Mindstream Privacy Policy

Mindstream Consulting LLC (“Mindstream,” “we,” “us,” or “our”) respects your privacy. This policy explains what personal information we collect through our website, client services, and other business activities, how we use and protect it, and the rights you have. It applies to website visitors, prospective and current clients, and the officers and employees of our clients (each a “contact”).

Information We Collect

We collect personal information directly from you, automatically when you use our website, and from our clients while providing services.

Information You Provide

• Contact details such as name, job title, employer, business address, telephone number, and email.
• Information submitted through website forms, including inquiries, RFPs, and event registrations.
• Correspondence and other communications you send us.

Information Collected Automatically

• Technical data such as IP address, browser type, device identifiers, operating system, referring URLs, and pages viewed.
• Usage data collected through cookies and similar technologies.

Information We Receive From Clients

In providing consulting services, our clients may share personal information about their officers, employees, customers, or other individuals. We process that information on the client’s behalf and in accordance with our agreements with them.

How We Use Your Information

• To provide and administer the services described in our agreements with clients.
• To communicate about engagements, projects, invoices, and other business matters.
• To send industry updates and other communications that may be of interest (you may opt out at any time).
• To operate, maintain, and improve our website and services.
• To comply with legal, regulatory, and contractual obligations.
• To detect, prevent, and respond to security incidents, fraud, and other unlawful activity.

Legal Bases for Processing

Where required by applicable law (such as the EU GDPR), we rely on one or more of the following:

• Performance of a contract with you or with the client that employs or represents you.
• Compliance with our legal obligations.
• Our legitimate business interests, such as operating, marketing, and securing our business, where not overridden by your rights.
• Your consent, where required.

How We Share Your Information

We do not sell your personal information. We share it only in these limited circumstances:

• With our personnel, contractors, and service providers who need access to perform services on our behalf and are bound by confidentiality and data protection obligations.
• With our clients, when we are processing personal information on their behalf.
• When required by law, regulation, subpoena, court order, or other legal process, or to protect the rights, property, or safety of Mindstream, our clients, or others.
• In connection with a merger, acquisition, financing, or sale of assets, subject to appropriate confidentiality protections.

We may also use aggregated or de-identified data, including industry benchmarks generated from client engagements, in a form that does not identify any individual or client.

How We Protect Your Information

Mindstream maintains an internal data classification policy that categorizes information as Public, Internal, Confidential, or Protected. Personal information is treated as Confidential or Protected and is subject to the strictest controls. Our safeguards include:

• Storing personal information only in approved, Mindstream-managed enterprise repositories (such as our Microsoft 365, Box, and Salesforce environments) — never on personal cloud accounts, personal devices, or removable media.
• Encrypting sensitive data at rest and requiring secure channels for sharing Confidential and Protected information.
• Restricting access to authorized personnel who have completed background checks, security training, and signed our security and acceptable-use agreements.
• Monitoring, logging, and auditing access to systems containing personal information, with regular backups and integrity checks.

No method of transmission or storage is completely secure, and we cannot guarantee absolute security.

Security Breach Notification

We promptly investigate any allegation of unauthorized access to, use of, or disclosure of personal information and comply with all applicable breach notification laws. For a suspected or actual breach involving client data we process, we will notify the affected client as soon as commercially reasonable, and no later than fifteen (15) days after we suspect or have knowledge of the breach.

Data Retention

We retain personal information only as long as needed to fulfill the purposes for which it was collected, comply with our legal, regulatory, contractual, and archival obligations, and resolve disputes. Personal information collected from a client remains the property of that client. Upon a client’s request, we will return the data in a mutually agreed format within thirty (30) days and delete remaining copies, except where retention is required by law or for legitimate archival purposes.

International Data Transfers

Mindstream is headquartered in the United States. If you access our website or provide information from outside the U.S., your information may be transferred to, stored, and processed in the U.S. or other jurisdictions where we or our service providers operate. We take steps to ensure such transfers comply with applicable privacy laws.

Your Privacy Rights

Depending on where you live and applicable law, you may have rights regarding your personal information, including the right to:

• Access, correct, or update your personal information.
• Request deletion, subject to legal and contractual exceptions.
• Object to or restrict certain processing, including direct marketing.
• Receive your data in a portable format.
• Withdraw consent, where processing is based on consent.
• Lodge a complaint with a supervisory authority.

Residents of California, the EU/EEA, the United Kingdom, and other jurisdictions with applicable privacy laws (including the CCPA and GDPR) may have additional rights. We do not sell personal information as defined under the CCPA.

To exercise these rights, contact us using the information in the “Contact Us” section. If we are processing personal information on a client’s behalf, we may direct your request to that client.

Cookies and Similar Technologies

Our website uses cookies and similar technologies to operate the site, remember your preferences, analyze traffic, and improve your experience. You can manage cookies through your browser settings; disabling certain cookies may affect site functionality.

Third-Party Websites

Our website may contain links to third-party sites not operated by Mindstream. This policy does not apply to those sites, and we are not responsible for their content or practices. We encourage you to review their privacy policies.

Children’s Privacy

Our website and services are intended for business use and are not directed to children under 16. We do not knowingly collect information from children. If you believe we have, please contact us so we can delete it.

Changes to This Policy

We may update this policy from time to time. The “Last Updated” date above indicates when it was most recently revised. Material changes will be communicated through our website or other appropriate channels. This policy is governed by the laws of the State of Texas, without regard to its conflict-of-laws principles, except where applicable privacy laws require otherwise.

Contact Us

For privacy-related inquiries, including data protection requests, please email szulu@mindstreamco.com.

If you have questions about this policy, want to opt out of correspondence, or wish to exercise any of your privacy rights, you may also contact:

Joseph Garcia, President
Mindstream Consulting LLC
17806 Interstate 10 West, Suite 300
San Antonio, TX 78257
Telephone: +1 (210) 819-7306
Email: jgarcia@mindstreamco.com