top of page

Client Data & AI Privacy Policy

Effective Date: November 3, 2025

​

This Client Data and AI Privacy Policy explains how Vireo HR Advisory handles, protects, and uses client data in connection with our Fractional HR, Employee Relations, HR Projects, and Executive Coaching services. This policy is particularly important because we work with sensitive employee information and use artificial intelligence tools to enhance our services.

​

By engaging our services, you acknowledge and agree to the practices described in this policy.

​

1. Types of Client Data We Handle

​

In providing HR advisory and coaching services, we may access, process, and store various types of sensitive information, including:

​

Employee and Personnel Information

  • Employee names, contact information, job titles, and employment history

  • Performance reviews, disciplinary records, and personnel files

  • Compensation and benefits information

  • Protected health information (when relevant to leave or accommodations)

​

Investigation and Employee Relations Data

  • Workplace investigation documentation and findings

  • Complaints, grievances, and dispute resolution records

  • Interview notes and witness statements

​

Business and Organizational Information

  • Company policies, procedures, and organizational structures

  • Strategic business information and operational challenges

  • Meeting notes, recordings, and transcriptions

​

2. How We Collect and Store Client Data

​

Data Collection Methods

​

We collect client data through:

  • Direct access to your existing HR systems and databases

  • Documents and files you share with us electronically

  • Meetings and consultations (including recordings and notes)

  • Email communications and collaborative work sessions

​

Data Storage Locations

​

Client data is stored in the following secure locations:

  • Third-Party Client Systems: When clients have their own HR systems (such as OneDrive, Dropbox, or proprietary HRIS platforms), we access data directly within those systems. We do not download or maintain separate copies unless necessary for our work.

  • Shared Drive Storage: For clients without existing cloud storage solutions, we use Google Drive to securely store and organize sensitive documents, including employee investigation files and project materials. Access to these shared drives is restricted and controlled.

  • Meeting Platforms: We use Zoom for virtual meetings and may record sessions with your consent. Meeting recordings are stored in secure cloud storage.

​

3. Use of Artificial Intelligence Tools

Vireo HR Advisory uses artificial intelligence tools to improve service delivery, enhance efficiency, and provide better insights. Here's what you need to know about our AI usage:

​

AI Tools We Use

  • Google Gemini: We use Gemini as an AI note-taker during meetings to capture accurate records of discussions, action items, and decisions. Gemini processes audio from meetings in real-time to generate transcriptions and summaries.

  • Zoom AI Features: Zoom's built-in AI capabilities may be used for meeting transcription and summary generation.

  • Other AI Tools: We may use other AI-powered tools for document analysis, data organization, or research purposes to support our advisory work.

​

How AI Processes Your Data

  • Meeting Notes and Transcriptions: When Gemini or other AI note-takers are active in meetings, they process the audio and conversation content to generate notes, summaries, and action items. This processing happens through Google's infrastructure.

  • Document Analysis: AI tools may be used to analyze documents, identify patterns, or generate insights relevant to your HR needs. This might include policy reviews, organizational analysis, or trend identification.

  • Data Organization: AI assists in organizing, categorizing, and structuring information to make our work more efficient and thorough.

​

AI Data Retention and Training

Important: When we use AI tools like Google Gemini and Zoom:

  • Data processed by these AI tools is subject to the privacy policies and data handling practices of those service providers (Google, Zoom, etc.).

  • We use enterprise or business accounts with these providers, which typically offer enhanced privacy protections and prevent your data from being used to train AI models for other customers.

  • We do not intentionally input highly sensitive personal information (such as Social Security numbers or detailed health records) into AI tools unless absolutely necessary and with appropriate safeguards.

  • Meeting recordings with AI transcription are stored according to the retention periods described in this policy.

​

Client Notification and Consent

​

When AI tools will be used in meetings or to process your data, we will:

  • Notify meeting participants when AI note-takers like Gemini are active

  • Provide you the opportunity to opt out of AI processing for specific meetings or projects

  • Explain the purpose and benefits of using AI tools for your engagement

​

If you prefer not to have AI tools used for your engagement, please let us know. We can provide our services without AI assistance, though this may impact efficiency in some cases.

​

4. How We Use Client Data

We use client data solely for the purpose of providing our professional services to you, including:

  • Conducting employee investigations and workplace inquiries

  • Providing fractional HR support and advisory services

  • Managing HR projects and initiatives

  • Delivering executive coaching and leadership development

  • Analyzing trends and providing strategic recommendations

  • Complying with legal and regulatory requirements

​

We do not use your data for marketing purposes, sell it to third parties, or use it for any purpose unrelated to your engagement with us.

​

5. Data Sharing and Disclosure

​

When We Share Client Data

​

We maintain strict confidentiality but may share your data in these limited circumstances:

  • With Your Authorization: When you explicitly direct us to share information with specific parties.

  • Service Providers: We work with third-party service providers who assist us in delivering our services, including Google (for Drive and Gemini), Zoom (for meetings), and Calendly (for scheduling). These providers are bound by confidentiality obligations and can only use your data to provide services to us.

  • Legal Requirements: We may disclose information when required by law, court order, subpoena, or to comply with legal processes.

  • Protection of Rights: To protect the rights, property, or safety of Vireo HR Advisory, our clients, or others, as permitted by law.

  • Professional Advisors: With our legal, accounting, or other professional advisors who are bound by confidentiality obligations.

​

What We Don't Do

  • We do not sell, rent, or trade your data to third parties for their marketing purposes.

  • We do not share client data with other clients or use one client's data to benefit another client.

  • We do not use your confidential information in case studies, testimonials, or marketing materials without your express written permission.

​

6. Data Security Measures

​

Protecting your sensitive information is our top priority. We implement multiple layers of security:

​

Technical Security

  • Encryption of data in transit and at rest

  • Secure, password-protected access to all systems and platforms

  • Multi-factor authentication where available

  • Regular security updates and patches to all systems

​

Access Controls

  • Limited access to client data on a need-to-know basis

  • Role-based permissions in shared storage systems

  • Regular review and removal of unnecessary access permissions

​

Operational Security

  • Regular backups of critical data

  • Secure disposal of data when no longer needed

  • Training on data security and confidentiality best practices

​

While we use industry-standard security measures, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security but are committed to protecting your information using reasonable and appropriate safeguards.

​

7. Data Retention and Deletion

​

Retention Period

​

We retain client data for 12 months following the completion of our engagement. This retention period allows us to:

  • Provide follow-up support or answer questions about our work

  • Maintain records for business and legal purposes

  • Comply with potential legal or regulatory requirements

​

Exceptions to Standard Retention

​

We may retain certain data beyond the 12-month period when:

  • Required by law or regulation

  • Necessary to comply with legal obligations or respond to legal proceedings

  • You have specifically requested extended retention

  • Part of an ongoing engagement or follow-up services

​

Data Deletion Process

After the retention period expires, we securely delete or destroy client data, including:

  • Removing files from shared drives and cloud storage

  • Deleting meeting recordings and transcriptions

  • Purging email communications and work product

  • Removing access to any third-party systems where we processed your data

​

If you would like your data deleted before the standard 12-month retention period, please contact us. We will accommodate your request unless we have a legal obligation to retain the information.

​

8. Client Rights and Choices

​

As our client, you have several important rights regarding your data:

  • Access: You can request to see what data we have about your organization and employees.

  • Correction: You can ask us to correct any inaccurate or incomplete information.

  • Deletion: You can request deletion of your data, subject to legal and contractual obligations.

  • Portability: You can request a copy of your data in a commonly used format.

  • Opt-Out of AI Processing: You can request that we not use AI tools to process your data.

  • Object to Processing: You can object to certain types of data processing, though this may impact our ability to provide services.

​

To exercise any of these rights, please contact us using the information provided at the end of this policy.

​

9. International Data Transfers

​

Our services are primarily provided within the United States. However, some of our service providers (such as Google and Zoom) may process or store data on servers located outside the United States. When data is transferred internationally, these providers maintain appropriate safeguards and comply with applicable data protection laws.

​

10. Compliance with Data Protection Laws

​

We are committed to complying with applicable data protection laws, including:

  • California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA)

  • General Data Protection Regulation (GDPR) when applicable to international clients

  • Health Insurance Portability and Accountability Act (HIPAA) when handling protected health information

  • Other applicable state and federal privacy regulations

​

11. Data Breach Notification

​

In the unlikely event of a data breach that compromises the security of your information, we will:

  • Promptly investigate the incident and take steps to contain it

  • Notify you without unreasonable delay

  • Provide information about what happened, what data was affected, and what steps we're taking

  • Comply with all applicable breach notification laws and regulations

​

12. Changes to This Privacy Policy

​

We may update this privacy policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

  • Update the effective date at the top of this policy

  • Notify active clients of significant changes via email

  • Post the updated policy on our website

​

Your continued use of our services after changes to this policy constitutes acceptance of the updated terms.

​

13. Questions and Contact Information

​

If you have questions, concerns, or requests regarding this privacy policy or our data handling practices, please contact us:

​

Vireo HR Advisory

Email: contact@vireohradvisory.com

Phone: (203) 208-8430

Website: www.vireohradvisory.com

​

 

CLIENT ACKNOWLEDGEMENT AND CONSENT

​

By signing below, the client acknowledges and agrees to the following:

  • I have read and understood the Client Data and AI Privacy Policy.

  • I understand that Vireo HR Advisory will collect, use, and store sensitive employee and organizational data as described in this policy.

  • I acknowledge that Vireo HR Advisory uses artificial intelligence tools, including Google Gemini and Zoom AI features, to process client data for meeting notes, transcriptions, and analysis.

  • I consent to the use of AI tools as described in this policy and understand that I may opt out of AI processing by notifying Vireo HR Advisory.

  • I understand that client data will be retained for 12 months following the completion of services, unless otherwise required by law or requested by the client.

  • I acknowledge that data may be stored in third-party cloud platforms such as Google Drive and Zoom, and that these platforms have their own privacy policies and data handling practices.

  • I authorize Vireo HR Advisory to collect, use, and disclose client data as necessary to provide HR advisory, employee relations, project management, and executive coaching services.

bottom of page