The James Akpo Ecosystem views data privacy as a fundamental human right and a core structural pillar of our consulting practice. This document outlines our clinical data architecture, specifying exactly how we collect, process, and protect your information in strict accordance with the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and relevant SEC/FINRA compliance standards.
Executive Summary: We do not sell your personal data. We utilize enterprise-grade encryption (TLS 1.3 / AES-256) and strictly prohibit the ingestion of consumer Non-Public Personal Information (NPI).
1. Structural Data Collection Parameters
We practice strict Data Minimization. We only collect information mathematically necessary to diagnose your operational constraints and deliver requested insights.
Information We Collect
- Identity & Contact Metrics: First name, last name, corporate email address, and professional phone number.
- Operational Diagnostics: Data submitted via our HTML Scorecards (e.g., 24-Hour Readiness Assessment, Leverage Scorecard), including high-level aggregate business metrics, operational constraints, and technology stack parameters.
- Technical Telemetry: IP address, browser type, device specifications, and navigation behavior via cookies (subject to your explicit consent via our Consent Management Platform).
2. Operational Utilization of Data
Your data is utilized strictly for the following business purposes:
- To calculate operational risk scores and deliver requested diagnostic reports and consulting blueprints.
- To route your inquiry to the correct automated pipeline or human executive within the James Akpo Ecosystem.
- To maintain system security, monitor for automated bot attacks, and optimize the digital architecture of our web properties.
3. Enterprise Sub-Processors & Infrastructure
We do not maintain vulnerable local servers. We legally disclose that we utilize elite, third-party infrastructure to process and secure data.
Data Storage & CRM
User data is processed and stored securely utilizing Google Workspace Enterprise infrastructure. Google operates under SOC 2, SOC 3, ISO 27001, and ISO 27018 compliance frameworks.
Financial Transactions
All global and regional payments are processed entirely by Stripe and Paystack. Both entities are certified as PCI-DSS Level 1 Service Providers. The James Akpo Ecosystem utilizes advanced tokenization and does not store, process, or transmit raw financial data on our internal servers.
4. Sector-Specific Protocol: The "No-NPI" Firewall
To accommodate our partners operating under FINRA and SEC jurisdiction, the James Akpo Ecosystem operates a strict "No-NPI" protocol.
- Our tools are designed exclusively to measure structural operational efficiency of the agency/business.
- Users are explicitly instructed never to input their clients' Non-Public Personal Information (NPI), account numbers, or private portfolio data into our ecosystem.
- All ecosystem communications and CRM actions are securely archived utilizing Google Vault to provide WORM-compliant (Write Once, Read Many) audit trails to satisfy SEC Rule 17a-4 requirements.
5. European Privacy Rights (GDPR Alignment)
For individuals accessing our ecosystem from the European Economic Area (EEA) and the UK, we guarantee the following Data Subject Rights:
- The Right to Access & Portability: You may request a cryptographic export of the personal data we hold about you.
- The Right to Rectification: You may request corrections to inaccurate operational or personal data.
- The Right to Erasure (Right to be Forgotten): You may demand the clinical deletion of your records from our active CRM.
Data transfers outside the EEA are governed by Standard Contractual Clauses (SCCs) embedded within our Data Processing Agreements with Google, Stripe, and Paystack.
6. California Privacy Rights (CCPA Alignment)
For residents of California, we comply entirely with the CCPA framework.
- Do Not Sell My Personal Information: We declare explicitly that the James Akpo Ecosystem has not sold, and will not sell, your personal information to third parties.
- Right to Know & Delete: You have the right to request the specific pieces of information we have collected about you over the past 12 months and request their deletion.
7. Security Posture & Access Control
Our technical foundation is impenetrable by design. All data is encrypted in transit utilizing TLS 1.3 and at rest utilizing AES-256 encryption. Internal access to the CRM and diagnostic databases is strictly governed by Role-Based Access Control (RBAC) and mandatory Multi-Factor Authentication (MFA). We deploy enterprise-grade Web Application Firewalls (WAF) to neutralize DDoS attacks and injection attempts.
8. Data Subject Access Requests (DSAR)
To exercise any of your privacy rights, request an audit of your data, or withdraw consent, please initiate a Data Subject Access Request by contacting our Privacy and Compliance team directly.
Email: privacy@jamesakpo.com
Response Time SLA: We will acknowledge your request within 48 hours and resolve it within 30 days, as required by international law.