Sudo Truth LLC Privacy Policy
1) Controller Identity and Contact
Controller: Sudo Truth LLC
Jurisdiction: Arizona, United States
Primary contact: sudotruth@tutanota.com
Privacy requests: sudotruth@tutanota.com (subject line: “Privacy Request”)
Security contact: sudotruth@tutanota.com (subject line: “Security/Privacy Incident”)
Phone: (626) 946-9787
2) Data Categories, Sources, Purposes, Legal Basis, Retention
| Category | Typical Source | Purpose | Legal Basis (where applicable) | Retention |
|---|---|---|---|---|
| Contact data (name, email, phone, company) | Directly from you (forms, email, calls) | Respond to inquiries, service delivery, relationship management | Contract pre-steps, contract performance, legitimate interests | Up to 7 years after last business interaction unless longer required by law/contract |
| Service/project data (scope docs, findings, reports, ticket notes) | Client-provided and service-generated | Perform advisory/assessment services, quality and recordkeeping | Contract performance, legitimate interests | Per contract; generally 3–7 years after project close |
| Technical telemetry/logs (basic diagnostics, security logs where scoped) | Systems used during service delivery | Service integrity, troubleshooting, security monitoring | Legitimate interests, contract performance | Typically 30–365 days depending on system and need |
| Communications records (emails, support threads) | Direct communications | Support, audit trail, dispute handling | Legitimate interests, legal obligations | Up to 7 years |
| Billing/transaction records (if applicable) | Client, payment providers | Invoicing, accounting, tax compliance | Contract performance, legal obligations | Per tax/accounting law requirements |
3) Cookies and Analytics
We may use strictly necessary website technologies and limited analytics tools to understand site usage and improve content/performance. We do not sell personal information.
- You can control cookies through your browser settings.
- If analytics tools are enabled, opt-out options provided by those tools will be honored where technically available.
- If ad-tech/tracking that qualifies as “sharing” is introduced, this policy and site controls will be updated before rollout.
4) Sharing, Processors, and Subcontractors
We may disclose data to vetted service providers/subcontractors under confidentiality and security obligations, including categories such as: secure email providers, productivity/document platforms, cloud hosting/storage, accounting/payment providers, and legal/compliance advisors. We may also disclose data where required by law.
5) Cross-Border Processing/Transfers
Some providers may process data outside your state or country (including outside the U.S.). Where cross-border processing occurs, we use reasonable contractual and organizational safeguards appropriate to our company size and risk profile.
6) Security Measures
- Least-privilege access controls
- Encryption in transit and at rest where supported
- Periodic security hygiene and control reviews
- Incident escalation path to external counsel/specialists when needed
7) Consumer Privacy Rights (Region-Dependent)
Depending on applicable law, you may have rights to access, correct, delete, or receive a copy of personal data; and to opt out of certain processing/sales/sharing where applicable.
Request handling timeline: We respond within the timelines required by applicable law (commonly up to 45 days, with extension notice where legally permitted).
Identity verification: Before fulfilling sensitive requests, we may require reasonable identity verification to protect against unauthorized disclosure or deletion.
California users: If California law applies, requests to know/delete/correct and applicable opt-out rights will be handled consistent with CPRA/CCPA requirements.
8) Children’s Data
Our services are intended for businesses and adults. We do not knowingly collect personal information from children under 13. If we learn such data was provided, we will take reasonable steps to delete it.
9) Retention
We retain personal data only as long as necessary for service delivery, legal obligations, dispute resolution, and legitimate business records. When no longer needed, data is deleted, de-identified, or securely archived per applicable obligations.
10) Changes to This Policy
We may update this policy periodically. Material changes will be reflected by updating the “Last Updated” date and, where appropriate, by prominent notice on our website or direct notice for active clients.
11) Operating Model and Accountability
Sudo Truth LLC currently operates as a single-operator business. The Founder/Managing Member is the accountable owner for privacy operations, rights-request handling, and vendor oversight. External legal counsel is engaged where specialized legal interpretation is required.
12) Contact
Sudo Truth LLC · sudotruth@tutanota.com · (626) 946-9787
13) Incident Response and Breach Notifications
If we determine a security incident resulted in unauthorized access to covered personal information, we will provide required notices under applicable law. For Arizona residents, this includes compliance with Arizona’s data-breach notification requirements, including timing and content obligations under A.R.S. §§ 18-551 and 18-552.