1. Who We Are
HEA Consulting (“we”, “us”, or “our”) is a consulting firm that provides strategy, AI solutions, custom software platforms, business intelligence, and premium website services. We operate at consultinghea.com.
For any privacy-related questions, contact us at: office@consultinghea.com
2. Information We Collect
We collect information you provide directly to us:
- Contact form submissions: name, email address, phone number, company name, and message content.
- Account registration: email, name, and password (hashed — we never store plain-text passwords).
- Business inquiries: project details, budget information, and service requirements you share with us.
- Communications: emails and messages you send us.
We also collect certain information automatically when you visit our website:
- IP address and approximate location (country/region)
- Browser type and device information
- Pages visited and time spent on site
- Referral source (how you found us)
3. How We Use Your Information
We use the information we collect to:
- Respond to your inquiries and provide the services you request
- Send project proposals, contracts, and invoices
- Manage our client relationship and project delivery
- Send service updates and relevant business communications
- Improve our website and service quality
- Comply with legal obligations
- Detect and prevent fraud and spam
We do not sell your personal information to third parties. We do not use your data for advertising or profiling purposes unrelated to our consulting services.
4. Legal Basis for Processing (GDPR)
If you are located in the European Economic Area, we process your personal data under the following legal bases:
- Contract performance: to fulfill service agreements with you
- Legitimate interests: to respond to inquiries and operate our business
- Consent: when you voluntarily submit your information through our contact forms
- Legal obligation: when required by applicable law
5. How We Share Your Information
We may share your information with trusted third-party service providers who assist us in operating our website and delivering services. These include:
- Supabase — database and authentication infrastructure (data stored in secure cloud)
- Stripe — payment processing (we never store your card details)
- Vercel — website hosting
- Google Workspace — email communications
All third-party providers are contractually required to protect your information and may not use it for their own purposes.
We may also disclose your information if required by law, court order, or to protect the rights and safety of HEA Consulting or others.
6. Data Retention
We retain your personal information for as long as necessary to provide our services and comply with legal obligations. Contact form submissions are retained for up to 3 years. Client data is retained for the duration of our business relationship plus 5 years for legal and accounting purposes.
7. Your Rights
Depending on your location, you may have the following rights regarding your personal data:
- Access: request a copy of the personal data we hold about you
- Correction: request correction of inaccurate or incomplete data
- Deletion: request deletion of your personal data (“right to be forgotten”)
- Restriction: request that we limit how we use your data
- Portability: receive your data in a structured, machine-readable format
- Objection: object to processing based on legitimate interests
To exercise any of these rights, contact us at office@consultinghea.com. We will respond within 30 days.
8. Cookies
Our website uses essential cookies required for basic functionality (authentication sessions, security). We do not use tracking cookies or third-party advertising cookies without your explicit consent.
9. Security
We implement industry-standard security measures including encrypted data transmission (HTTPS/TLS), hashed passwords, row-level security in our database, and access controls. While we take reasonable precautions, no method of transmission over the internet is 100% secure.
10. Children's Privacy
Our services are intended for businesses and professionals. We do not knowingly collect personal information from individuals under 18 years of age. If you believe a minor has submitted information to us, contact us immediately and we will delete it.
11. International Data Transfers
HEA Consulting operates globally. Your data may be processed and stored in servers located in the United States, Mexico, or European Union via our third-party providers. We ensure appropriate safeguards are in place for any international transfers.
12. Changes to This Policy
We may update this Privacy Policy from time to time. When we do, we will update the effective date at the top and, for material changes, notify you by email or prominent website notice. Continued use of our services after changes constitutes acceptance of the updated policy.
13. Contact Us
If you have questions about this Privacy Policy or how we handle your data, please contact: