Last updated: July 2026
JCG & Associates ("JCG," "we," "us") respects your privacy. This policy explains what information we collect through jcgandassociates.org — including our client project portal — how we use it, and the choices you have.
Information We Collect
- Contact form: the name, email, phone number, and message you submit — used solely to respond to your inquiry.
- Client portal (invited clients only): your name and email, a password you set (stored only as a secure one-way hash — we never store your actual password), and the project information you and our team exchange there, including progress notes, uploaded documents (e.g. contracts, permits, certificates), and messages.
- Site analytics: a first-party page-view count that records only the page path and the referring website's domain. It sets no cookies for anonymous visitors and uses no third-party trackers.
- Security logs: to protect the login pages from abuse, we briefly record the IP address of failed sign-in attempts. IP addresses are considered personal data and are treated as such.
- Staff credential vault: our internal team uses an encrypted vault for its own operational logins. Its contents are encrypted in the browser and are never readable by the server; it does not contain visitor or client data.
Cookies & Local Storage
- Browsing the public site sets no cookies.
- When you sign in to the client portal (or staff sign in to the admin area), a single session cookie is set to keep you logged in. It is strictly necessary for the login to work and is not used for tracking or advertising.
- Your browser stores a small flag (local storage) to remember that you dismissed our one-time privacy notice, so it isn't shown again.
How We Use It
- To respond to quote requests and inquiries.
- To operate the client portal — show you your project's progress, share documents, and exchange messages.
- To keep the site and accounts secure, and to understand overall site usage.
Sharing & Third Parties
- We do not sell your personal information.
- Hosting: the site and its data are hosted by our web host, who processes the data on our behalf to run the site.
- Google Maps: the contact page shows a map only if you click to load it. If you do, Google receives that request in order to serve the map; we don't load it otherwise.
How Long We Keep It
- Contact inquiries: retained up to about 24 months, then deleted, unless they become part of an active project.
- Client portal data (project info, documents, messages): kept for the life of your project and a reasonable records-retention period afterward, then deleted on request or in the normal course of business.
- Security logs (IP addresses): automatically pruned shortly after the short protection window (minutes), so IPs are not retained beyond their security purpose.
- Analytics: the log is automatically trimmed and does not grow indefinitely.
Security
The entire site is served over HTTPS with HSTS. Passwords are stored only as secure hashes, and the internal credential vault uses zero-knowledge (client-side) encryption. No method of transmission or storage is perfectly secure, but we take reasonable measures to protect your information.
Your Rights
You may request access to, correction of, or deletion of the information you've submitted by emailing john@jcgandassociates.org. If you are a California resident, the CCPA/CPRA gives you the right to know what personal information we hold, to request its deletion, and not to be discriminated against for exercising those rights — we honor these requests for all users regardless of location.
Children
This site is intended for business and professional use and is not directed to children under 13. We do not knowingly collect information from children.
Contact
Questions or requests about this policy or your data: john@jcgandassociates.org or (336) 362-2929.