Get In Touch
success@brcg.co
Back

Privacy Policy

Effective Date: January 1, 2025
Last Updated: January 1, 2025

1. Introduction

Blue Ridge Consulting Group LLC (“BRCG,” “we,” “us,” or “our”) is a CRM and lifecycle marketing agency. BRCG acts solely as a service provider and data processor on behalf of its clients, accessing Personally Identifiable Information (“PII”) only as necessary to perform contracted services.

We do not collect, control, or independently process PII for our own purposes. All PII accessed through client systems remains under the ownership and control of our clients.

2. Data Access and Use

  • Processor Role: BRCG acts exclusively as a data processor under applicable data protection laws, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). Clients act as the data controllers.
  • Use Restrictions: PII is accessed solely to perform services in accordance with written client agreements. We do not use client PII for our internal marketing, business development, or any other independent purposes.
  • No Data Sale: BRCG does not sell, lease, trade, or otherwise monetize PII under any circumstances.

3. Data Security

We implement reasonable and appropriate administrative, technical, and physical safeguards designed to protect PII, including:

  • Access controls (e.g., role-based access, multi-factor authentication requirements)
  • Encryption of devices and data storage
  • Monitoring and auditing of platform activity
  • Mandatory Non-Disclosure Agreements (NDAs) and confidentiality agreements for all employees, contractors, and vendors
  • Regular review and updating of security practices in line with industry standards

4. Data Retention and Deletion

BRCG does not retain client PII outside of client-controlled systems unless expressly authorized in writing.
Upon termination of services or at the client’s request, all access credentials are revoked, and any client data temporarily stored during service provision is securely deleted in accordance with industry best practices.

5. Data Subject Requests

As a data processor, BRCG assists clients in responding to data subject requests — including requests for access, correction, portability, or deletion of personal information — in compliance with applicable laws such as GDPR and CCPA. Clients retain full control over the handling of such requests.

6. Third-Party Subprocessors

BRCG does not engage subprocessors to access or process client data without the client’s prior written approval.
Use of client-selected platforms and service providers (e.g., Braze, Iterable, Klaviyo) is governed by the client’s agreements with those vendors.

7. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect operational, legal, or regulatory changes.
If material changes are made, we will notify affected clients promptly. The “Effective Date” and “Last Updated” date at the top of this policy will reflect the latest version.

8. Contact Us

If you have any questions about this Privacy Policy, data handling practices, or wish to exercise any privacy rights, please contact us at:

Blue Ridge Consulting Group LLC
Email: support@brcg.co