← Back to GXM

Privacy Policy

Effective: May 6, 2026  ·  Version 1.0

This policy describes how GXM Consulting (“GXM,” “we,” “our,” or “us”) collects, uses, shares, and protects information when you visit https://gxmc.net or engage with our services. By using the site or submitting any form, you consent to the practices described here.

1. Information we collect

Information you provide directly

• Contact and booking forms — name, email address, company, the engagement type you select, and any free-text message you write.
• Forensic Readiness intake — your name, email, business name and website URL, role, urgency, situation stage, list of providers/tools/systems involved, an open-ended description of your situation, optional timeline, and your confirmation of authority to engage GXM on the business’s behalf.
• AI Workspace Audit — the company information you provide for the audit and any results returned by the scan you authorize.
• Email correspondence — whatever you send us when we follow up about an engagement or inquiry.

Information collected automatically

• Usage analytics — pageviews, click events, form-start and form-submit events, time-on-page, and external-link clicks. Stored in our own database. We use browser sessionStorage to assign a per-session identifier; we do not set tracking cookies for analytics.
• Server logs — standard request logs (IP address, user agent, request path, response status, timestamp) retained by our hosting provider for operational and security purposes.

2. How we use your information

• To respond to your inquiries and run engagements you initiate.
• To send transactional email related to an inquiry or engagement (acknowledgments, scheduling, follow-up).
• To improve the website, understand which pages and engagement paths visitors find useful, and detect abuse.
• To meet legal, accounting, and security obligations.

We do not sell your personal information. We do not share it with third parties for advertising. We do not use your submitted intake or audit information to train any third-party AI model.

3. Subprocessors and third-party services

To run this site we use the following third-party services. Each handles data subject to its own terms and privacy policy:

• Render — web hosting (server logs, request routing).
• Neon — managed Postgres database (form submissions, analytics, content).
• Resend — transactional email delivery for notifications and follow-ups.
• Google reCAPTCHA — spam protection on forms. reCAPTCHA reads cookies and device signals; its use is governed by Google’s Privacy Policy and Terms.
• Google Fonts — serves typography. Your IP address is logged by Google when font files load.
• jsDelivr — CDN delivery for icon assets.

We disclose information to these subprocessors only to the extent necessary for them to provide their service. We may also disclose information when required by law or to protect our rights, the rights of a client, or the integrity of the site.

4. Cookies and similar technologies

Our own analytics is cookie-free; we use sessionStorage, which is cleared automatically when you close the browser tab. However, some pages embed Google reCAPTCHA, which sets cookies and device signals controlled by Google. If you are visiting from a region that requires cookie consent (such as the EU, UK, or California), please review Google’s policies linked above for that activity.

5. How long we keep information

We retain personal information only for as long as needed for the purposes described above. Specifically:

• Contact and intake submissions: kept for the life of any engagement plus a reasonable period afterward to handle follow-up, accounting, and legal obligations.
• Analytics events: retained in aggregated or pseudonymized form indefinitely; we do not retain individually-identifying analytics records longer than 18 months.
• Server logs: retained according to our hosting provider’s defaults (typically 30–90 days).

You may request deletion of your data at any time using the contact below; we will honor the request to the extent we are not required by law to retain a record.

6. Your rights

Depending on where you live, you may have the right to:

• Request access to the personal information we hold about you.
• Request correction or deletion of your information.
• Object to or restrict certain processing.
• Receive a copy of your information in a portable format.
• Opt out of any sale or sharing of personal information (we do not sell or share for cross-context advertising).
• Withdraw consent where processing is based on consent.

To exercise any of these rights, email [email protected]. We will respond within a reasonable period and will not retaliate against you for exercising a right.

7. California residents

Under the California Consumer Privacy Act (CCPA/CPRA), California residents have the rights described in Section 6 above. We do not sell or share personal information for cross-context behavioral advertising. If you would like to exercise a CCPA right, contact us using the email above and identify yourself as a California resident in your request.

8. International visitors

The site is operated from the United States. If you visit from outside the U.S., your information will be transferred to and processed in the U.S. By using the site you consent to that transfer. If you are a resident of the EU, UK, or another jurisdiction with comprehensive data protection laws, the rights in Section 6 apply to you and you may contact us to exercise them.

9. Security

We use reasonable administrative, technical, and organizational measures designed to protect information — including TLS encryption in transit, restricted database access, and least-privilege controls for personnel. No system is perfectly secure; you submit information at your own risk and we cannot guarantee absolute security.

10. Children’s privacy

The site is intended for adults. We do not knowingly collect personal information from children under 13. If you believe a child has submitted information, contact us and we will delete it.

11. Changes to this policy

We may update this policy as the site or the law evolves. Material changes will be reflected by an updated effective date at the top of this page; for significant changes we may also notify recent inquirers by email. Your continued use of the site after a change indicates acceptance of the updated policy.

12. Contact

Questions about this policy or your information: [email protected].