Privacy Policy
LEGAL
Effective Date: February 27, 2026
1. Introduction
Total Growth Coaching and Consulting, LLC (“TGC&C,” “we,” “our,” or “us”) is a Texas limited liability company that provides people strategy consulting, leadership development, executive coaching, talent management, organizational advisory, and related professional services. We are headquartered in the Dallas-Fort Worth metropolitan area and serve clients throughout the United States and internationally.
We respect your privacy and are committed to protecting the personal information you share with us. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website at totalgrowthcc.com (the “Site”), engage our services, or otherwise interact with us.
This Privacy Policy is designed to comply with applicable privacy laws, including the Texas Data Privacy and Security Act (TDPSA), the California Consumer Privacy Act as amended (CCPA/CPRA), the European Union General Data Protection Regulation (EU GDPR), the United Kingdom General Data Protection Regulation (UK GDPR) and Data Protection Act 2018, the Australian Privacy Act 1988, the Canadian Personal Information Protection and Electronic Documents Act (PIPEDA), and other applicable data protection laws in jurisdictions where we provide services.
By accessing our Site or engaging our services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with these practices, please do not use our Site or services.
2. Data Controller
For the purposes of the EU GDPR, UK GDPR, and other applicable data protection laws, the data controller responsible for your personal data is:
Total Growth Coaching and Consulting, LLC
Attn: Privacy Inquiries
Email: michael@totalgrowthcc.com
Location: Dallas-Fort Worth, Texas, United States
If you are located in the European Economic Area (EEA), you may also contact our designated EU representative (see Section 15).
3. Information We Collect
3.1 Information You Provide Directly
We collect information that you voluntarily provide to us, including:
Contact Information: Name, email address, phone number, company name, job title, and mailing address.
Service Engagement Information: Details you share during discovery calls, intake forms, scoping conversations, coaching sessions, assessments, and consulting engagements.
Assessment Data: Results and responses from leadership assessments administered through our services, including but not limited to Hogan, EQ-i 2.0, CliftonStrengths, DiSC, TKI, 360-degree feedback surveys, and other validated instruments.
Payment Information: Billing address, payment card details, and banking information processed through our third-party payment processor (Stripe). We do not store full payment card numbers on our systems.
Account Information: Login credentials for our client resource library, learning management system, or coaching platform (CoachAccountable).
Communications: Messages you send to us via email, contact forms, or other correspondence.
User-Generated Content: Blog comments, podcast inquiries, or feedback you submit through the Site.
3.2 Information Collected Automatically
When you visit our Site, we may automatically collect certain information, including:
Device and Usage Data: IP address, browser type and version, operating system, referring URLs, pages visited, time spent on pages, and clickstream data.
Cookies and Similar Technologies: We use cookies, web beacons, and similar tracking technologies to enhance your experience. See Section 8 (Cookies and Tracking Technologies) for details.
Analytics Data: We use Google Analytics 4 to collect aggregated and anonymized website usage statistics.
3.3 Information from Third Parties
We may receive information about you from third-party sources, including:
Assessment publishers and platforms (e.g., Hogan Assessment Systems, Multi-Health Systems, Gallup) when you complete assessments we have authorized.
Scheduling platforms (e.g., Acuity Scheduling) when you book appointments.
Payment processors (e.g., Stripe) regarding transaction confirmations.
Referral partners who introduce you to our services with your knowledge.
4. Lawful Bases for Processing (GDPR / UK GDPR)
Where the EU GDPR or UK GDPR applies, we process your personal data on the following lawful bases. The table below maps each processing activity to its corresponding legal basis:
| Processing Activity | Lawful Basis | Details |
| Service delivery (consulting, coaching, assessments) | Performance of a contract | Necessary to fulfill the engagement agreement you have entered into with us. |
| Payment processing and invoicing | Performance of a contract | Necessary to process payments for services rendered. |
| Assessment administration and scoring | Performance of a contract; Consent | Contract basis for organizationally sponsored assessments; consent for individually purchased assessments. |
| Marketing emails, newsletters, and promotional content | Consent | We send marketing communications only with your affirmative opt-in consent. You may withdraw consent at any time. |
| Website analytics and performance monitoring | Legitimate interests; Consent | Legitimate interest in understanding Site usage. For EEA/UK visitors, non-essential analytics cookies require consent. |
| Business operations and service improvement | Legitimate interests | Our legitimate interest in improving our services and business operations, balanced against your privacy rights. |
| Responding to inquiries and support requests | Legitimate interests; Pre-contractual steps | Responding to your requests as part of our legitimate business operations or to take steps before entering a contract. |
| Legal compliance and dispute resolution | Legal obligation; Legitimate interests | Necessary to comply with applicable laws or to establish, exercise, or defend legal claims. |
| Sharing summary reports with organizational sponsors | Legitimate interests; Consent | Based on the engagement agreement and your informed consent regarding the scope of sharing. |
Where we rely on legitimate interests, we have conducted a balancing assessment to ensure that our interests do not override your fundamental rights and freedoms. You may request a copy of our legitimate interest assessments by contacting us.
Where we rely on consent, you have the right to withdraw consent at any time without affecting the lawfulness of processing carried out before withdrawal. To withdraw consent, contact us at michael@totalgrowthcc.com or use the unsubscribe mechanism in any marketing email.
5. How We Use Your Information
We use the information we collect for the following purposes:
Service Delivery: To provide consulting, coaching, advisory, assessment, and training services you have engaged.
Client Relationship Management: To communicate with you about your engagement, schedule sessions, deliver reports, and provide follow-up.
Assessment Administration: To administer, score, interpret, and debrief leadership assessments as part of your development engagement.
Payment Processing: To process invoices, subscription payments, and refunds through our payment processor.
Website Operations: To maintain and improve our Site, provide customer support, and ensure security.
Marketing and Communications: To send newsletters, blog updates, podcast announcements, and promotional materials, where you have opted in or where permitted by applicable law.
Content Personalization: To provide access to the client resource library, learning paths, and self-paced courses.
Business Analytics: To analyze trends, measure the effectiveness of our services and marketing, and improve our offerings.
Legal Compliance: To comply with applicable laws, regulations, and legal processes.
6. How We Share Your Information
We do not sell your personal information to third parties. We may share your information in the following limited circumstances:
Service Providers: We share information with third-party vendors who assist us in operating our business, including website hosting (Hostinger), payment processing (Stripe), email services (Google Workspace), scheduling (Acuity), coaching platform (CoachAccountable), course delivery (LearnDash), and analytics (Google). These providers are contractually obligated to use your data only to perform services on our behalf and are bound by data processing agreements where required by applicable law.
Assessment Publishers: Assessment responses are shared with and processed by the relevant assessment publisher (e.g., Hogan Assessment Systems, Multi-Health Systems, Gallup) solely for scoring and reporting purposes.
Contract Coaches and Consultants: If your engagement involves a contract coach or consultant working under the TGC&C brand, relevant engagement information will be shared with that individual as necessary to deliver services. All contractors are bound by confidentiality and data processing obligations.
Organizational Sponsors: If your employer or organization has engaged TGC&C on your behalf (e.g., for executive coaching or assessment), we may share summary reports, assessment results, or progress updates with your organizational sponsor as outlined in your engagement agreement. We will inform you of the scope of such sharing before services begin.
Legal Requirements: We may disclose information if required to do so by law, court order, subpoena, or other legal process, or if we believe in good faith that disclosure is necessary to protect our rights, your safety, or the safety of others.
Business Transfers: In the event of a merger, acquisition, reorganization, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change and any choices you may have regarding your information.
7. International Data Transfers
TGC&C is based in the United States. If you access our Site or engage our services from outside the United States, your personal data will be transferred to and processed in the United States.
7.1 Transfer Mechanisms
For transfers of personal data from the EEA, the United Kingdom, or Switzerland to the United States, we rely on the following transfer mechanisms to ensure that your data is protected in accordance with applicable data protection laws:
Standard Contractual Clauses (SCCs): We enter into the European Commission’s Standard Contractual Clauses (as adopted by Commission Implementing Decision (EU) 2021/914) with our service providers and, where appropriate, with clients whose data is transferred to the United States. For UK transfers, we use the UK International Data Transfer Addendum to the EU SCCs.
Supplementary Measures: Where required, we implement supplementary technical and organizational measures to ensure an adequate level of protection, including encryption in transit and at rest, access controls, and data minimization practices.
Consent: In limited circumstances where SCCs are not practicable (e.g., one-time inquiry submissions), we may rely on your explicit, informed consent to the transfer. You will be notified before the transfer occurs and may withdraw consent at any time.
7.2 Transfer Impact Assessment
We have conducted a transfer impact assessment evaluating the legal framework in the United States as it relates to the personal data we process. Given the nature of our services (business-to-business professional consulting and coaching), the categories of data we process, and the technical safeguards we employ, we have determined that the risk to data subjects is low and that our supplementary measures provide adequate protection.
You may request a copy of the relevant SCCs or our transfer impact assessment by contacting us at michael@totalgrowthcc.com.
7.3 Other International Transfers
For transfers from Australia, Canada, and other jurisdictions with data transfer restrictions, we ensure compliance with applicable local requirements, including entering into appropriate contractual protections and applying technical safeguards consistent with the standards described above.
8. Cookies and Tracking Technologies
8.1 Types of Cookies
Our Site uses cookies and similar technologies. The types of cookies we use include:
Strictly Necessary Cookies: Required for the Site to function properly, including session management, login authentication, and security. These cookies cannot be disabled.
Analytics Cookies: Used via Google Analytics 4 to understand how visitors interact with our Site. For visitors in the EEA, UK, and other jurisdictions requiring affirmative consent, these cookies are only set after you provide consent.
Functional Cookies: Remember your preferences and settings to improve your experience.
8.2 Cookie Consent
For visitors located in the European Economic Area, the United Kingdom, and other jurisdictions that require affirmative consent for non-essential cookies:
We display a cookie consent banner on your first visit that requires your active, affirmative consent before any non-essential cookies (including analytics and functional cookies) are set.
You may accept all cookies, reject non-essential cookies, or customize your preferences through the consent banner.
You may change or withdraw your cookie consent at any time by accessing the cookie settings link in the footer of our Site.
If you do not provide consent, only strictly necessary cookies will be used.
For visitors in other jurisdictions, you can control cookies through your browser settings. Most browsers allow you to block or delete cookies. Disabling cookies may affect the functionality of certain features on our Site.
8.3 Do Not Track Signals
Some browsers include a “Do Not Track” (DNT) feature. There is no uniform standard for how DNT signals should be interpreted. At this time, our Site does not respond to DNT signals. However, you can manage your cookie preferences as described above.
9. Data Retention
We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected, comply with our legal obligations, resolve disputes, and enforce our agreements. When we no longer have a lawful basis or legitimate business need to retain your data, we will securely delete or anonymize it.
General retention periods include:
Client Engagement Records: Retained for seven (7) years after the conclusion of the engagement, consistent with professional standards and Texas business record-keeping requirements.
Assessment Data: Retained in accordance with the assessment publisher’s policies and professional ethical standards (typically three to five years). Raw assessment data may be returned to the publisher after the engagement concludes.
Financial Records: Retained for seven (7) years in accordance with IRS requirements.
Marketing Data: Retained until you unsubscribe, withdraw consent, or request deletion.
Website Analytics: Aggregated analytics data is retained indefinitely. Individual-level data is retained for twenty-six (26) months, consistent with Google Analytics default settings.
Where the GDPR or UK GDPR applies, and our retention period exceeds what is strictly necessary for the original processing purpose, we will rely on a lawful basis (such as legal obligation or legitimate interest in defending potential claims) for the continued retention.
10. Data Security
We implement reasonable administrative, technical, and physical safeguards to protect your personal information, including:
SSL/TLS encryption on all Site pages and data transmissions.
Secure, tokenized payment processing through Stripe (PCI-DSS compliant).
Password-protected access to client portals and coaching platforms.
Two-factor authentication on administrative systems.
Regular security monitoring and updates through Wordfence and hosting provider security features.
Limited access controls ensuring that only authorized personnel can access client data.
Encryption at rest for sensitive client data, including assessment results.
While we take reasonable measures to protect your information, no method of transmission over the internet or electronic storage is completely secure. We cannot guarantee absolute security.
11. Data Breach Notification
In the event of a personal data breach that is likely to result in a risk to the rights and freedoms of individuals, we will:
Notify the relevant supervisory authority within 72 hours of becoming aware of the breach, where required under the GDPR or UK GDPR.
Notify affected individuals without undue delay where the breach is likely to result in a high risk to their rights and freedoms.
Notify affected individuals as required under applicable U.S. state data breach notification laws (including the Texas Identity Theft Enforcement and Protection Act) and applicable laws in other jurisdictions.
Maintain an internal record of all personal data breaches, including the facts, effects, and remedial actions taken.
Notifications will include, to the extent known: the nature of the breach, the categories and approximate number of individuals affected, the likely consequences, and the measures taken or proposed to address the breach.
12. Your Rights and Choices
12.1 All Users
Regardless of your location, you have the right to:
Request access to the personal information we hold about you.
Request correction of inaccurate or incomplete personal information.
Request deletion of your personal information, subject to our legal retention obligations.
Opt out of marketing communications at any time by clicking the unsubscribe link in any email or contacting us directly.
Withdraw consent for data processing where consent is the legal basis.
12.2 European Economic Area and United Kingdom Residents
If you are located in the EEA or United Kingdom, you have the following additional rights under the GDPR and UK GDPR:
Right of Access: You may request a copy of the personal data we hold about you (a “subject access request”).
Right to Rectification: You may request that we correct inaccurate or incomplete personal data.
Right to Erasure: You may request that we delete your personal data where there is no compelling reason for its continued processing.
Right to Restriction of Processing: You may request that we restrict the processing of your personal data in certain circumstances (e.g., while we verify the accuracy of data you have contested).
Right to Data Portability: You may request to receive your personal data in a structured, commonly used, machine-readable format and have the right to transmit that data to another controller.
Right to Object: You may object to processing based on legitimate interests or processing for direct marketing purposes. Where you object to direct marketing, we will cease processing immediately.
Right to Withdraw Consent: Where processing is based on consent, you may withdraw consent at any time without affecting the lawfulness of processing carried out before withdrawal.
Right to Lodge a Complaint: You have the right to lodge a complaint with your local data protection supervisory authority. A list of EEA supervisory authorities is available at https://edpb.europa.eu/about-edpb/about-edpb/members_en. For UK residents, the supervisory authority is the Information Commissioner’s Office (ICO) at https://ico.org.uk.
We will respond to all EEA and UK data subject requests within thirty (30) days of receipt. If we require additional time (up to an additional sixty days for complex requests), we will inform you of the extension and the reasons for it within the initial thirty-day period.
12.3 Texas and U.S. State Privacy Rights
If you are a resident of Texas or another U.S. state with applicable privacy legislation (including but not limited to the Texas Data Privacy and Security Act, the California Consumer Privacy Act as amended by the CPRA, the Virginia Consumer Data Protection Act, and the Colorado Privacy Act), you may have additional rights, including:
The right to know what personal information we collect, use, and share.
The right to request deletion of your personal information.
The right to opt out of the sale or sharing of your personal information (we do not sell personal information).
The right to non-discrimination for exercising your privacy rights.
The right to data portability in a commonly used, machine-readable format.
12.4 Australian Residents
If you are located in Australia, you have rights under the Australian Privacy Act 1988 and the Australian Privacy Principles (APPs), including the right to access and correct your personal information, and the right to lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at https://www.oaic.gov.au if you believe your privacy has been breached.
12.5 Canadian Residents
If you are located in Canada, you have rights under the Personal Information Protection and Electronic Documents Act (PIPEDA) or applicable provincial privacy legislation, including the right to access your personal information, request corrections, and withdraw consent for future processing. You may lodge a complaint with the Office of the Privacy Commissioner of Canada (OPC) at https://www.priv.gc.ca.
12.6 How to Exercise Your Rights
To exercise any of your privacy rights, please contact us at:
Email: michael@totalgrowthcc.com
Subject Line: Privacy Rights Request — [Your Name]
Please include your name, the right you wish to exercise, and sufficient information for us to verify your identity. We will not require you to create an account to exercise your rights. We may ask for additional information to confirm your identity before processing your request.
13. Children’s Privacy
Our Site and services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child under 18, we will take steps to delete such information promptly. If you believe a child has provided us with personal information, please contact us immediately.
14. Third-Party Links
Our Site may contain links to third-party websites, platforms, or services that are not operated by us, including assessment publisher portals, podcast hosting platforms, social media sites, and scheduling tools. We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party site you visit.
15. EU and UK Representative
As TGC&C is established in the United States and offers services to individuals in the European Economic Area and the United Kingdom, we are in the process of designating representatives in the EEA and the UK in accordance with Article 27 of the EU GDPR and Article 27 of the UK GDPR, respectively.
Once designated, the contact details of our EU and UK representatives will be published here and will serve as an additional point of contact for data protection inquiries from individuals and supervisory authorities in those regions.
[EU Representative details — to be added upon designation]
[UK Representative details — to be added upon designation]
In the interim, all privacy inquiries from EEA and UK residents may be directed to us at michael@totalgrowthcc.com. We will respond within the timeframes required by applicable law.
16. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, services, or applicable law. When we make material changes, we will update the “Effective Date” at the top of this page and, where appropriate, notify you by email or through a notice on our Site. For changes that materially affect the processing of personal data of EEA or UK residents, we will provide notice at least thirty (30) days before the changes take effect. Your continued use of the Site or services after any update constitutes your acceptance of the revised policy.
17. Contact Us
If you have questions about this Privacy Policy, wish to exercise your privacy rights, or have concerns about our data practices, please contact us:
Total Growth Coaching and Consulting, LLC
Attn: Privacy Inquiries
Email: michael@totalgrowthcc.com
Website: totalgrowthcc.com
Location: Dallas-Fort Worth, Texas, United States
We will respond to all privacy-related inquiries within thirty (30) days of receipt, or within the timeframe required by the applicable data protection law in your jurisdiction.
18. Governing Law
This Privacy Policy is governed by and construed in accordance with the laws of the State of Texas, United States, without regard to its conflict of law principles. Any disputes arising from or related to this Privacy Policy shall be resolved in the state or federal courts located in Dallas County, Texas. Nothing in this section limits or affects the rights of data subjects under mandatory data protection laws in their jurisdiction, including the right to lodge a complaint with a local supervisory authority or to bring proceedings before their local courts where permitted by applicable law.