Privacy Policy

Effective Date: December 9, 2024 | Last Updated: December 9, 2024

1. Introduction

Chamberlin Consulting Group ("Company," "we," "us," or "our") is committed to protecting the privacy of individuals who visit our website at chamberlinconsultinggroup.com (the "Website") and who submit information through our contact forms. This Privacy Policy describes our practices regarding the collection, use, disclosure, and protection of personal information.

This Privacy Policy is designed to comply with applicable federal and state privacy laws, including requirements for government contractors.

2. Information We Collect

2.1 Information You Provide Directly

When you use our contact form, we collect the following information:

• Required Information: Name, email address, and message content
• Optional Information: Organization name, industry sector, and services of interest

2.2 Automatically Collected Information

Our Website does not use cookies, tracking pixels, or third-party analytics services. We do not automatically collect browsing behavior, IP addresses for tracking purposes, or device identifiers.

Standard web server logs maintained by our infrastructure provider (Amazon Web Services) may temporarily record:

• IP addresses
• Browser type and version
• Pages requested
• Date and time of access

These logs are used solely for security monitoring and are automatically purged according to AWS retention policies.

2.3 Information We Do Not Collect

We do not collect:

• Social Security Numbers
• Financial account information
• Health information
• Biometric data
• Geolocation data
• Information from minors under 13 years of age

3. How We Use Your Information

We use the information collected through our contact form for the following purposes:

4. Data Storage and Security

4.1 Infrastructure

Our Website and contact form processing are hosted on Amazon Web Services (AWS) infrastructure located in the United States. AWS maintains the following compliance certifications relevant to government customers:

• FedRAMP (Federal Risk and Authorization Management Program)
• SOC 1, SOC 2, and SOC 3
• ISO 27001, ISO 27017, ISO 27018
• PCI DSS Level 1
• HIPAA eligible services

4.2 Data Flow

Contact form submissions are processed as follows:

1. Form data is transmitted via HTTPS/TLS encryption to our API endpoint
2. AWS Lambda processes the submission
3. AWS Simple Email Service (SES) delivers the message to our business email
4. No persistent database storage of form submissions occurs

4.3 Security Measures

We implement the following security measures:

• TLS 1.2+ encryption for all data in transit
• AWS Identity and Access Management (IAM) role-based access controls
• Principle of least privilege for all system components
• Regular security reviews of infrastructure configuration

5. Data Sharing and Disclosure

We do not sell, rent, or trade your personal information. We may share information only in the following circumstances:

• Service Providers: AWS provides infrastructure services under their Data Processing Addendum
• Legal Requirements: When required by law, court order, or government request
• Business Transfers: In connection with a merger, acquisition, or sale of assets
• Protection of Rights: To protect our rights, safety, or property

6. Data Retention

We retain contact form information for as long as necessary to:

• Respond to and fulfill your inquiry
• Maintain records for potential business relationships
• Comply with legal and regulatory requirements

Email communications are retained in accordance with our document retention policy, typically for a period of seven (7) years for business correspondence.

7. Your Rights

You have the following rights regarding your personal information:

• Access: Request a copy of the personal information we hold about you
• Correction: Request correction of inaccurate information
• Deletion: Request deletion of your personal information, subject to legal retention requirements
• Opt-Out: Opt out of future communications at any time

To exercise these rights, contact us using the information provided below.

8. Children's Privacy

Our Website is not directed to individuals under the age of 13. We do not knowingly collect personal information from children under 13. If we learn that we have collected personal information from a child under 13, we will promptly delete that information.

9. Third-Party Links

Our Website may contain links to third-party websites. This Privacy Policy does not apply to those websites. We encourage you to review the privacy policies of any third-party sites you visit.

10. California Privacy Rights

California residents may have additional rights under the California Consumer Privacy Act (CCPA). As a business-to-business service provider, most personal information we collect falls outside CCPA's scope. However, California residents may contact us to inquire about:

• Categories of personal information collected
• Sources of personal information
• Business purposes for collection
• Categories of third parties with whom information is shared

11. Government Contractor Compliance

As a provider of services to government entities, we are committed to complying with applicable federal and state requirements, including:

• Privacy Act of 1974 (when applicable)
• Federal Information Security Management Act (FISMA)
• Controlled Unclassified Information (CUI) requirements
• State-specific privacy and security requirements

We do not process classified information through this Website.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated effective date. We encourage you to review this policy periodically.

13. Contact Information