Privacy Policy
Last updated: June 28, 2026
[ATTORNEY REVIEW NEEDED] — This policy describes Cloud Technology Partners LLC’s current data practices in plain language. It is not a substitute for legal advice. Material edits, additions of jurisdictional rights language, or claims about specific compliance certifications should be reviewed by qualified counsel before publication.
1. Who we are
Cloud Technology Partners LLC (“CTP”, “we”, “us”, or “our”) is a Florida limited liability company that sources and supplies qualified technology professionals to enterprise clients, systems integrators, managed service providers, and prime vendors on a Corp-to-Corp (C2C) basis. We operate the website at cloudtechpartners.llc, the consultant intake form, and a private consultant portal hosted on Cloudflare. For the personal information described in this policy, CTP acts as the data controller.
Privacy questions, data-subject requests, and complaints may be sent to: info@cloudtechpartners.llc.
2. Scope
This policy applies to personal information we collect through:
- the public marketing website and contact pages;
- the consultant intake form at
/join; - the authenticated consultant portal (onboarding, document signing, ACH, COI, and ongoing engagement administration); and
- email and other direct communications you have with us about a placement or potential placement.
This policy does not govern client systems, third-party staffing portals, or upstream vendor systems that you may also be required to use during an engagement. Those systems are operated by their respective owners and have their own privacy notices.
3. Information we collect
We collect personal information in two distinct stages, reflecting our two-stage operating model:
3.1 Stage one — intake (anyone who applies)
When you submit a consultant application through our intake form, we collect:
- Identity & contact: full name, email address, phone number, LinkedIn profile URL;
- Business information: legal business name, state of incorporation, entity type;
- Professional profile: resume file, skills, certifications, work history, availability, desired hourly/daily rate, current company;
- Eligibility attestations: US work authorization, US-incorporated entity, ability to engage C2C, insurance coverage, background-check willingness, and senior-experience self-certification;
- Consent records: timestamps of your privacy and terms consent, the consent version, and your attestation responses;
- Referral source: how you heard about us, if you choose to provide it;
- Technical metadata: IP address, browser user-agent, and submission timestamp, used for security, abuse prevention, and audit logging.
3.2 Stage two — onboarding and active engagement (selected consultants)
If your application advances and you are placed (or are being prepared for placement) on a client engagement, we collect additional information through the consultant portal as required by the executed Master C2C Subcontractor Agreement and the applicable Statement of Work (“SOW”):
- Full personal information: legal name, residential address, date of birth, and other identifiers required for background screening;
- Government identifiers: Social Security Number (SSN) and/or other Taxpayer Identification Numbers (TIN) for required tax forms (W-9 / W-8 series);
- Banking information: ACH account and routing numbers for payment;
- Insurance documentation: Certificates of Insurance (COI) for Commercial General Liability, Professional Liability / E&O, Workers’ Compensation (or applicable exemption), and any cyber or technology E&O coverage required by the client;
- Signed documents: Master C2C Subcontractor Agreement, SOWs, addenda, NDAs, and any flow-down acknowledgements required by the upstream client;
- Background-screening results: identity verification, employment verification, and criminal history, performed by our screening provider (see §7);
- Work-authorization documentation as required by client or law;
- Timekeeping, invoicing, and engagement records generated during active assignments.
3.3 Sensitive data we do not collect through the public intake
We do not collect SSN, ACH, or government-issued ID through the public intake form. Those items are only requested after an active engagement opportunity exists, through the authenticated consultant portal, and only to the extent required to contract, onboard, screen, pay, or invoice for the engagement.
4. Why we collect it (purpose & lawful basis)
| Category | Purpose | Lawful basis |
|---|---|---|
| Intake / professional profile | Evaluate fit for the network; match to client opportunities | Legitimate interest; pre-contractual steps at your request |
| Eligibility attestations & consent records | Establish that applicants meet the published network requirements; audit trail | Consent; legitimate interest in fraud and misrepresentation prevention |
| SSN / TIN, tax forms | Issue payments; comply with US tax reporting | Legal obligation; performance of a contract |
| ACH bank details | Pay subcontractor invoices under the C2C agreement | Performance of a contract |
| COI / insurance documentation | Verify mandatory insurance coverage required by client and by the C2C agreement | Performance of a contract; legitimate interest in risk management |
| Background-screening results | Confirm identity, employment, and criminal-history checks where required by client or law | Legitimate interest; consent; compliance with client flow-down requirements |
| Signed agreements & flow-down acknowledgements | Evidence of the binding C2C relationship and upstream-client obligations | Performance of a contract; legal obligation |
| Technical metadata, audit logs | Security, abuse prevention, dispute resolution, audit trail | Legitimate interest; legal obligation |
We do not sell, rent, broker, or share your personal information with third parties for their own marketing or advertising. Personal information is used only for the purposes listed above and shared only with the processors and recipients described in §6 and §7.
5. How we store and protect it
Personal information collected through our platform is stored on Cloudflare infrastructure operated by CTP:
- Cloudflare D1 (SQLite) for structured records — applicants, consultants, engagements, audit logs;
- Cloudflare R2 for file storage — resumes, COIs, signed agreements;
- Cloudflare Workers KV for transient operational data (rate limits, short-lived tokens).
All data is encrypted in transit via TLS. Highly sensitive fields — including SSN, TIN, and ACH account information — are encrypted at rest with application-managed keys before being written to D1, in addition to the underlying platform encryption. Resume files and other documents stored in R2 are kept in a private bucket and are only accessible through authenticated, audited admin and portal endpoints; they are never exposed via direct public URL.
Internal administrative access is gated by Cloudflare Zero Trust Access
with mandatory multi-factor authentication on all /admin/* routes, and
is further restricted by role-based access control (RBAC) inside the application.
Every access to candidate, consultant, or engagement personal information is
recorded in an immutable audit log.
[ATTORNEY REVIEW NEEDED] — We do not currently claim any formal compliance certifications (SOC 2, ISO 27001, HIPAA, PCI DSS, etc.). Do not add such claims here without verifying that an attestation actually exists.
6. Who has access
Personal information is accessible only to:
- CTP operators (currently the founders and authorized administrators) who have been provisioned through Cloudflare Access with a named role, and only to the extent that role requires;
- Sub-processors we have engaged to deliver the service, listed in §7, each bound by contract to use the data only on our instructions; and
- Upstream clients, GSIs, MSPs, and prime vendors to whom we are presenting your profile or with whom you are actively placed, limited to the information they need to evaluate or administer the engagement (typically: resume, skills, references, COI evidence, and background-check status).
7. Sub-processors and third parties
| Recipient | Purpose | Categories shared |
|---|---|---|
| Cloudflare, Inc. | Hosting, database (D1), file storage (R2), queues, Workers AI advisory vetting, bot protection (Turnstile), analytics | All platform data, processed within Cloudflare infrastructure |
| Resend / Cloudflare Email Routing | Transactional email delivery (application confirmations, operator alerts, portal notifications, signing receipts) | Name, email address, message content |
| Checkr (or comparable consumer reporting agency) | Background screening: identity verification, employment verification, criminal history | Identity information you submit for screening; results returned to CTP |
| Upstream clients, GSIs, MSPs, prime vendors | Evaluation for and administration of a specific engagement | Resume, skills, references, COI evidence, background-check status, timekeeping records, and information required by the applicable SOW |
We do not use third-party advertising networks, marketing trackers, or analytics tools that profile individuals across sites. The website’s analytics is privacy-respecting and does not collect PII as event properties.
8. AI-assisted review
We use an automated AI vetting system (Cloudflare Workers AI, model
@cf/meta/llama-3.1-8b-instruct) to generate advisory review signals
from your resume and application fields. These signals help our operators
prioritize and contextualize manual review.
AI output is advisory only: a human CTP operator makes every
accept, reject, present-to-client, and removal decision. No automated
decision-making produces legally significant outcomes about you without human
review.
9. Data retention
We retain personal information only as long as we need it, applying these defaults:
- Rejected or stale applicants: retained for 24 months from the date of rejection or last activity, then purged from D1 and R2. Anonymized audit-trail entries (no PII) are retained beyond that for fraud-prevention and dispute purposes.
- Active bench consultants: retained while your profile is active, reviewed at least annually; inactive profiles are archived or anonymized.
- Placed or previously placed consultants: personal information, signed agreements, tax forms, COIs, and engagement records are retained for the duration of any active engagement plus the period required by US tax, contract-recordkeeping, statute-of-limitations, and upstream-client audit obligations. [ATTORNEY REVIEW NEEDED — confirm exact retention windows for 1099/W-9, signed contracts, and insurance documentation.]
- Resume and document files (R2): deleted when the corresponding consultant record is purged or anonymized, whichever comes first, subject to the legal-hold rule above.
- Technical metadata (IP, user-agent): anonymized when the related record is anonymized.
- SSN, TIN, ACH details: retained only as long as required for tax reporting and payment-dispute resolution, then securely deleted.
10. Your rights
Regardless of your location, you may exercise the following rights by emailing info@cloudtechpartners.llc:
- Access / export: request a copy of the personal information we hold about you;
- Correction: request correction of inaccurate information, or re-submit your application to refresh your profile;
- Deletion: request deletion of your candidate record and uploaded files;
- Anonymization: where a record must be retained for legal or contractual reasons, request that we strip personal identifiers from it;
- Withdraw consent: where processing is based on consent, withdraw that consent at any time (this does not affect lawfulness of prior processing);
- Object / restrict: object to or request restriction of processing based on legitimate interest;
- Complain: lodge a complaint with the appropriate data-protection or consumer-protection authority.
We will respond to all verifiable requests within 30 days. We may need to verify your identity before processing a request, and we may retain information required by law, by an active client engagement, by an unresolved chargeback or payment dispute, or by an open audit.
10.1 If you are in the European Economic Area or United Kingdom
If you submit personal information to us from the EEA or UK, you may also have rights under the GDPR / UK GDPR including the right to data portability and the right to lodge a complaint with your local supervisory authority. CTP’s servers are operated on Cloudflare’s global infrastructure, which means data may be processed in the United States and other countries. [ATTORNEY REVIEW NEEDED — confirm whether CTP has any EEA/UK consultants, and whether Standard Contractual Clauses or another transfer mechanism are required.]
10.2 If you are a US resident
Florida and an increasing number of US states grant residents specific consumer privacy rights, including access, deletion, and the right to opt out of certain types of processing. CTP does not sell personal information and does not engage in “targeted advertising” or “profiling” as those terms are defined under those laws. To exercise any state-specific right, contact us at the address above. [ATTORNEY REVIEW NEEDED — confirm whether additional state-specific disclosures are required as CTP operates outside of FL.]
11. Children
Our platform is intended for senior technology professionals operating their own businesses. We do not knowingly collect personal information from anyone under the age of 18. If you believe a minor has submitted information to us, please contact info@cloudtechpartners.llc and we will delete it.
12. Changes to this policy
We may update this policy from time to time. Material changes will be reflected in an updated Last updated date at the top of this page and, where appropriate, communicated to active consultants by email. Continued use of our platform after an update constitutes acceptance of the revised policy.
13. Contact
Cloud Technology Partners LLC
Florida, United States
Email: info@cloudtechpartners.llc