← Back to Zephyr Advisory Group

Privacy Policy

Effective June 4, 2026 · Last updated June 4, 2026

1. Who We Are

Zephyr Advisory Group LLC (“Zephyr,” “we,” “us”) is a Colorado limited liability company providing strategic advisory, tax planning, portfolio strategy, and AI governance services. Our principal place of business is in Colorado, United States.

2. Scope

This policy applies to personal data collected through zephyradv.com and any related subdomains (collectively, the “Site”). It covers visitors worldwide, including those in the United States, European Economic Area (EEA), United Kingdom, and other jurisdictions with applicable data protection laws.

3. Data We Collect

We collect the following categories of personal data:

  • Contact information you voluntarily provide through forms or scheduling tools: name, email address, company name, phone number, and inquiry type.
  • Scheduling data processed by Calendly, Inc. when you book a meeting through our embedded widget. Calendly acts as a data processor on our behalf. See Calendly’s Privacy Policy.
  • Technical data collected automatically: IP address, browser type, operating system, referring URL, pages visited, and timestamps. This data is collected via server logs and, where applicable, analytics services.
  • Cookies and similar technologies. We use essential cookies for site functionality and third-party cookies from embedded services (Calendly, Vercel Analytics). We do not use advertising cookies.

4. Legal Bases for Processing (EEA/UK)

If you are located in the EEA or UK, we process your personal data under the following legal bases of the General Data Protection Regulation (GDPR) and UK GDPR:

  • Consent — for scheduling meetings and submitting contact forms.
  • Legitimate interests — for site security, analytics, and improving our services, where those interests are not overridden by your rights.
  • Legal obligation — where required by applicable law.

5. How We Use Your Data

  • To respond to inquiries and schedule meetings.
  • To provide advisory services you have requested.
  • To operate, maintain, and improve the Site.
  • To comply with legal obligations and protect our rights.

We do not sell your personal data. We do not use your data for automated decision-making or profiling that produces legal effects.

6. Data Sharing

We share personal data only with:

  • Service providers who process data on our behalf (hosting, scheduling, analytics), under contractual obligations to protect your data.
  • Professional advisors (legal, accounting) where necessary.
  • Legal authorities when required by law or to protect our rights.

7. International Transfers

Your data may be transferred to and processed in the United States. If you are located in the EEA or UK, such transfers are supported by Standard Contractual Clauses (SCCs) approved by the European Commission or the UK International Data Transfer Agreement/Addendum, as applicable. Our service providers maintain appropriate safeguards for cross-border transfers.

8. Data Retention

We retain personal data only as long as necessary to fulfill the purposes described above, or as required by law. Contact form submissions and scheduling data are retained for up to 24 months unless you request earlier deletion. Technical logs are retained for up to 12 months.

9. Your Rights

All visitors

You may contact us at any time to request access to, correction of, or deletion of your personal data.

Colorado residents (Colorado Privacy Act)

You have the right to access, correct, delete, and obtain a portable copy of your personal data. You may opt out of the processing of personal data for targeted advertising, sale of personal data, or profiling in furtherance of decisions that produce legal or similarly significant effects. We do not engage in any of these activities. To exercise your rights, contact us using the information below.

EEA and UK residents (GDPR / UK GDPR)

You have the right to access, rectification, erasure, restriction of processing, data portability, and objection. You also have the right to withdraw consent at any time without affecting the lawfulness of prior processing. You may lodge a complaint with your local supervisory authority (e.g., the ICO in the UK, or your national data protection authority in the EEA).

10. Security

We implement appropriate technical and organizational measures to protect personal data against unauthorized access, alteration, disclosure, or destruction. These include encryption in transit (TLS), access controls, and regular review of our security practices.

11. Children

The Site is not directed at individuals under the age of 18. We do not knowingly collect personal data from children.

12. Changes to This Policy

We may update this policy from time to time. Material changes will be posted on this page with an updated effective date. Continued use of the Site after changes constitutes acceptance of the revised policy.

13. Contact

For privacy-related inquiries, data subject requests, or complaints:

Zephyr Advisory Group LLC
Email: privacy@zephyradv.com

We will respond to verified requests within 30 days, or within the timeframe required by applicable law.