Sovereign Grant Strategies LLC ("Company," "we," "us," or "our") is committed to protecting the privacy and security of personal information entrusted to us by our clients, partners, and website visitors. This Privacy Policy explains how we collect, use, disclose, and safeguard your information, including information collected in connection with our federal grant management and disaster recovery consulting services.
1. Introduction and Scope
This Privacy Policy applies to all personal information collected by Sovereign Grant Strategies LLC through our website, client engagements, subrecipient monitoring activities, and other business operations. It governs our treatment of personal information of clients, subrecipients, program beneficiaries, website visitors, employees, and other individuals whose information we may process in the course of providing grant management consulting services.
Our services frequently involve processing sensitive information on behalf of governmental entities and nonprofit organizations receiving federal Community Development Block Grant — Disaster Recovery (CDBG-DR) funds and other federal grant programs. We take our privacy and data stewardship obligations under these programs seriously.
2. Applicable Laws and Regulations
Our privacy practices are governed by and comply with the following laws and regulations, among others:
- The Privacy Act of 1974 (5 U.S.C. § 552a)
- HUD's implementing regulations and Privacy Impact Assessment requirements
- The E-Government Act of 2002
- Federal Information Security Modernization Act (FISMA)
- OMB Circular A-130 and related guidance on federal information management
- Community Development Block Grant — Disaster Recovery (CDBG-DR) program requirements
- The California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA)
- Virginia Consumer Data Protection Act (VCDPA)
- Colorado Privacy Act (CPA)
- Other applicable state privacy laws
- Mississippi state records and privacy requirements
3. Information We Collect
Information You Provide Directly:
- Contact information (name, email address, phone number, mailing address)
- Organizational affiliation and title
- Information submitted through our website contact forms or email inquiries
- Contract and engagement-related information
Program Beneficiary Information (collected on behalf of grantee clients):
- Personally Identifiable Information (PII) required by federal grant programs
- Income documentation and household composition data
- Property ownership and damage assessment information
- Insurance claim information
- Demographic information required for civil rights compliance
- Duplication of Benefits (DOB) documentation
Information Collected Automatically:
- Website usage data (pages visited, time spent, referral source)
- Device and browser information
- IP address
- Cookie data (see Section 9 for details)
4. How We Use Your Information
- Providing grant management, compliance, and consulting services to our clients
- Administering CDBG-DR and other federal grant programs on behalf of grantee clients
- Conducting subrecipient monitoring and compliance reviews
- Responding to inquiries and communicating with prospective and current clients
- Preparing reports and documentation required by HUD and other federal agencies
- Fulfilling legal, regulatory, and contractual obligations
- Improving our website and business operations
- Sending relevant updates about our services (with opt-out available)
5. Disclosure of Information
We do not sell personal information. We may share information only in the following circumstances:
- With grantee clients: Information collected on behalf of a client is shared with and used solely for that client's grant program administration.
- With federal agencies: HUD and other federal agencies may receive information as required by grant agreements, audit requirements, or law.
- With service providers: Trusted vendors who assist in our operations under strict confidentiality agreements.
- Legal requirements: When required by law, court order, or government authority.
- Business transfers: In connection with a merger, acquisition, or sale of business assets, subject to appropriate confidentiality protections.
6. HUD CDBG-DR PII Obligations
- PII is collected only to the extent necessary for program eligibility determination and compliance.
- All PII is stored in secure, access-controlled systems with audit logging.
- PII is shared only with authorized personnel and entities with a legitimate program need.
- Program beneficiaries are informed of the purpose of PII collection and their rights.
- We maintain Privacy Impact Assessments (PIAs) and System of Records Notices (SORNs) as applicable.
- All staff handling PII receive annual privacy and security training.
- PII is disposed of securely in accordance with federal records retention requirements.
7. Data Security
We implement appropriate technical, administrative, and physical safeguards including encrypted transmission, role-based access controls, multi-factor authentication, secure cloud-based document management, regular security assessments, and employee training on data security and privacy practices.
8. Data Retention
- Federal grant program records: Minimum of seven (7) years from the date of the final expenditure report.
- Client engagement records: Seven (7) years following conclusion of the engagement.
- Website contact inquiries: Three (3) years, or until the inquiry is resolved.
- Employee records: As required by applicable employment law.
9. Cookies and Tracking Technologies
Our website may use essential cookies, analytics cookies, and preference cookies to improve your experience. You can control cookies through your browser settings. We do not use cookies for targeted advertising or sell cookie data to third parties.
10. Your Privacy Rights
Depending on your location, you may have rights to know, correct, delete, or receive a portable copy of your personal data. We do not sell personal information and will not discriminate against you for exercising your privacy rights. We respond to verifiable requests within 45 days.
11. Data Breach Notification
In the event of a data breach, we will promptly investigate and notify affected individuals and applicable government agencies in accordance with applicable federal and state breach notification laws.
12. Third-Party Links and Services
Our website may contain links to external websites. We are not responsible for the privacy practices of third-party sites and encourage you to review their privacy policies.
13. Employee and Contractor Privacy
Personal information collected from employees and contractors is used solely for employment and engagement purposes and is protected under the same security standards described in Section 7.
14. Accessibility
If you require this policy in an alternative format, please contact us using the information in Section 17.
15. Non-Discrimination
Sovereign Grant Strategies LLC does not discriminate on the basis of race, color, national origin, sex, age, disability, religion, or any other protected characteristic in the collection, use, or disclosure of personal information.
16. Changes to This Privacy Policy
We may update this Privacy Policy periodically. When we make material changes, we will update the "Last Updated" date at the top of this page. Continued use of our website or services following any changes constitutes acceptance of the updated policy.
17. Contact — Privacy Officer
For questions, concerns, or to exercise your privacy rights, please contact our designated Privacy Officer:
We will acknowledge your request within 10 business days and provide a substantive response within 45 days, as required by applicable law.