Privacy Policy

Last updated: 2026-05-11

1. Who we are

Lily Technology Group LLC ("LTG", "we", "our") is a software development and cloud infrastructure consultancy registered in the United States. Contact for any privacy matter: [email protected].

2. What information we collect

We collect only what is necessary to respond to inquiries and operate this website:

  • Contact form submissions: name, email address, optional company, and the message you send us.
  • Discovery call bookings: when you book through our Calendly link, Calendly collects your name, email, project type, timeline and budget range, and shares them with us.
  • Server logs: IP address, user agent, referrer, and timestamp of each request — used solely for security, abuse prevention, and diagnostics. Logs are rotated regularly.

We do not run web analytics, advertising trackers, behavioral profiling, or third-party marketing pixels.

3. Cookies

This site uses only essential cookies required for the site to work (for example, the session cookie used in the private `/admin` area, which never appears for public visitors). We do not set marketing or tracking cookies.

4. Third-party services we rely on

We use a small set of providers, each with their own privacy policy. By using this site you accept that data flows through them as described below:

  • Cloudflare — DNS, CDN, DDoS protection.
  • AWS (Amazon Web Services) — hosting infrastructure in the United States.
  • Calendly — booking of discovery calls.
  • Resend — outbound transactional email delivery.

5. How we use your data

We use the information you provide to: (a) answer your inquiry; (b) prepare a proposal or estimate if requested; (c) deliver the services you have contracted; (d) keep the site secure and operational. We do not sell, rent, or trade your data with third parties for marketing purposes.

6. HIPAA — Business Associate availability

LTG is not a Covered Entity under the U.S. Health Insurance Portability and Accountability Act (HIPAA). When we are engaged by Covered Entities or other Business Associates to build, host, or maintain systems that process Protected Health Information (PHI), we act as a Business Associate under a separate, written Business Associate Agreement (BAA).

Under such a BAA we implement Administrative, Physical and Technical Safeguards required by 45 CFR §164.308–164.312, including but not limited to: encryption at rest and in transit, role-based access control, audit logging, workforce training, breach notification procedures, and the right of the Covered Entity to inspect our controls. Public-website data collected via this site (contact forms, Calendly bookings) is not PHI and is governed exclusively by this Privacy Policy, not by HIPAA.

Our BAA template is available for review before any HIPAA engagement begins: Download BAA template (PDF, English) · Versión en español. To discuss a HIPAA engagement or request adjustments to the template, write to [email protected].

7. Data retention

Contact form submissions and email correspondence are retained for up to 24 months from the last interaction, unless a longer period is required by an active contract, applicable law, or pending litigation. Server logs are rotated every 14 days. Backups are retained for 30 days on encrypted storage and then destroyed.

8. Your rights

You may request access to, correction of, or deletion of the personal data we hold about you. Depending on your residence you may also have additional rights under regulations such as the EU General Data Protection Regulation (GDPR) — including the right to data portability, to object to processing, and to lodge a complaint with a supervisory authority — and under the California Consumer Privacy Act (CCPA) — including the right to know, the right to delete, and the right to opt out of sale (we do not sell personal data).

To exercise any of these rights, write to [email protected] from the email address on record. We respond within 30 days.

9. Children

This site is not directed to children under 13 (or under 16 in the European Economic Area). We do not knowingly collect personal data from minors.

10. International transfers

Our infrastructure is hosted in the United States. If you access this site from outside the U.S., your data will be transferred to and processed in the U.S. By using the site you consent to that transfer.

11. Changes to this policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top of this page reflects the most recent revision. Material changes will be announced via a notice on the homepage for at least 30 days.

12. Contact

Lily Technology Group LLC
838 Quindaro Blvd, Kansas City, KS 66101, United States
Email: [email protected]