Privacy Policy

Sideb Consulting Studio, a brand of Sideb LLC, a California limited liability company ("Sideb," "we," "our") operates the website at sideb.io and provides revenue-performance consulting services described there (collectively, the "Services"). This Privacy Policy explains what personal information we collect from visitors and clients, how we use it, who we share it with, and the rights you have over it.

By using the Services, you consent to the practices described here. If you do not agree, please discontinue use of the site and engagements.

1. Information we collect

1.1 Information you provide

• Account & profile data — When you sign in with Google, we receive your name, email, profile picture and Google-issued user ID.
• Engagement intake — When you book a session or submit a project brief, we collect the business name, goals, challenges, budget, timeline, deliverables and any free-text context you provide.
• Payment information — Card payment data is collected directly by our payment processor (Stripe, Inc.) and is never seen or stored by Sideb. We receive only an opaque transaction reference, the amount, currency, and payment status.
• Communications — Emails, messages and any documents you send to us as part of an engagement.

1.2 Information collected automatically

• Usage data — IP address, browser type, device identifiers, pages visited, referring URL, timestamps. Used to keep the site working and to spot abuse.
• Cookies & similar technologies — A single first-party session cookie (HttpOnly, Secure, SameSite=None) issued after Google sign-in to keep you logged in. We do not use third-party advertising cookies.

2. How we use your information

We use personal data only for the following purposes:

• To provide, authenticate and secure your account on the Sideb platform.
• To deliver booked engagements, prepare quotes for custom projects, and process payments.
• To generate the revenue/margin metrics displayed in your client dashboard, calculated only on your own paid engagements.
• To respond to support and sales inquiries (rev@sideb.io and swiles@sideb.io).
• To improve the Services — diagnose bugs, monitor performance, prevent abuse.
• To comply with legal, accounting and tax obligations.

We do not sell your personal information. We do not use your engagement intake data to train external AI models. We do not share it with third parties for their independent marketing.

3. Legal bases (EU/UK clients)

Where the GDPR or UK GDPR applies, our legal bases for processing are: (a) contract — to deliver the Services you book; (b) legitimate interests — site security, fraud prevention, business records; (c) legal obligation — tax, accounting and lawful requests; and (d) consent — where you have explicitly opted in.

4. Subprocessors & sharing

We share personal data only with the following vendors, each of which is contractually bound to confidentiality and to use the data only for its stated purpose:

• Stripe, Inc. — payment processing (PCI DSS Level 1, SOC 2 Type II).
• MongoDB Atlas — primary database (SOC 2 Type II, ISO 27001).
• Google LLC — sign-in (OAuth), Workspace email/calendar (SOC 2).
• Emergent platform — application hosting and OAuth brokering (SOC 2).

The current list is also published on our Security & Trust page. We may also disclose information if compelled by law or to protect the safety, property or rights of Sideb, our clients, or others.

5. Data retention

Engagement records (bookings, intake forms, quotes, payment metadata) are retained for 24 months from completion of the engagement, after which they are purged from active systems. Tax and accounting records are retained for the period required by law (typically 7 years in the U.S.). You may request earlier deletion (subject to legal-hold and accounting requirements) by emailing rev@sideb.io; we honor verified requests within 30 days.

6. Security

All data is encrypted in transit (TLS 1.2+) and at rest (AES-256). Access is restricted to assigned engagement leads under MFA-enforced vendor consoles. Card data is handled by Stripe and never touches our servers. Full details on our Security & Trust page.

7. Your rights

Depending on where you live, you may have the following rights regarding your personal data:

• Access — request a copy of the data we hold about you.
• Rectification — ask us to correct inaccurate data.
• Deletion — ask us to delete data we no longer need to retain by law.
• Portability — receive your data in a structured, machine-readable format.
• Restriction / objection — limit how we use your data.
• Withdraw consent — where we relied on consent.

To exercise any right, email rev@sideb.io. We respond within 30 days. California residents have additional rights under the CCPA/CPRA, including the right to opt out of "sales" or "sharing" of personal information — Sideb does not sell or share personal information in those defined senses.

8. International transfers

Sideb is based in the United States. If you are outside the U.S., your information will be transferred to and processed in the U.S. or other jurisdictions where our subprocessors operate. For EU/UK clients, we rely on the European Commission's Standard Contractual Clauses (SCCs) and our subprocessors' equivalent safeguards.

9. Children

The Services are for business users and not directed to children under 16. We do not knowingly collect personal data from children. If you believe a child has provided personal data, please contact us and we will delete it.

10. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be announced via the website and dated "Effective" at the top of the page. Continued use of the Services after a change constitutes acceptance of the revised policy.

11. Contact

Questions, complaints, or rights requests:
Customer service: rev@sideb.io
Sales inquiries: swiles@sideb.io

If you are an EU/UK data subject and are not satisfied with our response, you may also lodge a complaint with your local data protection authority.