How Clemons Wright handles client data
Clemons Wright is a management-consulting and risk-advisory firm. Our privacy posture reflects the fact that we work with sensitive operating, capital, reputation, and litigation-adjacent information. This page tells you what we collect, how we store it, and how long we keep it.
1. What we collect
- Contact form submissions — name, email, company, role, service line, urgency, and message body.
- Booking acknowledgments — typed full legal name (e-signature), state of residence, jurisdiction, each of seven acknowledgment checkboxes with timestamp, IP address, user agent, and scroll-completion event.
- Booking and payment metadata — booking ID, tier, slot timestamps, payment intent ID, generated 6-digit passcode. Card data is handled by a trusted PCI-DSS payment processor and never touches our systems.
- Live session audio — recordings of $19 group sessions and $99 1-on-1 grilling sessions, captured through our private call infrastructure.
- Document uploads — PDFs submitted for the $79 Document Risk Score tier.
- Operating telemetry — page path, timestamp, browser and device context, and IP address, used to maintain a steady operating record and to detect abuse.
2. Where it lives
- Booking, acknowledgment, and operating data: a private, encrypted database with continuous backup.
- Session recordings: encrypted long-term storage protected with customer-managed keys.
- AEGIS reports: encrypted private storage, available to the client in their account.
- Source document uploads: encrypted storage with automatic deletion within 24 hours of report generation.
- Payment data: held by a trusted, PCI-DSS-compliant payment processor that we do not touch directly.
3. How long we keep it
- Session recordings: 7 years.
- Booking records: 7 years.
- Acknowledgment records: indefinite (legal-defense record).
- AEGIS reports: for the client's lifetime account, plus one year.
- Source PDFs: auto-deleted from secure storage within 24 hours of report delivery.
4. Who can see it
Recordings, acknowledgments, and uploaded documents are visible only to Dustin L. Clemons and to the minimum number of operations staff required to support the booking. We do not sell client data and we do not share it with third parties for marketing. Disclosure may be compelled by lawful subpoena — see communications are not privileged.
5. Your rights
You may request a copy of the data we hold about you, or request deletion of data we are not required to retain for legal-defense reasons, by emailing the contact form with "Privacy request" in the message. We respond within 30 days.
6. Cookies
Clemons Wright uses a first-party session cookie for integrity, and an optional first-party operating-analytics cookie that you can decline at the banner on your first visit. We do not embed third-party advertising trackers. See the dedicated cookie policy for the full inventory.
7. We do not sell personal information
Clemons Wright does not sell or share personal information as those terms are defined under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), or under any analogous state or international privacy law. We do not exchange your data for monetary or other valuable consideration with any third party for advertising, profiling, or marketing purposes. If this ever changes, this page will be updated and affected users notified before any such practice begins.
California residents may exercise the right to know, delete, correct, and limit use of sensitive personal information by emailing the contact form with "California rights request" in the message. We respond within 45 days as required by CPRA.
8. Children's privacy
Clemons Wright services are intended for adults retaining a consulting engagement. We do not knowingly collect data from anyone under 13 (or under 16 where local law sets a higher age, such as GDPR). If you believe a child's data has been collected in error, email the contact form with "Children's privacy" in the message and we will delete it.