Privacy Policy

1. Information We Collect

We collect several types of information in order to provide and improve our Services.

1.1 Information You Provide Directly

Contact and Inquiry Information:

• Name, title, email address, and phone number
• Company name, website, and industry sector
• Company size (optional)
• The content of messages submitted through our contact form

Engagement and Consulting Information:

• Information you share during discovery calls or consulting engagements
• Documentation related to your technology infrastructure, AI systems, or compliance posture
• Any other information you voluntarily provide during the course of our work together

Communications:

• Email correspondence and support requests
• Feedback and survey responses
• Scheduling information via Calendly

1.2 Information Collected Automatically

When you visit our website, we automatically collect:

Usage Data:

• Pages visited, links clicked, and features used
• Time and date of visits and session duration
• Referring website or source

Device and Technical Information:

• IP address and approximate geographic location
• Browser type, version, and settings
• Operating system and device type
• Screen resolution and language preferences

See Section 8 for more information on cookies and tracking technologies.

1.3 Information from Third Parties

We may receive limited information about you from:

• LinkedIn: Publicly available profile information when you engage with our LinkedIn presence or outreach
• Analytics Providers: Aggregate and demographic information about website visitors
• Public Sources: Publicly available information about your organization for purposes of outreach relevance

2. How We Use Your Information

2.1 To Provide and Maintain Services

• Respond to inquiries and schedule consultations
• Deliver consulting engagements and related deliverables
• Manage ongoing client relationships and retainer arrangements
• Process scheduling through Calendly and similar tools

2.2 To Communicate With You

• Respond to your questions and support requests
• Send project updates, meeting confirmations, and follow-ups
• Deliver newsletters, regulatory updates, and educational content (with your consent)
• Share important changes to our services or policies

2.3 To Improve Our Services

• Analyze website usage to optimize performance and content
• Understand how visitors find and engage with our site
• Develop new service offerings and resources

2.4 For Marketing and Business Development

• Conduct outreach to prospective clients in our target market
• Share relevant thought leadership and regulatory updates
• Track and analyze outreach campaign effectiveness

2.5 For Security and Compliance

• Detect and prevent fraud, abuse, and security threats
• Comply with legal obligations and regulatory requirements
• Protect our rights and the rights of third parties
• Respond to legal requests as required by law

3. How We Share Your Information

We may share your information in the following limited circumstances:

3.1 Service Providers

We share information with trusted third-party service providers who help us operate our business:

• Website Hosting: Cloudflare Pages hosts our website infrastructure
• Analytics: Google Analytics (GA4) helps us understand website usage
• Email and CRM: Apollo.io manages outreach communications and contact records
• LinkedIn Automation: Prosp manages LinkedIn connection and messaging sequences
• Scheduling: Calendly manages meeting bookings and reminders
• Form Processing: Web3Forms processes contact form submissions
• AI Assistance: Claude (Anthropic) and ChatGPT (OpenAI) assist with content generation and analysis under human oversight

These service providers are bound to protect your information and use it only for the purposes we specify.

3.2 Business Transfers

If Hobbs Advisory Group is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you before your information becomes subject to a different privacy policy.

3.3 Legal Requirements

We may disclose your information when required by law or in response to:

• Valid legal process (subpoenas, court orders, search warrants)
• Government or regulatory inquiries
• Protection of our rights, property, or safety
• Prevention of fraud or illegal activity

3.4 Aggregated or De-identified Information

We may share aggregated, anonymized, or de-identified information that cannot reasonably be used to identify you, for research, marketing, analytics, or other business purposes.

4. Data Security

4.1 Security Measures

We implement industry-standard security measures to protect your information:

• Encryption of data in transit using TLS/SSL protocols
• Secure authentication and access controls
• Limited access to personal information on a need-to-know basis
• Use of reputable, security-conscious third-party service providers

4.2 Limitations

While we implement reasonable security measures, no method of transmission or electronic storage is 100% secure. We cannot guarantee the absolute security of your information. You are responsible for maintaining the confidentiality of any account credentials you use to communicate with us.

5. Data Retention

5.1 Active Client Relationships

We retain your information for the duration of our engagement and for a reasonable period thereafter to allow for follow-up, renewal, or referrals.

5.2 General Retention Practices

After a relationship concludes, we retain records in accordance with Georgia law and sound business practice:

• Basic contact information for historical records
• Engagement documentation and deliverables
• Financial and billing records for tax and accounting purposes
• Email correspondence and communications

Our goal is to retain data for the shortest period necessary while meeting our legal and business obligations.

5.3 Deletion Requests

If you request deletion of your personal information, we will delete or anonymize it within 30 days, except where retention is required by law, for fraud prevention, or to resolve disputes.

5.4 Backup Systems

Information may persist in backup systems for up to 90 days after deletion from active systems.

6. Your Privacy Rights

Depending on your location, you may have the following rights regarding your personal information:

6.1 Access and Portability

You have the right to request a copy of the personal information we hold about you in a structured, commonly used, machine-readable format.

6.2 Correction

You have the right to request correction of inaccurate or incomplete personal information. Contact us directly and we will update your records promptly.

6.3 Deletion

You have the right to request deletion of your personal information, subject to certain exceptions such as legal obligations, fraud prevention, or dispute resolution.

6.4 Opt-Out of Marketing

You can opt out of marketing communications at any time by clicking the unsubscribe link in any marketing email or by contacting us at [email protected]. Note that transactional emails related to an active engagement cannot be opted out of during the engagement period.

6.5 How to Exercise Your Rights

To exercise any of these rights, contact us using the information in Section 14. We will respond to verified requests within 30 days, or as required by applicable law. We may request additional information to verify your identity before processing certain requests.

6.6 Right to Lodge a Complaint

If you believe we have not adequately addressed your privacy concerns, you have the right to lodge a complaint with your local data protection authority.

7. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA).

7.1 Categories of Information Collected

In the past 12 months, we have collected the following categories of personal information:

• Identifiers (name, email address, IP address)
• Commercial information (engagement history, service details)
• Internet activity (website usage and browsing behavior)
• Professional information (company details, job title)

7.2 Right to Know

You have the right to request disclosure of: (a) the categories and specific pieces of personal information we collected about you; (b) the categories of sources; (c) the business or commercial purpose for collecting; (d) the categories of third parties with whom we share; and (e) how we use the information.

7.3 Right to Delete

You have the right to request deletion of personal information we collected from you, subject to certain exceptions.

7.4 Right to Opt-Out of Sale

7.5 Right to Non-Discrimination

We will not discriminate against you for exercising your CCPA rights. You will not receive different pricing, quality of service, or have services denied because you exercised your rights.

7.6 Authorized Agent

You may designate an authorized agent to make requests on your behalf. We may require verification of your identity and written authorization before processing the agent's request.

8. Cookies and Tracking Technologies

8.1 What Are Cookies

Cookies are small text files placed on your device when you visit our website. They help us recognize returning visitors, understand how the site is used, and improve your experience.

8.2 Types of Cookies We Use

Essential Cookies: Required for basic website functionality including navigation and security. These cannot be disabled.

Performance Cookies: Help us understand how visitors use our website by collecting anonymous analytics data.

Functional Cookies: Remember your preferences and settings to personalize your experience.

8.3 Third-Party Cookies

We use third-party services that may set cookies on your device:

• Google Analytics (GA4) for website traffic and behavior analysis
• LinkedIn Insight Tag for outreach analytics
• Calendly for scheduling functionality

8.4 Managing Cookies

You can control and delete cookies through your browser settings. However, disabling certain cookies may limit your ability to use some features of our website. Most browsers allow you to block all cookies, block third-party cookies only, receive notifications when cookies are set, or delete cookies after each session.

8.5 Do Not Track

Our website does not currently respond to "Do Not Track" browser signals. We will update this policy if we implement Do Not Track functionality in the future.

9. International Data Transfers

Our Services are operated from the United States. If you are located outside the United States, your information will be transferred to and processed in the United States, where data protection laws may differ from those in your country.

By using our Services, you consent to the transfer of your information to the United States. For users in the European Economic Area (EEA), United Kingdom, or Switzerland, we implement appropriate safeguards for international data transfers, including standard contractual clauses where applicable.

10. Children's Privacy

Our Services are directed to business professionals and are not intended for individuals under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that we have collected personal information from a child under 18 without parental consent, we will take steps to delete such information promptly.

If you believe we have collected information from a child under 18, please contact us at [email protected].

11. Third-Party Links and Services

Our website may contain links to third-party websites, services, or resources. This Privacy Policy does not apply to those third-party sites. We are not responsible for the privacy practices of third-party websites and encourage you to review their privacy policies before submitting personal information. Links to third-party sites do not constitute an endorsement by Hobbs Advisory Group.

12. AI Usage and Transparency

12.1 Our AI Practices

As a firm specializing in AI governance, we practice what we advise. We use artificial intelligence tools in certain aspects of our operations, including:

• Content generation and analysis: Claude (Anthropic) as our primary AI assistant, with human review of all outputs
• Secondary review and research: ChatGPT (OpenAI) for supplemental analysis
• Outreach and communications: Apollo.io for email sequencing and contact intelligence
• LinkedIn outreach: Prosp for connection and messaging automation

All AI-assisted content and decisions are subject to human review and oversight. Our complete AI Usage Policy is available at hobbsadvisorygroup.com/ai-policy.

12.2 AI and Your Data

When we use AI systems that may process your personal information:

• We ensure appropriate data protection measures are in place with each provider
• We maintain human oversight for all significant decisions
• We do not use client data to train third-party AI models
• We implement safeguards against bias and unfair outcomes in our own AI-assisted processes

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by:

• Posting a prominent notice on our website
• Sending an email to the address associated with your account or engagement
• Updating the "Effective Date" at the top of this policy

Material changes will take effect 30 days after notification. Your continued use of our Services after changes take effect constitutes acceptance of the updated Privacy Policy. We encourage you to review this Privacy Policy periodically.

14. Contact Information

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Document Version: 1.0  |  Effective Date: June 11, 2026  |  Governing Law: Georgia
© 2026 Hobbs Consulting Group LLC d/b/a Hobbs Advisory Group. All rights reserved.