Privacy Policy

Last updated: May 7, 2026

G&C Consulting LLC (“G&C,” “we,” “us,” or “our”) operates the website at gccosulting.com (the “Site”). This Privacy Policy explains what information we collect, how we use and share it, and the rights you have over it.

1. Information we collect

Information you provide

If you contact us by email, telephone, or postal mail, we receive any information you choose to share with us, such as your name, email address, telephone number, and the contents of your message. We do not operate web forms; all contact is direct.

Information collected automatically

Our hosting infrastructure (the Caddy web server) records standard access logs that may contain your IP address, the date and time of your visit, the URL requested, the HTTP referrer, and your browser’s user-agent string. These logs are retained for a limited period for security and operational purposes.

Cookies and similar technologies

The Site does not use analytics, advertising, or tracking cookies. The only client-side storage used is a single localStorage key recording your cookie-consent choice so that we do not show the banner again on subsequent visits.

2. How we use information

• To respond to your inquiries and communicate with you.
• To operate, maintain, and secure the Site.
• To comply with legal obligations and enforce our Terms of Service.

We do not use your information for advertising, profiling, automated decision-making, or sale to third parties.

3. Sharing of information

We do not sell, rent, or trade personal information. We share information only with: (a) service providers strictly necessary to operate the Site (e.g., our hosting provider, Hetzner Online GmbH); and (b) governmental, judicial, or law-enforcement authorities where required by law, valid legal process, or to protect our legal rights.

4. International data transfers

Our hosting servers are located in the European Union (Germany). If you access the Site from outside the EU, your information may be transferred to and processed in the EU. Where required, we rely on appropriate transfer mechanisms (such as the European Commission’s Standard Contractual Clauses) to safeguard cross-border transfers.

5. Data retention

We retain personal information only for as long as necessary to fulfill the purposes described in this Policy, comply with legal obligations, resolve disputes, and enforce agreements. Server access logs are rotated on a short cycle.

6. Security

We use industry-standard technical and organizational measures to protect personal information, including transport encryption (HTTPS), access controls, and least-privilege server administration. No method of transmission or storage, however, is fully secure.

7. Your rights — European Economic Area, United Kingdom, and Switzerland (GDPR)

If you are located in the European Economic Area, the United Kingdom, or Switzerland, you have the following rights, subject to applicable exceptions:

• Right of access — to know what personal data we hold about you.
• Right of rectification — to correct inaccurate or incomplete data.
• Right to erasure (“right to be forgotten”) — to request deletion of your data.
• Right to restrict processing — to limit how we use your data.
• Right to data portability — to receive your data in a portable format.
• Right to object — to processing based on legitimate interests.
• Right to withdraw consent — at any time, where processing is based on consent.
• Right to lodge a complaint — with your local data-protection supervisory authority.

Our lawful bases for processing include: your consent, the performance of a contract with you, compliance with our legal obligations, and our legitimate interests in operating and securing the Site.

8. Your rights — California (CCPA / CPRA)

If you are a California resident, the California Consumer Privacy Act, as amended by the California Privacy Rights Act, gives you the following rights:

• Right to know what categories of personal information we collect, the sources, and the purposes.
• Right to delete personal information we have collected from you.
• Right to correct inaccurate personal information.
• Right to opt out of sale or sharing — we do not sell or share personal information for cross-context behavioral advertising.
• Right to limit use of sensitive personal information — we do not collect sensitive personal information as defined by the CPRA.
• Right to non-discrimination — we will not discriminate against you for exercising these rights.

To exercise any of these rights, contact us at the address below. We will verify your request and respond within the timeframes required by applicable law.

9. Children’s privacy

The Site is not directed to children under 13 (or under 16 in the EEA/UK), and we do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us so we can delete it.

10. Third-party links

The Site may contain links to third-party websites operated by our portfolio companies or others. This Policy does not apply to those sites. We encourage you to review the privacy policies of any third-party site you visit.

11. Changes to this Policy

We may update this Privacy Policy from time to time. The “Last updated” date at the top of this page reflects the most recent revision. Material changes will be notified through the Site.

12. Contact

For privacy inquiries, requests under GDPR or CCPA, or any other question about this Policy, contact: