Privacy Policy

King & Company Consulting ("King & Co.," "we," "us," or "our") respects your privacy and is committed to protecting the personal information entrusted to us. This Privacy Policy describes how we collect, use, store, share, and protect personal information in connection with our consulting services and our website at kingandco.consulting.

1. Information We Collect

1.1 Information You Provide Directly

We collect information you provide when you engage our services, submit a contact form, book a consultation, or communicate with us. This may include:

• Contact Information: Name, email address, phone number, mailing address
• Business Information: Company name, job title, industry, number of employees
• Financial Information: Billing address, payment method details (processed through Stripe; we do not store full card numbers)
• Service-Related Data: Information necessary to perform our services, including employee records, payroll data, HR documentation, facility records, and compliance materials

1.2 Information Collected Automatically

When you visit our website, we automatically collect certain information through cookies and similar technologies:

• Usage Data: Pages visited, time on site, referral source, browser type, device type
• Analytics Data: We use Vercel Analytics to understand website performance and visitor behavior. This data is aggregated and does not personally identify you.

1.3 Information from Third Parties

We may receive information from HRIS and payroll platforms (Rippling, iSolved, Paragon, and others), benefits administrators, background check providers, and regulatory agencies, solely in connection with performing services on behalf of our clients.

2. How We Use Your Information

We use personal information for the following purposes:

• Delivering Services: Performing HR, payroll, compliance, senior care consulting, and AI consulting services as defined in the applicable engagement agreement
• Client Communication: Responding to inquiries, providing service updates, sending invoices, and facilitating project collaboration
• Billing and Payments: Processing payments, managing accounts, and collecting amounts due
• Legal Compliance: Meeting our obligations under applicable laws, including employment, tax, and privacy regulations
• Website Improvement: Analyzing website usage to improve user experience and content
• Marketing: Sending relevant information about our services (with your consent or where permitted by law; you can opt out at any time)

3. How We Share Your Information

We do not sell personal information. We may share information in the following limited circumstances:

• Service Providers: We share data with trusted third-party service providers who assist in delivering our services, including Stripe (payment processing), Supabase (data infrastructure), Clerk (authentication), Vercel (website hosting), and Resend (email delivery). These providers are bound by data protection agreements.
• HRIS & Payroll Platforms: We access and process data within client-designated platforms (Rippling, iSolved, Paragon, etc.) solely to perform services on behalf of the client.
• Legal Requirements: We may disclose information when required by law, regulation, legal process, or governmental request.
• Business Transfers: In the event of a merger, acquisition, or sale of assets, personal information may be transferred as part of the transaction.
• With Client Authorization: We may share information with third parties when directed by the client or as specified in the engagement agreement.

4. Data Security

We implement commercially reasonable administrative, physical, and technical safeguards to protect the security, confidentiality, and integrity of personal information. These measures include encryption of data in transit and at rest, access controls, regular security assessments, and secure data storage practices. However, no method of transmission or storage is 100% secure, and we cannot guarantee absolute security.

5. Data Retention

We retain personal information for as long as necessary to fulfill the purposes for which it was collected, including to satisfy legal, accounting, or reporting requirements. Client service-related data is retained for the duration of the engagement plus a reasonable period thereafter (typically three years) to support any post-engagement inquiries or legal obligations. You may request deletion of your personal data, subject to our legal retention obligations.

6. Employee and Sensitive Data

In performing HR, payroll, and senior care consulting services, we may process personal data of our clients' employees and facility residents/staff. This data is processed solely on behalf of and at the direction of the client. Clients are responsible for ensuring that they have appropriate legal bases (including employee consent where required) for sharing such data with us. We handle employee data in accordance with applicable federal and state employment and privacy laws.

7. AI Services and Data Processing

For AI consulting services, we may process client-provided SOPs, documentation, and other materials to build and configure AI workspaces. Client data processed in connection with AI services is used solely for the purposes specified in the engagement agreement and is not used to train third-party AI models. Clients retain ownership of all proprietary data provided for AI workspace configuration.

8. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal information:

• Access: Request a copy of the personal information we hold about you
• Correction: Request correction of inaccurate or incomplete information
• Deletion: Request deletion of your personal information, subject to legal retention requirements
• Opt-Out: Unsubscribe from marketing communications at any time
• Data Portability: Request your data in a commonly used, machine-readable format

To exercise any of these rights, contact us at hello@kingandco.consulting. We will respond within thirty (30) days.

9. Massachusetts Privacy Rights

As a Massachusetts-based business, we comply with the Massachusetts data privacy laws, including 201 CMR 17.00 (Standards for the Protection of Personal Information). We maintain a comprehensive information security program designed to protect the personal information of Massachusetts residents.

10. Cookies and Tracking

Our website uses essential cookies required for core functionality (authentication via Clerk, session management) and analytics cookies (Vercel Analytics) to understand website usage. We do not use advertising cookies or share browsing data with advertisers. You can control cookie settings through your browser preferences.

11. Third-Party Links

Our website may contain links to third-party websites and services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies.

12. Children's Privacy

Our services are not directed to individuals under 18, and we do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a child, please contact us and we will promptly delete it.

13. Data Breach Notification

In the event of a data breach involving personal information, we will notify affected individuals and relevant authorities as required by applicable law, including Massachusetts General Laws Chapter 93H. Notification will include the nature of the breach, the information involved, and steps individuals can take to protect themselves.

14. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be posted on this page with an updated "Last Updated" date and communicated to active clients. Your continued use of our services after changes take effect constitutes acceptance of the updated policy.

15. Contact Us

For questions, concerns, or requests regarding this Privacy Policy or our data practices: