Legal

Privacy Policy

How Cirta LLC collects, processes, and protects personal data — with full disclosures for GDPR, UK GDPR, and CCPA/CPRA.

Effective Date: May 7, 2026  ·  Last Updated: May 7, 2026

Cirta LLC ("Cirta," "we," "our," or "us") respects your privacy and is committed to protecting it through this Policy. This document explains what information we collect, why we collect it, how we use and share it, and the rights you have over your data — under U.S. (CCPA/CPRA), EU (GDPR), UK (UK GDPR), and other applicable privacy laws.

1. Data Controller

The data controller responsible for your personal data is:

Cirta LLC
30 N Gould St #64334
Sheridan, WY 82801, United States
Email: privacy@cirta.biz
Phone: (307) 340-7990

For privacy matters originating in the European Economic Area, the United Kingdom, or other jurisdictions requiring a designated point of contact, all requests should be addressed to privacy@cirta.biz.

2. Information We Collect

We collect personal data that you provide directly, that is generated through your use of our services, and that we receive from third-party service providers acting on our behalf.

2.1 Information You Provide

  • Identity & contact data — name, business name, job title, email address, phone number, mailing address.
  • Engagement data — project briefs, scope discussions, business context shared during inquiries or active engagements.
  • Billing data — billing name and address, VAT or tax identifiers, invoice references. We do not collect or store payment card details on our systems (see Section 4).
  • Correspondence — emails, contact-form submissions, meeting notes, and other communications.

2.2 Information Collected Automatically

  • Technical data — IP address, browser type and version, operating system, device identifiers, time-zone setting.
  • Usage data — pages visited, referral source, time on page, navigation patterns.
  • Cookies and similar technologies — see Section 7.

2.3 Information from Third Parties

We may receive information from payment processors (Stripe), email providers, analytics services, and publicly available business directories where used to verify a prospective client.

3. How We Use Your Information

We process personal data only where we have a lawful basis to do so. The legal bases on which we rely are as follows:

  • Performance of a contract — to deliver consulting services, fulfill statements of work, and process payments.
  • Legitimate interests — to operate, secure, and improve our website and services; to respond to inquiries; to prevent fraud; and to communicate with prospective clients about engagements they have initiated.
  • Legal obligation — to comply with tax, accounting, anti-money-laundering, and other regulatory requirements applicable to a U.S. limited liability company.
  • Consent — where required (for example, certain analytics cookies in the EEA/UK or marketing communications). Consent may be withdrawn at any time without affecting the lawfulness of prior processing.

4. Payments & Stripe Disclosure

Cirta LLC uses Stripe Payments as its payment processor. When you pay an invoice or remit fees via Stripe, the following applies:

  • Payment-card data (full card number, CVC, expiry) is collected and processed directly by Stripe. Cirta does not see, store, or transmit raw card data.
  • Stripe is a PCI-DSS Level 1 certified service provider and is the highest level of certification available in the payments industry.
  • Stripe processes your data as an independent controller for fraud-prevention and regulatory purposes, and as our processor for completing the transaction.
  • Stripe's handling of your data is governed by Stripe's own privacy policy: stripe.com/privacy.

We retain limited transaction metadata (invoice ID, amount, last four digits of the card, billing name and country) to satisfy our accounting and tax obligations.

5. How We Share Your Information

We do not sell personal data. We share personal data only with:

  • Service providers acting on our behalf under contractual confidentiality and data-processing obligations — including Stripe (payments), email and document infrastructure providers, hosting providers, and accounting platforms.
  • Professional advisors — auditors, accountants, and lawyers, where strictly necessary.
  • Authorities — where disclosure is required by applicable law, court order, or legitimate regulatory request.
  • Successors — in the event of a merger, acquisition, or sale of business assets, subject to equivalent protection.

We do not share personal data for third-party advertising or marketing purposes.

6. International Data Transfers

Cirta LLC operates from the United States. If you access our services from the European Economic Area, the United Kingdom, or another jurisdiction with data-localization rules, your personal data will be transferred to and processed in the United States.

Where required, transfers from the EEA, UK, or Switzerland to the United States are performed under appropriate safeguards, including the Standard Contractual Clauses approved by the European Commission and the UK International Data Transfer Addendum. Copies of the relevant clauses are available on request.

7. Cookies & Tracking Technologies

Our website uses a minimal set of cookies and similar technologies:

  • Strictly necessary cookies — required for the website to function (security, session integrity).
  • Functional cookies — to remember user preferences such as cookie-consent state.

If we introduce analytics or marketing cookies in the future, visitors in the EEA and UK will be presented with a consent banner allowing granular opt-in. You can disable cookies at any time through your browser settings; doing so may impair certain site functions.

8. Data Retention

We retain personal data only for as long as necessary for the purposes for which it was collected, including legal, tax, accounting, and reporting requirements. Indicative retention periods:

  • Inquiry data (un-converted leads) — up to 24 months from last contact.
  • Active client engagement records — for the duration of the engagement plus 7 years for tax and audit compliance.
  • Billing and transactional records — 7 years (U.S. tax record-retention standard).
  • Website logs and security data — up to 12 months.

9. Data Security

We maintain administrative, technical, and organizational measures designed to protect personal data against unauthorized access, alteration, disclosure, or destruction. These include encryption in transit (TLS), access controls, principle-of-least-privilege account design, audit logging, and vendor due diligence on all sub-processors. No method of transmission or storage is perfectly secure; in the event of a personal-data breach affecting your information, we will notify you and the relevant supervisory authority where required by applicable law.

10. Your Rights

Depending on your jurisdiction, you have the following rights with respect to your personal data:

10.1 GDPR & UK GDPR Rights

  • Access — request a copy of the personal data we hold about you.
  • Rectification — request correction of inaccurate or incomplete data.
  • Erasure — request deletion in defined circumstances ("right to be forgotten").
  • Restriction — request that we limit processing of your data.
  • Data portability — receive your data in a structured, machine-readable format.
  • Objection — object to processing based on legitimate interests or for direct-marketing purposes.
  • Withdraw consent — where processing is based on consent, withdraw it at any time.
  • Complaint — lodge a complaint with your local supervisory authority. In the EEA, see the EDPB members list. In the UK, contact the Information Commissioner's Office.

10.2 California (CCPA / CPRA) Rights

  • Right to know — what personal information is collected, used, shared, or sold.
  • Right to delete — request deletion of personal information collected from you.
  • Right to correct — request correction of inaccurate personal information.
  • Right to opt out — of the sale or sharing of personal information. Cirta does not sell or share personal information as those terms are defined under the CPRA.
  • Right to limit use — of sensitive personal information.
  • Right to non-discrimination — for exercising any of the above rights.

10.3 Exercising Your Rights

To exercise any of these rights, email privacy@cirta.biz with sufficient detail to verify your identity and the nature of your request. We respond within the timeframes required by applicable law (30 days under GDPR, 45 days under CCPA, extendable as permitted). There is no fee for reasonable requests; we may decline manifestly unfounded or repetitive requests as permitted by law.

11. Children's Privacy

Our services are directed to businesses and professionals. We do not knowingly collect personal data from individuals under the age of 16 in the EEA/UK or under 13 in the United States. If you believe a child has submitted information to us, please contact us so we can delete it.

12. Third-Party Links

Our website may contain links to external sites we do not operate. This Policy applies only to Cirta-owned properties. We encourage you to review the privacy policies of any third-party site you visit.

13. Changes to This Policy

We may update this Policy from time to time to reflect operational, legal, or regulatory changes. The "Last Updated" date at the top of this page indicates the version in force. Material changes will be communicated through a notice on our website or by direct notification where appropriate.

14. Contact

For any question, request, or concern related to this Policy or your personal data:

Cirta LLC — Privacy Office
30 N Gould St #64334
Sheridan, WY 82801, United States
Email: privacy@cirta.biz
Phone: (307) 340-7990

This Privacy Policy is provided in English. Where translations are made available, the English version shall prevail in case of conflict.