Shaolin Data Services

    少林資料法

    Privacy Policy

    Effective Date: 2026.01.01

    Introduction At Shaolin Data Services LLC, we believe in a disciplined and ethical approach to data—yours and ours. This Privacy Policy outlines our commitment to handling your personal information with integrity and respect. We collect only the information we need to fulfill our services and do not engage in the collection of unnecessary data.

    For the purposes of the General Data Protection Regulation (GDPR), the data controller responsible for your personal information is Shaolin Data Services LLC. We are the legal entity that determines the purpose and means of processing the personal data collected through our website and services.

    Information We Collect We collect contact and business information that you provide to us directly through forms, emails, or during our initial consultation. This information includes:

    • Your name
    • Email address
    • Company name
    • Information necessary for invoicing and payment processing

    Additionally, our website may automatically collect certain technical information, such as your IP address, browser type, and operating system, to ensure the site’s security and functionality.

    For our diagnostic services, we collect organizational process metadata through stakeholder interviews. We do not ingest, mirror, or store raw client datasets or database instances on our infrastructure.

    Cookies While we do not use cookies to track your activity for marketing or analytics purposes, our website is built on the WordPress.com platform, which uses cookies that are strictly necessary for the site’s core functionality. These cookies are essential for purposes such as managing user sessions, and ensuring site security and performance. For more information about the cookies used by the platform, please refer to the Automattic Cookie Policy.

    Our legal basis for processing the information you provide is the performance of a contract, as it is necessary for us to deliver our services. The legal basis for collecting technical information and the use of necessary cookies is our legitimate interests in ensuring the security and functionality of our website.

    How We Use Your Information We use the information you provide for the following purposes, based on our legal obligation for the performance of a contract:

    • To communicate with you regarding your inquiries and our services.
    • To create and send invoices for our services.
    • To fulfill our contractual obligations as outlined in our Terms of Service.

    We do not use your information for general marketing purposes. If you do not proceed with a project after our initial consultation, we do not retain your information.

    How We Share Your Information We do not sell, rent, or share your personal information with any third parties for their marketing purposes. We will only share your information in the following circumstances:

    • For legal reasons: We may disclose your information if required to do so by law or in response to valid requests by public authorities.
    • With Service Providers: We use Stripe, a third-party payment processor, to handle your financial transactions securely. We share only the information necessary for them to process your payment and do not store sensitive payment information on our servers. You can review Stripe’s privacy policy here: [Insert Link to Stripe’s Privacy Policy].
    • With your explicit consent: In the future, if we believe a complementary service from a professional colleague (e.g., a cybersecurity consultation) could benefit you, we will seek your direct consent before making any referral or sharing your contact information.

    International Data Transfers As we are based in the United States and use services provided by U.S. companies, the personal information we collect may be transferred to, and processed in, countries outside of the European Economic Area (EEA), including the United States.

    When we transfer your personal data to a country outside the EEA, we ensure a similar degree of protection is afforded to it by implementing appropriate safeguards. These safeguards include the use of Standard Contractual Clauses (SCCs), which have been approved by the European Commission, or relying on an Adequacy Decision where applicable. These mechanisms are designed to ensure your data receives the same level of protection as it would under GDPR.

    Data Retention & Sanitization Our data retention policy is a direct reflection of our disciplined approach. We only retain your information for as long as necessary to fulfill our service agreement. Upon delivery of the final diagnostic report, all primary research data, including stakeholder interview notes, are securely destroyed within 30 days. We do not maintain historical archives of client operational metadata beyond the final deliverable. Financial records are retained for seven years to comply with U.S. tax obligations.

    Upon delivery of the final Data Process Friction Report or Strategic SWOT Audit, all stakeholder interview notes and diagnostic working files are securely purged within 30 days. We retain only the final report and necessary financial records for legal compliance.

    Upon project completion, all client data and information, including your contact details, are securely deleted or destroyed. We do not retain historical records of clients or prospects beyond what is required for legal and tax purposes. For example, financial records and associated client data may be retained for up to seven years to comply with legal and accounting obligations.

    Upon expiration of the defined retention period, all digital records are permanently deleted and any physical records are securely destroyed.

    Your Rights Under the General Data Protection Regulation (GDPR), you have the following rights regarding your personal information:

    • The Right to Access: You have the right to request a copy of the personal data we hold about you.
    • The Right to Rectification: You have the right to request that we correct any information you believe is inaccurate or complete information you believe is incomplete.
    • The Right to Erasure: You have the right to request the deletion of your personal data, under certain conditions.
    • The Right to Restrict Processing: You have the right to request that we restrict the processing of your personal data, under certain conditions.
    • The Right to Object to Processing: You have the right to object to our processing of your personal data, under certain conditions.
    • The Right to Data Portability: You have the right to request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions.

    To exercise any of these rights, please contact us at jmorris [at] shaolindataservices.com. We will respond to your request without undue delay and in accordance with applicable data protection laws.

    You also have the right to lodge a complaint with a supervisory authority. The European Data Protection Board (EDPB) is an independent body that ensures the consistent application of GDPR and can provide guidance on finding the appropriate supervisory authority in your jurisdiction.

    No Automated Decision-Making We do not use any automated decision-making systems that could produce legal effects or significantly affect you. All our services, from consultation to data analysis, involve human oversight and are not based on automated processing or profiling.

    Security We are committed to protecting the integrity and security of your information. We take reasonable and appropriate technical and organizational measures to safeguard your personal data from unauthorized access, use, or disclosure.

    Our organizational measures include a strict Data Isolation Protocol. We utilize segmented cloud environments to ensure that any information related to a specific engagement is logically isolated and never comingled with other project data

    Our technical measures include the use of secure, industry-standard cloud infrastructure provided by Amazon Web Services (AWS) and relying on the robust, certified security protocols of our payment processor, Stripe. This ensures that your information is protected with a high level of data security and encryption, both in transit and at rest.

    Our organizational measures include a policy of strict data minimization and secure data destruction, ensuring we only handle and retain your information for as long as necessary to provide our services. We also limit access to your personal information to only those individuals who need it to fulfill our contractual obligations.

    Changes to This Policy We reserve the right to modify this Privacy Policy at any time. We will post any changes on this page with an updated revision date.

    For minor changes, such as grammatical fixes or clarifying language, the updated policy will be effective immediately.

    For any significant or material changes that affect how we process your personal data, we will provide prior notice on our website and, where appropriate, through direct communication to our customers. We encourage you to review this policy periodically to stay informed about how we are protecting your information.

    Contact Us If you have any questions or concerns about this Privacy Policy, our data practices, or wish to exercise your data protection rights, please contact us. You may use the contact form:

    Go back

    Your message has been sent

    We are committed to responding to all data privacy inquiries in a timely and professional manner.