Privacy Policy

Consulting360 AI, LLC ("Consulting360," "we," "our," or "us") collects information you provide directly and information generated through your use of our workforce management platform.

Information you provide:

• Identity information: name, job title, employee ID
• Contact information: work email address, phone number
• Authentication credentials via Google OAuth2
• Financial and payroll data: compensation details, bank account information for direct deposit
• Sensitive personal information: Social Security Number (SSN), date of birth (DOB) — collected solely for payroll, tax, and compliance purposes
• Work records: timesheets, expense claims, project assignments, leave requests

Information collected automatically:

• Log data: IP address, browser type, pages visited, access timestamps
• Device information: operating system, screen resolution
• Session data managed via secure server-side cookies

We use collected information solely to operate and improve the Consulting360 workforce platform. Specific uses include:

• Authenticating users and managing access via Google OAuth2
• Processing timesheets, expense reports and project assignments
• Generating invoices and remittance documentation for clients
• Processing payroll and ensuring tax compliance (SSN, DOB)
• Sending transactional emails including invoice notifications and payment reminders
• Maintaining audit logs for compliance and security purposes
• Improving platform performance and user experience

We do not use your information for advertising, sell it to third parties, or use it for any purpose unrelated to workforce management services.

We share information only as necessary to deliver our services:

We do not sell, rent, or trade personal information to any third party for marketing or commercial purposes.

We retain personal information for as long as necessary to fulfill the purposes described in this policy and to comply with legal obligations:

• Active account data — retained for the duration of your employment engagement
• Payroll and tax records — retained for 7 years as required by IRS regulations
• Invoice and financial records — retained for 7 years for accounting compliance
• Access logs — retained for 90 days for security monitoring
• Sensitive PII (SSN, DOB) — retained only as long as required for payroll and tax purposes, then securely deleted

We implement industry-standard security measures to protect your information:

• All data transmitted over HTTPS/TLS encryption
• Sensitive fields (SSN, DOB) masked by default in the UI — only revealed on explicit user action with audit logging
• Every SSN/DOB access is logged with timestamp, user identity and IP address
• Server-side sessions with 30-minute idle timeout
• Google session terminated on logout to prevent unauthorized re-access on shared devices
• Role-based access control — employees only access their own records; managers access their team
• Database hosted on DigitalOcean with encrypted volumes and automated backups

Despite these measures, no method of transmission over the internet is 100% secure. We encourage you to use strong passwords and log out on shared devices.

We use the following cookies and session technologies:

• JSESSIONID — server-side session cookie required for authentication. Deleted on logout.
• Google OAuth cookies — managed by Google during sign-in. We terminate the Google session on logout for security.
• No advertising or tracking cookies — we do not use Google Analytics, Facebook Pixel or any third-party tracking technology.

Our platform is ad-free. No cookies are used for advertising or cross-site tracking purposes.

We use the following third-party services to operate our platform:

You have the following rights regarding your personal information:

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

California residents have additional rights under the California Consumer Privacy Act (CCPA):

• Right to Know — You may request disclosure of the categories and specific pieces of personal information we have collected about you in the past 12 months.
• Right to Delete — You may request deletion of personal information we have collected, subject to certain exceptions.
• Right to Non-Discrimination — We will not discriminate against you for exercising your CCPA rights.
• Do Not Sell — We do not sell personal information. No opt-out mechanism is required because we do not engage in the sale of personal information.

California residents may submit requests by emailing [email protected] with the subject line "CCPA Request."

Our platform is designed for use by adults in a professional employment context. We do not knowingly collect personal information from individuals under 18. If you believe a minor has provided us with personal information, please contact us immediately at [email protected] and we will promptly delete it.

We may update this Privacy Policy from time to time. When we make material changes, we will post the updated policy with a revised Effective Date and notify registered users via email at least 14 days before the changes take effect. Your continued use of the platform after the effective date constitutes acceptance of the updated policy.

For questions, concerns or requests related to this Privacy Policy:

Also see our GLBA Financial Privacy Notice for information specific to financial data.