Privacy Policy
Last updated on 14 Mar 2026
Wardcliff Group ("we," "us," or "our") operates wardcliffgroup.com and provides business automation services, AI infrastructure, and consulting to small and medium-sized businesses (10-100 employees). This Privacy Policy explains how we collect, use, store, share, and protect your personal information in compliance with applicable laws including GDPR, HIPAA (for applicable clients), and A2P 10DLC messaging regulations.
We collect the following types of personal information when you use our services:
· Full name
· Business name and address
· Email address
· Phone number (including mobile numbers for A2P messaging)
· Job title and role
· CRM data entered into platform
· Call recordings and transcripts (Tier 2 clients)
· Security monitoring data (Tier 3 MSOC clients)
· Vulnerability scan results and audit reports
· Automation workflow configurations
· Website analytics via cookies and tracking technologies
· Billing address
· Payment method details (processed securely by third-party payment processors)
· Subscription tier and billing history
· IP addresses
· Browser type and version
· Device identifiers
· Access logs and usage patterns
2. How We Use Your Information
We use your personal information for the following purposes:
• Service Delivery: To provide CRM automation, AI receptionist services, managed security operations, and consulting as
specified in your subscription tier.
• Communication: To send service updates, appointment confirmations, security alerts, billing notifications, and support responses.
• SMS Messaging (A2P): To send transactional and promotional text messages related to your service subscription, appointment reminders, lead recovery, and security notifications. Message frequency varies by tier and service usage.
• Service Improvement: To analyze usage patterns, optimize workflows, and enhance platform performance.
• Compliance: To meet legal obligations, respond to lawful requests, and maintain GDPR/HIPAA standards where applicable.
• Security: To detect and prevent fraud, unauthorized access, and security threats via our MSOC services.
3. Legal Basis for Processing (GDPR)
For clients and individuals in the European Union, we process your personal data based on:
· Contract Performance: Processing necessary to deliver services under our subscription agreements.
· Legitimate Interests: Service improvement, security monitoring, and fraud prevention.
· Consent: Where you have provided explicit consent for specific processing activities (e.g., promotional SMS messages).
· Legal Obligation: Compliance with applicable laws and regulations.
4. How We Share Your Information
We do not sell, rent, or trade your personal information to third parties for marketing purposes.
We may disclose your information if required by law, court order, subpoena, or government regulation, or to protect our rights, property, or safety.
In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity with advance notice to you.
4.4 Explicit Non-Sharing for A2P Messaging
We will not share mobile contact information with third parties or affiliates for marketing or promotional purposes. All text messaging originator opt-in data and consent information will not be shared with any third parties except as required to deliver our services (e.g., carrier transmission).
We retain your personal information for as long as your subscription remains active and for 30 days following termination or cancellation to facilitate account recovery and fulfill legal obligations. Security monitoring data (MSOC logs) may be retained longer as required by regulatory compliance or client-specific security policies.
If you are located in the European Union, you have the following rights:
• Right to Access: Request a copy of the personal data we hold about you.
• Right to Rectification: Request correction of inaccurate or incomplete data.
• Right to Erasure: Request deletion of your personal data (subject to legal retention requirements).
• Right to Restriction: Request limitation on how we process your data.
• Right to Data Portability: Receive your data in a structured, machine-readable format.
• Right to Object: Object to processing based on legitimate interests.
• Right to Withdraw Consent: Withdraw consent for specific processing activities at any time.
To exercise these rights, contact us at privacy@wardcliffgroup.com.
7. HIPAA Compliance (Future Healthcare Clients)
While we do not currently process Protected Health Information (PHI), we are prepared to enter into Business Associate Agreements (BAAs) with healthcare clients who require HIPAA-compliant services. If you are a covered entity under HIPAA and require a BAA, please contact us at compliance@wardcliffgroup.com before subscribing to our services.
When processing PHI under a BAA, we implement administrative, physical, and technical safeguards as required by HIPAA, including encryption, access controls, audit logging, and breach notification procedures.
8. SMS Messaging and A2P 10DLC Compliance
8.1 Consent to Receive Text Messages
By providing your mobile phone number and subscribing to Wardcliff Group services, you expressly consent to receive SMS text messages from us. These messages may include:
· Transactional messages (appointment confirmations, booking notifications, service alerts)
· Promotional messages (service updates, new features, special offers)
· Security notifications (threat alerts, vulnerability reports for MSOC clients)
Message frequency varies by subscription tier and service usage. Standard message and data rates may apply based on your mobile carrier plan.
You may opt out of receiving promotional text messages at any time by replying with STOP, UNSUBSCRIBE, CANCEL, END, or QUIT to any message you receive from us. Upon receiving your opt-out request, we will promptly remove your number from our promotional messaging list and send a final confirmation message.
Opting out of promotional messages will not affect transactional service-related communications necessary to deliver your subscribed services (e.g., security alerts, billing notifications, appointment confirmations).
For assistance, reply HELP to any message or contact support@wardcliffgroup.com.
8.3 Data Privacy for A2P Messaging
Your mobile phone number and text messaging consent data will never be sold, shared, or disclosed to third parties for marketing purposes without your explicit consent. We share this information only with our authorized service providers (e.g., SMS platform providers, mobile carriers) as necessary to deliver messages to you.
We implement industry-standard security measures to protect your personal information from unauthorized access, use, disclosure, alteration, or destruction:
• Encryption: Data in transit is encrypted using TLS/SSL protocols. Data at rest is encrypted where applicable.
• Access Controls: Role-based access restrictions limit employee and contractor access to personal data on a need-to-know basis.
• Monitoring and Logging: Continuous security monitoring via Huntress (Tier 3 MSOC) and audit logging for compliance verification.
• Regular Audits: Vulnerability scans, penetration testing, and security assessments to identify and remediate risks.
• Incident Response: Documented breach notification procedures aligned with GDPR (72-hour notification) and HIPAA requirements.
While we employ robust security measures, no data transmission over the Internet or mobile networks can be guaranteed to be 100% secure. You acknowledge and accept this inherent risk by using our services.
10. Cookies and Tracking Technologies
Our website uses cookies and similar tracking technologies to enhance user experience, analyze site traffic, and improve our services. You can control cookie preferences through your browser settings. Disabling cookies may limit functionality on our website.
Types of cookies we use:
· Essential Cookies: Necessary for website operation and service delivery.
· Analytics Cookies: Track usage patterns to improve user experience.
· Marketing Cookies: Used for promotional campaigns and retargeting (with your consent).
Our website and services may contain links to third-party websites or platforms. We are not responsible for the privacy practices or content of these external sites. We encourage you to review their privacy policies before providing personal information.
Our services are not directed to individuals under the age of 18. We do not knowingly collect personal information from minors. If we become aware that we have inadvertently collected data from a minor, we will delete it promptly.
13. International Data Transfers
Your personal information may be transferred to and processed in the United States and other countries where our service providers operate. If you are located in the European Union, we ensure appropriate safeguards are in place (e.g., Standard Contractual Clauses) to protect your data during international transfers.
14. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, services, or legal requirements. When we make changes, we will update the "Last Updated" date at the top of this policy. For material changes, we will provide prominent notice by email or through our website.
Your continued use of our services after the updated Privacy Policy becomes effective constitutes your acceptance of the revised terms. We encourage you to review this policy periodically.
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
Wardcliff Group
Email: privacy@wardcliffgroup.com
Address: Atlanta, Georgia, United States
Website: wardcliffgroup.com
For GDPR-related inquiries: gdpr@wardcliffgroup.com
For HIPAA/compliance inquiries: compliance@wardcliffgroup.com
For A2P messaging support: support@wardcliffgroup.com