Privacy Policy

1. Scope and Application

This Privacy Policy describes how Egan Rose Consulting LLC ("Egan Rose," "we," "us," or "our") collects, uses, discloses, and safeguards information in connection with the eganrose.com website, our consulting and advisory services, and related communications.

This Policy applies to information processed through our website, email and phone communications, scheduling and intake tools, and consulting engagements where we act in a controller capacity. Where we process personal data on behalf of a client organization in the course of a specific consulting engagement, that processing is additionally governed by the Data Processing Agreement applicable to the engagement.

2. Who We Are

Egan Rose Consulting LLC is a Texas limited liability company with a principal place of business at 1500 N. Main St., Fort Worth, TX 76164, United States. We provide integrated Supply Chain Risk Management advisory services to federal contractors and regulated enterprises.

3. Information We Collect

3.1 Information You Provide Directly

• Contact and inquiry details: Name, business email address, company or organization, role or title, and the contents of any message you submit through our contact form or by email.
• Scheduling information: Information you provide when booking a discovery call through our third-party scheduling tool, including your name, email, time zone, and any pre-meeting notes you provide.
• Engagement and proposal information: Information shared during scoping conversations, written proposals, statements of work, and the course of a consulting engagement, including details about your organization, programs, vendors, workforce, and risk posture.
• Subscriber and event registration information: If you join an email list, register for an event, or download a resource, the information you provide for that purpose.

3.2 Information Collected Automatically

• Device and usage data: IP address, browser type, operating system, referring URLs, pages visited, dates and times of access, and similar technical information.
• Cookies and similar technologies: Limited to what is necessary to operate the website and, where applicable and with required consent, measure site performance. See our Cookie Policy.

3.3 Information From Third Parties

We may receive information about you from third parties, including referral partners, public business directories, federal contracting registries, and professional networks. We use such information to evaluate fit, prepare for meetings, and comply with applicable contracting requirements.

4. How We Use Information

We use information for the following purposes:

• To respond to inquiries and provide the consulting services you request;
• To operate, maintain, and improve our website;
• To deliver scoping conversations, proposals, statements of work, and engagement deliverables;
• To send service-related communications, including scheduling confirmations and engagement updates;
• To send marketing or educational communications where permitted by law and subject to your opt-out rights;
• To comply with legal, regulatory, and contractual obligations, including federal contracting requirements;
• To detect, investigate, and prevent fraudulent, unauthorized, or unlawful activity;
• To enforce our Terms of Service and other agreements.

5. Legal Basis for Processing (Where the GDPR or UK GDPR Applies)

Where the EU General Data Protection Regulation, the UK GDPR, or substantially similar legislation applies to our processing, our legal bases include:

• Contract: Processing necessary to perform our engagement with you or to take pre-contractual steps at your request.
• Legitimate interests: Operating and securing our website, communicating with prospects and clients, improving our services, and protecting against misuse.
• Legal obligation: Complying with applicable law, regulation, or valid legal process, including federal contracting and supplier reporting obligations.
• Consent: Where required by law, including for certain marketing communications and non-essential cookies.

6. Sharing and Disclosure

We do not sell personal information. We share information only as described below.

• Service providers: With trusted vendors that perform services on our behalf, including website hosting, email and form processing, scheduling, customer relationship management, accounting, and professional services. Service providers are bound by contractual obligations consistent with this Policy.
• Engagement teaming partners: Where an engagement involves teaming with subcontractors, attorneys, or specialist advisors, we may share information necessary to deliver the engagement, subject to appropriate confidentiality obligations.
• Corporate transactions: In connection with a merger, acquisition, financing, reorganization, or sale of assets, subject to confidentiality protections.
• Legal and safety: Where required by law, regulation, or valid legal process, or where we believe disclosure is necessary to protect the rights, property, or safety of Egan Rose, our clients, or others.
• With consent or at your direction: Where you have directed or consented to the disclosure.

7. Client Engagement Data

During a consulting engagement we may receive personal data about your employees, vendors, subcontractors, or other individuals for the purpose of delivering the engagement. With respect to that data:

• Egan Rose typically acts as a processor or service provider on behalf of the client, under the terms of the engagement agreement and any applicable Data Processing Agreement;
• We use engagement data only to deliver the agreed scope, subject to the confidentiality and security obligations in the engagement agreement;
• We do not use engagement data to train external models, build separate products, or for any purpose outside the engagement, except in aggregated and de-identified form that no longer reasonably identifies any individual or organization;
• Retention and return or deletion of engagement data are governed by the engagement agreement and the applicable Data Processing Agreement.

8. Data Retention

We retain personal information for as long as necessary to fulfill the purposes described in this Policy, including providing our services, complying with legal and contracting obligations, resolving disputes, and enforcing our agreements.

Retention periods vary by category. Inquiry and prospect information is typically retained for the duration of the relationship and a reasonable follow-up period thereafter. Engagement records are retained in accordance with the engagement agreement and applicable professional and federal contracting record-retention requirements. Aggregate and de-identified information that no longer reasonably identifies an individual may be retained indefinitely.

9. Security

We maintain administrative, technical, and physical safeguards designed to protect personal information from unauthorized access, disclosure, alteration, and destruction. These include access controls, encryption in transit, vendor due diligence, secure file handling, and incident response procedures.

No method of transmission over the internet or method of electronic storage is one hundred percent secure. We cannot guarantee absolute security and encourage you to use strong, unique credentials for any account-based tools you share with us and to notify us promptly of any suspected unauthorized access.

10. International Data Transfers

Egan Rose is based in the United States. Information we collect may be transferred to, stored in, and processed in the United States and other countries where we or our service providers operate.

Where required by applicable law, we use appropriate safeguards for international data transfers, which may include Standard Contractual Clauses approved by the European Commission, the UK International Data Transfer Agreement or Addendum, or other recognized transfer mechanisms.

11. Your Rights

Depending on your jurisdiction, you may have rights with respect to the personal information we hold about you, including the right to:

• Access the personal information we hold about you;
• Request correction of inaccurate or incomplete information;
• Request deletion of your information, subject to applicable exceptions;
• Restrict or object to certain processing;
• Request data portability;
• Withdraw consent where processing is based on consent;
• Opt out of marketing communications;
• Lodge a complaint with a supervisory authority in your jurisdiction.

For information processed by Egan Rose as a processor on behalf of a client organization, please direct rights requests to that client. We will assist clients in responding to such requests as set forth in the applicable Data Processing Agreement.

To exercise rights where Egan Rose acts as a controller, please contact us using the details in Section 14.

12. Children

Our website and services are directed to business and government professionals and are not intended for children under the age of sixteen. We do not knowingly collect personal information directly from children. If you believe a child has provided us with personal information without appropriate parental or guardian consent, please contact us so that we can take appropriate action.

13. Changes to This Policy

We may update this Privacy Policy from time to time. The "Last Updated" date at the top of this Policy indicates when it was most recently revised. Material changes will be communicated through the website, by email, or by other reasonable means. Continued use of the website or our services after a change becomes effective constitutes acceptance of the updated Policy.

14. Contact

If you have questions, comments, or requests regarding this Privacy Policy or our privacy practices, please contact us: