Privacy Policy

Effective date: May 28, 2026

Last updated: May 28, 2026

Introduction
Who we are and how to contact us
Personal data we collect
Where we get your data
Lawful basis for processing
How we use your data
Job applicants and HR data
Who we share your data with
International data transfers
How long we keep your data
Data security
Cookies and tracking
Your rights
Marketing communications
Children's data
Automated decision-making
Changes to this policy
Complaints

1. Introduction

This Privacy Policy explains how Summit Tech Partners LLC ("Summit," "we," "us," or "our") collects, uses, discloses, and safeguards your personal data when you visit our website, engage with our services, apply for a role with us, or otherwise interact with our business. We are committed to protecting your privacy in line with the EU and UK General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other applicable data protection laws.

If you do not agree with this policy, please do not use our website or submit personal data to us.

2. Who we are and how to contact us

Summit Tech Partners LLC is the data controller responsible for your personal data.

Postal address: Vero Beach, Florida, United States
Email for privacy requests: privacy@summittechpartners.com
General contact: info@summittechpartners.com
Phone: +1 (908) 739-3100

We have not appointed a formal Data Protection Officer (DPO). For all privacy questions, requests, or complaints, use the privacy email above and your message will be routed to the responsible team member.

3. Personal data we collect

We collect the following categories of personal data, depending on how you interact with us.

Information you give us directly

Identity and contact data: name, work email, phone number, company, job title.
Content of communications: messages, inquiries, requests, the topic of a discovery call, anything you choose to tell us.
Career data (when you apply for a role): resume or CV, work history, education, references, salary expectations, work authorization status, anything else you include in your application.
Calendar and scheduling data when you book a meeting through our site.
Form responses for white paper downloads, newsletter sign-ups, or other content requests.

Information we collect automatically

Device and connection data: IP address, browser type and version, operating system, screen resolution, time zone.
Usage data: pages visited, links clicked, time on page, referring website, navigation patterns.
Cookie identifiers and similar technologies (see the Cookies section below).

Information from third-party sources

Publicly available business information about you or your employer (LinkedIn profile, company website) to verify identity and prepare for meetings.
Background information from our applicant tracking system (JobDiva) when you apply for a role.
Authentication and analytics data from infrastructure providers (Vercel hosting, JobDiva, our email service provider).

Special categories of personal data

We do not actively collect sensitive personal data (race, religion, political views, health, biometrics, sexuality, trade union membership). If you choose to share such data with us in your communications or application materials, we will treat it as the rest of your data and we will only retain it as long as needed for the purpose you shared it.

4. Where we get your data

We collect personal data from three primary sources: directly from you when you complete a form, send an email, or apply for a role; automatically through your interactions with our website and embedded tools; and indirectly from public sources, our ATS (JobDiva), and the standard infrastructure providers that operate our services.

5. Lawful basis for processing

Under GDPR, we only process your personal data when we have a lawful basis to do so. The bases we rely on are:

Consent (Article 6(1)(a)): when you opt in to a newsletter, agree to cookies that are not strictly necessary, or otherwise expressly consent to a specific processing activity.
Performance of a contract (Article 6(1)(b)): when processing is necessary to respond to your request, deliver an engagement, or take pre-contractual steps such as scoping a project.
Legitimate interests (Article 6(1)(f)): when we have a genuine business interest, such as understanding how our site is used, securing the site, conducting B2B outreach to people in business roles, or evaluating job applicants for open roles. We balance our interests against your rights and only proceed when we believe your rights are not overridden.
Legal obligation (Article 6(1)(c)): when we must process data to comply with US, EU, UK, or other applicable law (for example, tax records, regulatory record-keeping, responding to a lawful government request).

6. How we use your data

We use personal data for specific purposes only.

To respond to your inquiry, schedule a discovery call, or arrange a meeting.
To deliver our services, including consulting engagements and talent placements.
To send you content you specifically requested (white papers, one-pagers, field reports).
To run our recruitment process and evaluate your application for an open role.
To operate, secure, and improve our website and embedded tools.
To analyze usage patterns in aggregate so we can make the site work better for visitors.
To comply with our legal, regulatory, and contractual obligations.
To prevent fraud, abuse, and unauthorized access.

We do not sell your personal data. We do not use your data for purposes unrelated to those listed above without first telling you and obtaining your consent where required.

7. Job applicants and HR data

If you apply for a role with Summit, your application data is processed through our applicant tracking system (JobDiva). We use this data to evaluate your fit for open roles, communicate with you about your application, and conduct interviews. Where you give us references, we will contact them only with your permission.

If you do not get the role you applied for, we may retain your application data for up to twenty-four (24) months so we can consider you for future opportunities, unless you ask us to delete it sooner.

We are scoping an AI-assisted screening agent that may, in the future, conduct an initial conversation with applicants and produce a recommendation for our human recruiters. If and when that capability launches, we will provide clear notice before any AI screening takes place, offer an opt-out into all-human screening, and comply with the requirements of NYC Local Law 144 and any other applicable law governing automated employment decision tools.

We share personal data only with the parties listed below, and only as needed.

Service providers and processors: hosting (Vercel), applicant tracking (JobDiva), email and calendar providers, analytics tooling. Each operates under a written agreement that requires equivalent privacy and security protections and prohibits use of your data for the vendor's own purposes.
Professional advisors: lawyers, accountants, auditors, insurers, where we have a legitimate need to disclose.
Authorities: when required by law, court order, or to protect our rights, safety, or property.
Successors in interest: in connection with a merger, acquisition, financing, or sale of business assets, subject to a written confidentiality undertaking.

We never sell or rent your personal data to advertisers, data brokers, or any third party for their independent marketing use.

9. International data transfers

Summit is based in the United States. If you contact us from the European Economic Area (EEA), the United Kingdom, or another region outside the United States, your personal data will be transferred to and processed in the United States.

The US does not have a general adequacy decision from the European Commission. Where we transfer personal data from the EEA or UK to the United States, we rely on the European Commission's Standard Contractual Clauses (and the UK International Data Transfer Addendum where applicable) to provide appropriate safeguards. By submitting personal data through this site, you consent to such transfer where consent is the applicable basis.

10. How long we keep your data

We keep your personal data only as long as necessary for the purposes set out in this policy, including to satisfy legal, accounting, or reporting requirements. Specific retention periods include:

Discovery call and inquiry data: up to twenty-four (24) months from the last interaction, unless you become a client.
Client engagement records: for the duration of the engagement plus seven (7) years for accounting and audit purposes.
Job application data: up to twenty-four (24) months from your application unless you ask us to delete sooner or you become an employee.
Newsletter and content opt-ins: until you unsubscribe or otherwise withdraw consent.
Website analytics and server logs: up to fourteen (14) months in identifiable form, aggregated indefinitely.

11. Data security

We use technical and organizational measures designed to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These include encryption in transit (TLS 1.2 or higher), access controls on production systems, least-privilege access for personnel, regular security reviews, and vendor due diligence.

No system is perfectly secure. If we become aware of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within seventy-two (72) hours and, where required, notify affected individuals.

12. Cookies and tracking

We use the following categories of cookies and similar technologies:

Strictly necessary cookies: required for the website to function (session state, security tokens). These cannot be turned off.
Functional cookies: remember preferences such as which demo you last viewed in the embedded demos viewer.
Analytics cookies: anonymized usage data we use to understand site performance. We do not use these to build advertising profiles.

We do not use third-party advertising cookies or cross-site behavioral tracking. Embedded tools (such as the JobDiva careers portal and the live demo applications hosted under stp-agr.vercel.app, stp-pinemark.vercel.app, stp-halcyon.vercel.app, and stp-pwh.vercel.app) may set their own cookies under their own privacy policies.

You can manage cookies through your browser settings. Blocking strictly necessary cookies may prevent parts of the site from working.

13. Your rights

Depending on where you live, you may have the following rights regarding your personal data. We honor these rights regardless of your jurisdiction where practicable.

Right to be informedTo know what data we hold, why, and how it is used. This policy is the main vehicle for that.

Right of accessTo request a copy of the personal data we hold about you.

Right to rectificationTo ask us to correct inaccurate or incomplete data.

Right to erasureTo ask us to delete your data where one of the legal grounds for erasure applies.

Right to restrict processingTo ask us to pause processing while a question about your data is resolved.

Right to data portabilityTo receive your data in a machine-readable format and to send it to another controller.

Right to objectTo object to processing based on legitimate interests, including direct marketing.

Right to withdraw consentTo withdraw consent at any time where consent is the basis we rely on.

To exercise any of these rights, contact privacy@summittechpartners.com. We will respond within thirty (30) days. We may need to verify your identity before acting on your request. Where the request is manifestly unfounded or excessive, we may charge a reasonable fee or refuse to act.

14. Marketing communications

If you have given us permission, we may send you content related to our service offerings, including the Quarterly Field Report and event invitations. Every marketing message includes an unsubscribe link. You can also withdraw consent at any time by emailing privacy@summittechpartners.com.

Operational messages about an engagement, a discovery call you booked, or a role you applied to are not marketing and continue regardless of marketing preferences.

15. Children's data

Our services are intended for business professionals and are not directed at children. We do not knowingly collect personal data from anyone under sixteen (16). If you believe a child has provided us with personal data, please contact us so we can delete it.

16. Automated decision-making

We do not currently make decisions about you that have legal or similarly significant effects on you using only automated means. As noted above, we are scoping an AI-assisted recruitment screening capability. If and when that launches, we will provide clear notice, an opportunity to opt out into all-human review, and the right to obtain human review of any AI-generated recommendation in line with GDPR Article 22 and applicable US state and city law.

17. Changes to this policy

We may update this policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will post the updated policy here and revise the "Last updated" date. For material changes that affect how we use your data, we will provide additional notice (for example, by email or a banner on the website).

18. Complaints

If you have a concern about how we are handling your data, please tell us first so we have an opportunity to address it. Email privacy@summittechpartners.com.

If you are in the EEA or UK and you remain dissatisfied with our response, you have the right to lodge a complaint with your local data protection supervisory authority. A list of EEA supervisory authorities is available on the European Data Protection Board website. UK residents can contact the Information Commissioner's Office (ICO) at ico.org.uk.

If you are in California, you have rights under the California Consumer Privacy Act (CCPA). To exercise CCPA rights, contact us at the same privacy address. We do not sell personal information and do not share it for cross-context behavioral advertising.

Contents