Back to home

Privacy Policy

Last updated: June 2026

1. Who We Are

Parchemin Consulting ("we", "us", "our") is a professional consulting firm headquartered in Houston, Texas, USA. We operate the website parcheminconsulting.com and provide cybersecurity, GRC, cloud audit, and web development services. This Privacy Policy describes how we collect, use, disclose, and safeguard your personal information when you visit our website or engage our services.

We are committed to protecting your privacy in accordance with applicable US federal and state privacy laws, including the Texas Data Privacy and Security Act (TDPSA), CAN-SPAM Act, and, where applicable to our international clients, the General Data Protection Regulation (GDPR).

2. Information We Collect

We may collect the following categories of personal data:

  • Contact information: Name, email address, phone number, and company name, provided through our contact form, during client onboarding, or in the course of an engagement.
  • Account data: Email address and hashed password if you create a client portal account. We do not store plaintext passwords.
  • Billing information: Payment details are processed securely by Stripe. We do not store, see, or have access to full payment card numbers.
  • Usage data: IP address, browser type, device type, pages visited, and session duration, collected via our self-hosted Matomo analytics instance.
  • Communications: Emails, messages, and files you share with us in the context of a consulting engagement.
  • Technical data: Log files and error reports generated during your use of our client portal, used solely for debugging and service improvement.

3. How We Use Your Information

We use personal data for the following purposes:

  • To respond to enquiries and provide our consulting services
  • To create and manage your client portal account
  • To send invoices, process payments, and maintain financial records
  • To communicate project updates, milestones, deliverables, and reports
  • To comply with legal, regulatory, and tax obligations
  • To improve our website and service quality using aggregated analytics data
  • To send transactional emails related to your account or engagement
  • To detect, prevent, and respond to fraud, security threats, or misuse

We do not sell, rent, or trade your personal data to third parties. We do not use your data for advertising, profiling, or automated decision-making.

4. Legal Basis for Processing

We process your personal data under one or more of the following legal bases:

  • Contract performance: Processing necessary to deliver consulting services you have engaged us for, or to take pre-contractual steps at your request.
  • Consent: Where you have given explicit, informed consent, which you may withdraw at any time without affecting prior processing.
  • Legitimate interests: Service improvement, fraud prevention, and security monitoring, where these interests are not overridden by your rights.
  • Legal obligation: Retention of financial records and tax documents as required by US federal and Texas state law.

5. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by applicable law:

  • Invoicing and financial records: Retained for seven (7) years in accordance with US tax requirements.
  • Client portal accounts: Deleted within 90 days of a written deletion request, or automatically deactivated after three (3) years of inactivity.
  • Contact form submissions: Retained for up to two (2) years unless an engagement is initiated.
  • Analytics data: Retained in anonymized, aggregated form for up to two (2) years.

6. Third-Party Service Providers

We engage a limited set of trusted sub-processors to operate our platform. Each is contractually bound to process data only on our instructions and to maintain appropriate security standards:

  • Stripe — Payment processing. PCI-DSS Level 1 certified. Your card data goes directly to Stripe and never touches our servers.
  • Resend — Transactional email delivery (invoices, notifications, password resets).
  • Cloudflare R2 — Secure document storage for client deliverables and project files.
  • Amazon Web Services (AWS) — Our application and database infrastructure are hosted in the US-West-2 (Oregon) region. AWS is SOC 2, ISO 27001, and FedRAMP compliant.
  • Matomo (self-hosted) — Privacy-respecting web analytics. Data stays on our servers and is never shared with third parties.

We do not use Google Analytics, Facebook Pixel, or any third-party advertising or behavioral tracking tools.

7. International Data Transfers

Our infrastructure is located in the United States. If you are accessing our website from outside the US — including from the European Union or Canada — please be aware that your information will be transferred to, stored, and processed in the United States. For EU residents, we rely on Standard Contractual Clauses (SCCs) or other lawful transfer mechanisms where applicable. By using our services, you consent to this transfer.

8. Your Privacy Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

  • Right to know / access: Request a copy of the personal data we hold about you.
  • Right to correction: Request that we correct inaccurate or incomplete data.
  • Right to deletion: Request deletion of your personal data, subject to our legal retention obligations.
  • Right to restrict processing: Request that we limit how we process your data in certain circumstances.
  • Right to data portability: Receive your data in a structured, machine-readable format.
  • Right to opt out of sale: We do not sell personal data. This right is satisfied by our policy.
  • Right to non-discrimination: Exercising your privacy rights will not result in any penalty or reduced quality of service.
  • Right to withdraw consent: Where processing is based on consent, you may withdraw it at any time.

To exercise any of these rights, submit a request to [email protected]. We will respond within 30 days. We may need to verify your identity before processing your request.

9. Do Not Sell or Share My Personal Information

Parchemin Consulting does not sell, share for cross-context behavioral advertising, or disclose for monetary or other valuable consideration any personal information we collect. This policy applies to all residents of Texas and any other state whose privacy laws include such opt-out rights.

10. Cookies and Tracking Technologies

Our website uses only the following types of cookies and similar technologies:

  • Essential cookies: Required for authentication, session management, and basic site functionality. These cannot be disabled.
  • Analytics cookies (Matomo): Self-hosted, privacy-respecting analytics. These do not share data with any third party and respect Do Not Track (DNT) signals.

We do not use advertising cookies, social media tracking pixels, or any third-party behavioral tracking. You may disable cookies in your browser settings; certain portal features may not function as intended if you do so.

11. Children's Privacy

Our services are not directed to, and we do not knowingly collect personal information from, individuals under the age of 16. If you believe we have inadvertently collected information from a child, please contact us immediately and we will promptly delete it.

12. Security

We implement industry-standard technical and organizational security measures to protect your personal data, including:

  • Encryption of data at rest (AES-256) and in transit (TLS 1.2+)
  • Role-based access controls limiting data access to authorized personnel only
  • Regular security reviews and vulnerability assessments
  • Secure, isolated database infrastructure on AWS
  • Automatic daily database backups with 7-day retention

No method of electronic transmission or storage is 100% secure. While we take every reasonable precaution, we cannot guarantee absolute security. In the event of a data breach affecting your rights and freedoms, we will notify you as required by applicable law.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify active clients of material changes by email or through the client portal. The "Last updated" date at the top of this page reflects the most recent revision.

14. Contact & Data Controller

Parchemin Consulting is the data controller for personal data processed under this policy. For privacy-related questions, data subject requests, or to report a concern:

Email: [email protected]
Location: Houston, Texas, USA