Last updated · April 2026
Privacy Policy

How we handle your data.

Plain language, structured by topic. If you have a question this page does not answer, email privacy@famaash.com.

Information we collect

We collect three categories of information, and only what is necessary for the service.

  • You provideName, work email, firm, role, and the content of any messages you submit through forms on this site.
  • AutomaticIP address, browser type, pages visited, and approximate location at country and region resolution.
  • From clientsOperational data inside engagements is governed by the MSA and applicable BAA, not this policy.

How we use information

Information is used to run the business, not to fuel third-party advertising.

Specifically: to respond to inbound inquiries, to qualify and book audits, to operate and improve the site, to comply with legal obligations, and to communicate with prospects and clients about engagements they have requested. We do not sell personal information.

Sharing and disclosure

Information is shared only with subprocessors that operate on our behalf, and only as required by law.

Subprocessors include hosting providers, email infrastructure, analytics with IP truncation enabled, and CRM. Each is bound by contractual confidentiality. The current list is available on request.

Cookies and tracking

We use first-party cookies for session continuity and a single privacy-preserving analytics tool.

No advertising cookies, no cross-site trackers, no data brokers. Browser Do Not Track signals are honored.

Your rights

If you are a California resident, the CCPA applies. If you are in the EEA or UK, the GDPR applies.

  • AccessRequest a copy of the personal information we hold about you.
  • CorrectionRequest correction of inaccurate information.
  • DeletionRequest deletion, subject to legal-retention obligations.
  • PortabilityRequest a portable copy of personal data we hold.
  • ObjectionObject to processing on legitimate-interest grounds.

Email privacy@famaash.com. Responses are issued within 30 days.

Data retention

We retain inquiry data for 24 months after last contact, unless a longer period is required by law.

Operational data inside client engagements follows the retention schedule defined in the MSA and applicable BAA, typically seven years for healthcare and as required by professional rules for legal matters.

Security measures

Encryption in transit and at rest, MFA on all administrative surfaces, role-based access with least privilege, audit logging on every privileged action.

SOC 2 Type II audit is in progress; expected report issuance Q3 2026. See the SOC 2 page for detail.

Changes to this policy

Material changes are announced on this page with the updated date in the hero meta line.

We do not change the policy retroactively in a way that reduces your rights without prior notice.

Contact

Email privacy@famaash.com for any privacy question or rights request.

Postal mail can be sent to the address listed in the footer.

Questions?

Email privacy@famaash.com.

Email privacy team