privacy policy

Established: July 27, 2023
Revised: December 8, 2023
November 14, 2025

PLEASE READ THIS PRIVACY POLICY STATEMENT CAREFULLY. This privacy policy statement (“Privacy Policy”) explains how HRCatalyst, Inc., a Georgia corporation, and/or its subsidiary and affiliated entities (collectively, “HRCatalyst”, “we”, “us”, or “our”) may collect information about you through

• the content on the websites, including any mobile applications, SMS, email notifications, applications,  features, and commerce services that may be created by HRCatalyst and linked to this Privacy Policy (collectively, our “Website Services”) and how this information may then be used, shared, disclosed, transferred, and/or stored.
• and/or the HRCatalyst consulting services (“Consulting Services”), those services engaged by contract and/or mutual agreement with a client organization or an individual working within the organizational structure of and/or representing the interests of a client organization (“Client”).
• Website Services and Consulting Services may be referred to collectively (“Services”).

We may update this Privacy Policy from time to time by posting the updated terms on the Services website. You are responsible for periodically reading this Privacy Policy. If you purchase, participate, engage, access, or otherwise interact in our Services after we have updated this Privacy Policy, you acknowledge that you have read the updated terms and consent to our revised privacy practices.

HRCatalyst is an organization focused on organizational effectiveness, talent development, and other Consulting Services associated organizational consulting. Clients engage our Consulting Services through mutual agreement and/or contract. Consulting services are not directly provided to or accessible by the public consumers, patrons, or customers (“Consumer”) of a Client. Rather, Clients identify to HRCatalyst particular employee(s), teams, or personnel otherwise indicated (“Identified Personnel") who the Client will have participate in Consulting Services. HRCatalyst’s Consulting Services remain internal to a Client’s organizational structure and are limited to Identified Personnel working for and/or employed by the Client. HRCatalyst does not intentionally gather, track, retain, reuse, redisclose, solicit, or have access to the personally identifiable information (“PII”, defined below) of the Consumers of a Client’s services or products. Nor does HRCatalyst reuse, redisclose, or sell PII of Identified Personnel or retain the PII of Identified Personnel beyond the scope of Consulting Services.  In the event an Identified Personnel is concurrently a Consumer, HRCatalyst, the Client, and the Identified Personnel acknowledge and agree that this dual relationship is coinHRCatalystental, and this dual relationship should not be disclosed to HRCatalyst unless it is somehow relevant to the Consulting Services. HRCatalyst will not request, pursue, have access to, track, or retain the PII of any Identified Personnel beyond the scope of the Consulting Services.

The Website Services are intended for only informational, educational, promotional, and similarly considered purposes. The Website Services are not intended to transact business or in any way provide personal or professional services or products. A “Contact Us” inquiry box is the only opportunity within Website Services where limited PII may be engaged. The comment box provides and is intended only for inquiry about Consulting Services from prospective Clients. Use of the Contact Us box or Website Services do not constitute Consulting Services and does not constitute or create a business relationship between HRCatalyst and a user of Website Services, nor is it intended for use by Clients or Identified Personnel within the scope of Consulting Services. By using the Contact Us box, you acknowledge that you are willingly entering limited PII including a name, email address, and/or phone number with your acknowledged expectation and permission that HRCatalyst will respond reasonably to you about your stated inquiry. Otherwise, Website Services do not acquire, retain, require, reuse, redisclose, or intentionally offer the opportunity to provide PII through any process, including but not limited to, registration, account formation, cookies, or processes similarly considered

We do not intentionally gather PII about, or provide services of any kind to, any person under the age of 16.

By using our Website Services or Consulting Services, you acknowledge that you have read this Privacy Policy and consent to our privacy practices as described in this statement, including our use and disclosure of PII for the purposes of the Website Services and Consulting Services. You further affirm your consent by contracting for, paying for, participating in, engaging in, accessing, or otherwise interacting with our Website Services or Consulting Services. This statement is not intended to and does not create any contractual or other legal right in or on behalf of any person.

Residents of the State of California, please also read the California Residents - Your Privacy Rights section below to understand additional rights you may have pursuant to California Civil Code Section 1798.83.

IF YOU DO NOT CONSENT TO OUR PRIVACY PRACTICES AS DESCRIBED IN THIS PRIVACY POLICY STATEMENT, PLEASE DO NOT INTERACT OR ACCESS THE SERVICES.

Collection And Use Of Personally Identifiable Information

Personally identifiable information (“PII”) is information that can be linked to an individual and used to identify, locate, or contact an individual, such as a person’s name, address, telephone number, email address, driver license number, social security number, or other information that may be associated with PII.

You may be asked or be given the opportunity to provide your PII anytime you engage in our Consulting Services. Engagement of PII through Website Services is limited to that which is stated above. We may share and process this PII internally and within the scope of the provision of the Consulting Services or Website Services and in accordance with this Privacy Policy.

HRCatalyst respects and prioritizes the security of PII. HRCatalyst does not knowingly disclose, redisclose, or reuse PII outside of the scope and expectation of the Website Services or Consulting Services and those noted in this Privacy Policy.

What PII We May Collect Through Consulting Services

• We may collect a variety of information, including your first and last name, physical business address(es), phone numbers, email addresses, other addresses at which you receive communications from or on behalf of HRCatalyst, and other contact preferences communicated to us by you or a person internal to the Client delegated to represent you.
• We may collect feedback about you from colleagues, associates, superiors, subordinates, or others with whom you have a professional, business, or other relationship internal to the Client. This information may include but is not limited to job performance, organizational role, professional or personal background, and tenure within the Client or past organization(s). Relevant confidentiality guidelines related to specific Consulting Services are explained to participants engaging in Consulting Services and approved by the Client.

• We may collect additional PII in scope of and pertinent to the Consulting Services.

What PII We Will Not Collect Through Website Services or Consulting Services

It is not in the scope of our Services to engage in the business of financial, information, or technology system management. We do not, and shall not, collect, manage, pursue or otherwise use PII, which includes, but may not be limited to

• Social Security Numbers (SSN) / Taxpayer Identification Numbers (TIN) / National Identification Numbers (NIN)
• Driver License (DL) or other government-issued identification numbers (e.g., passport, permanent resident card, etc.)
• Financial/bank account numbers or payment card numbers (e.g., credit or debit card) in the provision of Services.

How We May Use Your PII

If you do provide us with PII, we may use it for the purposes of the Website Service or Consulting Services as described in this Policy Statement. Primarily, we use PII to:

• Develop and deliver Consulting Services;
• develop a profile necessary for the provision of the Consulting Services;
• send important notices or relevant messages related to the Consulting Services;
• or contact you in response to the “Contact Us” inquiry box found on the Website Services and described above.

When and Why We May Share, Disclose, Transfer And Store PII

If you do provide us with PII, we may share, disclose, transfer, and store it for the purposes of the Consulting Services and as described in this Policy Statement. Primarily, we share, disclose, and transfer PII to:

• HRCatalyst personnel engaged in the provision of Consulting Services.
• Third parties to comply with law, or in the good faith belief that such action is necessary to conform to the requirements of law, or comply with legal process served on us, and to protect and defend our rights or property, including our rights and property on the Services, or act in urgent circumstances to protect the personal safety of you or others.
• Third parties, as part of a corporate reorganization process, including, but not limited to, mergers, acquisitions, and sales of all or substantially all of our assets.

How We May Use, Share, Disclose, Transfer And Store Your Non-PII

Some information provides no direct link to an individual, such as aggregated or demographic data (non-PII). If Non-PII is combined with PII, the combined information will be treated as PII and shall be subject to the provisions of a relevant Client contract, this Privacy Policy Statement, and relevant laws and regulations for as long as the information remains combined.

Legal Basis for Processing PII Under General Data Protection Regulation (GDPR)

If you are from the European Economic Area (EEA), HRCatalyst’s legal basis for collecting and using the PII described in this Privacy Policy depends on the PII we collect and the specific context in which we collect it.

HRCatalyst may possess your PII because:

• We need to contact you regarding Consulting Services;
• You may have been identified by the Client as Identified Personnel;
• You have given us permission to possess your PII;
• It is in our legitimate interest if not overridden by your rights; or
• To comply with the law.

Retention of Data

HRCatalyst will retain your PII only for as long as is necessary for the purposes of Consulting Services or as set out in this Privacy Policy. We will also retain and use your PII to the extent necessary to comply with our contractual obligations, legal obligations, resolution of disputes, and/or enforce legal agreements and policies.

HRCatalyst will retain non-PII collected automatically, either generated by the use of the Website Services or from the Website Services infrastructure itself (collectively, “Usage Data”) for the use of internal analysis, for example, SEO analysis or usage trends. Usage Data is generally retained for a shorter period of time, except when this data is used to strengthen security, to improve the functionality of the Website Services, or to comply with pertinent laws or regulations regarding the retention of data.

The methods, processes, controls, and other reasonable measures employed by HRCatalyst for the secure retention, management, and sharing of PII obtained through Consulting Services are detailed in the “HRCatalyst Information Security Program,” which can be provided to a Client upon request.

Transfer of Data

Your information, including PII, may be transferred to, and maintained on, computers and/or servers located outside of your state or region, but will intentionally remain within the United States of America unless the scope of Consulting Services includes a Client or Identified Personnel outside the United States. In any event, the servers of a secure cloud-based data management and storage vendor employed by HRCatalyst shall be located in the United States.

If you are located outside of the United States and choose to provide information to us, please note that the data, including PII, will be processed and stored on servers within the United States of America.

Your consent to this Privacy Policy followed by your submission of such information represents your agreement to that transfer.

HRCatalyst employs reasonably necessary and industry accepted measures to ensure that Client data and PII is maintained securely and in accordance with this Privacy Policy; and that Client data or PII will not be knowingly transferred to an organization, country, or other party without authorization and industry standard controls in place to ensure security of that Client data and PII.

The methods, processes, controls, and other reasonable measures employed by HRCatalyst for the secure maintenance, management, and transfer of Client data and PII are detailed in the “HRCatalyst Information Security Program.”

Disclosure for Law Enforcement

Under certain circumstances, if required to do so by law or in response to valid requests by public authorities (e.g., a court or a government agency), HRCatalyst may be required to disclose your PII. Unless restricted by law or other such authority, HRCatalyst will make best efforts to inform a Client or you of any such required disclosure.

Legal Requirements

HRCatalyst may disclose your PII in the good faith belief that such action is necessary to:

• Comply with a legal obligation;
• Protect and defend the rights or property of HRCatalyst;
• Prevent or investigate possible wrongdoing in connection with our Website Services or Consulting Services;
• Protect the personal safety of users of the Website Services or participants in the Consulting Services or the public; or
• Protect against legal liability.

Security of Data

The security of Client data and PII is of principal importance to HRCatalyst, but no method of transmission over the Internet, or method of electronic storage is 100% secure. While we strive to use industry accepted controls to protect Client data and PII, we cannot guarantee its absolute security.

The methods, processes, controls, and other reasonable measures employed by HRCatalyst to secure Client data and PII are detailed in the “HRCatalyst Information Security Program.”

“Do Not Track” Signals Under California Online Privacy Protection Act (CalOPPA)

We do not support Do Not Track (“DNT”); however, HRCatalyst does not knowingly track Consumer data in any manner or by any means pertinent to the CalOPPA. Do Not Track is a preference that can be set in a web browser to inform websites that a user does not want to be tracked.

Generally, a user may enable or disable Do Not Track by visiting the Preferences or Settings page of their mobile device and/or web browser.

Your Data Protection Rights Under General Data Protection Regulation (GDPR) Pertaining to Website Services

If you are a resident of the European Economic Area (EEA), you have certain data protection rights. HRCatalyst aims to take reasonable steps to allow you to correct, amend, delete, or limit the use of Client Data or PII gathered from Website Services.

If you wish to be informed what PII we hold about you from Website Services and if you want it to be removed from our systems, please contact us here.

You have the following data protection rights pertaining to Website Services. Please contact us here with any inquiry about exercising these rights:

• The right to access, update, or delete the information we have on you.
• The right of rectification. You have the right to have your information rectified if that information is inaccurate or incomplete.
• The right to object. You have the right to object to our processing of your PII.
• The right of restriction. You have the right to request that we restrict the processing of your PII.
• The right to data portability. You have the right to be provided with a copy of the information we have on you in a structured, machine-readable, and commonly used format.
• The right to withdraw consent. You also have the right to withdraw your consent at any time where HRCatalyst relied on your consent to process your PII.

Please note that we may ask you to verify your identity before responding to such requests.

You have the right to complain to a Data Protection Authority about our collection and use of your PII through the Website Services. For more information, please contact your local data protection authority in the European Economic Area (EEA).

Third-Parties

We may employ third-party companies, individuals, and/or websites to facilitate or assist with the Consulting Services on our behalf, to perform Consulting Services, or to assist us in analyzing how the Consulting Services are used (“Third-Parties”). 

Third-Parties may have access to your PII only to perform the tasks related to and in scope with Consulting Services on our behalf and are obligated to not disclose or use PII for any other purpose. We always encourage Clients and/or Identified Personnel to review and understand the privacy policies of any Third-Party.

Protection of Information

No data transmissions over the Internet are completely secure. Consequently, we cannot ensure or warrant the security of any information you transmit to us or others over the Internet. You transmit such information at your own risk.

Once we receive your transmission, we will make reasonable efforts to ensure the security of our systems. We employ industry standard controls and processes to protect your information from unauthorized access, disclosure, alteration, or destruction. However, this is not a guarantee that such information may not be accessed, disclosed, altered, or destroyed by breach of security systems or processes.

If we learn of a breach of our security system or processes, we will attempt to notify you electronically or by other known contact methods, so that you can take appropriate protective steps. By using the Website Services or Consulting Services, or providing PII to us through these Services, you agree that we can communicate with you electronically regarding security, privacy, and administrative issues relating to your use of the Website Services or Consulting Services. In the event of a breach, we may post a notice through the Website Services or Consulting Services or send you an email or text at the email address and/or mobile phone number provided by you.

Measures we employ to reasonably protect PII when that PII is transmitted or stored are detailed in the “HRCatalyst Information Security Program.”

YOU MAY HAVE ADDITIONAL RIGHTS TO RECEIVE WRITTEN NOTICE OF SECURITY BREACHES UNDER THE APPLICABLE LAW OF YOUR JURISDICTION.

Assignment

You consent to our assignment of the information we have about you, including PII, in the event that all or part of our assets are sold or acquired by another party, including all or substantially all of the Website Services or Consulting Services or our top-level-domain, or in the event of a merger for the same.

Privacy Questions

If you have any questions or concerns about the HRCatalyst Privacy Policy, please contact us here.

Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on website pages, or by other means, and will update the “revised” date set forth below in this Privacy Policy. You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective on latest posted revised date.

This Privacy Policy was last updated and revised on November 14, 2025.

California Residents – Your Privacy Rights Pertaining to Website Services

A California resident who has provided PII to a business with whom he/she has established a business relationship for personal, family, or household purposes (“California User”) is entitled to request information about whether the business has disclosed PII to any third parties for the third parties’ direct marketing purposes. In general, if the business has made such a disclosure of PII, upon receipt of a request by a California user, the business is required to provide a list of all third-parties to whom PII was disclosed in the preceding calendar year, as well as a list of the categories of PII that were disclosed.

However, under the law, a business is not required to provide the above-described lists if the business adopts and discloses to the public (in its privacy policy statement) a policy of not disclosing a California User’s PII to third-parties unless the California User first affirmatively agrees to the disclosure, as long as the business maintains and discloses this policy. Rather, the business may comply with the law by notifying the California User of his or her right to prevent disclosure of PII and providing a cost-free means to exercise that right.

You should always review the privacy policies and practices of any party that collects your information to determine how that entity will handle your information.

California Users may request further information about our compliance with this law by contacting us here.  Please note that we are only required to respond to one request per user per year, and we are not required to respond to requests made by means other than through the point of contact linked above.

Supplemental Notice to Residents of California, Colorado, Connecticut, and Virginia Pertaining to Website Services

Residents in California, Virginia, Colorado, or Connecticut (“User”) have some or all of the following rights under the laws of those states:

• The right to request information about PII that we have collected about that User – including the types and source of information collected, the business purpose of that collection, the categories of third parties with whom that information is shared, and the specific PII collected about that User;
• The right to receive requested information in a readily usable format if provided electronically;
• The right to request that any PII we have collected about the User be deleted (although we may be entitled to retain some information for certain purposes); you may exercise this right by contacting us here;
• The right to update or correct any PII which is out of date or incorrect; and
• The right to be free from discrimination based on your exercise of your privacy rights.

You may inquire about exercising the rights under this Supplemental Notice by contacting us here.

Supplemental Notice to Residents of Nevada Pertaining to Website Services

Nevada law gives Nevada residents the right to request that a company not sell their PII for monetary consideration to certain other parties. This right applies even if their PII is not currently being sold. If you are a resident in Nevada, you may inquire about exercising this right by contacting us here.