Privacy Policy

1. Overview

Sarif Consulting (“we,” “us,” or “our”) is operated from Portland, Oregon, United States, and respects your privacy. This Privacy Policy describes how we collect, use and safeguard information in connection with our consulting services and this website (sarifconsulting.ai).

2. Information We Collect

We may collect the following types of information:

• Contact Information: Name, email address and organizational affiliation provided voluntarily through our contact form or direct email communication.
• Project Information: Details you share about your project, goals, and requirements in the course of engaging our services.
• Usage Data: Standard server logs and analytics data including IP address, browser type, pages visited and referring URLs. This data is used in aggregate and is not linked to individual identities.

We do not use tracking pixels, behavioral advertising networks, or third-party analytics platforms that build user profiles.

3. How We Use Your Information

Information you provide is used solely to:

• Respond to your inquiries and evaluate project fit.
• Deliver consulting services you have engaged us to provide.
• Communicate project updates, deliverables and invoicing.
• Maintain records of completed engagements as required for business operations.

We do not sell, rent, or trade your personal information to third parties. We do not use your information for marketing purposes without your explicit consent.

4. Confidentiality

All project details, strategic materials and client communications are treated as strictly confidential. We do not reference, publish, or disclose client work without explicit written authorization. Non-disclosure agreements are available upon request and routinely executed for sensitive engagements.

5. Data Retention

Contact inquiries are retained for a reasonable period to maintain engagement history and respond to follow-up communications. Project files and deliverables are retained for a minimum of three years following project completion unless otherwise agreed. You may request deletion of your data at any time by contacting us directly.

Transmissions submitted through the Contact page are stored for 90 days unless they result in an engagement. Transmissions that become engagements are retained for the duration of the engagement plus three years, matching our standard engagement-record retention. Transmissions that do not become engagements are purged after 90 days and cannot be recovered. You may request early deletion at any time by emailing info@sarifconsulting.ai.

Operational telemetry — Web Vitals samples, CTA click counts, client-side JavaScript errors, Content-Security-Policy violation reports, and Praxis field-notes assistant queries — is purged automatically after 30 days. See the subsections below for what each dataset contains.

5a. Praxis field-notes assistant

The "Ask our field notes" input on the Praxis page performs retrieval against a static index rendered entirely in your browser; we do not send any generative model your question. The server records the following for editorial review:

• The question text as you typed it (so we can see what readers actually ask).
• A count of how many articles matched, and the identifier of the top match if any.
• A daily-rotated one-way hash of your IP address (used only for rate-limiting).
• A truncated user-agent fingerprint (browser family and major version).

We do not associate these records with any identity, account, or session, and we do not share them. Records are purged automatically after 30 days. To request earlier deletion of a specific query, email info@sarifconsulting.ai with the query text and the date you asked it.

6. Security

We implement appropriate technical and organizational measures to protect your information from unauthorized access, alteration, disclosure, or destruction. Communications containing sensitive information should be conducted over encrypted channels. While no transmission over the internet can be guaranteed fully secure, we take precautions consistent with industry standards.

7. Cookies

This website does not use cookies for tracking, behavioral advertising or cross-site profiling. Our hosting and security provider (including Cloudflare) may set strictly necessary cookies or similar technologies for purposes such as bot management, load balancing and connection security (for example, cookies whose names may include __cf_bm or __cfruid). These support delivery of the site and are not used to build marketing profiles. You can still use our core pages if you block non-essential cookies in your browser; blocking strictly necessary cookies may affect reliability or security checks.

8. Automated Processing

Replies sent in response to transmissions may be drafted with the assistance of Sarif's internal intelligence tooling. Every reply is reviewed, edited as needed, and sent by the principal. No automated system sends communications to transmission senders on Sarif's behalf. Transmissions are not used to train external models.

9. Third-Party Services

This website is hosted on Cloudflare Pages. Communications submitted through the contact form may be routed through email infrastructure operated by third-party providers. These providers are bound by their own privacy policies and applicable data protection law. We do not share client data with third-party service providers beyond what is necessary for operational delivery.

10. Your Rights

You have the right to request access to, correction of, or deletion of personal information we hold about you. To exercise these rights, contact us at info@sarifconsulting.ai. We will respond within a reasonable timeframe.

If you are an Oregon resident, you may have additional rights under the Oregon Consumer Privacy Act (OCPA), including the right to know, correct, delete and obtain a copy of personal data we process, subject to applicable exceptions. Contact us at the email above to exercise those rights. Whether the OCPA applies to a given interaction depends on statutory thresholds and the nature of processing; we will respond in line with applicable law.

11. Changes to This Policy

We may update this Privacy Policy periodically. Changes will be reflected on this page with an updated revision date. Continued use of our services following any update constitutes acceptance of the revised policy.