Data Privacy & Compliance Policy

Effective Date: March 1, 2022
Updated VersionFebruary 16th, 2025
Last ReviewedJuly 21, 2025

Welcome Statement

01

At Knight Eagle Consulting Services (KECS), we believe privacy is not just a legal responsibility—it’s a reflection of trust, integrity, and the values we share with every client and partner. Whether you’re a veteran entrepreneur or a strategic stakeholder, this policy outlines how KECS collects, safeguards, and respects your data.

02

Purpose

To establish a framework for responsible management of sensitive information, including:

  • Personally Identifiable Information (PII)
  • Protected Health Information (PHI)
  • Confidential business or strategic data

03

Scope

Applies to:

  • All KECS employees, contractors, consultants, and vendors
  • All platforms, software, and systems used to store or process data
  • All service domains: strategic consulting, healthcare, justice, marketing, and technology

04

Core Principles

KECS follows industry-standard data governance practices:

  • Transparency in data practices
  • Purpose Limitation—data used only as needed
  • Data Minimization—only necessary data collected
  • Integrity & Confidentiality via robust safeguards
  • Retention & Secure Disposal of expired data

05

Technology & Platform Disclosure

KECS uses Core Quantum Leads as our CRM system.
Our business communications and infrastructure rely on Google Workspace, which meets rigorous data protection and security standards.

06

Regulatory Compliance

KECS aligns with:

  • U.S. HIPAA & FERPA
  • California Consumer Privacy Act (CCPA)
  • European Union General Data Protection Regulation (GDPR)
  • Arizona-specific and VA guidelines for veteran services

Legal Basis (GDPR):

  • Consent (e.g., for events or updates)
  • Contractual necessity (for service delivery)
  • Legitimate interest (e.g., strategic communications)

CCPA Compliance:

  • KECS does not sell personal data
  • California residents may submit opt-out requests via contact info listed below

07

Website Usage & Analytics

If visiting our website, note:

  • We may use session cookies for functionality
  • Marketing pixels (e.g., LinkedIn, Google Ads) may be present for campaign tracking
    (Users may opt out via browser settings or by contacting KECS directly.)

08

Risk Management & Security

Our layered security infrastructure includes:

  • Multi-Factor Authentication (MFA)
  • Role-Based Access Control (RBAC)
  • End-to-end encryption for data in transit and at rest
  • Scheduled penetration testing and software patching
  • Vendor audits and internal system reviews

09

Third-Party Data Handling

Any third-party vendor, subcontractor, or affiliate handling data on KECS’s behalf must:

  • Sign a binding Data Processing Agreement (DPA)
  • Undergo periodic compliance assessments
  • Align with KECS’s security and data integrity standards

10

Rights of Data Subjects

We uphold your right to:

  • Access, correct, or delete your personal data
  • Object to processing or withdraw consent
  • Request information on third-party sharing

Send privacy-related inquiries to:
📧 info@knighteagleconsulting.com
📞 888-359-9850 (Toll-Free)

KECS does not sell, rent, or transfer phone numbers or SMS consent to third
parties for marketing purposes.

11

SMS/Text Messaging Consent & Mobile Data

SMS/Text Messaging Consent & Mobile Data
If you provide your phone number to Knight Eagle Consulting Services (KECS) through
our website forms, onboarding forms, service agreements, scheduling systems, or direct
communication, you may be given the option to consent to receive SMS/text messages
from KECS. Message frequency may vary. Message and data rates may apply. You may
opt out at any time by replying STOP. For help, reply HELP or contact us at

info@knighteagleconsulting.com.

Mobile Information Sharing Policy
No mobile information will be shared with third parties or affiliates for marketing or
promotional purposes. All other categories of data sharing exclude text messaging
originator opt-in data and consent; this information will not be shared with any third
parties.

12

Incident Response

If a data breach occurs:

  • KECS will notify affected parties within 72 hours, or as legally required
  • A full internal investigation will be initiated per KECS’s Incident Response Plan
  • Remediation steps and security enhancements will be communicated transparently

13

Training & Oversight

  • All KECS team members undergo annual privacy and cybersecurity training
  • Confidentiality agreements are renewed yearly
  • Managers enforce compliance at the team level

14

Continuous Improvement

KECS regularly reviews this policy to reflect:

    • Changing legal landscapes
    • Technological innovations
    • Sectoral best practices across healthcare, justice, and veteran advocacy

Signed,

Donald E J Jacobson JR 

🖊️ Donald E.J. Jacobson Jr.
Founder & CEO, Knight Eagle Consulting Services

Are you Mission-Ready?

Take our 3-minute strategic assessment and find out!

Mission ready?