect to information we hold about you. Requests may be submitted to [email protected]. We will respond within thirty days of receipt.

Access

You may request a copy of the personal information we hold about you.

Correction

You may request correction of inaccurate or incomplete information.

Deletion

You may request deletion of personal information, subject to our legal and contractual retention obligations.

Objection

You may object to the processing of your information in specific circumstances, including where processing is based on legitimate interest.

Portability

You may request a copy of information you have provided to us in a commonly used, machine-readable format.

Withdrawal of consent

Where processing is based on consent, you may withdraw consent at any time without affecting the lawfulness of prior processing.

9. Cookies and Tracking Technologies

Our public platforms use a minimal set of cookies necessary for platform operation and security. We do not use third-party advertising cookies or behavioral tracking.

Session cookies

Temporary cookies required for authentication and platform navigation. These expire when your browser session ends.

Security cookies

Cookies set by Cloudflare for bot mitigation, DDoS protection, and platform integrity. These are operational and cannot be disabled without affecting platform function.

Preference cookies

Where applicable, cookies used to remember user preferences such as display settings within the client portal.

10. Children's Privacy

Our platforms and services are directed exclusively at businesses and organizations. We do not knowingly collect personal information from individuals under the age of thirteen. If we become aware that information has been collected from a minor without verifiable parental consent, that information will be promptly deleted. If you believe we have inadvertently collected such information, please contact us at [email protected].

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, platform capabilities, or applicable legal requirements. The effective date at the top of this page will be updated accordingly. For active clients, material changes will be communicated directly through the client portal or via the contact information on file. Continued use of our platforms following notice of a material change constitutes acceptance of the revised policy.

We encourage all clients and platform users to review this policy periodically. Prior versions are available upon request by contacting [email protected].

12. Contact and Privacy Inquiries

For questions, concerns, or formal requests related to this Privacy Policy or the handling of your information, contact us through any of the following:

✉️

Legal & Privacy

[email protected]

📍

Registered Office

Coldwater, MI
Branch County, Michigan

📋

Related Documents

Terms of Service → Corporate Disclosure →

Disclaimer

This Privacy Policy is provided for informational and compliance purposes. It does not constitute legal advice. DadOfTheClan Consulting Group, LLC is a technology consulting firm and is not a licensed legal practice. Clients with specific regulatory obligations — including HIPAA, CJIS, GLBA, or state-specific privacy law requirements — should consult qualified legal counsel regarding those obligations. Nothing in this policy limits the protections afforded by applicable law.