DATA Privacy & security Policy

Corcoran Consulting Group, LLC, (CCG) puts forth good faith efforts to maintain the privacy and security of its own and client or potential client data and contracts only with reputable organizations for data management, storage, backup, and transmission.

  • CCG regularly executes mutual non-disclosure agreements with clients and potential clients, using industry-standard terms and conditions. All employees, independent contractors, and/or agents of CCG are bound by this non-disclosure agreement and have executed a corresponding agreement with CCG.

  • CCG makes client and potential client data accessible to employees, independent contractors, and/or agents solely on a need-to-know basis. Access is removed upon completion of a project assignment.

  • CCG employs strong, unique, encrypted passwords for various online accounts to isolate and minimize the potential footprint and impact of a data breach and stores these passwords in an encrypted vault in LastPass. See data privacy and security policies for LastPass here.

  • CCG client or potential client data is stored in one or more cloud-based platforms and replicated locally as needed. See data privacy and security policies for Microsoft OneDrive and SharePoint here, here, and here; for Dropbox.com here; for ReMarkable here; for Evernote here; for Fireflies.ai here; for Google Drive here; for Adobe here; for SnagIt here.

  • CCG may, from time to time, access client data via cloud services provided by a client, such as through a secure portal or document management system. CCG’s data protection policies apply only after data is received by CCG and do not extend to any client-provided services or to the transmission of data to or from client-provided services.

  • CCG local data is automatically and regularly backed up to a cloud-based platform in an encrypted format. See privacy and security policies for iDrive here.

  • CCG email is accessed, stored, and backed up on a cloud-based Exchange platform and made accessible only on authorized and protected devices. CCG email may also be accessed, stored, and backed up on a cloud-based Google Workspace platform and made accessible on authorized and protected devices. See data privacy and security policies for Cloudscale365 here; for Google Workspace privacy and security policies here.

  • CCG relies primarily on Apple computers and telephone devices with hard drive encryption and iCloud security enabled, including remote lock and remote wipe capabilities. CCG also relies on a ReMarkable tablet device with data encryption and password encryption. CCG generally employs biometric authentication, two-factor authentication, encrypted passwords, and remote wiping after repeated failed access attempts to limit access to unauthorized or unknown users or devices. See more about Apple Secure Enclave here; see data security policies for Apple iCloud here; for ReMarkable here.

  • CCG periodically removes data from local devices and cloud storage, including Dropbox, Google Drive, Cloudscale365, iCloud, Google Workspace, OneDrive, SharePoint, and other relevant platforms by deleting files from both the cloud and local devices. For SSD devices, files deleted from the hard drive are automatically overwritten and unrecoverable. For all other devices, files are overwritten, and the hard drive space is redeployed using Apple’s Erase Free Space protocol. Deleted files and folders are automatically removed from cloud-based backup servers in accordance with each provider's relevant policy.

  • CCG devices are wiped clean using Apple’s secure protocols and restored to factory settings before disposal or redeployment, ensuring no data is retained. See Apple’s disposal and reset policies here and here.

  • CCG relies minimally on physical/hard-copy files during a client engagement. At the conclusion of a project, CCG retains no physical or hard-copy files related to any client engagement, except for invoices, expense receipts, and other documents related to state and federal tax filings, none of which contain client confidential information.

  • CCG destroys physical/hard-copy documents using a standard level 3 cross-cut paper shredder.

  • CCG periodically uses tools that may employ generative artificial intelligence or large language models, either actively or passively. As a rule, CCG prohibits the use of CCG and client data to train artificial intelligence models when given the option. Where this option is not offered, CCG endeavors to strip identifying content from confidential data. See AI data privacy and security policies for Google Gemini here; for Google Notebook here; for Google Workspace here; for OpenAI’s ChatGPT here; for Microsoft Office here; for Microsoft CoPilot here and here; for Apple here; and for Grammarly here.

  • CCG regularly uses one or more tools to actively or passively capture notes electronically and/or to record and transcribe online or in-person meetings. Meeting notes, transcriptions, or recordings are encrypted and accessible solely to CCG employees, independent contractors, and/or agents on an as-needed basis. Tools used in this manner are generally configured to comply with applicable disclosure guidelines. However, by engaging with CCG, clients explicitly agree to CCG’s use of these tools, even if such usage falls short of compliance with applicable authorities governing disclosure. See data security and compliance policies for Zoom here and here; for Microsoft Teams here; for Apple here; for Ring here; for Amazon Alexa here; for Firefiles.ai here and here.

  • CCG may provide an edited copy of a recording, e.g., a webinar or workshop, to clients pursuant to the scope of work. Upon request, CCG may share recordings or transcriptions of other meetings. Under no circumstances will CCG share notes, recordings, or transcriptions of interviews or meetings conducted in the course of an engagement, particularly when strict confidentiality is promised in return for candor.

  • CCG’s primary office is a dedicated space with restricted access, protected by a keypad door lock and 24/7 video monitoring, with end-to-end encryption. See Ring E2EE policy here.

  • CCG’s office provides internet access using dedicated physical and wireless access not shared with any other party. CCG employs standard firewall and VPN services. See the privacy and security policies for Firewalla here; for ExpressVPN here and here; for OpenVPN here.

  • CCG will provide prompt notice to an impacted client in the event of a relevant data breach incident. Such notice will provide details on the nature of the incident and the related remediation efforts, whether executed or underway. CCG will make good-faith efforts to ensure that such notice and incident remediation comply with applicable laws and regulations. By engaging with CCG, clients explicitly agree to this standard.

  • CCG deliverables and/or intellectual property, including physical or electronic copies of written reports, presentations, recordings, transcripts, or proposals, are not “work for hire” and remain the proprietary, confidential, and copyrighted property of CCG. CCG grants each client a perpetual license to use the deliverables internally, on an as-needed basis, in the execution of its own business operations. CCG deliverables or intellectual property may not be shared with external parties.

  • CCG may, from time to time, unless otherwise restricted, incorporate or refer to general findings or observations from past client engagements in presentations or speeches. In such cases, all data or graphics are stripped of identifying characteristics so no content is traceable to the source. CCG will secure specific permission in advance for any findings or observations attributed to a specific client.

  • CCG may, from time to time, unless otherwise restricted, include client organization names in a general client roster, without reference to the nature or scope of work. Inclusion in such a list does not imply endorsement or recommendation of CCG services.

  • CCG clients, by engaging with CCG, agree that a refusal to pay an outstanding CCG invoice automatically waives CCG’s data privacy and security policies and any other related confidentiality obligations.

  • Please address any questions or concerns about this policy by phone, by email here, or by postal mail here.

Last updated December 2025