Privacy Policy | Lillywhite Water Solutions LLC

1. Data Collection & Intake

When you submit an inquiry through our consulting intake form or register for a secure web portal account, Lillywhite Water Solutions LLC collects your name, email address, project scope, location, and required deliverables. This information is used primarily for the purpose of communicating with you, drafting a Scope of Work (SOW), executing conflict checks for expert witness services, securing your individual access to simulation models, processing invoices, and complying with applicable legal obligations. We retain intake data for no longer than three (3) years following the conclusion of our engagement, after which it is securely deleted. We do not sell, rent, or trade your personal information to third parties.

2. Confidential Infrastructure Data

During custom modeling or litigation support, all client-supplied datasets (including but not limited to SCADA logs, GIS shapefiles, hydraulic facility drawings, and operational rulesets) are securely uploaded to secure cloud storage. AWS acts as a subprocessor and is bound by a data processing agreement consistent with applicable data protection law. Access is strictly limited to authorized personnel actively working on your project. We do not use client infrastructure or proprietary data to train generalized artificial intelligence models (such as LLMs) unless explicitly authorized by the client in a separate written instrument. In the event of a data breach affecting your confidential infrastructure data, we will notify you as promptly as practicable and in any event within the timeframe required by applicable law. Where Washington state law applies, notification will be provided no later than thirty (30) days after discovery of the breach, consistent with RCW 19.255.010. Where a breach affects more than five hundred (500) Washington residents, we will also notify the Washington State Attorney General's Office as required by law. If you are subject to additional breach notification obligations under other applicable law (including GDPR or UK GDPR), we will cooperate with you in meeting those requirements.

3. Hosted Digital Twins & Telemetry

For clients utilizing our cloud hosting services or embedded web applications, we automatically collect and log anonymous runtime performance metrics (such as API response latency, CPU cycle durations, RAM footprint, and payload sizes). This data is strictly used to monitor system health, enforce SaaS tier limitations, compute variable cloud hosting costs, and ensure strict SLA compliance. Note that telemetry data used to compute hosting costs may directly affect billing; further detail is provided in your applicable service agreement. We do not inspect, log, or store the specific values of flow, pressure, or operational variables passed through our stateless API endpoints during a simulation unless executing a diagnostics procedure authorized in writing through an active support ticket. Any logs collected during a diagnostics procedure will be permanently deleted upon closure of the associated support ticket.

4. Cookies and Web Analytics

This website may use essential cookies and similar tracking technologies to temporarily maintain your authenticated session while interacting with the digital model library. These cookies are strictly necessary to provide you with secure access to the features you have requested. We may also utilize generalized, anonymized analytics tools (such as Google Analytics) to understand traffic patterns and improve performance on public-facing showcase pages. You may opt out of analytics tracking at any time by adjusting your browser settings or using the opt-out mechanism provided by the applicable analytics provider.

5. Your Rights

Depending on your jurisdiction, you may have the right to: (a) request access to the personal data we hold about you; (b) request correction of inaccurate or incomplete data; (c) request deletion of your personal data, subject to our legal retention obligations; (d) request a portable copy of your data in a machine-readable format; and (e) withdraw any consent previously provided. To exercise any of these rights, please contact us using the information provided below. We will respond to verifiable requests within thirty (30) days.

6. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the Effective Date at the top of this policy and, where appropriate, notify you by email or through a prominent notice on our website. Your continued use of our services following notice of any changes constitutes your acceptance of the updated policy.

7. Contact & Governing Law

For privacy-related inquiries, data requests, or to report a concern, please contact Lillywhite Water Solutions LLC directly at [INSERT CONTACT EMAIL]. This Privacy Policy is governed by the laws of the State of Washington, without regard to its conflict of law provisions. You are advised that violations of applicable Washington privacy laws, including the Washington My Health My Data Act (RCW 19.373), constitute per se violations of the Washington Consumer Protection Act (RCW 19.86), which is enforceable by the Washington State Attorney General and through private action. This website and our services are not directed at individuals under the age of 18, and we do not knowingly collect personal data from minors.