Legal · Privacy Last updated: May 7, 2026

Privacy, in plain language.

We're a small consultancy, not an ad network. This page explains what we collect, why we collect it, and the limits we put on ourselves so you can engage with us in confidence.

01Scope & who we are

This Privacy Policy describes how Sienna Labs LLC ("Sienna Labs," "we," "us," or "our") collects, uses, and protects information when you visit siennalabs.co, call us, email us, or engage us as a client. It applies to information collected through this website and through our consulting engagements.

Sienna Labs LLC is the data controller responsible for the personal information described here. If you have questions about anything in this document, see Contact us below.

02Information we collect

We deliberately collect as little as we can. Specifically:

Information you give us directly

  • Contact details — your name, business email, phone number, and company, if you call, email, or otherwise reach out to us.
  • Conversation content — the substance of what you tell us in calls, emails, scoping sessions, and engagement work, including any documents or data you choose to share to enable our work.
  • Engagement records — contracts, statements of work, invoices, and related billing information once you become a client.

Information collected automatically

  • Basic technical data — IP address, browser type, device type, referring URL, and pages viewed, recorded in standard server logs to keep the site running and secure.
  • Phone metadata — when you call our published number, our telephony provider records call time, duration, and your phone number for routing and quality purposes.

We do not collect special categories of personal data (such as health, biometric, or government identifiers) through this website, and we ask clients not to send them to us by email.

03How we use your information

We use the information described above only for these purposes:

  • To respond to you — returning calls and emails, scheduling intro conversations, answering questions about our services.
  • To deliver consulting engagements — performing the diagnostic, build, or advisory work you've engaged us to do, under the terms of our agreement with you.
  • To run the business — invoicing, accounting, and meeting our legal and tax obligations.
  • To keep the site secure and reliable — diagnosing errors, preventing abuse, and maintaining server health.

We do not use your information to train public AI models, build advertising profiles, or generate marketing audiences.

04No sale, no marketing, no third parties

Our pledge

We do not sell, rent, trade, or share your personal information with third parties for marketing, advertising, or commercial purposes. Ever.

That commitment is the default behavior of this business, not a feature you have to opt into. The only situations in which limited information may be handled by a party other than Sienna Labs are:

  • Vendors who power our operations — our email, calendar, telephony, document, and accounting providers process information solely to deliver those services to us, under contractual confidentiality obligations. They are not allowed to use your information for their own purposes.
  • Professional advisors — accountants and attorneys who are bound by professional confidentiality, when needed for the lawful operation of the business.
  • Legal requirements — a valid subpoena, court order, or other legal obligation we cannot lawfully refuse. Where permitted, we will notify you first.
  • A business transfer — in the event of a merger, acquisition, or sale of assets, your information may transfer to the successor entity, which would remain bound by the protections in this policy.

We will never share your data with marketers, data brokers, or advertising networks.

06How long we keep it

We hold information only as long as we have a clear reason to:

  • Inquiry threads that don't lead to an engagement: deleted within 12 months.
  • Engagement records: kept for the duration of the engagement plus the period required to enforce contracts and meet legal/tax obligations (typically up to 7 years).
  • Server and call logs: kept for a short rolling window (typically up to 90 days) for security and troubleshooting, then discarded.

You can ask us to delete information about you sooner, subject to the legal retention requirements noted above.

07How we protect it

We apply reasonable technical and organizational safeguards: TLS encryption in transit, encrypted storage at rest with our SaaS providers, strong authentication on accounts that can access your data, and access on a need-to-know basis. No system is perfectly secure, and we don't pretend otherwise — but we treat your information the way we'd want our own treated.

If a security incident affects your information, we will notify you and any required regulators in accordance with applicable law.

08Cookies & tracking

This site uses only what's necessary to load and serve the page. We do not use third-party advertising cookies, cross-site trackers, or behavioral profiling. If we ever introduce any non-essential cookies (for example, lightweight analytics), we will update this policy and ask for your consent first where required.

You can configure your browser to block or delete cookies at any time. The Do Not Track signal is honored — we do not track across sites regardless.

09Your rights & choices

Depending on where you live, you may have the right to:

  • Access a copy of the personal information we hold about you.
  • Correct information that is inaccurate or out of date.
  • Delete your information, subject to legal retention requirements.
  • Restrict or object to certain types of processing.
  • Port a machine-readable copy of information you provided.
  • Withdraw consent at any time, where processing is based on consent.
  • Opt out of "sale" or "sharing" of personal information — though, as noted above, we don't engage in either.
  • Lodge a complaint with your local data protection authority.

To exercise any of these rights, email [email protected]. We will respond within 30 days. We won't discriminate against you for exercising any privacy right.

10International transfers

Sienna Labs is based in the United States, and the vendors that support our operations may also process information in the U.S. or other jurisdictions. Where personal data is transferred from the EEA, UK, or Switzerland, we rely on appropriate safeguards such as Standard Contractual Clauses and the EU-U.S. Data Privacy Framework where available.

11Children's privacy

Our services are intended for businesses and the professionals who run them. This site is not directed to children under 16, and we do not knowingly collect personal information from them. If you believe a child has provided us with information, contact us and we will delete it.

12Changes to this policy

We may update this policy from time to time as our practices, vendors, or legal obligations evolve. The "Last updated" date at the top of the page reflects the most recent revision. Material changes will be communicated to active clients directly. Continued use of the site after a change constitutes acceptance of the updated policy.

13Contact us

Questions, requests, or complaints about this policy or how we handle your information: