Privacy Policy
Effective Date: January 1, 2026 | Last Updated: January 7, 2026
Contents
1. Overview
Cichocki LLC ("Company," "we," "our," or "us") is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy describes our practices regarding the collection, use, disclosure, and protection of personal data when you:
- Visit our websites, including cichocki.com and threadsync.io
- Engage our consulting, advisory, or professional services
- Communicate with us via email, phone, or other channels
- Attend our events, webinars, or workshops
- Apply for employment or contractor positions
This Policy applies to all personal data processed by Cichocki LLC, regardless of the media on which that data is stored or whether it relates to past or present clients, employees, contractors, or other individuals.
2. Definitions
For purposes of this Privacy Policy:
- "Personal Data" means any information relating to an identified or identifiable natural person, including name, email address, IP address, location data, and online identifiers.
- "Processing" means any operation performed on Personal Data, including collection, recording, organization, storage, adaptation, retrieval, consultation, use, disclosure, or destruction.
- "Data Subject" means the individual to whom Personal Data relates.
- "Controller" means the entity that determines the purposes and means of Processing Personal Data.
- "Processor" means an entity that Processes Personal Data on behalf of the Controller.
- "Sensitive Personal Data" means Personal Data revealing racial or ethnic origin, political opinions, religious beliefs, health data, biometric data, or data concerning sexual orientation.
3. Data Controller
Cichocki LLC is the Controller of your Personal Data collected through our websites and services. Our contact information is:
For EU/EEA data subjects, you may also contact our EU Representative (where applicable) at the address above.
4. Information We Collect
4.1 Information You Provide
- Identity Data: Name, title, company name, professional credentials
- Contact Data: Email address, phone number, mailing address
- Financial Data: Billing address, payment card details, bank account information
- Transaction Data: Details of services provided, invoices, payment history
- Communications Data: Correspondence, meeting notes, project documentation
- Professional Data: Resume, work history, references (for employment)
4.2 Information Collected Automatically
- Technical Data: IP address, browser type and version, operating system, device identifiers
- Usage Data: Pages visited, time spent, click patterns, referring URLs
- Location Data: General geographic location based on IP address
- Cookie Data: Information stored via cookies and similar technologies (see Section 11)
4.3 Information from Third Parties
- Business Partners: Referrals and introductions from professional networks
- Public Sources: Professional information from LinkedIn, company websites
- Service Providers: Analytics and marketing partners
5. Legal Basis for Processing (GDPR)
We process your Personal Data only when we have a valid legal basis:
| Purpose | Legal Basis |
|---|---|
| Provide consulting services | Contract performance |
| Process payments | Contract performance |
| Send service communications | Legitimate interest |
| Marketing communications | Consent |
| Improve our services | Legitimate interest |
| Comply with legal obligations | Legal obligation |
| Protect vital interests | Vital interest |
6. How We Use Your Information
- Service Delivery: Provide, maintain, and improve our consulting and advisory services
- Client Relationship: Manage our relationship, including onboarding and ongoing communication
- Billing & Payments: Process invoices, payments, and financial reconciliation
- Communications: Respond to inquiries, provide support, and send service-related notices
- Marketing: Send newsletters, thought leadership content, and promotional materials (with consent)
- Analytics: Analyze website usage to improve user experience and service offerings
- Security: Detect, prevent, and respond to fraud, security threats, and technical issues
- Legal Compliance: Comply with applicable laws, regulations, and legal processes
- Business Operations: Support internal operations, audits, and corporate governance
7. Data Sharing & Disclosure
We may share your Personal Data with the following categories of recipients:
7.1 Service Providers
- Cloud hosting providers (infrastructure)
- Payment processors (billing)
- Email service providers (communications)
- Analytics providers (website optimization)
- Professional advisors (legal, accounting)
7.2 Legal & Compliance
- Law enforcement or government agencies when required by law
- Courts or tribunals in connection with legal proceedings
- Regulatory authorities for compliance purposes
7.3 Business Transfers
In the event of a merger, acquisition, or sale of assets, your Personal Data may be transferred to the acquiring entity, subject to the same privacy protections.
We do not sell your Personal Data. We do not rent, trade, or otherwise monetize your information to third parties for their marketing purposes.
8. International Data Transfers
Your Personal Data may be transferred to, stored, and processed in countries outside your country of residence, including the United States. When we transfer data internationally, we implement appropriate safeguards:
- Standard Contractual Clauses (SCCs): EU-approved contractual protections
- Data Processing Agreements: Binding agreements with all processors
- Security Measures: Technical and organizational safeguards
- Adequacy Decisions: Transfers to countries with adequate protection levels
You may request a copy of the safeguards we use by contacting our Privacy Officer.
9. Data Retention
We retain Personal Data only as long as necessary for the purposes described in this Policy:
| Data Type | Retention Period |
|---|---|
| Client engagement records | 7 years after engagement ends |
| Financial/tax records | 7 years (legal requirement) |
| Marketing preferences | Until consent withdrawn |
| Website analytics | 26 months |
| Employment applications | 2 years |
10. Security Measures
We implement comprehensive technical and organizational measures to protect your Personal Data:
Technical Safeguards
- TLS 1.3 encryption for data in transit
- AES-256 encryption for data at rest
- Multi-factor authentication (MFA)
- Regular security assessments and penetration testing
- Intrusion detection and prevention systems
- Automated security patching
Organizational Safeguards
- Role-based access controls (least privilege)
- Employee security training and awareness programs
- Incident response and breach notification procedures
- Vendor security assessments
- Regular policy reviews and updates
Breach Notification: In the event of a data breach affecting your Personal Data, we will notify you and relevant authorities as required by applicable law, typically within 72 hours of discovery.
12. Your Privacy Rights
Depending on your jurisdiction, you may have the following rights:
- Right of Access: Obtain confirmation of whether we process your data and receive a copy
- Right to Rectification: Correct inaccurate or incomplete Personal Data
- Right to Erasure: Request deletion of your Personal Data ("right to be forgotten")
- Right to Restriction: Limit how we process your data in certain circumstances
- Right to Portability: Receive your data in a structured, machine-readable format
- Right to Object: Object to processing based on legitimate interests or for direct marketing
- Right to Withdraw Consent: Withdraw consent at any time (without affecting prior processing)
- Right to Lodge a Complaint: File a complaint with a supervisory authority
To Exercise Your Rights: Submit a request to privacy@cichocki.com. We will respond within 30 days (or as required by law). We may request verification of your identity before processing your request.
13. California Privacy Rights (CCPA/CPRA)
California residents have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):
Your California Rights
- Right to Know: Categories and specific pieces of Personal Information collected
- Right to Delete: Request deletion of your Personal Information
- Right to Correct: Correct inaccurate Personal Information
- Right to Opt-Out: Opt out of sale/sharing of Personal Information
- Right to Limit: Limit use of Sensitive Personal Information
- Right to Non-Discrimination: Equal service regardless of exercising rights
Categories of Information Collected
In the preceding 12 months, we have collected: Identifiers, Commercial Information, Internet Activity, Professional Information, and Inferences. We do not sell Personal Information as defined by CCPA.
Submit a Request: Email privacy@cichocki.com with subject "CCPA Request" or call us. Authorized agents may submit requests on your behalf with proper documentation.
14. Children's Privacy
Our services are designed for business professionals and are not directed at children under 16. We do not knowingly collect Personal Data from children. If we learn that we have collected data from a child under 16, we will delete it promptly. If you believe we have collected such data, please contact us immediately.
15. Changes to This Policy
We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or business operations. When we make material changes:
- We will update the "Last Updated" date at the top of this Policy
- We will notify you via email (for clients) or prominent website notice
- We will obtain consent where required by law
We encourage you to review this Policy periodically. Continued use of our services after changes constitutes acceptance of the updated Policy.
16. Contact Us
For privacy-related inquiries, requests, or complaints:
Cichocki LLC
Attn: Privacy Officer
Email: privacy@cichocki.com
We aim to respond to all privacy inquiries within 30 days.
If you are not satisfied with our response, you may lodge a complaint with your local data protection authority.