Advisory Inquire PNU Consulting Inquire

Privacy Policy

Last updated: May 9, 2026

PNU Consulting (“PNU,” “we,” “us,” or “our”) respects your privacy and is committed to protecting the personal information you share with us. This Privacy Policy describes how we collect, use, and disclose information when you visit our website, sign in to the investor portal, engage with our services, or otherwise interact with us.

Information We Collect

Information you provide directly. Your name, email address, phone number, company name, and any details you include in inquiries submitted through our website or shared during the course of an engagement.

Information collected automatically. When you visit the public pages of our website, we collect technical information through standard server logs, including your IP address, approximate location (country, region, city) derived from that IP, browser type and version, device identifiers, referring page, and pages viewed.

Information collected when you sign in. The investor portal is restricted to invited users. When you sign in or use the portal, we additionally collect your account email, an authentication identifier issued by our authentication provider, your session identifiers, your IP address and approximate location for each session and request, your user-agent string, and timestamps of every successful sign-in, failed sign-in attempt, sign-out, and authenticated page view. We refer to these collectively as “access logs.”

Account Authentication

The investor portal is invite-only. Accounts are provisioned and managed by PNU Consulting; we do not offer self-service sign-up or self-service password reset. To request access, regain access to a forgotten password, or remove your account, please email info@pnuconsulting.com.

Passwords are never stored in clear text. They are handled and stored as one-way cryptographic hashes by our authentication provider (see “Service Providers” below). PNU Consulting administrators do not have the ability to read your password; we can only set a new one.

For security, we automatically lock an account for a short cool-off period after a small number of consecutive failed sign-in attempts. We are also notified by email when a lockout is triggered.

Access Logs and IP Addresses

For every authenticated request to the investor portal we record an access-log entry containing: the user identifier, the path requested, the event type (sign-in success, sign-in failure, sign-out, page view, account lockout, or administrative action), the IP address, approximate location (country, region, city) derived from that IP, the user-agent string, the session identifier, and the timestamp.

We use these logs solely to operate the portal, detect and respond to suspicious activity, investigate security incidents, and meet our legal obligations. Access logs are visible only to a small number of authorized PNU Consulting administrators and are not shared for marketing or advertising purposes.

Retention. Access-log entries are retained for up to 18 months and then automatically deleted. Authentication records (your account email and last sign-in metadata) are retained for as long as your account is active and for a reasonable period afterward to satisfy legal and security needs.

How We Use Your Information

We use the information we collect to respond to inquiries, evaluate prospective engagements, deliver and improve our services, operate the investor portal (including authentication, session management, security monitoring, and abuse prevention), communicate with clients and contacts, comply with legal obligations, and protect the security and integrity of our website, portal, and operations.

Cookies & Similar Technologies

Public pages of our website may set a small number of strictly necessary cookies. The investor portal additionally sets one or more authentication cookies issued by our authentication provider; these are required to keep you signed in and cannot be disabled without preventing the portal from functioning. We do not use third-party advertising cookies.

You can control or disable cookies through your browser settings. Disabling cookies will prevent you from signing in to the investor portal.

Service Providers (Subprocessors)

We rely on the following service providers to operate the website and investor portal. Each receives only the information necessary to perform its function, under contractual confidentiality and data-protection terms.

  • Clerk — authentication, password hashing, session management, and account lifecycle.
  • Vercel — website hosting, edge delivery, request logs, and serverless functions.
  • Neon — managed PostgreSQL database storing access logs and operational data.
  • Upstash — managed Redis used for short-lived rate-limiting and lockout state.

Sharing & Disclosure

We do not sell your personal information. We may share information with the service providers listed above and only to the extent necessary for them to perform services on our behalf. We may also disclose information when required by law, in response to valid legal requests, or to protect our rights, property, or safety, or the rights, property, or safety of others.

Data Retention

We retain personal information for as long as needed to fulfill the purposes described in this Policy, comply with our legal obligations, resolve disputes, and enforce our agreements. Access-log entries are deleted automatically after 18 months. Inquiry records and engagement-related information are retained for as long as reasonably necessary for the relationship and the period afterward required by applicable law and our professional obligations.

Your Rights

Depending on your location, you may have rights to access, correct, delete, or restrict use of your personal information, to receive a copy of the information you provided to us, or to object to certain processing activities. To exercise any of these rights, including to delete your portal account, please contact us using the details below. We will respond in accordance with applicable law.

Security

We implement administrative, technical, and physical safeguards designed to protect personal information from unauthorized access, disclosure, alteration, or destruction. These include encrypted transport (HTTPS/TLS), strict same-origin and content-security policies on the portal, signed and verified webhook channels, parameterized database queries, role-gated administrative endpoints, and forensic access logging. No method of transmission over the internet or electronic storage is fully secure, and we cannot guarantee absolute security.

Changes to this Policy

We may update this Privacy Policy from time to time. When we do, we will revise the “Last updated” date above. Material changes will be communicated through the website or other appropriate channels.

Contact

For account access requests (including password help): info@pnuconsulting.com.

For questions or concerns about this Privacy Policy or our data practices: info@pnuconsulting.com.