Our Privacy Policy

This Privacy Policy explains how Solid Rock Consults (“we”, “us”, “our”) collects, uses, shares, and protects information when you use our web application (the “Service”). We offer sign-in with third-party identity providers, including Google and Facebook. By using the Service, you agree to this Policy and our Terms of Use.

1) Scope

This Policy applies to the Service provided by Solid Rock Consults. It does not cover third-party sites or services linked from the Service (including Google, Microsoft and Facebook). Those are governed by their own policies.

2) Information We Collect

A. Information you provide directly

• Account details (e.g., name, email, profile photo)
• Forms and requests you submit (e.g., service/training requests, messages)
• Support communications and attachments you provide
• Preferences (e.g., notifications, cookie or account settings)

B. Information from Google, Microsoft & Facebook (External Login)

When you sign in with Google, Microsoft or Facebook, we receive data that you authorize and that is permitted by the provider’s OAuth scopes, such as: full name, email address (and verification status), public profile information (e.g., profile picture, locale), a provider-specific user ID, and authentication/ID tokens used to verify identity. We do not receive your Google,Microsoft or Facebook password.

C. Information collected automatically

• Log data: IP address, browser type/version, device identifiers, pages visited, timestamps, referrer/exit pages
• Device & usage: OS, screen size, app version, feature engagement, error reports
• Approximate location: derived from IP for security/fraud checks and localization

D. Cookies & similar technologies

We use strictly necessary cookies (session/auth/security), functional cookies (preferences), analytics cookies (traffic insights), and, if enabled, advertising/retargeting cookies. You can control cookies via your browser settings.

3) How We Use Your Information

• Provide, operate, and improve the Service
• Authenticate and manage accounts (including via Google/Facebook)
• Personalize content and remember preferences
• Monitor usage, perform analytics, and debug issues
• Communicate with you (service updates, security notices, support responses)
• Prevent fraud, abuse, and enforce our Terms
• Comply with legal obligations

Legal bases (EEA/UK/Switzerland): performance of a contract, legitimate interests (e.g., security, product improvement), legal compliance, and/or your consent (where required).

4) External Login Providers

Google Sign-In

• We receive profile data and ID tokens to authenticate you, never your password.
• You can revoke our access in your Google Account under Security → Third-party access.
• See Google’s privacy policy at policies.google.com/privacy.

Microsoft Sign-In

• We receive profile data and tokens to authenticate you; we never see or store your Microsoft password.
• You can revoke our access:
  • Personal Microsoft account (Outlook/Hotmail/Xbox): account.live.com/consent/Manage
  • Work/School (Microsoft Entra ID): myapps.microsoft.com (Profile → View account → Privacy/App permissions)
• See Microsoft’s privacy practices at privacy.microsoft.com/privacystatement .

Facebook Login

• We receive profile data and tokens to authenticate you, never your password.
• You can remove our app in Facebook Settings → Apps and Websites.
• See Meta’s privacy policy at facebook.com/privacy/policy.

Token handling: We store OAuth/ID tokens (or derived identifiers) only as needed for authentication, session management, and security, and rotate/expire them per best practices.

5) When We Share Your Information

We do not sell personal information. We may share it with service providers (e.g., hosting on Microsoft Azure, email delivery, analytics, error tracking) under contracts requiring confidentiality and data protection; security/fraud-prevention partners; legal authorities (when required); or as part of a business transfer (e.g., merger or acquisition). We share only the minimum necessary information for the stated purpose.

6) Data Retention

• Active account: retained while your account remains active.
• Inactive accounts: anonymized or deleted after 24 months of inactivity.
• Legal/accounting: certain records retained for up to 7 years as required by law.
• Backups: data may persist in encrypted backups for up to 90 days before being overwritten.

You may request deletion at any time (see Your Rights).

7) Your Choices & Rights

Account & profile

View/update your profile in Account Settings. Disconnect Google/Microsoft/Facebook in Account Settings and/or via your Google/Microsoft/Facebook account.

Email preferences

Opt out of non-essential emails using unsubscribe links or Notification Settings.

Access, correction, deletion

Request a copy, correction, or deletion of your data at contactus@solidrockconsult.com. We may verify your identity via your login email.

EEA/UK/Switzerland (GDPR)

You have rights to access, rectification, erasure, restriction, portability, objection, and to withdraw consent where applicable.

US State Rights (e.g., CA, CO, CT, UT, VA)

Where applicable, you may have rights to know/access, correct, delete, and opt out of certain data uses (e.g., targeted advertising, sale, profiling). We do not sell personal information.

Submit requests via contactus@solidrockconsult.com. If we deny a request, you may appeal by replying to our decision email.

8) International Data Transfers

We primarily process and store information in the United States using Microsoft Azure. Where required, we use lawful transfer mechanisms (e.g., Standard Contractual Clauses) and additional safeguards.

9) Data Security

• TLS encryption in transit
• Encryption at rest (where supported by our infrastructure)
• Access controls and least-privilege policies
• Audit logging and monitoring
• Regular updates and vulnerability management

No system is 100% secure. If a breach affects your data, we will notify you and relevant authorities as required by law.

10) Children’s Privacy

The Service is not intended for children under 13 (or the minimum age in your jurisdiction). We do not knowingly collect personal information from children. If you believe a child provided personal information, contact us at contactus@solidrockconsult.com to request deletion.

11) Do Not Track & Global Privacy Control

Your browser may send “Do Not Track” or Global Privacy Control (GPC) signals. Our Service does not currently respond to these signals. You can manage cookie preferences via your browser settings.

12) Third-Party Links & Services

The Service may link to third-party sites or include third-party components (e.g., Google,Microsoft, Facebook). We are not responsible for their privacy practices. Review their policies before providing personal information.

13) Changes to This Policy

We may update this Policy from time to time. We will post the updated version and revise the “Effective” and “Last Updated” dates above. For material changes, we will provide additional notice (e.g., prominent notice on the site or email).

14) Contact Us

Solid Rock Consults
33 Chime Avenue
New Haven
Enugu State, Nigeria Email: contactus@solidrockconsult.com

15) Cookie Overview

• Strictly necessary – essential for login/session, security, load balancing.
• Functional – remember preferences (e.g., language, theme).
• Analytics – understand usage and improve performance.
• Advertising (if used) – measure/deliver ads; you can opt out via Cookie Preferences.

Manage choices any time via your browser settings.

16) California/US State Privacy Notice

Notice at Collection: Categories collected include identifiers (name, email, IP), internet activity (usage logs), approximate location, and content you provide in forms or messages.

Purposes: authentication, Service delivery, security/fraud prevention, analytics, communications.

Retention: See Section 6 (Data Retention).

Sale/Share: We do not sell personal information. We do not “share” for cross-context behavioral advertising unless you enable advertising cookies. Manage preferences via Cookie Preferences.

Sensitive personal information: Not collected unless you provide it for a specific purpose (e.g., support). If collected, we use it only for that purpose.

---

This document is provided for informational purposes and does not constitute legal advice. Consider reviewing it with your counsel.