Privacy Policy.
How IA Consulting Major collects, processes, and protects personal information — in plain language, compliant with GDPR, UK GDPR, and CCPA.
Last updated · 22 April 2026 · Version 1.0
1. Who we are
IA Consulting Major (“IACM”, “we”, “our”, “us”) is a professional services firm providing AI marketing consulting. Our registered office is 8 The Green Ave, Dover, Delaware 19901, United States.
For any question about this policy or your personal data, contact us at [email protected].
2. Scope of this policy
This policy applies to personal data we collect through this website (iaconsultmaj.com) and when you correspond with us or engage our services. It does not apply to personal data we process as a data processor on behalf of our clients — that processing is governed by our Data Processing Agreements with those clients.
3. What data we collect
| Category | Examples | Source |
|---|---|---|
| Contact data | Name, email, company, role, phone (if provided) | You, via email or contact form |
| Correspondence | Email content, meeting notes, proposals exchanged | You and us, during conversations |
| Engagement data | Company details, brief specs, business data shared for scoping | You, during discovery |
| Technical data | IP address, browser, device, OS, referrer, pages visited, session timestamps | Automatically via web server logs & third-party services (see §5) |
We do not collect payment card data directly — invoicing and payments are handled by our bank and accounting provider under their own policies.
4. Why we process it (purposes & legal bases)
- Respond to inquiries & deliver services — legal basis: performance of a contract or pre-contractual steps at your request (GDPR Art. 6(1)(b)).
- Protect our site & investigate abuse — legal basis: legitimate interest in securing our infrastructure (Art. 6(1)(f)).
- Comply with legal, tax, and accounting obligations — legal basis: legal obligation (Art. 6(1)(c)).
- Send commercial updates (if you have opted in) — legal basis: consent (Art. 6(1)(a)). You can withdraw consent at any time.
5. Third-party services & international transfers
The following third parties process personal data on our behalf or as independent controllers. Most are located in the United States; transfers rely on Standard Contractual Clauses (SCCs), the EU-US Data Privacy Framework where applicable, and supplementary measures.
| Provider | Role | Location |
|---|---|---|
| Cloudflare, Inc. | Pages hosting, DNS, CDN, DDoS protection, email routing ([email protected]), and Web Analytics for privacy-preserving page-view counts (no cookies, no persistent identifier, aggregated only) | USA / global edge |
| GitHub, Inc. | Source repository & build pipeline for the website | USA |
| Google LLC (Fonts) | Web font delivery (Geist, Instrument Serif, JetBrains Mono) | USA |
| Formspree, Inc. | Discovery-call form submission processing & email delivery | USA |
| country.is | One-time country detection from IP (used to pre-select the phone-input country code on the booking page). No cookies, no persistent identifier. | USA |
| Email inbox provider | Receipt and storage of business correspondence | USA |
This site uses Cloudflare Web Analytics for aggregated, privacy-preserving page-view counts only — no cookies are set, no cross-site tracking is performed, and no persistent identifier is attached to visitors. The site does not use Google Analytics, advertising pixels, retargeting, or marketing trackers. Google Fonts receives your IP address when fonts are loaded — no cookies are set by Google Fonts directly.
6. Cookies & local storage
We do not set tracking, analytics, or advertising cookies. The site uses a single localStorage entry (iacm_cookie_ack) to remember that you have seen our privacy notice — it contains no personal data and never leaves your device.
7. How long we keep data
- Inquiries that do not lead to engagement: up to 24 months, then deleted.
- Active client engagement records: for the duration of the engagement and 7 years thereafter (statutory accounting retention).
- Server logs: up to 90 days.
- Marketing consent records: until you withdraw consent; evidence of consent is retained for 3 years after withdrawal.
8. Your rights
Under GDPR, UK GDPR, and CCPA, you have rights over your personal data. These include:
- Access — obtain a copy of the personal data we hold about you.
- Rectification — correct inaccurate or incomplete data.
- Erasure (“right to be forgotten”) — request deletion where legally possible.
- Restriction — limit our processing in specific circumstances.
- Portability — receive your data in a machine-readable format.
- Objection — object to processing based on legitimate interest or for direct marketing.
- Withdrawal of consent — at any time, without affecting the lawfulness of processing before withdrawal.
- Complaint — lodge a complaint with your supervisory authority (e.g. CNIL in France, ICO in the UK, BfDI in Germany).
To exercise any right, email [email protected]. We respond within one month.
9. Security
We maintain technical and organizational measures appropriate to the risks — including encryption in transit (TLS 1.2+), access controls, least-privilege principles, and regular review of processors. No online transmission is ever 100% secure; we will notify affected individuals and competent authorities of breaches as required by law.
10. Children
This site and our services are intended exclusively for business users over 18. We do not knowingly collect personal data from children.
11. Changes to this policy
We may update this policy to reflect changes in our practices or the law. The “Last updated” date at the top reflects the most recent revision. Material changes will be communicated via the site or, where appropriate, by email.
12. Contact
IA Consulting Major
8 The Green Ave
Dover, Delaware 19901, United States
[email protected]