Brightpinewalk

Scope and overview

This policy applies to personal information collected through our website, by email, during calls, and in the course of delivering consulting services, diagnostics, or workshops. Examples of personal information include names, business contact details, phone numbers, email addresses, and any information you provide in messages, proposals, or diagnostic materials. We process this information to evaluate engagement requests, execute contracted services, and communicate with clients and prospects. We limit collection to what is necessary for these legitimate business purposes and to comply with legal obligations. Where applicable, more specific notices may be provided prior to collecting sensitive or special categories of personal data. If you are a client, additional contractual data processing terms can be included in our engagement letter to specify processing, access rights, and security measures consistent with this policy.

Information we collect and how we use it

We collect data you provide directly when you contact us, subscribe, request a diagnostic, or engage our services. This typically includes identity and contact data, company details, and information about your business challenges and metrics that are relevant to our advisory work. We also collect technical data when you visit our website, such as IP addresses, device and browser information, and anonymized usage analytics. We use contact information to respond to inquiries, schedule meetings, deliver services, and send transactional messages. Business and diagnostic information is used to prepare assessments, proposals, and reports necessary to perform the engagement. Technical data and analytics allow us to operate the website securely, monitor performance, and improve user experience. We do not sell personal data. Where we use third-party processors (for email delivery, analytics, or hosting), we require contractual safeguards to protect data and limit use to the services they perform on our behalf. We use lawful bases for processing such as performance of a contract, legitimate business interests, and where required, consent—particularly for marketing communications.

Retention, security, and your rights

We retain personal data only as long as necessary to fulfill the purposes described above, to comply with legal obligations, resolve disputes, and enforce agreements. Retention periods vary by data category and purpose; for example, contact records for prospective clients may be retained for a limited period after the last interaction, while engagement records and invoices are kept for a longer period to satisfy accounting and statutory requirements. We implement industry-appropriate technical and organizational measures to protect data, including encrypted storage for sensitive records, access controls, and secure backups. Access to client data is limited to personnel with a business need to know. You have rights regarding your personal data, subject to local law: the right to access, correct, or delete your personal information; the right to restrict or object to certain processing; and the right to data portability where applicable. To exercise these rights, contact [email protected] or write to our data protection officer at Brightpinewalk LLC, 200 Market St, Suite 1200, San Francisco, CA 94105. We will verify requests as appropriate and respond within required timeframes. If you are located in the European Economic Area or another jurisdiction with a supervisory authority, you may also lodge a complaint with the appropriate regulator if you remain unsatisfied after contacting us.

Cookies and tracking

We use cookies and similar technologies to operate our site, provide basic features, and improve performance. Essential cookies enable core functionality and cannot be turned off without affecting the site. Non-essential cookies, such as analytics or preference cookies, are subject to your consent. Our site includes a cookie notice that allows you to accept or reject non-essential cookies. You can also manage cookie preferences through your browser settings. Third-party analytics providers may process aggregated or pseudonymized data to help us measure and improve the site. We ensure that any third-party partners used for analytics or email communications adhere to contractual protections limiting how they use data and requiring them to implement reasonable security measures.

International transfers and processors

As a business serving clients globally, personal data may be transferred to service providers or affiliates located in other countries. We take steps to protect data during transfers by using appropriate safeguards such as standard contractual clauses, data processing agreements, and by ensuring compliant hosting and service providers. When selecting third-party processors we assess their security practices and require contractual commitments consistent with this policy and applicable law. A list of subprocessors is available upon request by emailing [email protected].

Updates to this policy and contact details

We may update this Privacy Policy from time to time to reflect legal, technical, or operational changes. Material changes will be posted on this page with a revised effective date. For privacy inquiries, data subject requests, or questions about this policy, please email [email protected] or mail Brightpinewalk LLC, Attn: Privacy, 200 Market St, Suite 1200, San Francisco, CA 94105. For immediate matters you may also call +1 (415) 732-8200. If you prefer to contact a supervisory authority, we will provide guidance based on your jurisdiction upon request.

This policy was last updated on January 14, 2026.