Legal

Privacy Policy

Effective Date: April 1, 2026 · Last Updated: April 1, 2026

The Medley Consulting ("we," "us," or "our") is committed to protecting the privacy of our clients, employees, and website visitors. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you visit our website or use our services.

1. Information We Collect

We collect information you provide directly, including name, business email address, company name, job title, and any details shared through our contact forms or during engagements.

We automatically collect certain technical data when you visit our website, including IP address, browser type, operating system, referring URLs, pages visited, and timestamps. This data is collected through cookies and similar technologies.

When you access our Client or Employee portals, we collect authentication data through Firebase Authentication, including OAuth tokens from Google and Microsoft identity providers.

2. How We Use Your Information

We use the information we collect to:

- Respond to briefing requests and inquiries - Deliver and manage consulting engagements - Provide access to our Client and Employee portals - Improve our website, services, and user experience - Send relevant communications about our services (with your consent) - Comply with legal obligations and enforce our agreements - Detect, prevent, and address security incidents

3. Data Sharing and Disclosure

We do not sell, rent, or trade your personal information to third parties. We may share information with:

- Service providers who assist in operating our website and services (e.g., Firebase/Google Cloud for hosting and authentication) - Professional advisors including lawyers, auditors, and insurers - Law enforcement or regulatory bodies when required by law - Business partners with your explicit consent

All third-party service providers are contractually obligated to protect your data and use it only for the purposes we specify.

4. Data Security

We implement industry-standard security measures to protect your personal information, including encryption in transit (TLS 1.3), encryption at rest, access controls, and regular security assessments.

Our portal authentication is managed through Firebase Authentication with support for multi-factor authentication, OAuth 2.0 protocols, and enterprise single sign-on (SSO) via Google and Microsoft identity providers.

Despite our efforts, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security of your data.

5. Cookies and Tracking Technologies

We use cookies and similar technologies for:

- Essential cookies: Required for portal authentication and site functionality - Analytics cookies: Google Analytics (with IP anonymization) to understand site usage - Preference cookies: To remember your cookie consent and display preferences

You can manage cookie preferences through our cookie consent banner or your browser settings. Disabling essential cookies may affect portal functionality. For more details, see our Cookie Policy.

6. Data Retention

We retain personal information only as long as necessary to fulfill the purposes described in this policy, or as required by law. Specifically:

- Contact form submissions: 2 years from last interaction - Client engagement data: Duration of engagement plus 7 years - Employee portal data: Duration of employment plus required retention period - Analytics data: 26 months (Google Analytics default) - Authentication logs: 90 days

7. Your Rights

Depending on your jurisdiction, you may have the right to:

- Access the personal data we hold about you - Request correction of inaccurate data - Request deletion of your data (subject to legal obligations) - Object to or restrict processing of your data - Data portability — receive your data in a structured format - Withdraw consent at any time (where processing is based on consent)

To exercise these rights, contact us at legal@themedleyconsulting.com. We will respond within 30 days.

8. International Data Transfers

Our services are hosted on Google Cloud infrastructure. Data may be processed in the United States and other jurisdictions where Google Cloud operates data centers.

For transfers from the European Economic Area (EEA), United Kingdom, or Switzerland, we rely on Standard Contractual Clauses and Google Cloud's compliance certifications.

9. Children's Privacy

Our services are not directed to individuals under 18 years of age. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child, we will delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes by posting the updated policy on this page with a revised effective date. Continued use of our services after changes constitutes acceptance of the updated policy.

11. Contact Us

If you have questions about this Privacy Policy or our data practices, contact us at:

The Medley Consulting Email: legal@themedleyconsulting.com Address: Seattle, WA

Terms of ServiceCookie Policy

We value your privacy

We use essential cookies for site functionality and optional analytics cookies to understand how you use our site. Read our Cookie Policy and Privacy Policy for details.