Effective Date: August 23, 2025

HALEY blueprint – a division of HALEY Consulting and Advisory Services (“we,” “our,” or “us”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website. Please read this policy carefully. By using the Site, you agree to the practices described in this Privacy Policy.

1. Information We Collect

We may collect personal information that you voluntarily provide to us, including:

• Personal Data: Name, email address, phone number, company name, billing details, and any other details you provide through forms or communications.
• Usage Data: Information about how you access and use the Site, including your IP address, browser type, operating system, and pages viewed.
• Cookies and Tracking Technologies: We may use cookies and similar technologies to collect information about your browsing behavior on our Site.
• CCPA/CPRA Categories of Personal Information: We may collect identifiers, commercial information (billing or subscription data), internet activity (logs, cookies), professional information, and in some cases sensitive personal information (e.g., billing identifiers).

2. How We Use Your Information

We use the information we collect for the following purposes:

• To Provide Services: Process inquiries, subscriptions, billing, respond to requests, and deliver services you have requested.
• Improve the Site: Analyze user behavior to improve the design, content, and functionality of the Site.
• Communications: Send you newsletters, updates, marketing materials, or other information you may be interested in, with your consent.
• Compliance: Comply with legal obligations, resolve disputes, and enforce our agreements.
• CCPA/CPRA Purposes of Collection: Billing, authentication, fraud prevention, account management, and customer support.

3. Legal Bases for Processing (GDPR/UK GDPR)

If you are located in the EU, UK, or EEA, we rely on the following legal bases to process your personal data:

• Performance of a contract (subscription, billing, and service delivery).
• Compliance with a legal obligation.
• Legitimate interests (e.g., Site security, fraud prevention).
• Consent (e.g., marketing communications, cookies).

4. Sharing Your Information

We do not sell, trade, or rent your personal information. We may share your information with third parties under the following circumstances:

• Service Providers: With trusted partners who assist us in operating the Site or providing services to you, under confidentiality agreements.
• Legal Requirements: When required by law or to protect our legal rights.
• Business Transfers: In the event of a merger, acquisition, or sale of our business, your information may be part of the transferred assets.
• Data Transfers (GDPR/UK GDPR): If your data is transferred outside the EU/UK (e.g., to the U.S.), we rely on Standard Contractual Clauses (SCCs) or equivalent safeguards to ensure adequate protection.
• CCPA/CPRA “Do Not Sell or Share”: We confirm we do not sell or share your personal data for cross-context behavioral advertising.

5. Data Security

We implement appropriate technical and organizational measures to protect your personal information from unauthorized access, alteration, disclosure, or destruction. However, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security.

6. Your Rights

GDPR/UK GDPR Rights

If you are in the EU/UK, you have the right to:

• Access, correct, delete, or restrict processing of your personal data.
• Request data portability.
• Object to processing (including profiling).
• Withdraw consent at any time.
• File a complaint with your local supervisory authority.

CCPA/CPRA Rights (California Residents)

You have the right to:

• Know the categories and specific pieces of personal information we collect.
• Delete personal information, subject to certain exceptions.
• Correct inaccurate personal information.
• Opt-out of the sale or sharing of personal information (we do not sell/share data).
• Limit the use of sensitive personal information.
• Exercise rights without discrimination.

7. Data Retention

We retain account, subscription, and billing data only as long as necessary to fulfill the purposes described above and comply with legal, accounting, or regulatory requirements. Specific retention periods:

• Billing data: up to 7 years (to comply with tax/audit obligations).
• Account information: retained until your account is closed plus 2 years for support obligations.
• Marketing preferences: until you withdraw consent.

8. Cookies and Tracking Technologies

We use cookies to enhance your experience on our Site. You can manage cookies through your browser settings. Disabling cookies may affect certain functionalities of the Site.

9. Third-Party Links

Our Site may include links to third-party websites not controlled by us. We are not responsible for their privacy practices. Please review their privacy policies separately.

10. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements. Any changes will be posted on this page with an updated “Effective Date.” Please review this page regularly.

11. Contact Us

If you have any questions about this Privacy Policy or how we handle your data, please contact us at:
HALEY blueprint – a division of HALEY Consulting and Advisory Services
Email: contact@haleyblueprint.com

12. Privacy When Using the HALEY – SOX Compliance Advisor AI Agent

• No Retention of Input Data: We do not retain, store, or log any of the data, queries, prompts, or responses entered by users when using the AI Agent.
• No Use for Training: Data shared during interactions with the AI Agent is not used to train, improve, or otherwise inform any machine learning models.
• Confidential by Design: The AI Agent is architected with a focus on compliance, data minimization, and confidentiality for all users, including internal audit, risk management, finance teams, and compliance professionals.

By interacting with the HALEY – SOX Compliance Advisor, you acknowledge and agree to these protections and limitations.