Privacy Policy

Provectia LLC ("Provectia," "we," "us," or "our") is committed to protecting the privacy of individuals who visit our website, use our PRISM AI Readiness Assessment tool, or engage us for consulting and fractional advisory services. This Privacy Policy explains what information we collect, how we use it, how we protect it, and what rights you have over it.

Please read this policy carefully. By using provectia.com or our services, you acknowledge that you have read and understood this Privacy Policy.

This Privacy Policy applies to:

• Visitors to provectia.com
• Individuals who complete the PRISM AI Readiness Assessment (any tier)
• Individuals who submit inquiries, contact forms, or requests through the website
• Individuals who subscribe to Provectia's newsletter or download gated content (e.g., white papers)
• Representatives of organizations engaged in a consulting or fractional advisory relationship with Provectia

If you are accessing our website or services on behalf of an organization, you represent that you have the authority to bind that organization to this Privacy Policy.

2.1 Information You Provide Directly

We collect information you voluntarily provide when you:

• Register for PRISM Free — name, email address, organization name, and job title
• Purchase PRISM Pro or PRISM Executive — name, email address, organization name, job title, and billing information (processed by our payment provider; Provectia does not store payment card data)
• Complete the PRISM assessment — responses to assessment questions covering your organization's AI readiness across seven dimensions
• Submit a contact or inquiry form — name, email address, organization, and the content of your message
• Download gated content — name, email address, and organization name
• Engage in a consulting relationship — organizational data, documents, and other information shared in the course of the engagement as described in your Statement of Work (SOW) or Engagement Letter

2.2 Information Collected Automatically

When you visit provectia.com, we may automatically collect:

• Usage data — pages visited, time spent on pages, links clicked, and navigation paths
• Device and browser information — browser type and version, operating system, screen resolution, and device type
• IP address — used for analytics, security, and approximate geographic location (country/region level)
• Referral source — the URL or platform that directed you to our website

This information is collected through standard web analytics tools and does not on its own identify you as an individual.

2.3 Cookies and Tracking Technologies

Provectia uses cookies and similar technologies to improve website functionality and understand how visitors use our site. Types of cookies we may use include:

• Essential cookies — required for basic website functionality (e.g., session management)
• Analytics cookies — help us understand visitor behavior in aggregate (e.g., PostHog or similar)
• Preference cookies — remember your settings and choices across visits

You can control cookie settings through your browser preferences. Disabling certain cookies may affect website functionality. We do not use advertising or cross-site tracking cookies.

2.4 Information We Do Not Collect

Provectia does not knowingly collect:

• Payment card numbers or banking details (handled entirely by our payment processor)
• Sensitive personal information such as government ID numbers, Social Security numbers, or health records unless explicitly required under a specific engagement and governed by a separate Data Processing Agreement (DPA)
• Information from children under the age of 13

We use the information we collect for the following purposes:

3.1 Service Delivery

• To process PRISM assessments and deliver results and reports
• To respond to inquiries and provide requested information
• To perform consulting and fractional advisory engagements under signed agreements
• To manage billing and payment for paid services

3.2 Communications

• To send transactional communications related to your assessment, purchase, or engagement (e.g., delivery confirmations, invoices, meeting notes)
• To send Provectia's newsletter and thought leadership content — only with your explicit consent
• To notify you of material changes to these policies or our services

You may opt out of non-transactional communications at any time by clicking "unsubscribe" in any email or contacting us at privacy@provectia.com.

3.3 Product and Service Improvement

• To analyze aggregate, anonymized PRISM assessment data for benchmarking, research, and improvement of our diagnostic methodology
• To understand how visitors use our website and improve its content and functionality
• To develop new services, frameworks, and thought leadership materials

3.4 Legal and Compliance

• To comply with applicable laws, regulations, and legal obligations
• To enforce our Terms of Service and other agreements
• To protect Provectia's rights, property, and safety, and the rights of our clients and users

Provectia does not sell your personal information. We do not share your information with third parties for their own marketing purposes.

We may share your information in the following limited circumstances:

4.1 Service Providers

We engage trusted third-party vendors to help us operate our business. These vendors process data only on our behalf and are contractually required to protect your information. Current categories of service providers include:

• Payment processing — to handle billing for PRISM Pro, PRISM Executive, and other paid services
• Website hosting and infrastructure — Vercel (hosting), Neon (database), Vercel Blob Storage (media)
• Analytics — web analytics tools used in aggregate, anonymized form
• Email delivery — to send transactional and newsletter communications
• AI tools — used internally to assist with service delivery (e.g., report generation); client data shared with AI tools is subject to applicable data processing terms

4.2 Legal Requirements

We may disclose your information if required to do so by law, regulation, court order, or government authority, or if we believe disclosure is necessary to protect the rights, property, or safety of Provectia, our clients, or the public.

4.3 Business Transfers

In the event of a merger, acquisition, restructuring, or sale of all or substantially all of Provectia's assets, your information may be transferred to the acquiring entity. We will provide notice before your information is transferred and becomes subject to a different privacy policy.

4.4 With Your Consent

We may share your information with third parties when you have given us explicit consent to do so.

Provectia serves clients in academic, healthcare, and regulated industry sectors. We recognize that some client engagements may involve data subject to regulatory frameworks including:

• HIPAA — Health Insurance Portability and Accountability Act (healthcare and academic medical clients)
• FERPA — Family Educational Rights and Privacy Act (higher education clients)
• GLBA — Gramm-Leach-Bliley Act (financial services clients)
• CCPA/CPRA — California Consumer Privacy Act (California residents)

Where an engagement involves regulated data, Provectia will execute an appropriate Data Processing Agreement (DPA) or Business Associate Agreement (BAA) with the client prior to receiving such data. Provectia does not accept regulated personal data through its standard website forms or PRISM assessment tool without a governing agreement in place.

If you believe you have submitted regulated personal data through our website without an applicable agreement, please contact us immediately at privacy@provectia.com.

We retain your information for as long as necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law.

Data TypeRetention Period

PRISM Free registration and assessment responses

24 months from last activity

PRISM Pro / Executive purchase records

7 years (tax and legal compliance)

Contact form submissions

12 months unless converted to engagement

Newsletter subscribers

Until unsubscribe or deletion request

Consulting engagement records

7 years from engagement close date

Website analytics (aggregate)

24 months rolling

After the applicable retention period, data is securely deleted or anonymized.

Provectia implements reasonable and appropriate technical and organizational measures to protect your information against unauthorized access, alteration, disclosure, or destruction. These measures include:

• Encrypted data transmission (TLS/HTTPS) across provectia.com
• Access controls limiting data access to authorized personnel on a need-to-know basis
• Secure cloud infrastructure through Vercel and Neon with industry-standard security practices
• Regular review of our data handling practices and vendor security posture

No method of data transmission or storage is 100% secure. While we take the protection of your data seriously, we cannot guarantee absolute security. In the event of a data breach that affects your information, we will notify you as required by applicable law.

Depending on your location and applicable law, you may have the following rights with respect to your personal information:

8.1 Rights Available to All Users

• Access — Request a copy of the personal information we hold about you
• Correction — Request correction of inaccurate or incomplete information
• Deletion — Request deletion of your personal information, subject to legal retention requirements
• Opt-out of marketing — Unsubscribe from non-transactional communications at any time

8.2 Additional Rights for California Residents (CCPA/CPRA)

California residents have additional rights under the California Consumer Privacy Act, including:

• The right to know what personal information is collected, used, shared, or sold
• The right to opt out of the sale or sharing of personal information (Provectia does not sell personal information)
• The right to non-discrimination for exercising privacy rights
• The right to limit the use of sensitive personal information

To exercise any California privacy rights, contact us at privacy@provectia.com with the subject line "California Privacy Request."

8.3 Rights for EEA, UK, and Swiss Residents

If you are located in the European Economic Area, United Kingdom, or Switzerland, you may have rights under the General Data Protection Regulation (GDPR) or equivalent legislation, including the right to data portability and the right to lodge a complaint with your local supervisory authority.

Provectia's primary operations are based in the United States. If you are located outside the U.S. and choose to use our services, your information will be transferred to and processed in the United States. By using our services, you consent to this transfer.

8.4 How to Submit a Request

To exercise any of the above rights, contact us at:

Email: privacy@provectia.com
Subject line: "Privacy Rights Request"

We will respond to verified requests within 30 days. We may need to verify your identity before processing your request.

Our website may contain links to third-party websites, tools, or platforms (including LinkedIn, conference websites, or referenced resources). This Privacy Policy does not apply to those third-party sites. We encourage you to review the privacy policies of any third-party sites you visit.

Provectia's website and services are intended for professionals and organizational decision-makers. We do not knowingly collect personal information from individuals under the age of 13. If we become aware that we have inadvertently collected information from a child under 13, we will delete it promptly. If you believe we have collected such information, please contact us at privacy@provectia.com.

Provectia reserves the right to update this Privacy Policy at any time. When we make material changes, we will update the Effective Date at the top of this document and, where practicable, notify registered users via email.

Your continued use of provectia.com or our services after the updated policy is posted constitutes your acceptance of the revised policy. We encourage you to review this policy periodically.

If you have questions, concerns, or requests related to this Privacy Policy or Provectia's data practices, please contact us at:

Provectia LLC
Website: provectia.com
State of Formation: Utah, United States
Privacy inquiries: privacy@provectia.com

We take all privacy inquiries seriously and will respond within 30 days.

© 2026 Provectia LLC. All rights reserved. Provectia is a registered trade name of Provectia LLC, a Utah limited liability company.