Privacy Policy

Last Updated: July 1, 2025

Bedrock Information Systems LLC (“Company,” “we,” “us,” or “our”) is committed to protecting your privacy and handling your Personal Information with the highest standards of security and confidentiality. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use our Services (our websites, mobile applications, SMS or email communications, and other online services) and when we provide our IT consulting, project services, staffing, and managed services to our business clients. It also describes your rights and choices regarding your Personal Information.

This Privacy Policy applies to Personal Information we collect in our capacity as a Data Controller (when we determine the purposes and means of processing) and provides transparency about our practices when we act as a Data Processor on behalf of our clients (when we process data according to our clients’ instructions).

By using our Services or by providing us with your information, you agree to the terms of this Privacy Policy. If you do not agree with our practices, please do not use the Services. We encourage you to read this Privacy Policy carefully and contact us if you have any questions.

1. Information We Collect

We may collect Personal Information directly from you, automatically through your use of our Services, and from third parties, as described below.

1.1 Information You Provide Directly

When you interact with our Services, you may provide information to us, including:

Contact Information: Such as your name, email address, postal address, phone number, or other contact details (for example, when you create an account, subscribe to newsletters, fill out forms, or contact customer support).
Account Credentials: If our Services require an account, we may collect a username, password, or other login details that you set.
Profile Information: If you create a profile or account, you might provide additional information like your company name, job title, profile photo, or preferences.
Communication Content: Copies of messages or correspondence you send us (such as emails, chat logs, or recordings of calls with our support) and any other information you choose to provide (for example, responses to surveys or feedback forms, or information you submit when participating in promotions).
Transaction and Purchase Information: When you make a purchase or engage our services, we collect billing information (such as payment card details, billing address, or purchase history) and details of the products or services you have obtained.
Professional Information: If you apply for a job or contractor position with us, we may collect your resume, employment history, references, and other information relevant to your application.
Employee and Contractor Information: If you are an employee or contractor, we collect information necessary for employment and service delivery, including tax information, banking details, performance evaluations, time tracking, benefits information, and emergency contact information.
Client Business Data: When providing services to business clients, we may process data on behalf of those clients, including end-user information, business contact information, and operational data necessary to deliver our services.

1.2 Information Collected Automatically

When you access or use our Services, we and our third-party service providers may automatically collect certain information, including:

Device and Usage Information: Information about your device (such as device type, operating system, browser type, IP address, unique device identifiers, and mobile network information) and how you use our Services (such as pages visited, links clicked, features used, and time spent on pages).
Location Information: Approximate geographic location inferred from your IP address or, with your permission, precise geolocation data from your mobile device.
Cookies and Tracking Technologies: We use cookies, web beacons, pixel tags, and similar technologies to collect information about your browsing behavior, preferences, and interactions with our Services. You can manage cookie preferences through your browser settings, but disabling cookies may limit certain features of our Services.
Do Not Track Signals: Some browsers support a “Do Not Track” (DNT) feature that signals to websites you visit that you do not want to have your online activity tracked. Our Services do not currently respond to DNT signals due to the lack of industry-wide standards for how DNT signals should be interpreted and implemented.

1.3 Information from Third Parties

We may receive information about you from third-party sources, such as:

**Business Partners and Affiliates We may receive information from our business partners, Affiliates, or service providers (for example, if you interact with our Services through a partner platform or if a partner refers you to us).
Publicly Available Sources: We may collect information that is publicly available (such as information from social media profiles or business directories) to supplement the information we have about you.
Third-Party Authentication Services: If you use a third-party login service (such as Google or Microsoft authentication) to access our Services, we may receive information from that provider consistent with your settings on that platform.

2. How We Use Your Information

We use the Personal Information we collect for various purposes, including:

2.1 Providing and Improving Services

To provide, operate, maintain, and improve our Services
To process transactions and fulfill orders
To create and manage user accounts
To communicate with you about your account, transactions, or our Services (including sending confirmations, invoices, technical notices, updates, security alerts, and support messages)
To respond to your inquiries, requests, or customer service issues
To personalize your experience and deliver content and features that match your interests

2.2 Business Operations and Analytics

To analyze usage patterns and trends, monitor the effectiveness of our Services, and gather demographic information
To conduct research and development to improve our products, services, and user experience
To detect, prevent, and address technical issues, fraud, security breaches, or other illegal or unauthorized activities
To enforce our terms, conditions, and policies
To maintain the security and integrity of our systems and Services

2.3 Marketing and Communications

To send you promotional materials, newsletters, special offers, or other information we think may interest you (you can opt out of these communications at any time)
To administer contests, surveys, promotions, or other marketing activities
To measure the effectiveness of our marketing campaigns

2.4 Legal and Compliance

To comply with applicable laws, regulations, legal processes, or governmental requests
To protect our rights, property, or safety, or the rights, property, or safety of our users or others
To investigate and prevent fraud, illegal activities, or violations of our terms of service

2.5 Human Resources and Workforce Management

To manage employment relationships, contractor engagements, and staffing services
To process payroll, benefits, and compensation
To conduct performance evaluations and training
To maintain workplace safety and security

2.6 Client Services and Data Processing

To provide IT consulting, project services, staffing, and managed services to our business clients
To process data on behalf of clients in accordance with our service agreements and their instructions
To ensure service quality, performance monitoring, and Service Level Agreement compliance

We do not sell your Personal Information to third parties. However, we may share your information in the following circumstances:

3.1 Service Providers and Business Partners

We may share your information with third-party service providers and business partners who perform services on our behalf, such as:

Payment processors and financial institutions
Hosting, cloud storage, and infrastructure providers (including Amazon Web Services, Microsoft Azure, or similar platforms)
Analytics and data analysis providers
Marketing and advertising partners
Customer support and communication platforms
Professional advisors (such as lawyers, accountants, and auditors)
Staffing and recruitment platforms
Background check and verification services

These third parties are contractually obligated to use your information only as necessary to provide services to us and to protect your information in accordance with this Privacy Policy. For business clients in the European Union, we maintain a current list of subprocessors with lifecycle history available at https://trust.bedrockis.com.

3.2 Business Transfers

If we are involved in a merger, acquisition, reorganization, sale of assets, bankruptcy, or other business transaction, your information may be transferred as part of that transaction. We will notify you of any such change and provide information about your choices regarding your personal information.

3.3 Legal Requirements and Protection

We may disclose your information if required to do so by law or in response to:

A subpoena, court order, or other legal process
A request from law enforcement or government authorities
A need to protect our rights, property, or safety, or the rights, property, or safety of our users or the public
A need to investigate or prevent fraud, security breaches, or illegal activities

We may share your information with third parties when you have given us explicit consent to do so.

3.5 Aggregated or De-Identified Information

We may share aggregated, anonymized, or de-identified information that cannot reasonably be used to identify you with third parties for research, marketing, analytics, or other purposes.

3.6 Client Data Processing

When we process Personal Information on behalf of our business clients as a Data Processor or service provider, we share and process that information in accordance with our contractual obligations to those clients and their instructions. In such cases, the Client remains the Data Controller responsible for the Personal Information, and we act solely as a processor following their directions.

4. Data Retention

We retain your Personal Information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. The retention period depends on:

The nature and sensitivity of the information
The purposes for which we process the information
Whether we have a legal obligation to retain the information
Whether the information is necessary for the establishment, exercise, or defense of legal claims

When we no longer need your Personal Information, we will securely delete or anonymize it in accordance with our data retention policies and applicable law.

5. Data Security

We implement reasonable administrative, technical, and physical safeguards designed to protect your Personal Information from unauthorized access, use, disclosure, alteration, or destruction. These measures include:

Encryption of data in transit and at rest
Secure authentication and access controls
Regular security assessments and audits
Employee training on data protection and security practices
Incident response and breach notification procedures

However, no method of transmission over the internet or electronic storage is completely secure. While we strive to protect your Personal Information, we cannot guarantee its absolute security. You are responsible for maintaining the confidentiality of your account credentials and for any activities that occur under your account.

5.1 Data Breach Notification

In the event of a data breach that compromises your Personal Information, we will notify affected individuals and applicable regulatory authorities as required by law. Notifications will be provided without undue delay and will include information about the nature of the breach, the data affected, and steps you can take to protect yourself. For business clients whose data we process, we will notify the Client in accordance with our contractual obligations and applicable data protection laws.

6. Your Rights and Choices

Depending on your location and applicable law, you may have certain rights regarding your Personal Information, including:

6.1 Access and Portability

You have the right to request access to the Personal Information we hold about you and to receive a copy of that information in a structured, commonly used, and machine-readable format.

6.2 Correction and Update

You have the right to request that we correct or update inaccurate or incomplete Personal Information we have about you.

6.3 Deletion

You have the right to request that we delete your Personal Information, subject to certain exceptions (such as when we need to retain the information for legal or legitimate business purposes).

6.4 Restriction and Objection

You have the right to request that we restrict the processing of your Personal Information or to object to certain types of processing (such as direct marketing).

6.5 Opt-Out of Marketing

You can opt out of receiving promotional emails or other marketing communications from us by following the unsubscribe instructions in those communications or by contacting us directly. Even if you opt out of marketing communications, we may still send you transactional or administrative messages related to your account or our Services.

6.6 Cookies and Tracking

You can manage your cookie preferences through your browser settings. Most browsers allow you to block or delete cookies, but doing so may affect the functionality of our Services.

6.7 Exercising Your Rights

To exercise any of these rights, please contact us using the contact information provided in 14. Contact Us below. We will respond to your request in accordance with applicable law. We may need to verify your identity before processing your request.

Note for Business Client End Users: If you are an individual whose Personal Information we process on behalf of one of our business clients (for example, if you are an employee of a company we provide services to), you should direct your privacy rights requests to that Client, as they are the Data Controller. We will cooperate with our clients to facilitate the exercise of your rights.

7. Children’s Privacy

Our Services are not intended for children under the age of 13 (or the applicable age of majority in your jurisdiction). We do not knowingly collect Personal Information from children under 13. If we become aware that we have collected Personal Information from a child under 13, we will take steps to delete that information as soon as possible. If you believe we have collected information from a child under 13, please contact us immediately.

8. International Data Transfers

Your Personal Information may be transferred to, stored, and processed in countries other than your country of residence, including the United States, where our servers and service providers are located. These countries may have different data protection laws than your country.

When we transfer Personal Information internationally, we take steps to ensure that your information is protected in accordance with this Privacy Policy and applicable law. This may include:

Implementing Standard Contractual Clauses (SCCs) approved by the European Commission or other relevant authorities
Relying on adequacy decisions recognizing certain countries as providing adequate data protection
Obtaining your explicit consent for the transfer
Using other lawful transfer mechanisms recognized under applicable data protection laws

For transfers from the European Economic Area (EEA), United Kingdom, or Switzerland to the United States or other countries, we ensure appropriate safeguards are in place. Business clients may request copies of the relevant transfer mechanisms we have implemented.

9. Third-Party Links and Services

Our Services may contain links to third-party websites, applications, or services that are not operated or controlled by us. This Privacy Policy does not apply to those third-party services. We are not responsible for the privacy practices of third parties, and we encourage you to review their privacy policies before providing them with any Personal Information.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or for other operational, legal, or regulatory reasons. When we make changes, we will update the “Last Updated” date at the top of this Privacy Policy and, if the changes are material, we will provide additional notice (such as by posting a notice on our website or sending you an email).

Your continued use of our Services after the effective date of any changes constitutes your acceptance of the revised Privacy Policy. We encourage you to review this Privacy Policy periodically to stay informed about how we collect, use, and protect your information.

11. European Union and United Kingdom Privacy Rights

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR) and equivalent laws, including:

11.1 Legal Bases for Processing

We process your Personal Information based on the following legal grounds:

Contractual Necessity: Processing is necessary to perform our contract with you or to take steps at your request before entering into a contract
Legitimate Interests: Processing is necessary for our legitimate business interests, such as improving our Services, preventing fraud, or ensuring network security, provided these interests are not overridden by your rights
Legal Obligation: Processing is necessary to comply with our legal obligations
Consent: Where required by law, we obtain your explicit consent before processing certain types of Personal Information
Vital Interests: Processing is necessary to protect your vital interests or those of another person

In addition to the rights described in 6. Your Rights and Choices, you have the right to:

Lodge a complaint with your local data protection authority (supervisory authority)
Withdraw consent at any time where we rely on consent as the legal basis for processing (without affecting the lawfulness of processing before withdrawal)
Request information about the appropriate safeguards we have in place for international data transfers

11.3 Data Protection Officer and EU Representative

For questions about our data protection practices or to exercise your GDPR rights, you may contact our privacy team at the contact information provided in 14. Contact Us. As we do not currently conduct business in the European Union, we have not designated an EU representative at this time. However, we maintain GDPR compliance as a courtesy to European customers who may be doing business in the United States and would have interest in or utilize our Services. Should our EU operations change, we will designate an EU representative as required and provide their contact details in this section.

12. California Privacy Rights

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA), including:

12.1 Right to Know

You have the right to request that we disclose to you:

The categories and specific pieces of Personal Information we have collected about you
The categories of sources from which we collected the information
The business or commercial purposes for collecting, selling, or sharing the information
The categories of third parties with whom we share or to whom we disclose Personal Information
The categories of Personal Information we have sold or shared and the categories of third parties to whom it was sold or shared

12.2 Right to Delete

You have the right to request that we delete your Personal Information, subject to certain exceptions under CCPA/CPRA.

12.3 Right to Correct

You have the right to request that we correct inaccurate Personal Information we maintain about you.

We do not sell your Personal Information to third parties for monetary consideration. We do not share your Personal Information for cross-context behavioral advertising. If our practices change, we will update this Privacy Policy and provide you with a clear “Do Not Sell or Share My Personal Information” link to exercise your opt-out rights.

12.5 Right to Limit Use of Sensitive Personal Information

If we collect or process Sensitive Personal Information (as defined by CPRA) for purposes beyond those permitted under the law, you have the right to limit our use of such information.

12.6 Right to Non-Discrimination

You have the right not to be discriminated against for exercising your CCPA/CPRA rights. We will not deny you goods or services, charge different prices, or provide a different level of quality based solely on your exercise of these rights.

12.7 Authorized Agents

You may designate an authorized agent to make requests on your behalf. We may require verification of the agent’s authority and may request that you verify your identity directly with us.

12.8 Response Timing and Format

We will respond to verifiable requests within 45 days of receipt. If we require more time, we will notify you of the extension and the reason. We will provide information in a readily usable format.

To exercise your California privacy rights, please contact us using the contact information in 14. Contact Us below.

13. Nevada Privacy Rights

If you are a Nevada resident, you have the right to opt out of the sale of certain Personal Information to third parties who intend to license or sell that information. We do not currently sell your Personal Information as defined under Nevada law. If you are a Nevada resident and would like to make such a request, please contact us using the information in 14. Contact Us below.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us at:

Bedrock Information Systems LLC
Privacy Compliance Team
Email: privacy@bedrockis.com
Address: Los Angeles, CA
Phone: (213) 712-5798

For GDPR-related inquiries, you may also contact:
Email: gdpr@bedrockis.com

For California privacy rights requests:
Email: ccpa@bedrockis.com
Subject Line: “California Privacy Rights Request”

We will make reasonable efforts to respond to your inquiry or request in a timely manner. For rights requests, we aim to respond within the timeframes required by applicable law (typically 30-45 days depending on jurisdiction).