CCPA/CPRA Privacy Notice
California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) compliance notice for California residents.
Last updated: April 24, 2026 | Effective for California residents
π Table of Contents
1. Scope of This Notice
This California Privacy Notice applies solely to residents of the State of California ("consumers" or "you"). We adopt this notice to comply with the California Consumer Privacy Act of 2018 (CCPA) as amended by the California Privacy Rights Act of 2020 (CPRA). Any terms defined in the CCPA/CPRA have the same meaning when used in this notice.
This notice describes the categories of personal information we collect, the sources of that information, our business purposes for collection, the categories of third parties with whom we share information, and your privacy rights under California law.
β οΈ Important: This notice applies only to California residents. For our general privacy practices, please refer to our main Privacy Policy.
2. Information We Collect
Golden Ratio Consulting collects personal information that identifies, relates to, describes, references, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.
Categories of Personal Information Collected
| Category | Examples | Collected |
|---|---|---|
| Identifiers | Name, email address, phone number, postal address, IP address, online identifiers | β Yes |
| Personal Information (CA Customer Records) | Signature, bank account number, credit card number, employment information | β Yes |
| Protected Classifications | Age, gender, race, religion, disability (only for compliance purposes) | β οΈ Limited |
| Commercial Information | Services purchased, consulting history, project records | β Yes |
| Biometric Information | Fingerprints, facial recognition, voiceprints | β No |
| Internet Activity | Browsing history, search history, website interaction data | β Yes |
| Geolocation Data | Approximate location based on IP address | β Yes |
| Sensory Data | Audio recordings (customer service calls), video recordings | β οΈ Limited |
| Professional Information | Job title, company name, industry, professional credentials | β Yes |
| Education Information | Degrees, certifications, educational history | β οΈ Limited |
| Inferences | Preferences, characteristics, behavior patterns | β Yes |
Sensitive Personal Information (Under CPRA)
- Social Security Number, driver's license number, state ID card: β Not collected
- Account log-in credentials: β Collected (encrypted, for client portal access)
- Precise geolocation (within 1,850 feet): β Not collected
- Racial or ethnic origin: β Not collected
- Genetic data: β Not collected
- Health information: β οΈ Limited (only if required for HIPAA-compliant consulting)
- Sexual orientation: β Not collected
- Religious or philosophical beliefs: β Not collected
3. Sources of Personal Information
We collect personal information from the following categories of sources:
- Directly from you: When you fill out contact forms, schedule consultations, sign up for services, or communicate with us via email or phone
- Automatically from your device: Through cookies, web beacons, and analytics tools when you visit our website
- Third-party services: From our website hosting provider, email service provider, CRM platform, and payment processors
- Publicly available sources: Business directories, professional networks (LinkedIn), and company websites
- Client referrals: When existing clients refer you to our services
- Service providers: Companies that assist us in operating our business (e.g., Calendly for scheduling)
4. Business Purposes for Collection
We collect and use your personal information for the following business purposes:
- Providing Services: To deliver our consulting services, managed hosting, cloud solutions, and cybersecurity offerings
- Communication: To respond to your inquiries, provide quotes, send invoices, and deliver project updates
- Website Operations: To operate, maintain, and improve our website and client portal
- Security: To detect security incidents, protect against malicious activity, and maintain system integrity
- Legal Compliance: To comply with applicable laws, regulations, and legal processes
- Service Improvement: To analyze usage patterns and improve our services
- Marketing (Opt-in only): To send newsletters, case studies, and promotional materials (you may opt out at any time)
- Auditing: To conduct internal audits, compliance reviews, and quality assurance
5. Sharing and Selling of Personal Information
We DO NOT sell your personal information. We do not share, rent, or trade your personal information with third parties for monetary or non-monetary valuable consideration (as defined by the CCPA/CPRA).
Disclosure of Personal Information
We may share your personal information with the following categories of third parties:
- Service Providers: Companies that perform services on our behalf (e.g., hosting, email, payment processing, analytics)
- Professional Advisors: Lawyers, accountants, and auditors performing services for us
- Legal Compliance: Law enforcement, courts, or regulatory agencies when required by law
- Business Transfers: In connection with a merger, acquisition, or sale of assets
Sharing for Cross-Context Behavioral Advertising
We do not share personal information for cross-context behavioral advertising (targeted advertising). We do not use third-party tracking cookies for advertising purposes.
Retention of Personal Information
We retain personal information only as long as necessary for the purposes outlined in this notice, or as required by law. Typically, we retain client data for the duration of our engagement plus 7 years for legal and tax purposes. Website visitor data is retained for 12 months.
6. Your Rights Under CCPA/CPRA
California residents have the following rights regarding their personal information:
π Right to Know
Request disclosure of personal information collected, used, disclosed, or sold about you in the preceding 12 months.
ποΈ Right to Delete
Request deletion of personal information we have collected from you, subject to certain exceptions.
βοΈ Right to Correct
Request correction of inaccurate personal information that we maintain about you.
π« Right to Opt-Out of Sale/Sharing
Direct us to stop selling or sharing your personal information (we do not sell data).
π Right to Limit Use of Sensitive Information
Request limitation of how we use your sensitive personal information.
π Right to Data Portability
Receive your personal information in a structured, commonly used, machine-readable format.
βοΈ Right to Non-Discrimination
Exercise your privacy rights without receiving discriminatory treatment.
π€ Right to Opt-Out of Automated Decision-Making
Request to opt-out of automated decision-making technologies (not applicable, as we don't use them).
7. How to Exercise Your Rights
To exercise any of your California privacy rights, please contact us using one of the following methods:
Option 1: Toll-Free Phone Number
1-800-555-CCPA (1-800-555-2272)
MondayβFriday, 9:00 AM β 6:00 PM EST
Option 2: Email
Option 3: Online Privacy Request Form
Visit our Privacy Request Portal at portal.grcfirm.com/privacy-request
Option 4: Mail
CCPA Compliance
Golden Ratio Consulting
125 Summer Street, Suite 1300
Boston, MA 02110
What to Include in Your Request
- Your full name
- Email address associated with your account
- California mailing address (for verification)
- Specific right you wish to exercise
- Any relevant project or invoice numbers (if applicable)
8. Verification Process
To protect your privacy and security, we will verify your identity before responding to any request. Our verification process includes:
- Account Holders: We will ask you to log into your client portal or confirm specific account details (e.g., last invoice amount, project name)
- Non-Account Holders: We will ask for name, email address, and at least two data points that match information we have collected
- Requests for Sensitive Information: May require additional verification, such as a notarized affidavit or signed declaration under penalty of perjury
If we cannot verify your identity, we will notify you and explain why your request cannot be processed.
9. Authorized Agent Requests
You may designate an authorized agent to submit requests on your behalf. Authorized agents must provide:
- Written permission signed by you authorizing the agent to act on your behalf
- Proof of the agent's identity
- Verification of your identity directly with us
Alternatively, you may provide the agent with power of attorney under California Probate Code sections 4000-4465.
10. Response Timing and Format
We will respond to verified requests within 45 days of receipt. If we need an extension of up to 90 days total, we will notify you within the initial 45-day period explaining the reason for the delay.
Requests for data portability will be provided in a readily usable format (CSV or JSON). Deletion requests will be confirmed in writing once completed.
We do not charge a fee to process requests unless they are excessive, repetitive, or manifestly unfounded, in which case we may charge a reasonable fee or refuse to act on the request.
11. Non-Discrimination
We will not discriminate against you for exercising any of your CCPA/CPRA rights. Specifically, we will not:
- Deny you goods or services
- Charge you different prices or rates for services, including through discounts or penalties
- Provide a different level or quality of services
- Suggest that you may receive a different price or level of quality for exercising your rights
However, we may offer financial incentives permitted by law. Any such incentives will be clearly explained, with terms provided, and you may opt-in or opt-out at any time.
12. California "Shine the Light" Law
California Civil Code Section 1798.83 (the "Shine the Light" law) permits California residents to request information about our disclosure of personal information to third parties for their direct marketing purposes.
We do not share personal information with third parties for their direct marketing purposes. Therefore, no information needs to be provided under this law. If our practices change, we will update this notice and provide an opt-out mechanism.
To make a Shine the Light request, please contact us using the information in Section 15.
13. Do Not Sell My Personal Information
Because we do not sell personal information, we do not maintain a "Do Not Sell My Personal Information" page. We also do not "share" personal information for cross-context behavioral advertising.
If our practices change in the future, we will:
- Update this notice to reflect the change
- Provide a clear opt-out mechanism ("Do Not Sell or Share My Personal Information" link)
- Comply with the Global Privacy Control (GPC) signal and other opt-out preference signals
Opt-Out Preference Signals
We recognize the Global Privacy Control (GPC) signal as a valid opt-out request. If your browser sends the GPC signal, we will treat it as a request to opt-out of any sale or sharing of personal information.
14. Changes to This Privacy Notice
We reserve the right to update this California Privacy Notice at any time. Changes will be posted on this page with an updated "Last updated" date.
- Material changes: We will notify you by email (if you have an account) or by posting a prominent notice on our website at least 30 days before the change becomes effective
- Non-material changes: We will update this page without direct notification
We encourage you to review this notice periodically to stay informed about how we protect your privacy.
Last reviewed: April 24, 2026
Next scheduled review: April 24, 2027
15. Contact Us
If you have questions about this California Privacy Notice, our data practices, or need to exercise your rights, please contact our Privacy Team:
π§ CCPA/CPRA Inquiries: [email protected]
π§ General Privacy: [email protected]
π Toll-Free: 1-800-555-CCPA (1-800-555-2272)
π Phone: (617) 555-0123
π¬ Mail: CCPA Compliance, Golden Ratio Consulting, 125 Summer Street, Suite 1300, Boston, MA 02110
π Response Commitment: We acknowledge receipt of privacy requests within 10 business days and respond substantively within 45 days. For urgent privacy matters, please call our toll-free number.