Privacy Policy

7 Layer Solutions, Inc. (“7 Layer Solutions,” “we,” “us,” or “our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, share, and protect information about visitors to our website, prospects and business customers who interact with us, and the personnel we employ. It also describes how we handle information we process on behalf of our managed-services clients.

If you have any questions about this Privacy Policy or our privacy practices, please contact us using the information at the end of this page.

1. About 7 Layer Solutions and Our Role

7 Layer Solutions is a managed-services and managed-security provider. We serve businesses, including registered investment advisers, broker-dealers, and other financial-services firms. Depending on the context, we may act as a business in our own right (for example, when you contact us through our website) or as a service provider on behalf of one of our clients.

When We Act as a Service Provider

When 7 Layer Solutions accesses, stores, transmits, or otherwise processes information that belongs to or relates to the customers of one of our managed-services clients, we do so only on that client’s instructions and only as needed to deliver the contracted services. For those engagements, the privacy policy of our client governs the underlying relationship with the individual; this Privacy Policy describes the safeguards we apply to the information while it is in our care.

Information processed on behalf of a client is subject to our Customer Information Safeguards Program, which is designed to satisfy the safeguards and incident-response expectations of Regulation S-P, including the May 2024 amendments. A summary of the Program is available to our clients on request.

2. Information We Collect

2.1 Information You Provide Directly

We collect information you voluntarily provide to us through our website, email, phone calls, contracts, support tickets, or other direct interactions. This may include your name, business contact information (employer, title, email address, telephone number, mailing address), the content of your inquiry or request, and any information you provide as part of an account, service agreement, or support engagement.

2.2 Information Collected Automatically

When you visit our website, we may collect limited technical information such as IP address, device and browser type, referring page, and pages visited. We use this information to operate and secure the site, measure performance, and improve content.

2.3 Information About Our Personnel

We collect information about applicants, employees, and contractors as needed to recruit, hire, pay, train, and supervise our workforce. Personnel privacy practices are documented in our internal Human Resources Security Policy.

2.4 Information We Process on Behalf of Clients

While delivering managed services, we may have access to information that belongs to our clients or their end customers, including non-public personal information of those end customers. We do not use that information for our own purposes; we process it only as the client directs and subject to our Customer Information Safeguards Program (see Section 1).

3. How We Use Information

We use the information described above to:

• Respond to your inquiries and provide the services you request;
• Establish, administer, and bill for our services;
• Operate, maintain, and improve our website and service offerings;
• Protect the security and integrity of our systems, our clients’ systems, and the information entrusted to us;
• Communicate with you about services, support, security advisories, and (where permitted) marketing of related services. You may opt out of marketing communications at any time;
• Comply with legal, regulatory, audit, and contractual obligations.

4. How We Share Information

We do not sell personal information. We do not share personal information with third parties for their own marketing or advertising purposes. We share information only as described below:

• Service providers and subprocessors. We engage a limited set of vendors (for example, our cloud productivity provider, identity platform, ticketing system, and backup providers) to support our operations. Each is bound by written agreements requiring appropriate safeguards and breach-notification commitments.
• Our clients. When we process information on behalf of a client, we share it back with that client as required to deliver the contracted services.
• Legal, regulatory, and safety. We may disclose information when required by law, in response to legal process, to cooperate with regulators or law enforcement, or to protect the rights, property, or safety of 7 Layer Solutions, our clients, our personnel, or others.
• Business transitions. If 7 Layer Solutions is involved in a merger, acquisition, financing, or sale of assets, information may be transferred as part of that transaction, subject to commitments consistent with this Privacy Policy.

5. How We Protect Information

We maintain an information security program designed to protect the confidentiality, integrity, and availability of the information we hold. Controls include multi-factor authentication, role-based access on a least-privilege basis, encryption at rest (AES-256) and in transit (TLS 1.2 or higher), 24×7 security monitoring, vulnerability management, regular penetration testing, and mandatory security awareness training. Our security program is documented in the 7 Layer Solutions Information Security Policy and a suite of subordinate policies aligned to the SOC 2 Trust Services Criteria. We are actively preparing for an independent SOC 2 Type II examination.

6. Incident and Breach Notification

We maintain a written Incident Response Plan and a Customer Information Safeguards Program that govern how we detect, contain, investigate, and recover from security incidents. If we determine that a security incident has resulted in, or is reasonably likely to have resulted in, unauthorized access to or use of information we process on behalf of a client, we will notify the affected client as soon as possible and in no event later than 72 hours after we become aware of the incident, with the information they reasonably need to evaluate their own notification obligations. Where contractually engaged to do so, we will assist clients in preparing and delivering any required notices to affected individuals.

7. Retention

We retain information for as long as needed to provide our services, comply with legal, regulatory, and audit obligations, and resolve disputes. Specific retention periods for client service records, security and incident records, employee records, and financial records are documented in our Data Classification & Handling Policy and our Customer Information Safeguards Program. Information we process on behalf of a client is retained as directed by that client.

8. Your Choices and Rights

8.1 Marketing Communications

You may opt out of marketing emails at any time by following the unsubscribe instructions in any message, or by contacting us using the information below.

8.2 State Privacy Rights

Depending on where you live, you may have the right to request access to, correction of, or deletion of personal information we hold about you, to opt out of certain uses or sharing of personal information, to limit the use of sensitive personal information, and to appeal a denial of your request. We do not sell personal information and do not engage in cross-context behavioral advertising.

If you are a resident of California, Colorado, Connecticut, Virginia, Utah, or another U.S. state with a comprehensive privacy law, you may submit a request by contacting us at the address below. We will verify your identity before responding and will respond within the timeframes required by your state’s law.

If your request relates to information we process on behalf of one of our clients, we will refer the request to that client and assist them in responding as required by their privacy policy and the applicable law.

9. Children’s Privacy

Our services are not directed to children. We do not knowingly collect personal information from individuals under 13 years of age (or under 16 where applicable law sets a higher threshold). If you believe a child has provided us with personal information, please contact us and we will take steps to delete it.

10. Links to Third-Party Sites

Our website may contain links to third-party sites. We are not responsible for the privacy practices of those sites and encourage you to review their privacy policies before providing them with any information.

11. Changes to This Privacy Policy

We review this Privacy Policy at least annually and update it as our practices, the services we offer, or applicable law change. The “Effective Date” and “Last Reviewed” dates at the top of this page reflect the most recent update. Material changes will be highlighted on this page; we encourage you to check back periodically.

12. Contact Us

If you have questions or requests regarding this Privacy Policy, or if you would like to exercise a privacy right, please contact us:

7 Layer Solutions, Inc.

Attn: Privacy — SVP of Cybersecurity Services

Email: privacy@7layerit.com

Phone: 1-844-752-9374

 

Internal owner: SVP of Cybersecurity Services (Program Coordinator). Reviewed at least annually; review attestation recorded in the Customer Information Safeguards Program.