Who we are
Cardarelli Group Inc. (“Cardarelli Group,” “we,” “us”) builds AI-native software for government, finance, law, and security, operating across the United States, Canada, and the United Kingdom. This policy covers personal information handled through this website.
What we collect
This website collects personal information in two ways only:
- Contact form. If you write to us, we receive the name, email address, organization (optional), and message you choose to provide.
- Technical logs. Our hosting infrastructure records standard server logs — IP address, browser type, pages requested, and timestamps — for security and reliability.
We do not operate user accounts, and we do not use analytics or advertising trackers on this site.
How we use it
- To read and respond to your inquiry — the message you submit is delivered by email to our team.
- To keep the website secure, available, and performing properly.
- To meet legal obligations that apply to us.
Legal bases
Where the UK GDPR or similar laws apply, we rely on your consent (you choose to submit the contact form) and our legitimate interests in operating a secure website and responding to business inquiries. In Canada, we handle personal information in accordance with PIPEDA; in the United States, in accordance with applicable state privacy laws.
Sharing and service providers
We do not sell personal information, and we do not share it with third parties for their own marketing. We use a small number of service providers to run this website:
- Postmark (ActiveCampaign, LLC) — delivers contact-form submissions to us by email.
- Google Cloud Platform (Google LLC) — this website runs within our own Google Cloud environment, which produces the technical logs described above.
These providers process data on our behalf under their own contractual and security commitments. We may also disclose information if required by law or to protect our rights.
International transfers
Information collected through this website — contact-form submissions and technical logs — is processed in the United States. Where that information moves across borders from the United States, Canada, or the United Kingdom, we rely on safeguards recognized by applicable law.
This applies to the corporate website only. When we deliver our products and services, customer data is hosted with residency in the customer-specified country of origin — it is not governed by this website policy.
Retention
Contact-form messages are kept for as long as needed to handle the inquiry and for a reasonable period afterwards for record-keeping, then deleted. Technical logs are retained on our cloud environment's standard short rotation.
Your rights
Depending on where you live, you may have the right to access, correct, delete, or receive a copy of your personal information, to object to or restrict certain processing, and to withdraw consent. To exercise any of these rights, reach us through the contact page.
You may also complain to your supervisory authority: the Office of the Privacy Commissioner of Canada (OPC), the UK Information Commissioner's Office (ICO), or your U.S. state attorney general.
Children
This website is intended for professional audiences and not directed to children. We do not knowingly collect personal information from anyone under 16.
Changes and contact
We will post any changes to this policy on this page and update the effective date above. Questions about this policy can be sent through the contact page.