Plain language. No dark patterns.
We collect only what we need to do the work, we never sell or trade what you share with us, and we will tell you the truth about what is on our servers and what is not. Everything below is written in the language we would want a contract written for us.
Only what the work requires.
Two categories, and that is it.
Information you send us directly
Your name, email address, the company you work for, and whatever you choose to write in a project brief, an inquiry, or an email reply. If we eventually take you on as a client, we will also collect the information necessary to invoice you and to do the engagement — scope notes, credentials you authorize us to hold, and the work product itself.
Information collected automatically
Standard server logs — IP address, browser, the page you arrived on, and the page you went to next. We use these for security and to understand which parts of the site are useful. We do not run third-party advertising trackers, behavioral profiling, or session replay tooling.
The work, and nothing else.
We use what you send us to reply to your inquiry, scope and run the engagement, send invoices, and — when you have asked for it — deliver the occasional note from the practice. That is the entire list.
We do not sell your information, we do not trade it, and we do not share it with third parties for their own marketing. The only exceptions are vendors who help us run the business itself: our hosting provider, our database provider, our email provider, and our payments processor — each of which is contractually bound to handle data only on our instructions.
The short list.
Each of these is a contractually-bound subprocessor.
- VercelHosting and edge infrastructure
- SupabaseDatabase, authentication, and file storage
- ResendTransactional and newsletter email delivery
- StripePayments and invoicing (when applicable)
- Zoho MailMailbox provider for our team
Functional only.
We use cookies for things the site cannot function without — keeping you signed into the client portal, remembering your form draft on the contact page, and recognizing the device you came in on. We do not run advertising cookies, cross-site trackers, or behavioral analytics. If your browser refuses cookies, the marketing site will still work; authenticated areas will not.
Your information is yours.
Whether you live in California, the EU, the UK, the UAE, or anywhere else.
You can ask us at any time what information we hold about you, and we will tell you in plain English. You can ask us to correct it, you can ask us to delete it, and you can ask us to send you a copy of it — and we will do any of those within a reasonable window, typically thirty days.
For requests, write us at info@we-are-resilience.com with the subject line “Privacy request”. We will reply from a real human inbox, not a ticketing system.
How long we keep things.
- Inquiries that did not become engagementsUp to 24 months, then deleted.
- Active client recordsFor the life of the engagement.
- Closed client recordsSeven years, for tax and legal reasons.
- Newsletter subscribersUntil you unsubscribe.
We will tell you.
When we update this policy in any way that materially affects what we do with your information, we will note the change at the top of this page and, where we have your email, send a short note. The version below is the one currently in force.