The Brushton Group
Skip to main content
Back to Home

Privacy Policy

Last updated: May 20, 2026

Introduction

The Brushton Group LLC (“Brushton,” “we,” “our,” or “us”) operates the website thebrushtongroup.com (the “Site”) and provides commercial strategy consulting services. This Privacy Policy explains what information we collect about you, how we use it, who we share it with, and the choices you have. By using the Site you agree to the practices described here. If you do not agree, please do not use the Site.

We are a small consultancy headquartered in Sarasota, Florida, and we serve clients across the United States and internationally. We aim to handle information about you the way we would want our own information handled: minimum collection, clear purposes, professional safeguards, and straightforward access to your rights.

Information We Collect

Information you provide directly

When you contact us, schedule a consultation, or submit the Brushton Diagnostic on /brushton-diagnostic, you may provide:

  • Name and job title or role
  • Business email address
  • Company name
  • Phone number (when provided)
  • The text of any question, message, or context you choose to share
  • Your responses to the nine Strategy Self-Assessment questions and any optional free-text about what prompted the assessment

Information collected automatically

When you visit the Site, our hosting and analytics providers automatically collect limited technical information needed to deliver the page and understand aggregate usage. This includes IP address (used for geolocation at the country and city level, then discarded), browser type, operating system, device type, the pages you view, the referring website, and the time of your visit. This information is not used to identify you personally and is not combined with the information you provide directly.

How We Use Your Information

We use the information described above to:

  • Respond to your inquiries and schedule introductory conversations
  • Score and deliver the results of the Strategy Self-Assessment back to you
  • Send you the materials, follow-ups, or proposals you have requested
  • Improve the Site's content and user experience based on aggregate usage patterns
  • Maintain records of our business communications and engagements
  • Detect and prevent fraud, abuse of the Site, and security incidents
  • Comply with our legal obligations

We do not sell your personal information. We do not share it with advertisers. We do not use it to target you with marketing beyond the responses and follow-ups you have explicitly requested.

Lawful Basis for Processing (EEA, UK, and Similar Jurisdictions)

Where the EU General Data Protection Regulation (GDPR), the UK GDPR, or similar laws apply to our processing of your personal data, we rely on the following lawful bases:

  • Legitimate interest, for responding to business inquiries, delivering self-assessment results, maintaining business records, and improving the Site. You have the right to object to processing based on legitimate interest at any time (see Your Privacy Rights below).
  • Performance of a contract, where we are evaluating or delivering services to you.
  • Your consent, where you have explicitly opted in to a specific communication.
  • Legal obligation, where we are required by law to retain or disclose information.

How We Share Your Information

We share information only with the following categories of recipients, and only to the extent needed to deliver the Site and our services.

Service providers (sub-processors)

The following providers process information on our behalf. Each is contractually obligated to use the information only to deliver their service to us:

ProviderPurposeLocationRetentionPrivacy Policy
Cloudflare, Inc.Site hosting, content delivery, security, and cookieless web analytics.United StatesPer Cloudflare's standard analytics window. Security logs per Cloudflare's data retention policy.Privacy policy(opens in new tab)
Resend, Inc.Transactional email delivery (assessment results, business communications).United StatesEmail metadata per Resend's policy. Message content tied to Brushton's 24-month assessment / 7-year client retention.Privacy policy(opens in new tab)
Notion Labs, Inc.Internal customer relationship and engagement records, including self-assessment submissions.United States24 months for self-assessment submissions. Engagement plus 7 years for active or former client records.Privacy policy(opens in new tab)
Calendly LLCScheduling of introductory conversations and meetings.United StatesPer Calendly's own retention policy.Privacy policy(opens in new tab)
Microsoft CorporationBusiness email and productivity (Microsoft 365).United StatesBusiness email retained for engagement plus 7 years per professional and tax obligations.Privacy policy(opens in new tab)

Legal disclosures

We may disclose information if we believe in good faith that disclosure is necessary to comply with a law, regulation, legal process, or governmental request; to enforce our agreements or terms of use; to protect the safety, rights, or property of any person; or to investigate and defend against legal claims.

Business transfers

If Brushton is involved in a merger, acquisition, financing, or sale of assets, your information may be transferred as part of that transaction. The successor entity will be bound by the commitments in this Privacy Policy.

International Data Transfers

All of our service providers are based in the United States. If you submit information to us from outside the United States, that information will be transferred to and processed in the United States. United States law may differ from the law of your country. Where required by law, we rely on Standard Contractual Clauses or other approved transfer mechanisms with our sub-processors.

How Long We Keep Your Information

We retain information only as long as we need it for the purposes described in this policy.

  • Self-Assessment submissions and inbound inquiries: 24 months from the date of submission, then deleted from our active systems
  • Business communications and engagement records for current or former clients: for the duration of the engagement plus seven years, to meet professional and tax record obligations
  • Calendar and scheduling data: managed by the relevant service provider per its own retention policy
  • Website analytics: aggregate metrics only, retained as part of our hosting provider's standard analytics window

You may ask us to delete information about you earlier than these defaults. See the next section for how.

Your Privacy Rights

Depending on where you live, you may have specific rights regarding your personal information.

Rights under GDPR and UK GDPR (EEA, UK)

You have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate data
  • Request deletion (right to be forgotten)
  • Restrict certain processing
  • Object to processing based on legitimate interest (under GDPR Article 21)
  • Receive a copy of your data in a portable format
  • Withdraw consent at any time where consent is the legal basis
  • Lodge a complaint with your local data protection authority

If you object to processing based on legitimate interest, we will stop that processing unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms, or unless the processing is necessary for the establishment, exercise, or defence of legal claims.

Rights under CCPA and CPRA (California)

If you are a California resident, you have the right to:

  • Know what personal information we collect, use, and share
  • Request deletion of personal information
  • Correct inaccurate personal information
  • Opt out of the sale or sharing of personal information (we do not sell or share personal information for cross-context behavioral advertising)
  • Not be discriminated against for exercising any of these rights

How to exercise your rights

Email us at [email protected] with the subject line “Privacy Request” and a brief description of what you would like us to do. We will verify your identity before acting on requests that affect personal information, and we will respond within 30 days (or sooner, where required by law). There is no charge for reasonable requests.

Cookies and Tracking

We use a minimal set of tracking technologies, and only those necessary to deliver and improve the Site.

Strictly necessary cookies

Cloudflare, our hosting provider, sets a small number of cookies (for example, __cf_bm) to detect malicious traffic and protect the Site from abuse. These cookies do not identify you personally and are required for the Site to function securely.

Analytics

We use Cloudflare Web Analytics to understand aggregate Site usage. This is a cookieless analytics product. It does not use cookies, does not fingerprint visitors, and does not transmit personal information. It records pageviews, the page accessed, the referring page, and aggregate device and country information.

No advertising or third-party trackers

We do not run advertising on the Site. We do not embed third-party advertising trackers, social pixels, or cross-site tracking technologies.

Automated Decision-Making

The Strategy Self-Assessment uses a simple, transparent scoring formula: your nine dimension responses are summed and mapped to one of four readiness bands. This is an automated calculation, not a decision that produces legal effects or other similarly significant effects on you. The result is informational and is reviewed by a human before any business decision is made. You may request that the assessment results be deleted from our records at any time.

Security

We use administrative, technical, and physical safeguards designed to protect the information we hold. All Site traffic is encrypted in transit using TLS. Access to internal systems is restricted to authorized personnel. Credentials for third-party services are stored as encrypted secrets and not in our source code. While no system is fully impervious, we take security seriously and review our practices regularly.

Children’s Privacy

The Site is intended for business professionals. We do not knowingly collect personal information from anyone under the age of 16. If you believe a child has provided us with personal information, please contact us and we will delete it promptly.

Governing Law

This Privacy Policy is governed by the laws of the State of Florida and the applicable laws of the United States, without regard to conflict-of-laws principles. Nothing in this section limits the rights you may have under the laws of the jurisdiction where you reside.

Changes to This Privacy Policy

We may update this Privacy Policy to reflect changes in our practices, in the services we use, or in applicable law. For material changes, we will post a prominent notice on the Site at least thirty (30) days before the revised policy takes effect, and we will update the “Last updated” date at the top of this page. For non-material changes (such as corrections of typographical errors or clarifications that do not affect your rights), updating the date is sufficient notice. We will not rely on continued use of the Site alone as meaningful consent to materially revised terms. Where consent is required by applicable law, we will seek it expressly.

Contact Us

Questions, requests, or concerns about this Privacy Policy? Reach us at:

The Brushton Group LLC

935 N Beneva Rd

Ste 609 #3014

Sarasota, FL 34232

Email: [email protected]

Phone: (941) 422-3421