Privacy policy.

Who we are

The Trestle Group is an AI and automation consulting practice. We are the data controller for personal information collected through this website and in our engagements. Contact: hello@trestlegroup.com.

What we collect on this site

The website collects only what is necessary to operate it and to respond to people who contact us. Specifically:

• Contact form submissions. Name, email, organization, role (optional), the message you write, the service category and timeline you select, and how you heard about us. Submitted via Netlify Forms.
• Assessment submissions. If you choose to receive your assessment by email: name, organization, email, role (optional), your assessment answers and scores, the optional context paragraph, and your consent selections. Submitted via Netlify Forms.
• Scheduling data. If you book a call via Calendly, Calendly collects your name, email, the time you booked, and any information you provide in their form. Their privacy policy applies in parallel: calendly.com/privacy.
• Technical logs. Netlify, our hosting provider, logs basic request metadata (IP address, user agent, referrer, timestamp) for operational and security purposes. This is the minimum required to run a website and is retained per Netlify's own policy.

We do not run third-party analytics, tracking pixels, fingerprinting, or behavioral advertising. We do not set marketing cookies. We do not sell or share data with marketing partners. We do not use any submitted information to train machine-learning models.

How we use site information

• To respond to your enquiry, propose a scoping call, or send the assessment report you requested.
• To keep an internal record of who has been in touch so we do not respond twice or lose context.
• If you opted into a follow-up email on the assessment form, to send the one follow-up you authorized. We do not send other marketing emails to that address.

We do not use site-collected information for any purpose you did not authorise.

Engagement data

Data shared with us in the course of a paid engagement is governed by the contract for that engagement. The standard provisions:

• Per-engagement isolation. Your data lives in infrastructure scoped to your engagement, not in a shared pool. Access is restricted to the named engagement team.
• No model training. We do not use your data to train models, refine rules, or improve outputs for other clients. Ever.
• Full export. You can export everything we hold, in machine-readable format, at any time during or after the engagement, by emailing the request.
• Deletion on close. When the engagement ends, your data is returned and our copies are deleted on a documented schedule, by default within 30 days unless you ask us to retain it longer for support or audit.
• Regulatory adaptation. Where your data is governed by HIPAA, GDPR, SOC 2, or another specific regime, the engagement scope adapts to the requirements of that regime, and the relevant data-processing addenda are signed before any data is exchanged.

For the architectural commitments around data handling, see the Trust page.

Retention

• Contact form submissions. Retained for 24 months from last contact, then deleted unless an active engagement is in progress.
• Assessment submissions. Retained for 24 months from submission. Deletable sooner on request.
• Engagement data. Per the engagement contract, typically returned and deleted within 30 days of engagement close.
• Server logs. Per Netlify's standard retention. Typically 30 to 90 days.

Your rights

You can request, at any time:

• A copy of any personal information we hold about you (access).
• Correction of any information that is wrong or out of date (rectification).
• Deletion of your information (right to be forgotten), unless retention is required by an active engagement contract or by law.
• A machine-readable export of your information (data portability).
• Withdrawal of any consent you previously gave (e.g. the optional follow-up email).

Send any request to hello@trestlegroup.com. We confirm receipt within two working days and complete most requests within 30 days. If your jurisdiction grants you the right to lodge a complaint with a data-protection authority, you may do so.

Sub-processors

We use a small set of third-party services to operate the site and the practice. Each is bound by its own privacy and data-protection terms:

• Netlify hosts the website and processes form submissions.
• Calendly handles meeting scheduling if you book directly.
• Google Fonts serves the typefaces used on this site. Per Google, font requests do not log IP addresses or set cookies.
• Email provider for inbound and outbound mail (typically a standard business email service).

If a specific sub-processor is required for an engagement (a transactional email provider, a document-storage platform, a workflow tool), it is named in the engagement contract before use.

International transfers

The Trestle Group operates internationally. Data submitted through this site may be processed in jurisdictions other than the one you are in. Where required by law (e.g. GDPR Standard Contractual Clauses), we put the relevant safeguards in place before transferring data.

Changes to this policy

If we change this policy materially, the change is reflected in the "last updated" date at the top of the page, and (for changes affecting how engagement data is handled) communicated to active clients directly.