top of page

Privacy Policy

Introduction

Sliceo LLC (“Sliceo,” “we,” or “us”) is committed to protecting the privacy of our clients and partners. This Privacy Policy describes how we collect, use, disclose, and protect personal information in the course of providing business advisory, mergers & acquisitions (M&A) consulting, and technology integration services. We handle highly sensitive data with the utmost care and in compliance with all applicable U.S. privacy laws. In particular, we adhere to state privacy laws such as the California Consumer Privacy Act (CCPA) (as amended by the CPRA), the Virginia Consumer Data Protection Act (VCDPA), the Colorado Privacy Act (CPA), the Connecticut Data Privacy Act (CTDPA), the Utah Consumer Privacy Act (UCPA), and any similar state laws. This Policy also incorporates relevant industry privacy standards and best practices, and is designed to meet or exceed the requirements of these “Applicable Privacy Laws.” By using Sliceo’s services or providing us with personal information, you consent to the practices described in this Privacy Policy. We encourage you to read it carefully. (If you do not agree with this Policy, please do not use our services or submit personal data to us.)

Scope: This Privacy Policy applies to personal information we collect from or about individuals – whether you are a client, prospective client, deal counterparty, or any other person whose data is provided to us – in connection with our advisory and integration services. It does not cover any information that is not deemed “personal information” or “personal data” under Applicable Privacy Laws (for example, truly anonymous data, de-identified data that cannot be re-linked to an individual, or aggregate data). This Policy also does not override any more specific privacy notices we may provide for particular situations (such as a supplemental notice for California residents or a separate agreement when we act as a service provider to a client). In any case, Sliceo will handle personal information in accordance with this Policy and Applicable Privacy Laws.

Information We Collect

We collect various categories of personal information in the normal course of our business. The types of information we collect, and the sources of that information, include:

  • Information You Provide Directly: We collect personal information that you (or your authorized agents) provide to us through secure portals, uploads, forms, or other direct interactions. This includes identifiers such as your real name, alias, contact information (address, email, phone number), date of birth, Social Security Number (SSN) or other taxpayer identification number, driver’s license or passport number, and other government-issued identifiers. We may also collect financial and business information that you provide, such as tax returns and financial statements; QuickBooks or other accounting records; bank account details or routing information (for example, if relevant to a transaction); records of assets, liabilities, revenues, or expenses; and other documents or data rooms related to mergers, acquisitions, or financial transactions. If you engage our tech integration services, you might provide technical data like system credentials or configuration details (limited to what is necessary to perform the integration). Any communications or inquiries you send us (emails, letters, phone call notes) may also be collected and retained. We will not collect sensitive personal information (such as SSN, financial account passwords, precise geolocation, or information about race, religion, health, or sex life) unless it is necessary for our stated purposes. Where such sensitive data is collected, we will handle it with enhanced security and, if required by law, obtain your consent for its use.

  • Information Collected Automatically: When you visit our websites or use our online portals, we may automatically collect certain technical data to ensure the security and functioning of our services. This may include device identifiers and browser information, IP address, login dates/times, audit logs of portal usage, and cookies or similar tracking technologies for authentication and security purposes. We do not use cookies for advertising purposes, and we do not track your online activities beyond our site. Any automatic collection is limited to what is necessary for security or required for us to deliver services (for example, maintaining an audit trail of who accessed a deal document). If your browser transmits a “Do Not Track” or global privacy control signal, we will honor it to the extent applicable (for example, by not using any non-essential trackers).

  • Information from Third Parties: We may receive personal information about you from third-party sources in the context of providing our services. For example, if you are involved in a transaction or project that we are advising on, other participants (such as your employer, a business seller or buyer, or their attorneys and bankers) might share information about you with us. This can include due diligence materials containing personal data (e.g. employee lists, payroll records, customer or vendor information, or other business records that include personal details). We may also receive information from public records or databases (such as corporate registries, credit bureaus, government filings) or from third-party data providers who assist with verification or fraud prevention (for instance, to confirm identities or conduct background checks as part of an M&A due diligence, subject to applicable law). In all cases, we only collect third-party data that is lawfully provided to us and necessary for our business purposes. If we process any personal information that has been de-identified, we maintain it in de-identified form and do not attempt to re-identify it.

Note on Children: Sliceo’s services are intended for businesses and adults. We do not target or knowingly collect personal information from children under the age of 13 (or under 16, as defined in certain state laws). We do not have websites or services directed to minors. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately, and we will promptly delete that information. Individuals under the age of 18 should only provide personal data to Sliceo with parental consent or as permitted by law.

How We Use Personal Data

Sliceo uses the personal information we collect solely for legitimate business purposes in connection with our advisory and integration services. We limit our use of personal data to what is relevant and necessary. The purposes for which we process personal information include:

  • Providing and Improving Our Services: We use personal data to carry out the services you have requested from us. This includes analyzing your business information to provide strategic advice, performing financial modeling or valuation based on data you supply, facilitating M&A transactions (e.g. performing due diligence on a target company’s records, or preparing disclosure schedules that contain personal data), integrating or configuring technical solutions for your business, and otherwise delivering our consulting and integration services as agreed. We may also use information to personalize or tailor our advice to your situation and to improve our service offerings. For example, we might aggregate client feedback or outcomes (in an anonymized manner) to refine our methods and tools.

  • Communications: We use contact information like email addresses and phone numbers to communicate with you about our engagement or potential engagement. This includes sending service-related communications such as proposals, reports, transaction updates, technical support responses, and alerts or notifications (for instance, if we update our security measures or privacy practices, or if there is an important issue with your account). We may also send you occasional informational communications about new services or regulatory updates that might affect you, but we will do so in accordance with applicable marketing and anti-spam laws (and you will have the ability to opt out of marketing emails at any time). We do not send unsolicited marketing to individuals who have not had a business relationship with us.

  • Facilitating Transactions and Client Instructions: In the context of M&A advisory, we often need to use personal data to facilitate the transaction as directed by our client. For example, if we represent a seller, we may use and share personal information contained in the seller’s data room (such as employee or customer information) with prospective buyers and their advisors, strictly for purposes of due diligence and only under appropriate confidentiality restrictions. If we represent a buyer, we will use personal data from the target company to advise on the transaction and integration planning. Similarly, for tech integration projects, we use provided personal data (like user account info or system data) to configure and test systems as necessary. All such processing is done only according to the client’s instructions and in line with the purposes for which the data was provided to us.

  • Compliance with Legal and Regulatory Obligations: We may use personal information as needed to comply with applicable laws, regulations, legal processes, or contractual obligations. This includes using data to fulfill our tax reporting duties, to maintain required business records, and to respond to lawful requests by governmental authorities. For instance, if we process SSNs or tax data, we do so for legitimate purposes (like preparing legally required documents) and in compliance with privacy laws that classify such data as sensitive. We may also use personal data to perform conflict-of-interest checks, anti-money laundering (AML) and know-your-customer (KYC) verifications as required by law in certain transactions. Additionally, if you exercise privacy rights (described below), we will use your information to verify and honor those requests.

  • Protecting Rights, Security, and Preventing Fraud: We may process personal information as necessary to protect our rights and the rights of others, and to ensure the security and integrity of our services. This includes using data to detect, investigate, and prevent fraud, cybersecurity threats, or other malicious activities. For example, we might log and analyze IP addresses and account activities to monitor for unusual behavior that could indicate unauthorized access. We also may use data to enforce our contracts and to resolve disputes. If necessary, we will use personal information to pursue or defend against legal claims, or to investigate violations of law or our agreements.

We will not use personal information for purposes that are unrelated to the services we provide or that are incompatible with the reasons the data was collected. We do not use your personal data for any form of cross-context behavioral advertising or targeted marketing outside of our direct relationship (and in fact, as a B2B services firm, we do not engage in typical consumer advertising). If we ever need to use your information for a new purpose not originally disclosed, we will obtain your consent or provide you with a new notice as required by law.

How We Disclose Personal Data

Sliceo understands the importance of keeping your information confidential. We do not sell personal information to third parties for monetary consideration, and we do not share your information for third-party marketing purposes. We only disclose personal data in the following circumstances, and always subject to appropriate safeguards and only to the extent necessary:

  • Service Providers and Contractors: We share personal information with trusted third-party service providers who perform functions on our behalf pursuant to a written contract. These include, for example, secure cloud hosting providers and data storage services (for maintaining our databases and file systems), IT and cybersecurity support services, data processing or analytics tools we use to organize information, and professional advisors (such as law firms or auditors) assisting us in our operations. In all cases, these service providers are bound by confidentiality and data protection obligations. They are prohibited from using your personal information for any purpose other than providing services to Sliceo (consistent with our instructions and this Policy). Under the CCPA and similar laws, such parties are our “service providers” or “processors,” and we conduct due diligence to ensure they meet the required privacy and security standards.

  • Transaction Counterparties and Advisors: In our role as an M&A advisor or intermediary, we may disclose personal information to other parties involved in a deal at your direction or with your consent. For example, if you are selling your business and hire Sliceo to assist, we will, as part of the sale process, share relevant information (which may include personal data about you, your employees, or customers contained in financial and operational records) with prospective buyers, investors, financing sources, or due diligence firms only as necessary for them to evaluate and complete the transaction. Such disclosures are done under confidentiality agreements or secure data room protocols to ensure the information remains protected. Likewise, if you are on the buying side, we will share necessary personal data with sellers or their representatives to negotiate and consummate the deal. We also may share information with other professional advisors in the transaction (e.g. your legal counsel, accountants, or insurance providers) per your instructions. These disclosures are part of the services we provide and will be limited to what is appropriate for the specific transaction or project.

  • Affiliates: If Sliceo is part of a group of related companies, we may share personal data with our corporate affiliates (entities under common ownership or control) as needed to operate our business (for example, sharing your contact or billing information with a parent or subsidiary entity for centralized administration, or leveraging an affiliate’s IT infrastructure). Any such affiliate will treat your information in accordance with this Policy and at the same level of security. (As of the effective date of this Policy, Sliceo LLC does not have any parent or subsidiary companies; if that changes, we will update this section accordingly.)

  • Legal Requirements and Protection of Interests: We may disclose personal information when required to do so by law or legal process, or when we believe in good faith that disclosure is necessary to: (a) comply with a legal obligation (for example, responding to a subpoena, court order, or regulatory demand); (b) cooperate with law enforcement or regulatory agencies (such as providing information as required by state data privacy regulators or the IRS); (c) assert or defend our legal rights, or the rights and safety of our clients, employees, or others; or (d) investigate, prevent, or take action regarding suspected fraud, violations of our agreements, or other illegal activities. In such cases, we will only provide the information that is reasonably requested or required, and we will object to overly broad or inappropriate requests as applicable.

  • Business Transfers: In the event that Sliceo undergoes a corporate transaction such as a merger, acquisition by another company, reorganization, or sale of all or part of our assets, personal information may be transferred to the successor entity or acquirer as part of the transaction. We will ensure that any such transfer is subject to confidentiality protections and that your personal data remains protected consistent with this Policy. If a transfer would result in a material change in the handling of your personal information, we will notify you and/or give you an opportunity to opt out or delete your data before the transfer, if required by law.

  • With Your Consent or At Your Direction: We may share your personal information with other third parties in situations where you have given us explicit consent to do so, or where you have directly instructed us to share the information. For example, if you ask us to introduce you to a third-party partner or to coordinate with another consultant, and that requires sharing your contact information or other data, we will do so with your permission. We will also make disclosures that you request, such as when fulfilling data access or portability requests you initiate (providing your data to a recipient you designate).

No Sale of Personal Information: Sliceo does not and will not “sell” personal information as that term is defined under the CCPA or other state privacy laws. We also do not disclose personal information for cross-context behavioral advertising or targeted advertising purposes without consent. In other words, we do not monetize your data, and any sharing with third parties is limited to the contexts described above, which are either service-related or at your direction. Because we do not sell data, we do not provide a “Do Not Sell My Information” opt-out mechanism (if that changes, we will update this Policy accordingly). If in the future we ever consider selling personal data, we will provide required notices and opt-out rights in advance.

Limited Use of Sensitive Personal Information: We recognize that some of the data we handle is highly sensitive (e.g., SSNs, financial account numbers, tax information). We use sensitive personal information only for the purposes necessary to provide our services or as required by law, and not for purposes like profiling or marketing. For California residents, we do not use or disclose “sensitive personal information” for any purpose that would trigger a right to limit under the CPRA – essentially, we limit our use of sensitive data to what is strictly necessary to perform the services requested and to comply with legal obligations.

Data Retention

Sliceo retains personal information only for as long as it is needed to fulfill the purposes for which it was collected, or to satisfy applicable legal, accounting, or regulatory requirements. We do not keep your data indefinitely; rather, we maintain it for the minimum duration necessary and then securely delete or anonymize it.

In general, our retention periods are determined by the nature of the information and the context in which it’s provided:

  • Engagement Data: Personal information collected in connection with our services (for example, information in deal documents, analysis, reports, etc.) is retained for the duration of our engagement plus a reasonable period thereafter. Typically, we keep client files and records for at least seven (7) years after an engagement ends, in line with statutes of limitations and industry best practices for recordkeeping. This retention allows us to meet our contractual obligations, address any follow-up issues or audits, and comply with regulatory record retention rules (for instance, U.S. tax regulations often require records to be kept for 7 years).

  • Legal and Compliance Records: If a law or regulation mandates a specific retention period for certain data, we comply with those requirements. For example, tax filings or forms containing personal data may be retained for the legally required period; similarly, records of privacy requests and our responses will be kept for at least the minimum time required by state laws (California law, for instance, requires keeping records of consumer privacy requests for 24 months). If we receive any legal holds or litigation-related requests, we will preserve relevant information until those issues are resolved.

  • Business Operations Data: Basic business records that include personal information (like invoices, contracts, and communications) are retained as part of our routine business archive. These may be kept for a standard period (e.g., 7–10 years) as evidence of our operations and for purposes such as audits, dispute resolution, and enforcement of agreements. We may retain contact information for clients or prospects for a longer duration (unless deletion is requested) so that we can maintain our professional relationship (for example, keeping a client’s email to send industry updates). However, we periodically review such information and delete or de-identify it if it is no longer needed.

  • Electronic Logs and Backups: System logs (which may include personal data like user IDs or IP addresses) are generally retained for a short period (often 30 to 90 days) for security monitoring and then overwritten or deleted, unless flagged for investigation. Backup copies of our databases are encrypted and kept for disaster recovery purposes on a rotational schedule; any personal data in backups is protected and only restored if needed. We apply data retention rules to backups as well – for example, if we delete a record from our live system, it will be purged from backups within a fixed period (e.g., within 90 days during the backup cycle).

Once the applicable retention period expires, or if you request deletion of your data (and we have no other legal basis to keep it), we will securely erase, destroy, or de-identify the personal information. We use techniques such as permanent deletion, shredding of physical documents, and anonymization (for data we may keep for statistical purposes). If for technical reasons complete erasure is not immediately feasible (for instance, data stored in long-term archives), we will ensure the data is put beyond practical use and not accessed except if required by law.

Example: We generally retain financial records and related personal data for at least 7 years for tax compliance. If you provided us QuickBooks files for a project, we would keep those files on our secure server during the project and archive them after completion. After 7 years (or sooner if no longer needed), we would delete those files and all personal information within them from our systems, provided no law or ongoing matter requires further retention.

Data Security

The security of your personal information is one of our highest priorities. Sliceo employs a comprehensive information security program with administrative, technical, and physical safeguards designed to protect personal data against unauthorized access, disclosure, or destruction. We follow industry-standard security practices and continually assess and improve our measures to address new threats. Key features of our data security program include:

  • Encryption: We use strong encryption protocols to protect personal data. All sensitive data (including files you upload and any databases containing personal info) is encrypted at rest using modern encryption standards (such as AES-256). In transit, data is protected by Transport Layer Security (TLS, typically v1.2 or higher) to encrypt information exchanged between your browser and our systems. This means that documents like tax returns or financial statements remain encrypted on our servers and cannot be read by unauthorized parties.

  • Access Controls: We restrict access to personal information strictly to those personnel and service providers who need it to perform their job duties. Sliceo has implemented role-based access controls and the principle of least privilege – each user or employee is only given the minimum access necessary for their role. We use strong authentication for our systems (including multi-factor authentication for administrative access) and maintain detailed access logs. Employee access to especially sensitive materials (e.g., files containing SSNs or confidential deal data) is further controlled and monitored by our internal security team.

  • Organizational Security Measures: All Sliceo employees and contractors with potential access to personal data undergo background checks and receive privacy and security training. We have internal policies and procedures (including an incident response plan, data handling guidelines, and confidential information policies) that our team must follow. Regular training ensures everyone is aware of their responsibilities to protect client data. We also require our service providers to maintain appropriate security measures; our vendor contracts include data protection terms and we conduct due diligence on critical vendors’ security postures.

  • Network and System Security: Our IT infrastructure is designed with security in mind. We maintain firewalls, intrusion detection and prevention systems, anti-malware protection, and network monitoring to guard against external attacks. We employ a “zero-trust” architecture where possible, meaning even inside our network, systems authenticate and verify each access request. We also segment networks and databases to isolate data. Security patches and software updates are applied promptly to address vulnerabilities. Automated tools and third-party services provide 24/7 threat detection and alerting for any suspicious activity.

  • Audits and Certifications: To validate our security controls, we undergo regular third-party audits and assessments. Sliceo aligns its security program with respected frameworks such as the National Institute of Standards and Technology (NIST) Cybersecurity Framework and NIST 800-53 guidelines. We also maintain compliance with leading security standards: for example, we undergo an independent SOC 2 Type II audit on an annual basis and have achieved ISO/IEC 27001 certification for our information security management system. These certifications involve rigorous evaluation of our security controls, ensuring they meet high standards for protecting sensitive data. We remediate any findings from audits to continuously improve our safeguards.

  • Physical Security: Any facilities that house our systems (including cloud data centers we utilize) have strong physical security controls. This includes 24/7 security personnel, access badge systems, biometric scanners, CCTV surveillance, and environmental controls to prevent physical intrusion or damage. Within our offices, paper documents are kept in locked cabinets, and we have policies for secure shredding of sensitive paperwork.

Despite our strict security measures, no method of data transmission or storage is 100% secure. However, we strive to use commercially reasonable means and best practices to protect your personal information. We also regularly test our systems (through vulnerability scans, penetration testing, etc.) and update our defenses in light of new threats.

If you have reason to believe that your interaction with us or your data may no longer be secure (for example, if you suspect that your account has been compromised), please immediately notify us using the contact information below so that we can take appropriate action.

Data Breach Notification

In the unlikely event of a data breach or security incident that compromises the confidentiality or integrity of personal information, Sliceo has a detailed incident response plan in place to address and mitigate the issue. This plan includes prompt notification to affected individuals and relevant authorities in accordance with applicable breach notification laws.

If we discover a data breach affecting your personal information, we will notify you without undue delay and within the timeframes required by law. Various state laws require businesses to send breach notices “in the most expedient time possible and without unreasonable delay,” and some specify an outer limit (for instance, California and New York law mandate notification to individuals within 30 days of determining a breach occurred). Sliceo is committed to even swifter notification where feasible – our internal goal is to inform affected clients within 72 hours of confirming a reportable breach, so that you can take protective measures. We will also notify regulators (such as state Attorneys General) if required, and in some cases credit bureaus or other entities, as the law dictates based on the scope of the incident.

Our breach notifications will include, to the extent known: a description of the incident and the types of information involved, the approximate date of the incident (or its discovery), actions we have taken to contain and investigate the incident, any steps you should take to protect yourself (such as changing passwords or monitoring accounts), and our contact information for further inquiries. We may deliver such notices by email, letter, telephone, and/or conspicuous posting on our website, as permitted or required by law. Additionally, we will offer any remediation or support mandated by law – for example, if a Social Security number or financial account number was exposed, we might provide credit monitoring services as required.

Rest assured, in the event of any security incident, our first priorities are to contain the incident, prevent further unauthorized access, and remediate the vulnerability. We will investigate the root cause and take necessary steps to strengthen our defenses to prevent a recurrence. We will also keep you updated on relevant developments during the response. Our aim is to be transparent and proactive in protecting your data, and to fully comply with all legal obligations regarding breach response and notification.

(For reference, as of the effective date of this Policy, a “breach” typically means unauthorized acquisition of unencrypted personal information that poses a risk of harm. Sliceo’s policy is to treat any significant incident with the same urgency, whether or not strictly defined as a breach by law.)

Your Privacy Rights

Under various state privacy laws, individuals have certain rights regarding their personal information. Sliceo is committed to honoring the rights of individuals as required by Applicable Privacy Laws, and in many cases we will extend these rights to all our clients and data subjects, regardless of their state of residence, as a matter of good practice. The following is a summary of your privacy rights and how you can exercise them:

  • Right to Know / Access: You have the right to request that we disclose the personal information we have collected about you and how we have used and shared it. This is sometimes called a “Right to Know” or Data Access request. Subject to verification of your identity, you may ask for: (1) the categories of personal information we have collected about you; (2) the specific pieces of personal information we hold about you; (3) the categories of sources from which we obtained the information; (4) the business or commercial purposes for collecting (or, if applicable, sharing) the information; and (5) the categories of third parties with whom we have disclosed your information. For California residents, this encompasses the information described in Cal. Civ. Code §1798.110. For residents of Virginia, Colorado, Connecticut, and Utah, this is your right to confirm whether we are processing your personal data and to access that data. You also have the right to obtain a copy of the personal data you provided to us in a portable and, to the extent technically feasible, readily usable format (this is a data portability aspect of the access right).

  • Right to Deletion: You have the right to request that we delete personal information we have collected from or about you. Once we receive and verify a valid deletion request, we will delete (and direct our service providers/contractors to delete) your personal information from our records, except where an exclusion applies. Please note that the law allows us to retain information that we need to keep for certain purposes – for example, to complete a transaction you have requested, to fulfill a contract with you, to detect security incidents and protect against malicious activity, to comply with a legal obligation, or other internal uses that are lawful. If we deny a deletion request in part (such as retaining certain records for legal reasons), we will inform you of the basis for the denial. Otherwise, we will proceed to erase the information and confirm once completed.

  • Right to Correction: If you believe that any personal information we maintain about you is inaccurate or incomplete, you have the right to request that we correct it. We will take into account the nature of the information and the purposes for which we process it, and will make commercially reasonable efforts to correct inaccurate information upon a verified request. In some cases, we may need additional documentation from you to verify the correct information. If we cannot verify your identity or the accuracy of the new information, or if an exception applies, we may deny the correction request but will notify you of the reason.

  • Right to Opt Out of “Sale” or Sharing / Do Not Sell or Share: As noted, Sliceo does not sell personal data in the traditional sense. We also do not share personal data for targeted advertising to unrelated third parties. Nonetheless, Applicable Privacy Laws (like the CCPA and CPA) grant consumers the right to opt out of the “sale” of personal information or the sharing of personal information for cross-context behavioral advertising. If in the future Sliceo engages in any practices that fall under the definition of “sale” or targeted advertising, you will have the right to opt out of such activity at any time. We would provide a clear “Do Not Sell or Share My Personal Information” mechanism on our website or through this Policy. Additionally, you have the right to opt out of any processing of your personal data for purposes of targeted advertising or profiling in furtherance of decisions that produce significant effects (as provided by laws like VCDPA, CPA, CTDPA). Given our current practices, this opt-out is largely not applicable – but we include this notice to inform you of your rights. You may also send us an opt-out request if you have any concerns, and we will ensure your data is not used in any such manner.

  • Right to Limit Use of Sensitive Personal Information: California residents have a specific right to direct businesses to limit the use and disclosure of sensitive personal information (as defined by the CPRA) to that which is necessary to perform the services or provide the goods requested, or as otherwise permitted by law. Sliceo already limits its use of sensitive personal information to those core purposes (e.g., using SSNs for required tax filings, or financial account info for a transaction) and does not use sensitive data for secondary purposes like personalized advertising. Therefore, we do not offer a separate “Limit Use of My Sensitive Information” opt-out at this time, because we do not engage in uses that would trigger this right. If that changes, we will update our practices and honor any requests to limit sensitive data usage.

  • Right to Non-Discrimination / No Retaliation: We will not discriminate against you for exercising any of your privacy rights. This means that if you choose to exercise your rights (such as requesting deletion or opting out of data sharing), we will not deny you our services, charge you different prices, or provide a different level or quality of service just because you exercised your rights. For example, we will not refuse to work with you or impose penalties on you as a result of a privacy request. (In limited cases, if the exercise of your rights makes it impossible for us to continue to provide you a service – such as if you request deletion of all information necessary for us to perform an ongoing engagement – we may have to terminate that service, but we will notify you of the reason in such a scenario. This is not discriminatory, but rather an operational necessity if we cannot fulfill the contract without the data.)

  • Additional Rights (Virginia, Colorado, Connecticut, etc.): If you are a resident of certain states, you may have additional rights under those state laws:

  • Right to Access (confirm processing) – as described above, confirm whether we process your data and access it.

  • Right to Data Portability – to obtain your personal data in a portable format (we will provide any data you request in a commonly used electronic format).

  • Right to Opt Out of Profiling – We do not engage in any profiling that produces legal or similarly significant effects to you (such as credit-worthiness decisions or hiring decisions made by algorithm). If we ever did, you would have the right to opt out of such profiling.

  • Right to Appeal – If we decline to take action on a privacy request (for example, we deny a request to delete because an exception applies), residents of Virginia, Colorado, and Connecticut have the right to appeal our decision within a reasonable time (e.g., within 60 days of our response). To appeal, please contact us at the email below and include the phrase “Appeal of Privacy Request Decision” in your communication, along with the reasons for your appeal. We will review the appeal and inform you of our decision. If we still do not act, and you believe your rights are being violated, you may have the right to contact your state Attorney General’s office to submit a complaint.

How to Exercise Your Rights: To exercise any of the privacy rights described above, please contact us by email at privacy@sliceo.com or by phone at the number provided in the Contact section of this Policy. Please specify which right you intend to exercise and provide us with enough information to verify your identity. In order to protect your information from unauthorized access, we need to verify your identity before fulfilling a rights request. For example, if you have an account with us, we may ask you to confirm details of your recent interactions or provide a known identifier (such as the email address associated with your account). For certain sensitive requests (like obtaining specific pieces of personal information), we may require a signed declaration attesting to your identity. We will only use the verification information for this purpose.

If you are making a request on behalf of someone else (as an authorized agent or attorney-in-fact), we will require proof of your authority to act for that person and we will still verify the identity of the person to whom the data relates. Authorized agents should contact us with the documentation (e.g., a written permission or power of attorney). Requests made through automated means (like via a web browser signal) to opt out of sale/sharing will be honored as required by law – for instance, we recognize Global Privacy Control signals for opt-out of sales/sharing under CCPA.

We will respond to privacy rights requests within the timeframes required by law. Under CCPA, CPA, and similar laws, we generally have 45 days to respond, which may be extended by an additional 45 days if reasonably necessary (we will inform you of any extension). For Virginia, Connecticut, and other states, responses are typically required within 45 days as well. If we need more time due to the complexity of your request, we will let you know the reason and the extension period in writing. Our response will typically be provided in writing (usually via email to the address you provide). Where we deny a request, in whole or in part, we will explain our reasoning. Some requests we may decline if an exemption applies – for example, if you request deletion of data that we are legally required to keep, we will deny deletion of that specific data but delete the rest.

We do not charge a fee to process your request in most cases. However, if you make repetitive, excessive, or manifestly unfounded requests, we may charge a reasonable fee or refuse to act on the request as allowed by law. We will not refuse to respond or charge a fee without telling you why.

For residents of California: You may designate an authorized agent to make a CCPA request on your behalf. If you do so, we will require the agent to provide proof of authorization (e.g., your written and signed permission), and we may still require you to verify your identity directly with us, depending on the nature of the request.

For residents of Virginia, Colorado, or Connecticut: If you submit a request and are dissatisfied with our response, you have the right to appeal as noted above. We will respond to an appeal within 60 days (Virginia requires 60 days). If the appeal is denied, we will provide an explanation and information on how you can file a complaint with your state Attorney General, if applicable.

We are dedicated to respecting your rights and will make every effort to fulfill valid requests in a timely and efficient manner. If you have any questions about your privacy rights or need assistance with the process, you can contact us at the information provided below.

(Please note: If we maintain personal information about you as a service provider/processor on behalf of a client, and you are not a direct client of Sliceo, then your request may need to be directed to the relevant client (the data controller). For example, if your employer provided your data to us during a transaction, we may not be permitted to delete or provide that data to you directly without their instruction. In such cases, we will inform you if we cannot act directly and, if possible, assist you in contacting the appropriate party.)

Data Controller and Processor Roles

Depending on the context, Sliceo may act either as a data controller (also known as a “business” under CCPA) or as a data processor (or “service provider”) with respect to personal information. It is important to understand these roles:

  • Sliceo as a Controller: We are a data controller when we decide the purposes and means of processing personal information. This is the case for information that we collect directly from you for our own business purposes – for instance, when you provide us your personal details to engage our services, or when we gather data during an advisory project to deliver our analysis to you. In these situations, Sliceo determines how the data will be used (in accordance with this Policy), and we bear primary responsibility for compliance with Applicable Privacy Laws as the controller/business. The terms of this Privacy Policy mostly apply to processing where Sliceo is acting as a controller of your personal data.

  • Sliceo as a Processor (Service Provider): In some cases, we handle personal information purely on behalf of our clients, according to their instructions. For example, if you (as a client) provide us with a dataset that contains personal information about third parties (such as your customers or employees) for us to analyze or integrate into a system, we are acting as a data processor (or “service provider” in CCPA terms) for that data. We do not decide the purposes or means of processing in that context – we are simply carrying out the client’s directives. In such scenarios, our client is the data controller/business, and they are responsible for providing any required notices and obtaining any necessary consents from the individuals whose data is involved. Sliceo will only use that data to perform the services for the client and for no other purpose, following the restrictions in our contract with the client (which will include appropriate data protection terms).

If you are an individual whose data was provided to us by a third-party client (for example, your employer or a company that has a relationship with you), please direct any privacy inquiries or requests to that company first, because they are the controller of your data in that context. We cannot respond in a substantive manner to a data subject request (access, deletion, etc.) for data that we process on behalf of a client without that client’s authorization. We will, however, assist our clients as needed in fulfilling such privacy requests in accordance with the law and our contractual commitments.

Sliceo maintains strict data processing agreements (DPAs) with our clients when acting as a processor/service provider. These agreements contractually bind us to: process personal data only for the client’s lawful instructions; ensure our personnel who handle the data are under confidentiality obligations; implement security measures to protect the data; and help the client meet their own compliance obligations (such as allowing audits, assisting with data subject requests and breach notifications handled by the client, etc.). We also ensure that any sub-processors we engage (such as cloud providers) are held to equivalent obligations.

In summary, when you interact directly with Sliceo, we are likely the controller of your personal information and this Privacy Policy governs our relationship. When we are handling someone’s data on behalf of a client, the client’s privacy notice may govern, and we act at their direction. If you have any confusion about which situation applies, feel free to ask us for clarification.

Cross-Border Data Transfers

Sliceo is a U.S.-based company and generally stores and processes personal information within the United States. However, in today’s interconnected world, some personal data may be transferred across national borders in certain circumstances. For example, we may use cloud infrastructure or service providers located in other countries, or if you are located outside the U.S., your information will necessarily be transferred to us in the U.S.

Transfers from the EEA/UK: Although this Policy is focused on U.S. privacy law, we note that if we ever handle personal data from individuals in the European Economic Area (EEA), United Kingdom, or other regions with cross-border data transfer restrictions, we will ensure that appropriate safeguards are in place for any transfers of personal data to the U.S. or other jurisdictions. This might include reliance on the European Commission’s Standard Contractual Clauses (SCCs) or other lawful transfer mechanisms to ensure an adequate level of data protection. We are also monitoring developments such as the EU-U.S. Data Privacy Framework. We will comply with all applicable laws regarding international transfers.

By providing us with personal information or using our services, you consent to the transfer of that information to the United States and to the processing of it in the United States, as well as in any other country where we or our service providers maintain facilities (to the extent such transfers are permitted by law). We will protect all personal data, regardless of where it is stored, in the manner described in this Policy.

For further information on cross-border transfers or to obtain a copy of the relevant safeguards in place, you can contact us using the details at the end of this Policy.

(If you are not located in the U.S., please note that the privacy laws in the U.S. – particularly the state laws mentioned in this Policy – may differ from the laws of your country. We will, however, handle your personal information in accordance with this Policy and applicable law, which provides a robust level of protection.)

What You Need to Do to Stay Compliant

Protecting privacy is a shared responsibility. Sliceo is dedicated to upholding its obligations under this Privacy Policy and applicable laws, and we also advise our clients and users to take certain steps to safeguard personal data and ensure compliance. Below are key measures we commit to, as well as guidelines for you to follow when engaging with our services:

  • Secure Data Handling: Our commitment: We maintain industry-standard security controls (aligned with NIST guidelines and certified under SOC 2 Type II and ISO 27001 frameworks) to safeguard your information at all times. All data you share with us is protected via encryption and strict access controls, as detailed in the Data Security section. What you should do: Always use our designated secure portals and tools when transmitting sensitive documents to us. Avoid using unencrypted email or insecure channels for confidential data unless explicitly agreed. Protect your account credentials (user IDs, passwords, multi-factor devices) – do not share them and notify us immediately if you suspect any unauthorized access. By following our secure procedures, you help ensure that your data remains protected end-to-end.

  • Privacy Rights and Transparency: Our commitment: Sliceo has implemented procedures to enable you to exercise your privacy rights (access, deletion, correction, etc.) in a timely manner and within the timeframes required by law. We train our staff on handling such requests and have verification steps to ensure that we only honor legitimate requests. We will provide clear explanations of any actions we take in response. What you should do: If you wish to make a privacy request, follow the instructions in the “Your Privacy Rights” section. Provide any information we need to verify your identity so we can process your request securely. Be as specific as possible about what data or processing you are concerned with; this helps us respond more efficiently. Also, stay informed by reading the disclosures we provide (like this Policy and any state-specific notices) – understanding how your data is used is an important part of compliance and protection.

  • Data Minimization and Accuracy: Our commitment: We strive to collect only the personal information that is necessary for the stated purposes (“data minimization”), and we endeavor to keep that information accurate and up-to-date. We will not ask for or retain data that we do not need. What you should do: Only provide personal information that is relevant for the service or transaction at hand. Whenever possible, avoid sending extraneous or unnecessary personal data to us. If any of your personal information changes (e.g., you get a new address, or notice an error in data you previously gave us), please inform us so we can update our records. This helps ensure we remain compliant with accuracy obligations and that our advice to you is based on correct information. It also reduces the risk associated with storing outdated data.

  • Legal Basis and Authorization for Data Sharing: Our commitment: We process personal data on valid legal bases, such as fulfilling our contract with you or complying with legal obligations. When acting as a processor for our clients, we only process data under the client’s instructions and ensure that our data use is authorized. What you should do: If you provide personal information about other individuals to Sliceo, you must ensure that you have the legal right to do so and (if required) have obtained all necessary consents from those individuals. For example, if you share your employees’ or customers’ data with us for an M&A deal or system integration, you should have provided any privacy notices or obtained consents required by law. You should also only disclose such third-party data to us through secure means. By providing data about others, you represent and warrant that you have the authority to share it and that doing so does not violate any privacy rights or laws. You agree to indemnify and hold Sliceo harmless from any claims arising from your provision of personal information about others without proper authorization. In short, do not upload or send us anyone’s personal data unless you are confident it’s lawful – this helps both you and us stay compliant.

  • Breach Response and Notification: Our commitment: We have a robust incident response plan and will notify you of any data breaches or security incidents affecting your data in accordance with legal requirements – often within 30 days or sooner, as laws like California’s mandate. We will also support you with information and guidance on protective steps if an incident occurs. What you should do: Ensure we have your current contact information (especially a reliable email address and phone number) so that we can reach you quickly if needed. If you receive a breach notice from us, follow any recommended steps (such as changing passwords or monitoring accounts) immediately. Prompt action on your part can further mitigate potential harm. Additionally, if you suspect any security issues on your end (for example, you lose a device that had project data or you inadvertently sent info to the wrong address), inform us right away so we can assist in containing any potential problem.

  • Ongoing Compliance and Cooperation: Our commitment: Sliceo will continuously monitor changes in privacy laws and update our policies and practices as needed to remain compliant. We undergo regular audits and maintain certifications (like SOC 2 and ISO 27001) to validate our compliance. We also agree to contractual privacy and security commitments with our clients and partners, and we hold ourselves accountable to them. What you should do: If you are one of our enterprise clients, you should also uphold any privacy and security obligations that apply to you in the context of our engagement. For instance, if our contract requires you to maintain certain safeguards when accessing our systems or data we provide, please ensure you do so. Cooperate with any assessments or questionnaires related to privacy/security that we may engage in as part of mutual due diligence. By working together and communicating openly about compliance, we can both satisfy our obligations under privacy laws and protect the individuals whose data may be involved in our projects.

In summary, Sliceo takes comprehensive measures to comply with privacy regulations and secure personal data, but we also rely on you to use our services responsibly and lawfully. By following the guidelines above, you help us maintain a strong culture of privacy and data protection, which benefits everyone involved. If you have any questions about what you should or shouldn’t do in a given situation to stay privacy-compliant, feel free to reach out to us – we’re here to help and to work with you in safeguarding data.

Disclaimer of Warranties

SLICEO’S WEBSITE, PORTALS, SERVICES, AND ALL CONTENT THEREIN ARE PROVIDED “AS IS” AND “AS AVAILABLE” WITHOUT ANY WARRANTY OF ANY KIND. TO THE MAXIMUM EXTENT PERMITTED BY LAW, WE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, STATUTORY OR OTHERWISE, INCLUDING BUT NOT LIMITED TO IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, AND NON-INFRINGEMENT. We do not guarantee that our services or any data or materials provided will be error-free, completely secure, or always available. Any statements or descriptions about our services, whether oral or written, are informational only and not representations or guarantees. You use our services at your own risk. Some jurisdictions do not allow the exclusion of certain warranties, so some of the above disclaimers may not apply to you. In such event, any warranties required by law are limited in duration to 30 days from the date of first use of the service. This disclaimer is a fundamental part of this Policy and our agreement with you.

Limitation of Liability

TO THE FULLEST EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT WILL SLICEO OR ITS OWNERS, OFFICERS, EMPLOYEES, AFFILIATES, AGENTS, OR REPRESENTATIVES BE LIABLE FOR ANY INDIRECT, SPECIAL, INCIDENTAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES (INCLUDING, BUT NOT LIMITED TO, LOSS OF PROFITS, LOSS of DATA, BUSINESS INTERRUPTION, OR LOSS OF GOODWILL) arising out of or related to your use of our services or this Privacy Policy, even if advised of the possibility of such damages. Our total cumulative liability for any direct damages or claims arising from or related to this Privacy Policy or the personal information we handle shall not exceed the amount (if any) you paid us for services in the 12 months preceding the event giving rise to the liability or \$500, whichever is greater. This limitation applies regardless of the form of action (whether in contract, tort, statute, or otherwise) and even if any limited remedy fails of its essential purpose.

Certain jurisdictions do not allow limitations of liability for personal injury, or for gross negligence or willful misconduct, so if you are in such a jurisdiction, these limitations may not apply to claims resulting from those specific acts. However, in all other cases, these limitations shall apply to the fullest extent permitted. You acknowledge that this limitation of liability is a material basis for the bargain between you and Sliceo and that we would not provide our services or collect/use your data in the manner contemplated by this Policy without such limitations.

Indemnification

You agree to indemnify, defend, and hold harmless Sliceo LLC and its affiliates, and their respective officers, directors, employees, and agents, from and against any and all claims, liabilities, losses, damages, judgments, awards, costs, and expenses (including reasonable attorneys’ fees) arising out of or related to: (a) your violation of this Privacy Policy or any applicable law in your use of our services; (b) any information or materials (including personal data) you provide to Sliceo, especially if such information involves personal data of others and you lacked the lawful right or consent to provide it; (c) your misuse of our services or any personal information obtained through our services; or (d) any breach by you of any agreement with Sliceo.

This indemnification obligation includes, for example, claims brought by third parties (such as individuals whose data you provided to us without authorization) asserting that their rights were violated, or regulatory fines imposed due to your acts or omissions. We reserve the right, at our own expense, to assume the exclusive defense and control of any matter otherwise subject to indemnification by you (without limiting your indemnification obligations with respect to that matter), and in such case, you agree to cooperate with our defense of the claim.

You further release Sliceo from any and all claims or liability arising from the disclosure of your personal information in accordance with this Policy, including, without limitation, if you choose to share personal information with third parties through our services. The indemnification and release provisions in this section shall apply regardless of the negligence (whether sole, concurrent, or otherwise) of Sliceo or any other indemnified party, to the fullest extent allowed by law, and shall survive the termination of any relationship between you and Sliceo.

Arbitration and Class Action Waiver

Any dispute, claim, or controversy arising out of or relating to this Privacy Policy, or the breach, termination, enforcement, or interpretation thereof, or our handling of personal information (collectively, “Disputes”), shall be resolved through binding arbitration on an individual basis, rather than in court, except for limited exceptions described below. You acknowledge and agree that you and Sliceo are each waiving the right to a trial by jury and the right to participate in a class or representative action for any Dispute covered by this arbitration agreement. You further agree that any arbitration will take place on an individual basis only; class arbitrations and class actions are not permitted.

Covered Claims: This Arbitration Agreement is intended to be broadly interpreted. It includes, but is not limited to, claims arising out of or relating to any aspect of the relationship between you and Sliceo concerning privacy or data, whether based in contract, tort, statute, fraud, misrepresentation, or any other legal theory. It also applies to claims that may arise after the termination of our relationship.

Arbitration Procedure: You and Sliceo agree to initiate any arbitration through a reputable alternative dispute resolution provider (such as JAMS or the American Arbitration Association) mutually agreed upon, or as directed by a court if the parties cannot agree. If using JAMS, the arbitration shall be conducted under the JAMS Comprehensive Arbitration Rules & Procedures in effect at the time of the Dispute, except as modified by this Policy. If another provider is used, a similar set of procedural rules will apply. The Federal Arbitration Act (9 U.S.C. § 1 et seq.) will govern the interpretation and enforcement of this arbitration agreement (if for any reason state law is found to apply, the arbitration law of the state of Delaware shall govern).

Arbitration Location and Logistics: The arbitration will be conducted by a single neutral arbitrator. If you are a consumer (individual) using our services for personal or household purposes, the arbitration hearing (if any) shall take place in a location in the county of your residence, or in another location mutually agreed to by you and Sliceo. If you are a business or the Dispute involves business use of our services, the arbitration shall take place in Ocean Pines, Maryland, or another mutually agreed location. The arbitrator may choose to conduct hearings by telephone or video conference, and may resolve the dispute solely on the basis of documents, if the parties so agree or if an in-person hearing is deemed unnecessary.

Arbitration Fees and Law: Payment of all filing, administration, and arbitrator fees will be governed by the rules of the arbitration provider, and we will pay those fees as required. The arbitrator shall apply the substantive law of the state of Delaware (or federal law, if applicable), and honor claims of privilege recognized at law. The arbitrator’s award shall be final and binding and may be entered as a judgment in any court of competent jurisdiction.

Exceptions: Notwithstanding the above, either party may choose to bring an individual action in a small claims court for disputes or claims within the scope of that court’s jurisdiction. Additionally, both you and Sliceo retain the right to seek injunctive or other equitable relief in a court of competent jurisdiction to prevent the actual or threatened infringement, misappropriation, or violation of a party’s trade secrets, intellectual property rights, or confidentiality obligations (including, for example, unauthorized use or disclosure of personal data contrary to this Policy). Such an action shall not waive the right to arbitrate any other issues.

Opt-Out Right: If you do not wish to agree to this arbitration and class action waiver provision, you must notify us in writing within 30 days of first accepting this Privacy Policy. You can opt out by sending a letter to us at our Notice address (provided in Contact Us section) with your name, account information (if applicable), and a statement that you wish to opt out of the arbitration agreement. Opting out will not affect any other provisions of this Privacy Policy or your relationship with us. If you do not opt out within the 30-day period, you and Sliceo shall be bound by the arbitration terms above.

By agreeing to this Privacy Policy, you acknowledge that you have read and understood this arbitration agreement and affirmatively indicate your agreement to be bound by it. You also agree that any dispute resolution proceedings will be conducted only on an individual basis and not in a class, consolidated, or representative action. If for any reason a claim proceeds in court rather than arbitration, you hereby waive any right to a jury trial.

Governing Law

This Privacy Policy and any disputes arising out of or related to it (including those disputes subject to the Arbitration Agreement) shall be governed by and construed in accordance with the laws of the State of Delaware, U.S.A., without regard to its conflict of law principles, except to the extent that such laws are preempted by federal law (such as the Federal Arbitration Act) or overridden by applicable state privacy laws in your state of residence.

If it is determined that the arbitration agreement is not enforceable as to a particular claim or request for relief, and the claim must be resolved in court, then, to the extent permitted by law, the laws of Delaware will govern and such claim will be brought exclusively in the state or federal courts located within Delaware. You and Sliceo consent to the personal jurisdiction of those courts. However, the foregoing choice of Delaware law does not deprive you of any consumer protections provided under the laws of your state of residence (for instance, if you are a California resident, you are also protected by the CCPA and other California consumer laws as applicable).

Changes to This Privacy Policy

We may update or revise this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or for other operational reasons. If we make any material changes, we will provide you with notice in accordance with law. This may include, for example, posting the updated Policy on our website and updating the “Last Updated” date at the top, and/or contacting you via the email address we have on file (if applicable) to inform you of the change. We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information.

Your continued relationship with Sliceo – for example, using our website or services, or providing personal information to us – after any updates or changes to this Policy constitutes your acceptance of the revised Privacy Policy. If you do not agree to any changes, you should discontinue use of our services and may exercise your rights (such as requesting deletion of your data). For any significant changes that affect previously collected information, we will obtain consent or provide an opportunity to opt out as required by law.

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or Sliceo’s privacy practices, please do not hesitate to contact us:

Email: hello@sliceo.co
Telephone: (123) 456-7890
Mail: Sliceo LLC – Privacy Office, 100 Example Blvd., Ocean Pines, MD 21811, USA

We will respond to inquiries as promptly as possible, generally within 30 days. If you are contacting us to exercise a specific privacy right, please indicate the nature of your request (e.g., “California Access Request” or “Virginia Deletion Request”) so we can route it appropriately.

Your trust is important to us, and we are committed to safeguarding your personal information. Thank you for choosing Sliceo.

bottom of page