Privacy Policy
Last Updated: April 25, 2026
Effective Date: April 15, 2026
This Privacy Policy describes how Ferdig Consulting, Ltd. dba ConsultKit ("ConsultKit," "we," "us," or "our") handles personal information when you use ConsultKit and its suite of applications — Clarify, Referee, and Testify (collectively, the "Services") — as well as through our websites, digital properties, and marketing activities.
By creating an account or using the Services, you agree to the practices described in this Privacy Policy. If you do not agree, please do not use the Services.
This Privacy Policy should be read alongside our Terms of Service.
1. Who We Are and Who This Policy Applies To
ConsultKit is a software-as-a-service suite designed for independent consultants. We operate as a data controller for the personal data we collect about our subscribers (you, the consultant using our platform).
Where you upload or process data about your own clients, contacts, or referrers through the Services (for example, referral contacts in Referee or testimonial respondents in Testify), you act as the data controller for that personal data and ConsultKit acts as your data processor. In that context, our obligations to you are governed by the Terms of Service and, where applicable, a Data Processing Agreement.
For questions about this policy, contact us at:
- info@ferdigconsulting.com
- 5443 Longwood Cir, Highlands Ranch CO 80130
2. Information We Collect
2.1 Information You Provide
When you register for or use ConsultKit, we collect information you provide directly to us:
- Contact data — name, email address, title, and organisation
- Profile data — username, password (stored in hashed form; we never store plaintext passwords), and profile information you choose to provide
- Workspace and product data — content you create within the Services:
- Clarify: Ideal Client Profiles (ICPs), Offerings, Personas, and positioning data
- Referee: Referral campaigns, referrer contact details, lead records, and conversion data
- Testify: Testimonial collection forms, submitted testimonial responses, and embed configuration
- Communications — records of correspondence when you contact us via support, feedback forms, or email
- Marketing preferences — your communication preferences and email engagement details
This workspace content may include personal data about third parties (your clients, referrers, or testimonial respondents). You are responsible for the lawful collection and use of that third-party data.
2.2 Information from Third-Party Sources
We may receive information about you from third-party sources, including:
- Public sources — publicly available information from government agencies, social media platforms, and public databases
- Data providers — demographic or contact enrichment services
- Marketing partners — joint marketing partners or co-promoters
- Third-party services — social login integrations (e.g. Google OAuth) you use to access our Services
We may combine this information with data we collect directly from you.
2.3 Information About Invitees and Referred Contacts
When you use Referee or other features that involve inviting or referring contacts:
- You may submit contact details (such as names and email addresses) for individuals you invite or refer
- Before sharing contact information about others, you must have their permission to do so
- We process this information on your behalf as data processor; you remain the data controller for those contacts
2.4 Payment Information
We use Stripe to process all payments. When you subscribe to any ConsultKit application:
- Your payment card details are collected and stored directly by Stripe
- ConsultKit does not store your full card number, CVV, or raw payment credentials
- We receive from Stripe a tokenised reference, last-four digits, card type, and expiry date for display purposes
- Billing history, invoices, and subscription records are stored by ConsultKit and Stripe
Stripe's privacy practices are governed by Stripe's Privacy Policy.
2.5 Automatically Collected Information
We automatically collect technical and usage information when you access the Services:
- Device data — IP address, approximate geolocation (country/region), browser type and version, device type and operating system
- Online activity data — pages viewed, features used, time spent, timestamps and session duration, links clicked, and email engagement (open/click rates for transactional emails)
- Error and performance data — crash reports, error logs, and performance metrics
2.6 Cookies and Similar Technologies
We use cookies and similar tracking technologies to operate the Services. See Section 3 for full details.
3. Cookies and Tracking Technologies
3.1 Technologies We Use
- Cookies — small text files stored on your device (session and persistent; first-party and third-party)
- Web beacons and pixel tags — tiny image files embedded in pages or emails to track engagement and delivery
- Local storage — browser-based storage (HTML5) used to preserve session state and preferences
3.2 Cookie Purposes
| Cookie Type | Purpose | Required? |
|---|---|---|
| Session cookies | Maintain your logged-in session | Yes |
| Authentication tokens | Securely verify your identity between requests | Yes |
| Preference cookies | Remember your UI preferences (e.g. theme) | Optional |
| Analytics cookies | Understand how the Services are used in aggregate | Optional |
Google Analytics is used for aggregate usage analytics. To opt out, install the Google Analytics Opt-out Browser Add-on.
3.3 Managing Cookies
You can control cookies through your browser settings. Disabling essential cookies will prevent you from using the Services. Disabling optional cookies will not affect core functionality.
We do not use third-party advertising cookies or sell your browsing data to advertisers.
3.4 Do Not Track
We currently do not respond to "Do Not Track" or similar signals from browsers.
4. How We Use Your Information
We use the information we collect to:
- Provide the Services — operate your account, store your workspace data, and fulfil your subscription
- Process payments — charge your payment method via Stripe on a recurring basis
- Facilitate invitations and referrals — enable Referee workflows and other contact-based features you initiate
- Send transactional communications — account confirmations, payment receipts, usage notifications, and service updates
- Provide customer support — respond to your questions and resolve issues
- Marketing and advertising — send direct marketing communications with opt-out options (see Section 7)
- Research and development — we may create aggregated, de-identified, or anonymous data derived from personal information to analyse usage patterns, identify improvements, and develop new features. We do not use this aggregated data to re-identify you
- Ensure security — detect and prevent fraud, abuse, and unauthorised access
- Comply with legal obligations — meet our obligations under applicable law
We do not use your data to train AI or machine learning models without your explicit consent. We do not sell your data to third parties.
5. How We Share Your Information
ConsultKit shares personal data only in the following circumstances:
5.1 Affiliates
We may share your information with affiliated entities that are under common ownership or control with ConsultKit, for purposes consistent with this Privacy Policy.
5.2 Service Providers (Sub-processors)
We share data with trusted third-party providers who help us operate the Services:
| Provider | Purpose | Location |
|---|---|---|
| Google Cloud / Firebase | Cloud infrastructure, database hosting, authentication, and file storage | USA (and regions per GCP configuration) |
| Stripe | Payment processing and subscription management | USA |
| Sentry | Error monitoring and performance tracking | USA |
| PostHog | Product analytics (coarse route views and activation events) | USA (US Cloud) |
| AgentMail | Transactional and operational email delivery | USA |
All sub-processors are contractually required to process personal data only on our instructions and in accordance with applicable data protection law.
5.3 Professional Advisors
We may share your information with lawyers, auditors, accountants, bankers, insurers, and other professional advisors where necessary in connection with the professional services they render to us.
5.4 Linked Third-Party Services
If you connect your ConsultKit account to a third-party service (e.g. via OAuth sign-in), that service may receive certain profile information. Your use of such services is governed by their own privacy policies.
5.5 Legal Requirements
We may disclose your information if required to do so by law, court order, or a competent regulatory authority, or if we believe disclosure is necessary to protect the rights, property, or safety of ConsultKit, our users, or the public.
5.6 Business Transfers
If ConsultKit is involved in a merger, acquisition, or sale of all or substantially all of its assets, your information may be transferred as part of that transaction. We will provide notice before your personal data is transferred and becomes subject to a different privacy policy.
5.7 With Your Consent
We may share your information in any other way with your prior written consent.
6. Your Choices
6.1 Account Information
If you have an account, you may review and update your account information by logging in and visiting your account settings.
6.2 Opting Out of Marketing
You may opt out of marketing-related emails by following the unsubscribe instructions at the bottom of any marketing email, or by contacting us directly. Note that you will continue to receive transactional emails related to your account (e.g. receipts, security alerts) regardless of your marketing preferences.
6.3 Cookies and Tracking
You can control cookies through your browser settings. See Section 3.3 for details.
6.4 Do Not Track
See Section 3.4.
6.5 Third-Party Platform Settings
If you use third-party services integrated with ConsultKit (e.g. social logins), you can limit the information those services share with us by adjusting settings within those platforms.
7. Your Rights
Depending on your jurisdiction, you may have the following rights regarding your personal data:
| Right | Description |
|---|---|
| Access | Request a copy of the personal data we hold about you |
| Rectification | Request correction of inaccurate or incomplete data |
| Erasure | Request deletion of your personal data ("right to be forgotten") |
| Restriction | Request that we limit processing of your data in certain circumstances |
| Portability | Receive your data in a structured, machine-readable format |
| Objection | Object to processing of your data for certain purposes |
| Withdraw consent | Where processing is based on consent, withdraw it at any time |
7.1 How to Exercise Your Rights
To exercise any of these rights, contact us at info@ferdigconsulting.com. We will respond within 30 days (or within the timeframe required by applicable law). We may need to verify your identity before fulfilling a request.
7.2 EU/UK Residents — GDPR
If you are located in the European Economic Area (EEA) or United Kingdom, your rights are governed by the General Data Protection Regulation (GDPR) or UK GDPR, as applicable. Our lawful bases for processing your personal data are:
- Contract performance — processing necessary to deliver the Services you have subscribed to
- Legitimate interests — fraud prevention, security, and service improvement (where not overridden by your interests or rights)
- Legal obligation — compliance with applicable laws
- Consent — where we have obtained your explicit consent (e.g. optional analytics cookies)
You have the right to lodge a complaint with your national data protection authority if you believe your rights have been violated.
ConsultKit does not currently designate an EU representative or Data Protection Officer. EEA/UK residents may direct all inquiries to info@ferdigconsulting.com.
7.3 California Residents — CCPA/CPRA
If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):
- Right to know — request information about the categories of personal information collected, sources, purposes, and third parties with whom it is shared
- Right to access — request a copy of the specific personal information we have collected about you
- Right to delete — request deletion of your personal information, subject to certain exceptions
- Right to correct — request correction of inaccurate personal information
- Right to opt out of sale — ConsultKit does not sell your personal information and has not done so in the preceding 12 months
- Right to non-discrimination — we will not discriminate against you for exercising your CCPA rights
Categories of personal information we collect (as defined by CCPA):
| Category | Examples | Collected? |
|---|---|---|
| Identifiers | Name, email address, IP address | Yes |
| California Customer Records | Account and billing information | Yes |
| Commercial information | Subscription history, transaction records | Yes |
| Internet/Network information | Browsing activity within the Services, cookies | Yes |
| Audio-visual information | Profile photos (if provided) | If provided |
| Inferences | Usage patterns derived from the above | Yes |
To submit a CCPA request, contact us at info@ferdigconsulting.com. We may need to verify your identity; government-issued identification or a declaration under penalty of perjury may be required.
Authorised agent requests: Your authorised agent may make a request on your behalf upon our verification of the agent's identity and receipt of a valid power of attorney or written permission signed by you.
8. Data Retention
We retain your personal data for as long as your account is active or as needed to provide the Services.
- Active accounts: Data is retained for the duration of your subscription
- Cancelled accounts: Upon cancellation, you may request a data export within 30 days. After 30 days, we may delete your account data from our active systems.
- Financial records: Billing and transaction records may be retained for up to 7 years to comply with financial and tax reporting obligations
- Legal holds: We may retain data longer if required by applicable law or pending legal proceedings
- Third-party data in your workspace: Referral contacts, testimonial respondents, and similar data you have uploaded is retained while your account is active and deleted alongside your account data upon termination (subject to the export window above)
9. International Data Transfers
ConsultKit is headquartered in the United States and our Services are hosted on Google Cloud Platform infrastructure. If you are accessing the Services from outside the United States, your data may be transferred to and processed in the United States or other countries where our infrastructure or sub-processors operate.
Our sub-processors Google Cloud Platform and Stripe maintain their own compliance frameworks including Standard Contractual Clauses where applicable. No additional transfer mechanism arrangements are required for ConsultKit's current operations.
Where we transfer personal data internationally, we take steps to ensure an adequate level of protection is in place in accordance with applicable law.
10. Data Security
We implement reasonable technical and organisational measures to protect your personal data against unauthorised access, disclosure, alteration, or destruction. These include:
- Data encryption in transit (TLS/HTTPS)
- Data encryption at rest (via Google Cloud / Firebase)
- Access controls limiting who can access personal data within ConsultKit
- Authentication via Firebase Authentication
- Error monitoring via Sentry
- Regular security reviews and monitoring
No method of transmission or storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security. If you believe your account has been compromised, contact us immediately at info@ferdigconsulting.com.
11. Other Sites and Services
The Services may contain links to third-party websites, applications, or services that are not operated or controlled by ConsultKit. This Privacy Policy does not apply to those third parties. We encourage you to review the privacy policies of any third-party sites or services you visit. We are not responsible for the privacy practices of third parties.
12. Children's Privacy
The Services are not directed to individuals under the age of 18 (or the applicable age of majority in your jurisdiction). We do not knowingly collect personal data from minors. If we learn we have collected personal data from a minor without parental consent, we will delete it promptly.
If you believe we have collected information from a minor, please contact us at info@ferdigconsulting.com.
13. Changes to This Privacy Policy
We reserve the right to modify this Privacy Policy at any time. We will notify you of material changes by:
- Sending an email to the address on your account, and/or
- Displaying a prominent notice within the Services
The "Last Updated" date at the top of this policy reflects the date of the most recent revision. Continued use of the Services after the effective date of any changes constitutes your acceptance of the revised Privacy Policy.
14. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or our handling of your personal data, contact us at:
- Privacy Contact: info@ferdigconsulting.com
- Business Address: 5443 Longwood Cir, Highlands Ranch CO 80130