Privacy Policy.

The Rhythm Collective, LLC (“TRC,” “we,” “us,” or “our”) is a faith-based executive services firm headquartered in Virginia Beach, Virginia. We are committed to protecting the privacy and personal information of every individual who visits our website, engages with our services, or communicates with our team.

1.Introduction

This Privacy Policy describes how we collect, use, disclose, store, and protect personal information in connection with our website (therhythmco.com), our customer relationship management platform (GoHighLevel), our scheduling tools (Calendly), and any other digital service or communication channel we operate. It also describes your rights under applicable law.

By accessing our website or providing us with your personal information, you acknowledge that you have read and understood this Privacy Policy.

2.Information We Collect

We collect personal information in the following categories:

2.1 Information You Provide Directly

• Full name and professional title
• Business name and industry
• Email address
• Phone number
• Mailing or business address
• Information submitted through contact forms, intake questionnaires, or scheduling tools
• Communications you send to us via email, phone, or messaging platforms
• Payment and billing information (processed by third-party payment processors; we do not store raw card data)

2.2 Information Collected Automatically

When you visit therhythmco.com, our servers and third-party analytics tools may automatically collect:

• IP address and general geographic location
• Browser type and version
• Device type and operating system
• Pages viewed and time spent on each page
• Referring website or URL
• Date and time of access
• Cookie identifiers and similar tracking technologies

2.3 Information from Third-Party Sources

We may receive information about you from third-party platforms in connection with referral partnerships, social media integrations, or business directories. We handle all such information in accordance with this Privacy Policy.

3.How We Use Your Information

We use the personal information we collect for the following business purposes:

3.1 Service Delivery

• To respond to your inquiries and fulfill service requests
• To schedule and manage appointments via Calendly
• To onboard you as a client and deliver contracted executive services
• To communicate with you about your account, services, or deliverables
• To deliver digital resources, including e-books or downloadable content you have requested

3.2 Marketing and Communications

• To send you email newsletters, educational content, or promotional communications, with your consent or where otherwise permitted by law
• To follow up on inquiries or downloaded resources (e.g., our email nurture sequences)
• To invite you to webinars, events, or discovery calls

You may opt out of marketing communications at any time using the unsubscribe link included in each email or by contacting us directly at josh@therhythmco.com.

3.3 Operations and Improvement

• To manage and improve our website and digital systems
• To analyze how our content and services are used
• To maintain records for accounting, legal compliance, and business operations
• To protect against fraud, unauthorized access, or misuse

3.4 Legal Obligations

We may use or disclose your information as required to comply with applicable law, legal process, or government requests, or to protect our legal rights, the safety of our users, or the public.

4.Legal Basis for Processing

To the extent required by applicable law, we rely on the following legal bases to process your personal information:

• Consent — where you have affirmatively provided consent (e.g., opting in to email communications or submitting a contact form)
• Contractual Necessity — where processing is necessary to fulfill a service agreement with you
• Legitimate Interests — where processing is necessary for our legitimate business interests, such as improving our services or marketing to prospective clients who have shown interest in our work, provided those interests are not overridden by your rights
• Legal Obligation — where processing is required to comply with applicable law

5.Cookies and Tracking Technologies

Our website may use cookies, web beacons, pixel tags, and similar technologies to enhance your browsing experience, analyze site traffic, and support our marketing efforts. Cookies are small text files stored on your device.

5.1 Types of Cookies We Use

• Essential Cookies — required for the website to function properly
• Analytics Cookies — used to understand how visitors interact with our site (e.g., Google Analytics)
• Marketing Cookies — used to deliver relevant advertising and track the effectiveness of campaigns

5.2 Your Cookie Choices

Most web browsers allow you to control cookies through your browser settings. Please note that disabling certain cookies may affect the functionality of our website. At this time, we do not respond to browser-level Do Not Track signals; however, we will update this section if our practices change.

6.Sharing and Disclosure of Information

We do not sell, rent, or trade your personal information to third parties for their own marketing purposes. We may share your information in the following limited circumstances:

6.1 Service Providers and Technology Platforms

We share information with third-party vendors and platforms that help us operate our business. These parties are contractually obligated to use your information only as directed by us and in accordance with applicable law. Current platforms include:

• GoHighLevel (CRM, email automation, and pipeline management)
• Zapier (workflow automation)
• Google Workspace — Gmail and Google Drive (business communications and file storage)
• Calendly (appointment scheduling)
• ShootProof (photography gallery delivery, for applicable clients)
• Payment processors (for billing and invoicing)

6.2 Referral Partners

With your knowledge and as part of service arrangements, we may share relevant contact information with vetted referral partners (such as financial advisors, coaches, or professionals within our network) for the purpose of connecting you with complementary services. We will not share your information with referral partners for purposes unrelated to your engagement with TRC.

6.3 Legal Requirements

We may disclose your information if required to do so by law, subpoena, court order, or other governmental authority, or when we believe in good faith that disclosure is necessary to protect our rights, prevent fraud, or protect the safety of our users or the public.

6.4 Business Transfers

In the event that The Rhythm Collective undergoes a merger, acquisition, reorganization, or sale of assets, your personal information may be transferred as part of that transaction. We will notify you via email and/or prominent notice on our website if such a transfer occurs and this Privacy Policy changes as a result.

7.Email Communications and CAN-SPAM Compliance

We comply with the federal CAN-SPAM Act of 2003. With respect to all commercial email communications we send:

• We will clearly identify ourselves as the sender
• We will include our physical mailing address in every commercial email
• We will clearly label promotional or marketing messages as such
• We will include a clear and conspicuous opt-out mechanism in every commercial email
• We will honor all opt-out requests within ten (10) business days
• We will not use deceptive subject lines or false header information

To unsubscribe from our marketing emails, click the “Unsubscribe” link at the bottom of any email, or contact us directly at josh@therhythmco.com with “Unsubscribe” in the subject line.

8.Virginia Consumer Data Protection Act (VCDPA)

The Virginia Consumer Data Protection Act (Va. Code § 59.1-571 et seq.) grants Virginia residents certain rights with respect to their personal data. The VCDPA applies primarily to consumer personal data. To the extent TRC processes personal data of Virginia residents in a consumer capacity (as opposed to a purely business-to-business context), we honor the following rights:

8.1 Your Rights Under the VCDPA

• Right to Know — You have the right to confirm whether we are processing your personal data and to access that data.
• Right to Correct — You have the right to correct inaccuracies in your personal data.
• Right to Delete — You have the right to request deletion of personal data you have provided to us or that we have collected about you.
• Right to Data Portability — You have the right to obtain a copy of your personal data in a portable and, to the extent technically feasible, readily usable format.
• Right to Opt Out — You have the right to opt out of the processing of your personal data for purposes of (i) targeted advertising, (ii) sale of personal data, or (iii) profiling in furtherance of decisions that produce legal or similarly significant effects. TRC does not sell personal data or use it for automated profiling decisions.

8.2 How to Exercise Your VCDPA Rights

To submit a verifiable request to exercise any of the rights described above, contact us at:

We will respond to your request within forty-five (45) days of receipt. We may extend this period by an additional forty-five (45) days when reasonably necessary, with notice. We will not discriminate against you for exercising your rights under the VCDPA.

8.3 Appealing Our Decision

If we decline to act on your request, we will inform you of our reason within the response period. You may appeal our decision by contacting us at josh@therhythmco.com with “VCDPA Appeal” in the subject line. If your appeal is denied, you may contact the Virginia Attorney General's Office at oag.state.va.us.

9.Federal Privacy and Communications Law Compliance

9.1 FTC Act — Unfair or Deceptive Practices

We comply with Section 5 of the Federal Trade Commission Act. We do not engage in deceptive or unfair data practices. Our disclosures in this Privacy Policy are complete, accurate, and consistent with how we actually handle personal information.

9.2 Telephone Consumer Protection Act (TCPA)

If we contact you by phone or text message in connection with our services or marketing, we do so in compliance with the Telephone Consumer Protection Act (47 U.S.C. § 227). We will obtain your prior express written consent before sending any autodialed or prerecorded marketing calls or text messages. You may revoke your consent at any time by replying “STOP” to any text message or by contacting us at josh@therhythmco.com.

9.3 Children's Online Privacy Protection Act (COPPA)

Our website and services are not directed to children under the age of thirteen (13), and we do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a child under 13, please contact us immediately at josh@therhythmco.com and we will take prompt steps to delete such information.

10.Data Retention

We retain personal information for as long as necessary to fulfill the purposes described in this Privacy Policy, to comply with our legal obligations, resolve disputes, and enforce our agreements. Specific retention periods include:

• Client records — retained for a minimum of seven (7) years from the conclusion of the engagement, in accordance with standard business and tax recordkeeping requirements
• Marketing contact records — retained until you opt out, request deletion, or we determine the data is no longer needed for its original purpose
• Website analytics data — retained per the default settings of our analytics providers (typically 26 months for Google Analytics)
• Financial and billing records — retained for a minimum of seven (7) years per IRS requirements

When personal information is no longer needed, we will securely delete or de-identify it.

11.Strategic Partners, Sub-Processors, and Financial Data

The Rhythm Collective operates as the primary point of contact and contracting entity for all client engagements. TRC does not directly employ specialists in every service discipline. Instead, TRC coordinates a vetted network of strategic partners — each operating as an authorized sub-processor acting solely on TRC's behalf and under TRC's direction — to deliver specific service functions to our clients.

When you contract with TRC, you are contracting with TRC exclusively. TRC assumes full responsibility for ensuring that its strategic partners handle your data in accordance with this Privacy Policy, applicable law, and the terms of your service agreement. You do not have a direct contractual relationship with any strategic partner.

11.1 Authorized Strategic Partners

TRC currently engages the following strategic partners as authorized sub-processors. Each partner is disclosed here in full transparency, along with the category of data they may access in connection with your engagement:

StoneCentury Financial — Wealth Management

StoneCentury Financial provides wealth management advisory services on behalf of TRC clients. In connection with this service, StoneCentury Financial may access:

• Investment account information and portfolio summaries
• Personal and business financial statements
• Income, asset, and liability disclosures necessary for financial planning
• Tax documents and related financial records, as applicable

AB Accounting — Bookkeeping

AB Accounting provides full-service bookkeeping on behalf of TRC clients. In connection with this service, AB Accounting may access:

• Bank account statements and transaction histories
• Credit card statements and account details
• Business financial records, including profit and loss statements, balance sheets, and general ledgers
• Payroll records and vendor payment data
• Receipts, invoices, and expense documentation
• Delegated or credentialed access to financial platforms (e.g., QuickBooks, Xero, bank portals), granted through your explicit authorization

CRTV Dei — Web Development

CRTV Dei provides web development and digital presence services on behalf of TRC clients. In connection with this service, CRTV Dei may access:

• Website login credentials and administrative access, as explicitly authorized by the client
• Brand assets, content, and media files
• Contact form data and website analytics, as necessary for development and testing

11.2 TRC as Data Controller

For purposes of applicable privacy law, The Rhythm Collective acts as the data controller with respect to all personal and financial information collected from clients. Our strategic partners act as data processors, handling data only as instructed by TRC and only to the extent necessary to perform their contracted service function. TRC does not authorize any strategic partner to use client data for their own independent purposes.

11.3 Sub-Processor Obligations

Each strategic partner engaged by TRC is required, as a condition of their working relationship with TRC, to:

• Handle client data solely for the purpose of delivering the contracted service
• Maintain the confidentiality of all client information accessed in the course of their engagement
• Implement reasonable security measures appropriate to the sensitivity of the data they handle
• Promptly notify TRC of any unauthorized access, data breach, or security incident involving client data
• Return or securely destroy client data upon conclusion of the engagement

11.4 Client Authorization and Consent

Access by any strategic partner to your financial accounts, platforms, or sensitive records requires your explicit prior authorization. TRC will not grant a strategic partner access to any client account, credential, or financial system without your express written or documented consent. You may revoke a strategic partner's access at any time by notifying TRC in writing at josh@therhythmco.com.

11.5 TRC's Accountability

Because all client contracts are held with TRC, TRC remains accountable to you for the conduct of its strategic partners with respect to your data. If you believe a strategic partner has mishandled your information, you should notify TRC immediately. TRC will investigate, take corrective action, and notify you of the outcome. In the event of a data breach involving your financial or personal information, TRC will notify you as required under Virginia Code § 18.2-186.6, regardless of which partner's systems were involved.

11.6 Your Rights Regarding Financial Data

You retain full ownership of all financial data shared with TRC and processed by its strategic partners. Upon termination of your service agreement, TRC will ensure the return or secure destruction of all copies of your financial data held by TRC and its strategic partners within thirty (30) days, unless retention is required by applicable law. You may request a full accounting of what financial data TRC and its partners hold at any time by contacting josh@therhythmco.com.

12.Data Security

We implement reasonable and appropriate technical and organizational measures to protect your personal information from unauthorized access, use, alteration, or destruction. These measures include:

• Secure, encrypted storage of CRM data via GoHighLevel
• Access controls limiting employee and contractor access to personal data on a need-to-know basis
• Use of Google Workspace's enterprise-grade security for email and file storage
• Regular review of third-party vendor security practices

No method of electronic transmission or storage is one hundred percent (100%) secure. While we strive to protect your information, we cannot guarantee absolute security. In the event of a data breach that affects your personal information, we will notify you as required by applicable law, including Virginia Code § 18.2-186.6.

13.Third-Party Links and Services

Our website may contain links to third-party websites, scheduling tools, or platforms (such as Calendly, LinkedIn, or social media). We are not responsible for the privacy practices of those third parties. We encourage you to read their privacy policies before providing any personal information. Inclusion of a link on our website does not imply endorsement of that site's privacy practices.

14.Contractor and Partner Data

In connection with our business operations, we may collect and process personal information of independent contractors, referral partners, and affiliated service providers. Such information is used solely in connection with our working relationship and is handled in accordance with this Privacy Policy and applicable law, including Virginia Code § 40.1-28.7:7 regarding worker classification.

15.Changes to This Privacy Policy

We reserve the right to update or modify this Privacy Policy at any time. When we make material changes, we will update the “Last Updated” date at the top of this document and, where appropriate, notify you via email or a notice on our website. Your continued use of our website or services after any modification constitutes your acceptance of the updated Policy.

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

16.Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at: