The Privacy Office

Privacy Policy

How this site treats your information.

Effective 1 May 2026  ·  Last updated 1 May 2026

Who we are

This site is operated by Grayvault Group, LLC, a New Mexico limited liability company doing business as The Privacy Office, with a mailing address at 4860 Telephone Rd Ste 103, Ventura, California 93003. Throughout this policy, "we", "us", and "our" refer to that entity.

What this policy covers

This policy applies to theprivacyoffice.com and the four service-line subdomains: patient.theprivacyoffice.com, family.theprivacyoffice.com, business.theprivacyoffice.com, and officer.theprivacyoffice.com. It does not cover client engagement materials, deliverables, or the contents of contracted work, which are governed separately by the applicable engagement agreement (MSA, BAA, or SOW).

What we collect

This site is intentionally lean. We collect only what we need to respond to inquiries and to operate the site safely.

  • Information you give us. If you email us at any address on this domain, we receive your message, your email address, and any details you choose to share. If you call, we receive your phone number through standard telephony.
  • Information your browser sends. Cloudflare, our hosting provider, logs standard request metadata such as IP address, user-agent, request path, and timestamp. This is used for site reliability and abuse prevention. We do not use cookies or analytics scripts.

What we do not collect

We do not run third-party analytics, advertising pixels, social-media tracking widgets, session recording tools, or fingerprinting scripts on this site. We do not sell or share visitor information with marketing partners. We do not use behavioral targeting or interest-based advertising.

How we use what we collect

  • To respond to inquiries and provide the services you ask about.
  • To send communications you have asked us to send (proposal drafts, follow-up after a call, scheduled deliverables under an active engagement).
  • To operate the site safely (rate-limiting, abuse prevention, error monitoring).
  • To comply with applicable law and respond to lawful requests.

How we store and protect what we collect

Inquiry email lives in the firm's primary mailbox provider, governed by their security and retention controls. Telephony records are governed by the carrier's controls. Site request logs are retained by Cloudflare for the standard window. We do not maintain a customer database on this website. We retain inquiry email for as long as the engagement or correspondence remains active and for a reasonable period thereafter.

Your rights

If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA), including the right to know what personal information we have collected about you, the right to request deletion, and the right to opt out of sale or sharing of personal information. We do not sell or share personal information for cross-context behavioral advertising. To exercise any right, email [email protected] with the subject line "Privacy Request" and we will respond within the timeframe required by law.

Children

This site and our services are directed at adults. We do not knowingly collect information from anyone under the age of 16. If you believe a minor has sent us information, email [email protected] and we will delete it.

Changes to this policy

We may update this policy from time to time. The effective date at the top reflects the most recent revision. Material changes will be flagged on this page for at least thirty days.

Contact for privacy questions

For privacy-related questions or to exercise any of the rights described above, email [email protected]. For all other inquiries, see the contact page.