OAKSPIRE

Privacy Policy

Oakspire Strategy Collective LLC ("Company," "we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website, engage our brand and business consulting services, communicate with us, or interact with our digital properties. Please read this policy carefully. By accessing our website or providing information to us, you consent to the practices described herein. If you do not agree with this Privacy Policy, do not use our website or services.

1. Scope and Applicability

This Privacy Policy applies to all information collected through our website, email communications, consulting engagements, contact forms, phone calls, video conferences, and any other interactions with Oakspire Strategy Collective LLC. It does not apply to third-party websites, applications, or services that may be linked from our site, even if those third parties provide services to us. We encourage you to review the privacy policies of any third-party sites you visit.

2. Information We Collect

We collect several categories of information from and about you, depending on how you interact with us:

2.1 Personal Identifiers

When you contact us, request a proposal, or engage our consulting services, we may collect: full name, email address, telephone number, mailing address, company name, job title, and professional credentials. This information is provided voluntarily by you.

2.2 Business and Consulting Information

As part of our brand and business consulting engagements, we may collect: business strategies, financial models, market research data, customer information, operational processes, organizational charts, competitive analyses, intellectual property disclosures, and other proprietary business information. This information is treated as Confidential Information under our Terms of Service and is protected accordingly.

2.3 Automatic Data Collection (Cookies and Tracking)

When you visit our website, we automatically collect certain information about your device and browsing activity, including: IP address, browser type and version, operating system, referral URLs, pages visited, time and date of visits, time spent on pages, clickstream data, and other diagnostic data. We use cookies, web beacons, and similar tracking technologies to collect this information.

2.4 Cookie Types and Purposes

Our website uses the following categories of cookies:

Cookie Category Purpose Duration Opt-Out Available
Strictly Necessary Cookies Essential for website functionality, security, navigation, and access to protected areas. Without these cookies, services you request (such as submitting contact forms) cannot be provided. Session to 1 year No — required for operation
Performance/Analytics Cookies Collect aggregated data about how visitors use our site (pages visited, time on site, error messages) to improve performance. We use Google Analytics for this purpose. 14 to 26 months Yes — via browser settings or Google Analytics opt-out add-on
Functional Cookies Remember your preferences, language settings, and past interactions to enhance your user experience. 6 months Yes — may affect site functionality
Marketing/Targeting Cookies Track browsing activity across websites to deliver relevant advertisements about our consulting services. These are set only with your explicit consent via cookie banner. 90 days Yes — via cookie banner or ad settings
Table 1: Cookie categories used on Oakspire Strategy Collective website.

2.5 Email and Communication Data

When you communicate with us via email, phone, video conference, or chat, we may retain records of those communications, including metadata (timestamps, duration) and content, to provide services, improve our offerings, and maintain records of our relationship.

3. How We Use Your Information

We use the information we collect for the following business purposes:

  • To Provide Consulting Services: Deliver brand strategy, business advisory, market analysis, strategic planning, and other consulting deliverables as outlined in your engagement agreement.
  • To Communicate With You: Respond to inquiries, provide proposals, send engagement updates, invoices, administrative information, and appointment confirmations.
  • To Improve Our Website and Services: Analyze usage patterns, troubleshoot technical issues, enhance user experience, and develop new consulting offerings.
  • Marketing and Outreach: Send newsletters, case studies, thought leadership content, event invitations, and information about our services that may interest you. You may opt out of marketing communications at any time by clicking "unsubscribe" or contacting us directly.
  • Legal Compliance and Protection: Comply with applicable laws, regulations, legal processes, or governmental requests; enforce our Terms of Service; detect and prevent fraud, security incidents, or prohibited activities; and protect the rights, property, or safety of Oakspire, our clients, or others.
  • Business Operations: Process payments, manage billing, maintain internal records, conduct audits, and perform accounting functions.

4. Legal Bases for Processing (GDPR Compliance)

For individuals located in the European Economic Area (EEA), the United Kingdom, or Switzerland, we process your personal data based on the following legal grounds under the General Data Protection Regulation (GDPR):

  • Performance of a Contract (Article 6(1)(b)): Processing necessary to perform consulting services under our engagement agreement, including communication, delivery of deliverables, and invoicing.
  • Legitimate Interests (Article 6(1)(f)): Processing necessary for our legitimate business interests, including website security, analytics, direct marketing (with opt-out rights), fraud prevention, and business improvement. We balance our interests against your rights and ensure no undue impact on your privacy.
  • Consent (Article 6(1)(a)): Processing based on your explicit consent for optional cookies, marketing communications, or data sharing where required. You may withdraw consent at any time.
  • Legal Obligations (Article 6(1)(c)): Processing necessary to comply with applicable laws, tax regulations, record-keeping requirements, or court orders.

5. Data Retention Schedule

We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected, including satisfying legal, accounting, or reporting requirements. Our retention periods are as follows:

Data Category Retention Period Rationale
Consulting Engagement Records (SOW, invoices, communications) 7 years after engagement completion Legal, tax, audit, and potential dispute resolution requirements
Website Analytics Data (aggregated, anonymized) 26 months (Google Analytics retention) Performance analysis and user experience improvement
Contact Form Inquiries (non-client) 2 years from last contact Follow-up, business development, and relationship management
Newsletter Subscriber Data Until unsubscribe or 3 years of inactivity Marketing consent and legitimate interest
Cookie Consent Preferences 12 months Compliance with ePrivacy Directive and GDPR
Payment and Billing Information 7 years Tax and accounting legal obligations
Prospective Client Proposals (non-engaged) 3 years Business development and follow-up
Table 2: Data retention periods for different categories of information.

After the retention period expires, we will securely delete or anonymize your personal information. In some cases, we may retain certain information for longer periods if required by law, regulation, or litigation hold orders.

6. How We Share Your Information

We do not sell, rent, or trade your personal information to third parties for monetary or other valuable consideration. We may share your information in the following limited circumstances:

  • Service Providers and Subcontractors: We engage trusted third-party vendors to assist with our business operations, including website hosting (e.g., AWS, Netlify), analytics (Google Analytics), email marketing (e.g., Mailchimp, HubSpot), payment processing (e.g., Stripe, Square), customer relationship management (CRM), and document storage. These service providers have access to your information only to perform tasks on our behalf and are contractually obligated to maintain confidentiality and security.
  • Professional Advisors: We may share information with our legal counsel, accountants, auditors, insurers, and other professional advisors as necessary to protect our interests, obtain advice, or comply with legal obligations.
  • Legal Compliance and Enforcement: We may disclose information if required to do so by law, subpoena, court order, or governmental regulation, or if we believe in good faith that such disclosure is necessary to: (a) comply with legal processes; (b) enforce our Terms of Service; (c) respond to claims that any content violates third-party rights; (d) protect the rights, property, or safety of Oakspire, our clients, or the public; or (e) detect, prevent, or address fraud, security, or technical issues.
  • Business Transfers: In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or substantially all of our assets, your information may be transferred to the successor entity. We will provide notice before your information becomes subject to a different privacy policy.
  • With Your Consent: We may share your information for any other purpose disclosed to you and with your explicit consent.

7. International Data Transfers

Oakspire Strategy Collective LLC is headquartered in the United States. Your information may be transferred to, stored, and processed in the United States or other countries where our service providers operate. These countries may have data protection laws that differ from those in your country of residence. If you are located in the EEA, UK, or Switzerland, we ensure appropriate safeguards are in place for such transfers, including:

  • Standard Contractual Clauses (SCCs): We enter into European Commission-approved SCCs with our data processors and subprocessors to provide adequate protection for personal data transferred outside the EEA.
  • Data Processing Agreements (DPAs): We maintain DPAs with all third-party service providers that process personal data on our behalf, requiring them to implement appropriate security measures and comply with applicable data protection laws.

By using our website or services, you acknowledge and consent to the transfer of your information to the United States and other jurisdictions as described in this Privacy Policy.

8. Data Security

We implement and maintain reasonable administrative, technical, and physical security measures designed to protect your personal information from unauthorized access, use, alteration, disclosure, or destruction. These measures include:

  • Encryption: Industry-standard encryption protocols for data transmission (TLS/SSL) and at-rest encryption for stored data.
  • Access Controls: Role-based access restrictions, strong authentication requirements, and regular access reviews.
  • Security Audits: Periodic vulnerability assessments, penetration testing, and security audits of our systems and applications.
  • Employee Training: Regular privacy and security training for all personnel who handle personal information.
  • Incident Response: A documented incident response plan to address potential data breaches or security events.

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee its absolute security. In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify you and applicable regulatory authorities as required by law.

9. Your Privacy Rights

Depending on your jurisdiction of residence, you may have certain rights regarding your personal information. We are committed to respecting and facilitating the exercise of these rights.

9.1 Rights Under the GDPR (EEA, UK, Switzerland)

If you are located in the European Economic Area, United Kingdom, or Switzerland, you have the following rights under the GDPR:

  • Right to Access (Article 15): You may request confirmation of whether we process your personal data and obtain a copy of that data.
  • Right to Rectification (Article 16): You may request correction of inaccurate or incomplete personal data.
  • Right to Erasure (Right to be Forgotten) (Article 17): You may request deletion of your personal data under certain circumstances, such as when the data is no longer necessary for the purposes for which it was collected.
  • Right to Restriction of Processing (Article 18): You may request restriction of processing while we verify the accuracy of your data or the lawfulness of our processing.
  • Right to Data Portability (Article 20): You may request a copy of your personal data in a structured, commonly used, machine-readable format and transmit it to another controller.
  • Right to Object (Article 21): You may object to processing based on legitimate interests, including direct marketing.
  • Right to Withdraw Consent: If processing is based on consent, you may withdraw that consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
  • Right to Lodge a Complaint: You have the right to lodge a complaint with your local supervisory authority (e.g., ICO for the UK, CNIL for France, or the data protection authority of your country).

9.2 Rights Under the CCPA/CPRA (California Residents)

If you are a resident of California, the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA) provides you with the following rights:

  • Right to Know: You may request disclosure of: (a) categories of personal information collected; (b) sources of collection; (c) business purpose for collection; (d) categories of third parties with whom we share information; and (e) specific pieces of personal information we have collected about you.
  • Right to Delete: You may request deletion of your personal information, subject to certain exceptions (e.g., completing a transaction, legal compliance, security purposes).
  • Right to Correct: You may request correction of inaccurate personal information.
  • Right to Opt-Out of Sale/Sharing: We do not sell your personal information for monetary or other valuable consideration. For targeted advertising purposes (sharing), we provide opt-out via cookie consent mechanisms.
  • Right to Limit Use of Sensitive Personal Information: We do not collect sensitive personal information (e.g., SSN, driver's license, precise geolocation) for purposes other than providing services, and we do not use it for inferring characteristics.
  • Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights, including denying services, charging different rates, or providing a different level of service.

California residents may also request, once per year, a notice of categories of personal information disclosed to third parties for direct marketing purposes. We do not disclose personal information to third parties for their own direct marketing purposes without your consent.

9.3 How to Exercise Your Rights

To exercise any of the above rights, please submit a verifiable request to us by:

To protect your privacy, we will verify your identity before responding to your request. Verification may require providing information matching our records or confirming previous interactions. We will respond to all legitimate requests within 30 days (or as required by applicable law). If we need additional time, we will notify you of the extension. There is no fee for making a verifiable request unless it is excessive, repetitive, or manifestly unfounded.

10. Children's Privacy

Our website and consulting services are directed to business professionals and adult users. We do not knowingly collect personal information from children under the age of 16. If you are a parent or guardian and believe your child under 16 has provided us with personal information, please contact us immediately. If we become aware that we have collected personal information from a child under 16 without verification of parental consent, we will take steps to delete that information promptly.

11. Third-Party Links and Services

Our website may contain links to third-party websites, plug-ins, applications, or services that are not owned or controlled by Oakspire Strategy Collective. This Privacy Policy does not apply to information collected by any third party. We encourage you to read the privacy policies of every website you visit. We are not responsible for the privacy practices or content of third-party sites, even if you access them through links on our website.

12. Do Not Track Signals

Some web browsers incorporate a "Do Not Track" (DNT) feature that signals to websites that you do not wish to have your online activity tracked. Our website currently does not respond to DNT signals because no uniform standard for DNT has been adopted. However, you may opt out of certain tracking by adjusting your cookie preferences or using browser settings.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or operational needs. The "Effective Date" at the top of this page indicates when the policy was last revised. Material changes to this Privacy Policy will be communicated by:

  • Posting a prominent notice on our website prior to the change becoming effective;
  • Sending an email notification to the address associated with your account (if you have provided one); or
  • Other means as required by applicable law.

Your continued use of our website or services after any changes become effective constitutes your acceptance of the revised Privacy Policy. If you do not agree with the changes, you must stop using our website and services.

14. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data handling practices, please contact our Data Protection Officer (DPO) or Privacy Team at:

Oakspire Strategy Collective LLC
Attn: Privacy Officer
1090 Cherokee ST
Biloxi, MS 39530
United States

Email: info@oakspirestrategycoll.org
Phone: +1 (956) 324-1370

For data protection inquiries specific to the European Union, you may also contact our EU Representative (if appointed) by emailing eu-rep@oakspirestrategycoll.org.

This Privacy Policy is intended to provide transparent information about our data handling practices. We are committed to protecting your privacy and will continue to update this policy as necessary to reflect best practices and legal requirements. Last reviewed and updated: May 27, 2026.