PRIVACY POLICY
GRAYS STRATEGY LLC
Last Updated:
================================================================================
TABLE OF CONTENTS
1. Introduction
2. Information We Collect
3. How We Use Your Information
4. Third-Party Services
5. Cookies and Tracking Technologies
6. Data Security
7. Data Retention
8. Children’s Privacy
9. HIPAA Compliance – Important Notice
10. Your Privacy Rights
11. Changes to This Privacy Policy
12. Contact Information
13. Consent
================================================================================
1. INTRODUCTION
GRAYS Strategy LLC (“we,” “us,” “our”) operates the website graysstrategy.com (the “Website”). This Privacy Policy explains how we collect, use, disclose, and protect information when you visit our Website or contact us.
By using our Website, you consent to the practices described in this Privacy Policy.
GRAYS Strategy LLC is a Wyoming limited liability company providing strategic consulting services to healthcare organizations. This Privacy Policy applies only to information collected through our Website.
================================================================================
2. INFORMATION WE COLLECT
We collect limited information necessary to respond to inquiries and improve our Website.
INFORMATION YOU PROVIDE DIRECTLY
When you contact us via email at info@graysstrategy.com, we receive:
– Your email address
– Your message content
– Any information you choose to include in your email (such as name, organization, role)
Providing this information is voluntary. You may choose not to contact us if you prefer not to share this information.
INFORMATION COLLECTED AUTOMATICALLY
When you visit our Website, we automatically collect certain information through cookies and analytics:
– Device information (browser type, operating system, device type)
– Usage information (pages visited, time spent on site, navigation paths)
– Geographic location (city and state level, not precise location)
– Traffic source (how you found our Website)
– IP address (anonymized)
This information is collected through Google Analytics and does not personally identify you.
================================================================================
3. HOW WE USE YOUR INFORMATION
We use the information we collect for the following purposes:
EMAIL INQUIRIES
– To respond to your inquiries
– To provide information about our services
– To schedule consultations or discovery calls
– To pursue legitimate business development activities
WEBSITE ANALYTICS
– To understand how visitors use our Website
– To improve Website functionality and user experience
– To analyze traffic patterns and content engagement
– To optimize Website performance
We do NOT use your information for:
– Marketing to third parties
– Selling or renting your personal information
– Targeted advertising
– Purposes unrelated to our consulting services
================================================================================
4. THIRD-PARTY SERVICES
We use the following third-party services that may process your information:
GOOGLE ANALYTICS (Analytics Provider)
– Purpose: Website traffic analysis and performance monitoring
– Data collected: Anonymous usage data (see “Information Collected Automatically” above)
– Privacy Policy: https://policies.google.com/privacy
– We have configured Google Analytics with privacy-focused settings:
* IP anonymization enabled
* Data retention set to 14 months
* Advertising features disabled
* Google Signals disabled
CLOUDFLARE PAGES (Website Hosting)
– Purpose: Website hosting and content delivery
– Data collected: Technical logs, IP addresses for service delivery
– Privacy Policy: https://www.cloudflare.com/privacypolicy/
MICROSOFT 365 (Email Service)
– Purpose: Receiving and managing email inquiries sent to info@graysstrategy.com
– Data collected: Email content you send to us
– Privacy Policy: https://privacy.microsoft.com/privacystatement
These third-party services maintain their own data protection practices. We are not responsible for their privacy practices. We encourage you to review their privacy policies.
EMAIL SECURITY AND LIMITATIONS
When you send email to info@graysstrategy.com:
– Your email is transmitted using your email provider’s infrastructure
– We receive your email via Microsoft 365
– Email security depends on both your email provider and our email service
– We cannot guarantee the security of information sent via standard email
– Email is not encrypted end-to-end unless you use encrypted email services
We are not responsible for the security practices of your email provider or the transmission of email over the internet.
================================================================================
5. COOKIES AND TRACKING TECHNOLOGIES
Our Website uses cookies to collect the automatic information described above.
WHAT ARE COOKIES?
Cookies are small text files stored on your device that help websites function and analyze usage.
COOKIES WE USE
Analytics Cookies (Google Analytics):
– Collect anonymous usage data
– Help us understand how visitors use our Website
– Can be disabled through browser settings or by enabling Do Not Track
We do NOT use:
– Advertising cookies
– Social media tracking cookies
– Third-party marketing cookies
DO NOT TRACK
Our systems recognize browser “do-not-track” requests. You may enable Do Not Track in your browser settings to prevent analytics tracking.
MANAGING COOKIES
You can control cookies through your browser settings. However, disabling cookies may affect Website functionality.
Browser instructions:
– Chrome: Settings > Privacy and Security > Cookies
– Firefox: Settings > Privacy & Security > Cookies and Site Data
– Safari: Preferences > Privacy > Cookies and Website Data
– Edge: Settings > Privacy, Search, and Services > Cookies
COOKIE NOTICE
When you first visit our Website, you will see a simple cookie notice:
“This site uses cookies to analyze site traffic and improve your experience. By continuing to use this site, you consent to our use of cookies. Learn more in our Privacy Policy.”
You may dismiss this notice. It will not reappear once dismissed.
================================================================================
6. DATA SECURITY
We implement reasonable security measures to protect your information from unauthorized access, use, alteration, or disclosure.
TECHNICAL MEASURES
– SSL/TLS encryption for all data transmission (HTTPS)
– Secure website hosting with industry-standard protections
– Secure email transmission using encrypted channels
– No storage of data on unsecured systems
– Regular security updates and monitoring
ACCESS CONTROLS
– Limited access to email inquiries
– Secure email transmission using Microsoft 365
– No storage of information on unsecured systems
SECURITY LIMITATIONS
No method of transmission over the internet or electronic storage is 100% secure. While we maintain commercially reasonable safeguards, we cannot guarantee absolute security.
EMAIL SECURITY CONSIDERATIONS
Standard email is not encrypted end-to-end. When you email us:
– Your email provider’s security practices apply to transmission
– Our email service (Microsoft 365) applies its security practices to storage
– We cannot control security of email in transit over the internet
– For sensitive communications, we recommend waiting until formal engagement begins and secure communication channels are established
DATA BREACH NOTIFICATION
In the event of a data breach affecting your personal information, we will notify you within 30 days via email and provide information about the nature of the breach and steps we are taking to address it.
================================================================================
7. DATA RETENTION
We retain your information only as long as necessary for legitimate business purposes.
EMAIL INQUIRIES (Prospects)
We retain email inquiries for up to 2 years unless an active business relationship exists. After 2 years, if no engagement has materialized, we delete the information.
You may request earlier deletion at any time (see “Your Privacy Rights” below).
ACTIVE CLIENT RELATIONSHIPS
For clients with whom we have executed service agreements, we retain contact information and project records for the duration of the engagement plus 7 years thereafter.
This retention period is:
– Required for professional liability and contractual obligations
– Necessary for tax and legal compliance
– Consistent with professional services industry standards
WEBSITE ANALYTICS DATA
Google Analytics data is retained for 14 months and then automatically deleted. This data contains no personally identifiable information.
RETENTION FLEXIBILITY
We may retain data longer when required for legal compliance, dispute resolution, or legitimate business purposes.
We periodically review and delete data that is no longer necessary.
================================================================================
8. CHILDREN’S PRIVACY
Our Website and services are not directed to individuals under the age of 18.
We do not knowingly collect personal information from anyone under 18 years of age.
If you are under 18, do not use this Website or submit any information through email.
If we become aware that we have collected information from a person under 18, we will delete that information immediately.
Parents or guardians who believe we may have collected information from someone under 18 should contact us at info@graysstrategy.com.
================================================================================
9. HIPAA COMPLIANCE – IMPORTANT NOTICE
⚠️ CRITICAL: Standard email is NOT HIPAA-compliant.
DO NOT INCLUDE THE FOLLOWING IN EMAILS TO info@graysstrategy.com:
– Protected Health Information (PHI)
– Patient names, medical record numbers, or identifiers
– Diagnoses, treatment information, or health conditions
– Any information subject to HIPAA privacy rules
IF YOUR INQUIRY INVOLVES PHI OR REQUIRES HIPAA-SECURE COMMUNICATION:
– Indicate this need in your message WITHOUT including any PHI
– We will provide secure communication channels after initial contact
– All PHI discussions will occur through HIPAA-compliant platforms after appropriate agreements are in place
OUR SERVICES
GRAYS Strategy LLC provides strategic consulting services to healthcare organizations. We do not provide direct patient care or services requiring HIPAA business associate agreements unless explicitly contracted.
================================================================================
10. YOUR PRIVACY RIGHTS
CALIFORNIA CONSUMER PRIVACY ACT (CCPA)
If you are a California resident, you have specific rights regarding your personal information under the California Consumer Privacy Act (CCPA).
RIGHT TO KNOW
You have the right to request:
– Categories of personal information we collected about you
– Specific pieces of personal information we hold about you
– Purposes for which we use your personal information
– Categories of third parties with whom we share information
RIGHT TO DELETE
You have the right to request deletion of personal information we collected from you, subject to certain exceptions for legal obligations and legitimate business purposes.
RIGHT TO CORRECT
You have the right to request correction of inaccurate personal information.
RIGHT TO OPT-OUT
We do NOT sell personal information.
We do NOT share personal information for cross-context behavioral advertising.
RIGHT TO NON-DISCRIMINATION
We will not discriminate against you for exercising your CCPA rights.
CATEGORIES OF PERSONAL INFORMATION WE COLLECT (CCPA)
EMAIL CONTACT INFORMATION
– Email address, name (if provided), organization (if provided), role/title (if provided), message content
– Collected directly from you via email
– Used to respond to inquiries and pursue business development
– Shared with: Microsoft 365 (email service)
INTERNET/NETWORK ACTIVITY
– Pages visited, time on site, navigation paths, referral source, IP address (anonymized)
– Collected automatically via Google Analytics
– Used to analyze Website usage and improve services
– Shared with: Google Analytics, Cloudflare (hosting)
We do NOT collect: Social security numbers, financial information, medical information, biometric data, geolocation data (precise), or other sensitive personal information.
HOW TO EXERCISE YOUR CALIFORNIA RIGHTS
To exercise your rights under CCPA, contact us at:
Email: info@graysstrategy.com
Subject line: “CCPA Privacy Rights Request”
We will respond to verified requests within 45 days.
To verify your identity, we may request additional information to confirm you are the person about whom we collected data.
ALL USERS (REGARDLESS OF LOCATION)
All users have the following rights:
RIGHT TO ACCESS
Request information about what personal data we hold about you.
RIGHT TO CORRECTION
Request correction of inaccurate information.
RIGHT TO DELETION
Request deletion of your information (subject to legal retention requirements).
RIGHT TO OPT-OUT
Opt out of future communications from us.
HOW TO EXERCISE YOUR RIGHTS
Contact us at: info@graysstrategy.com
Subject line: “Privacy Rights Request”
We will respond within 10 business days.
================================================================================
11. CHANGES TO THIS PRIVACY POLICY
We may update this Privacy Policy periodically to reflect changes in our practices, legal requirements, or business operations.
WHEN WE MAKE CHANGES:
– We will update the “Last Updated” date at the top of this policy
– Material changes will be indicated with a notice on our Website
– Continued use of our Website after changes constitutes acceptance of the updated policy
We encourage you to review this Privacy Policy periodically.
================================================================================
12. CONTACT INFORMATION
If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:
GRAYS Strategy LLC
Email: info@graysstrategy.com
Website: www.graysstrategy.com
For privacy-specific inquiries, use subject line: “Privacy Inquiry”
We will respond to privacy inquiries within 10 business days.
================================================================================
13. CONSENT
By using our Website and contacting us via email, you acknowledge that you have read, understood, and agree to this Privacy Policy.
If you do not agree with this Privacy Policy, please do not use our Website or contact us via email.
================================================================================
END OF PRIVACY POLICY
© 2026 GRAYS Strategy LLC
