Privacy Policy for MBC Consulting Solutions, LLC
Last Updated: July 13, 2025

1. Introduction and Scope

This Privacy Policy outlines how MBC Consulting Solutions, LLC (“Company,” “we,” “our,” or “us”) collects, uses, shares, and protects information obtained through our website, mobile applications, forms, and services. By accessing or using our services, you agree to the terms of this Privacy Policy. This policy applies to all personal and non-personal data collected through our website or services, whether submitted directly or automatically. We are committed to ensuring transparency, accountability, and compliance with applicable privacy laws including the CAN-SPAM Act, the General Data Protection Regulation (GDPR), and the California Consumer Privacy Act (CCPA/CPRA).

2. Information Collection and Types

We collect the following types of personal and non-personal information:

**Personal Information:**
- Full name, email address (via lead magnets, contact forms, newsletter signups)
- Payment information (collected securely via Stripe for appointments)
- Appointment and communication details (via Calendly and Squarespace)

**Non-Personal Information:**
- Anonymous website and newsletter analytics (via Beehiiv)

We do not knowingly collect or process sensitive personal information such as health data, racial or ethnic origin, political opinions, gender identity, or data from individuals under the age of 16 without parental consent. If we become aware that we have inadvertently collected such information, we will take steps to delete it promptly.

3. Use of Information

We process personal information for the following purposes:
- To provide, personalize, and improve our services
- To process transactions and appointment scheduling
- To send newsletters and marketing communications to users who have opted in
- To comply with legal obligations and protect against fraud or misuse

We do not use personal information for automated decision-making or profiling. We do not sell or rent personal data to third parties.

4. Sharing of Information

We share personal information only with third parties that help us operate our business, and only for the purposes outlined above:

- **Calendly:** appointment scheduling
- **Stripe:** secure payment processing
- **Beehiiv:** email marketing and analytics
- **Squarespace:** website hosting and contact form handling

All third-party providers are required to maintain appropriate security and confidentiality standards. We may also disclose information:
- To comply with legal obligations, subpoenas, or governmental requests
- In connection with a business transfer, merger, or acquisition

We do not disclose personal information to affiliates or advertisers.

5. User Rights

You have the following rights regarding your personal data, subject to applicable law:
- Right to access – obtain a copy of your personal data
- Right to correction – request corrections to inaccurate or incomplete data
- Right to deletion – request deletion of your data, subject to legal obligations
- Right to opt out – unsubscribe from newsletters and marketing emails at any time

Residents of the European Economic Area (EEA) and the United Kingdom may also:
- Object to processing based on legitimate interests
- Request restriction of processing
- Request data portability to another service provider

California residents have additional rights under CCPA/CPRA:
- Right to know what categories of data we collect and disclose
- Right to opt-out of the sale or sharing of personal information
- Right to non-discrimination for exercising CCPA rights

To exercise these rights, please email us at: privacy@melissabethcohen.com. We will respond to requests within the timeframe required by law.

6. Data Security

We use commercially reasonable technical, administrative, and physical safeguards to protect personal data against loss, misuse, unauthorized access, disclosure, alteration, and destruction. Sensitive transactions (e.g., payments) are processed through secure third-party platforms such as Stripe. Despite our efforts, no method of transmission over the internet or method of storage is 100% secure. By using our services, you acknowledge and accept these inherent risks. In the event of a data breach affecting your personal information, we will notify you in accordance with applicable law.

7. Cookies and Tracking

Our website may use essential cookies for basic functionality. We do not currently deploy advertising or behavioral tracking cookies. Beehiiv may collect anonymous user engagement metrics related to our newsletter content. We provide necessary cookie preference controls as required by applicable laws in the jurisdictions we serve. Users can manage their cookie preferences through their browser settings.

8. Compliance with Data Protection Laws

We are committed to complying with all applicable privacy and data protection laws, including:

- **CAN-SPAM Act (U.S.):** We only send email marketing communications to users who opt in, and every message includes an unsubscribe option.
- **GDPR (EU/EEA):** We honor lawful bases for processing, such as consent, contract performance, and legitimate interests. We offer GDPR-compliant rights and remedies to affected individuals.
- **CCPA/CPRA (California):** We provide transparency into our data collection practices and honor requests from California residents to access, delete, or opt out of data sharing.

We regularly review our data practices and contracts with third-party vendors to ensure continued compliance.