Mohum Consulting Data Insights & Automation

Legal

Privacy Policy

Effective date: May 28, 2026

Mohum Consulting LLC ("Mohum Consulting," "we," "us," or "our") provides data analytics, business intelligence, automation, and AI-enabled software services. We recognize that, in delivering these services, we may be entrusted with sensitive information about businesses and individuals — potentially including sensitive personal data and, in some engagements, health-related data. We treat that responsibility seriously. This Privacy Policy explains what personal data we collect, why, how we protect it, and the rights you have over it.

Our core commitments: We do not sell your personal data. We do not share it for cross-context behavioral advertising. We process personal data only for the purposes described here or that you have authorized, and we apply the principles of data minimization, purpose limitation, and security by design.

1. Scope & our two roles

This policy covers personal data we handle through our website and in the course of our business. Our obligations depend on our role:

  • As a controller — for data we collect about website visitors and prospective or current clients (for example, contact-form submissions), we decide why and how the data is processed, and this Privacy Policy governs.
  • As a processor / service provider — for personal data we access or process on behalf of a client to deliver a project, the client is the controller. Our handling of that data is governed by the data processing agreement (DPA) and the engagement contract with that client, which take precedence over this policy. We process such data only on the client's documented instructions.

2. Information we collect

We collect only what we need:

  • Information you provide. When you submit our contact form, we collect your name, email address, optional company name, and the contents of your message. When you become a client, we may collect business contact details and contract information.
  • Technical information. When you submit the contact form, we record the originating IP address and browser user-agent string, solely to detect and investigate spam and abuse. Our web server keeps standard access logs for security and reliability.
  • Client project data. In an engagement, we may process data your organization provides or grants us access to. The categories are defined by the engagement, and we act as a processor as described in Section 1.

We do not use third-party advertising trackers, and we do not run analytics that profile you across other websites.

3. How and why we use information

  • To respond to your enquiries and communicate with you about our services.
  • To provide, maintain, and improve the services a client has engaged us for.
  • To secure our systems, prevent fraud and abuse, and maintain audit logs.
  • To comply with legal, tax, and accounting obligations.

We do not use your contact-form data to send unsolicited marketing. We do not use your personal data, or client project data, to train AI models for our own purposes or for third parties, except where a client explicitly instructs and authorizes us to do so for their own project under contract.

Where the GDPR or similar laws apply, we rely on: consent (which you may withdraw at any time); performance of a contract with you or your organization; our legitimate interests in operating, securing, and improving our business (balanced against your rights); and compliance with legal obligations.

5. Sensitive & health data

Some engagements involve sensitive personal data — which may include health information, financial data, government identifiers, or other special categories. Where we process such data:

  • We do so only as a processor under a written agreement, on the controller's instructions, and only to the extent necessary for the engagement.
  • We apply heightened safeguards, including encryption, strict access controls on a need-to-know basis, and additional contractual protections.
  • Where a client is subject to a specific regime — such as HIPAA for protected health information in the United States — we will enter into the appropriate agreement (e.g., a Business Associate Agreement) before processing that data, and handle it accordingly.
  • We will not request, collect, or retain sensitive data beyond what the engagement requires, and we return or securely delete it on completion.

6. How we share information

We share personal data only in limited circumstances:

  • Service providers / sub-processors who help us operate (for example, hosting, email delivery), bound by contract to protect the data and use it only to provide services to us. When we act as a processor, we engage sub-processors only as permitted by our client agreement.
  • Legal & safety — when required by law, legal process, or to protect the rights, safety, and security of people and systems.
  • Business transfers — in connection with a merger, acquisition, or sale of assets, subject to the protections in this policy.

7. No sale of personal data

We do not, and will not, sell your personal data, and we do not share it for cross-context behavioral advertising, as those terms are defined under the California Consumer Privacy Act (as amended by the CPRA) and similar U.S. state laws. We do not trade in personal data as a business model.

8. International transfers

We are based in the United States and may process data there or in other countries where our service providers operate. Where we transfer personal data across borders in a way that triggers legal safeguards, we use an appropriate transfer mechanism, such as the European Commission's Standard Contractual Clauses, together with supplementary measures where needed.

9. Data retention

We keep personal data only as long as necessary for the purpose it was collected:

  • Contact-form submissions: retained for up to 24 months to manage the enquiry and our records, then deleted, unless they become part of a client relationship.
  • Client project data: retained for the duration of the engagement and the period defined in the client agreement, after which it is returned or securely destroyed.
  • Records required by law (e.g., tax, accounting) are kept for the legally required period.

10. Security

We implement administrative, technical, and physical safeguards appropriate to the risk, including encryption in transit (TLS) and at rest where applicable, access controls and least-privilege permissions, network and application hardening, logging and monitoring, and regular review of our practices. No method of transmission or storage is perfectly secure, but we work to protect your data and to respond promptly to any incident, including notifying affected parties and regulators where the law requires.

11. Your privacy rights

Depending on where you live, you may have the right to access, correct, delete, or receive a portable copy of your personal data; to object to or restrict certain processing; to withdraw consent; and to not be discriminated against for exercising these rights. To exercise any right, email us at info@mohumconsulting.com. We will verify your request and respond within the timeframe required by applicable law. If we process your data on behalf of a client (as a processor), we will refer your request to that client, who is the controller. You also have the right to lodge a complaint with your local data protection authority.

12. Children's privacy

Our website and services are intended for businesses and are not directed to children. We do not knowingly collect personal data from children. If you believe a child has provided us personal data, please contact us so we can delete it.

13. Changes to this policy

We may update this Privacy Policy from time to time. When we do, we will revise the effective date above and, for material changes, provide a more prominent notice. Your continued use of our website after changes take effect constitutes acceptance.

14. Contact us

Questions or requests about this policy or your personal data? Contact:

Mohum Consulting LLC
Email: info@mohumconsulting.com
Phone: 775-899-3328