Cloud Technology Partners

Privacy Policy

Last updated: June 28, 2026

[ATTORNEY REVIEW NEEDED] — This policy describes Cloud Technology Partners LLC’s current data practices in plain language. It is not a substitute for legal advice. Material edits, additions of jurisdictional rights language, or claims about specific compliance certifications should be reviewed by qualified counsel before publication.

1. Who we are

Cloud Technology Partners LLC (“CTP”, “we”, “us”, or “our”) is a Florida limited liability company that sources and supplies qualified technology professionals to enterprise clients, systems integrators, managed service providers, and prime vendors on a Corp-to-Corp (C2C) basis. We operate the website at cloudtechpartners.llc, the consultant intake form, and a private consultant portal hosted on Cloudflare. For the personal information described in this policy, CTP acts as the data controller.

Privacy questions, data-subject requests, and complaints may be sent to: info@cloudtechpartners.llc.

2. Scope

This policy applies to personal information we collect through:

  • the public marketing website and contact pages;
  • the consultant intake form at /join;
  • the authenticated consultant portal (onboarding, document signing, ACH, COI, and ongoing engagement administration); and
  • email and other direct communications you have with us about a placement or potential placement.

This policy does not govern client systems, third-party staffing portals, or upstream vendor systems that you may also be required to use during an engagement. Those systems are operated by their respective owners and have their own privacy notices.

3. Information we collect

We collect personal information in two distinct stages, reflecting our two-stage operating model:

3.1 Stage one — intake (anyone who applies)

When you submit a consultant application through our intake form, we collect:

  • Identity & contact: full name, email address, phone number, LinkedIn profile URL;
  • Business information: legal business name, state of incorporation, entity type;
  • Professional profile: resume file, skills, certifications, work history, availability, desired hourly/daily rate, current company;
  • Eligibility attestations: US work authorization, US-incorporated entity, ability to engage C2C, insurance coverage, background-check willingness, and senior-experience self-certification;
  • Consent records: timestamps of your privacy and terms consent, the consent version, and your attestation responses;
  • Referral source: how you heard about us, if you choose to provide it;
  • Technical metadata: IP address, browser user-agent, and submission timestamp, used for security, abuse prevention, and audit logging.

3.2 Stage two — onboarding and active engagement (selected consultants)

If your application advances and you are placed (or are being prepared for placement) on a client engagement, we collect additional information through the consultant portal as required by the executed Master C2C Subcontractor Agreement and the applicable Statement of Work (“SOW”):

  • Full personal information: legal name, residential address, date of birth, and other identifiers required for background screening;
  • Government identifiers: Social Security Number (SSN) and/or other Taxpayer Identification Numbers (TIN) for required tax forms (W-9 / W-8 series);
  • Banking information: ACH account and routing numbers for payment;
  • Insurance documentation: Certificates of Insurance (COI) for Commercial General Liability, Professional Liability / E&O, Workers’ Compensation (or applicable exemption), and any cyber or technology E&O coverage required by the client;
  • Signed documents: Master C2C Subcontractor Agreement, SOWs, addenda, NDAs, and any flow-down acknowledgements required by the upstream client;
  • Background-screening results: identity verification, employment verification, and criminal history, performed by our screening provider (see §7);
  • Work-authorization documentation as required by client or law;
  • Timekeeping, invoicing, and engagement records generated during active assignments.

3.3 Sensitive data we do not collect through the public intake

We do not collect SSN, ACH, or government-issued ID through the public intake form. Those items are only requested after an active engagement opportunity exists, through the authenticated consultant portal, and only to the extent required to contract, onboard, screen, pay, or invoice for the engagement.

4. Why we collect it (purpose & lawful basis)

Category Purpose Lawful basis
Intake / professional profile Evaluate fit for the network; match to client opportunities Legitimate interest; pre-contractual steps at your request
Eligibility attestations & consent records Establish that applicants meet the published network requirements; audit trail Consent; legitimate interest in fraud and misrepresentation prevention
SSN / TIN, tax forms Issue payments; comply with US tax reporting Legal obligation; performance of a contract
ACH bank details Pay subcontractor invoices under the C2C agreement Performance of a contract
COI / insurance documentation Verify mandatory insurance coverage required by client and by the C2C agreement Performance of a contract; legitimate interest in risk management
Background-screening results Confirm identity, employment, and criminal-history checks where required by client or law Legitimate interest; consent; compliance with client flow-down requirements
Signed agreements & flow-down acknowledgements Evidence of the binding C2C relationship and upstream-client obligations Performance of a contract; legal obligation
Technical metadata, audit logs Security, abuse prevention, dispute resolution, audit trail Legitimate interest; legal obligation

We do not sell, rent, broker, or share your personal information with third parties for their own marketing or advertising. Personal information is used only for the purposes listed above and shared only with the processors and recipients described in §6 and §7.

5. How we store and protect it

Personal information collected through our platform is stored on Cloudflare infrastructure operated by CTP:

  • Cloudflare D1 (SQLite) for structured records — applicants, consultants, engagements, audit logs;
  • Cloudflare R2 for file storage — resumes, COIs, signed agreements;
  • Cloudflare Workers KV for transient operational data (rate limits, short-lived tokens).

All data is encrypted in transit via TLS. Highly sensitive fields — including SSN, TIN, and ACH account information — are encrypted at rest with application-managed keys before being written to D1, in addition to the underlying platform encryption. Resume files and other documents stored in R2 are kept in a private bucket and are only accessible through authenticated, audited admin and portal endpoints; they are never exposed via direct public URL.

Internal administrative access is gated by Cloudflare Zero Trust Access with mandatory multi-factor authentication on all /admin/* routes, and is further restricted by role-based access control (RBAC) inside the application. Every access to candidate, consultant, or engagement personal information is recorded in an immutable audit log.

[ATTORNEY REVIEW NEEDED] — We do not currently claim any formal compliance certifications (SOC 2, ISO 27001, HIPAA, PCI DSS, etc.). Do not add such claims here without verifying that an attestation actually exists.

6. Who has access

Personal information is accessible only to:

  • CTP operators (currently the founders and authorized administrators) who have been provisioned through Cloudflare Access with a named role, and only to the extent that role requires;
  • Sub-processors we have engaged to deliver the service, listed in §7, each bound by contract to use the data only on our instructions; and
  • Upstream clients, GSIs, MSPs, and prime vendors to whom we are presenting your profile or with whom you are actively placed, limited to the information they need to evaluate or administer the engagement (typically: resume, skills, references, COI evidence, and background-check status).

7. Sub-processors and third parties

Recipient Purpose Categories shared
Cloudflare, Inc. Hosting, database (D1), file storage (R2), queues, Workers AI advisory vetting, bot protection (Turnstile), analytics All platform data, processed within Cloudflare infrastructure
Resend / Cloudflare Email Routing Transactional email delivery (application confirmations, operator alerts, portal notifications, signing receipts) Name, email address, message content
Checkr (or comparable consumer reporting agency) Background screening: identity verification, employment verification, criminal history Identity information you submit for screening; results returned to CTP
Upstream clients, GSIs, MSPs, prime vendors Evaluation for and administration of a specific engagement Resume, skills, references, COI evidence, background-check status, timekeeping records, and information required by the applicable SOW

We do not use third-party advertising networks, marketing trackers, or analytics tools that profile individuals across sites. The website’s analytics is privacy-respecting and does not collect PII as event properties.

8. AI-assisted review

We use an automated AI vetting system (Cloudflare Workers AI, model @cf/meta/llama-3.1-8b-instruct) to generate advisory review signals from your resume and application fields. These signals help our operators prioritize and contextualize manual review. AI output is advisory only: a human CTP operator makes every accept, reject, present-to-client, and removal decision. No automated decision-making produces legally significant outcomes about you without human review.

9. Data retention

We retain personal information only as long as we need it, applying these defaults:

  • Rejected or stale applicants: retained for 24 months from the date of rejection or last activity, then purged from D1 and R2. Anonymized audit-trail entries (no PII) are retained beyond that for fraud-prevention and dispute purposes.
  • Active bench consultants: retained while your profile is active, reviewed at least annually; inactive profiles are archived or anonymized.
  • Placed or previously placed consultants: personal information, signed agreements, tax forms, COIs, and engagement records are retained for the duration of any active engagement plus the period required by US tax, contract-recordkeeping, statute-of-limitations, and upstream-client audit obligations. [ATTORNEY REVIEW NEEDED — confirm exact retention windows for 1099/W-9, signed contracts, and insurance documentation.]
  • Resume and document files (R2): deleted when the corresponding consultant record is purged or anonymized, whichever comes first, subject to the legal-hold rule above.
  • Technical metadata (IP, user-agent): anonymized when the related record is anonymized.
  • SSN, TIN, ACH details: retained only as long as required for tax reporting and payment-dispute resolution, then securely deleted.

10. Your rights

Regardless of your location, you may exercise the following rights by emailing info@cloudtechpartners.llc:

  • Access / export: request a copy of the personal information we hold about you;
  • Correction: request correction of inaccurate information, or re-submit your application to refresh your profile;
  • Deletion: request deletion of your candidate record and uploaded files;
  • Anonymization: where a record must be retained for legal or contractual reasons, request that we strip personal identifiers from it;
  • Withdraw consent: where processing is based on consent, withdraw that consent at any time (this does not affect lawfulness of prior processing);
  • Object / restrict: object to or request restriction of processing based on legitimate interest;
  • Complain: lodge a complaint with the appropriate data-protection or consumer-protection authority.

We will respond to all verifiable requests within 30 days. We may need to verify your identity before processing a request, and we may retain information required by law, by an active client engagement, by an unresolved chargeback or payment dispute, or by an open audit.

10.1 If you are in the European Economic Area or United Kingdom

If you submit personal information to us from the EEA or UK, you may also have rights under the GDPR / UK GDPR including the right to data portability and the right to lodge a complaint with your local supervisory authority. CTP’s servers are operated on Cloudflare’s global infrastructure, which means data may be processed in the United States and other countries. [ATTORNEY REVIEW NEEDED — confirm whether CTP has any EEA/UK consultants, and whether Standard Contractual Clauses or another transfer mechanism are required.]

10.2 If you are a US resident

Florida and an increasing number of US states grant residents specific consumer privacy rights, including access, deletion, and the right to opt out of certain types of processing. CTP does not sell personal information and does not engage in “targeted advertising” or “profiling” as those terms are defined under those laws. To exercise any state-specific right, contact us at the address above. [ATTORNEY REVIEW NEEDED — confirm whether additional state-specific disclosures are required as CTP operates outside of FL.]

11. Children

Our platform is intended for senior technology professionals operating their own businesses. We do not knowingly collect personal information from anyone under the age of 18. If you believe a minor has submitted information to us, please contact info@cloudtechpartners.llc and we will delete it.

12. Changes to this policy

We may update this policy from time to time. Material changes will be reflected in an updated Last updated date at the top of this page and, where appropriate, communicated to active consultants by email. Continued use of our platform after an update constitutes acceptance of the revised policy.

13. Contact

Cloud Technology Partners LLC
Florida, United States
Email: info@cloudtechpartners.llc