Privacy Policy for LNC Blueprint™

A product of SELNA Consulting, LLC, d/b/a “LNC Blueprint™”
Effective Date: October 2023 • Last Updated: August 2025

1) Who We Are & Scope

LNC Blueprint™ (“LNC Blueprint™,” “we,” “our,” or “us”) is owned and operated by SELNA Consulting, LLC (d/b/a “LNC Blueprint™”). This Privacy Policy explains how we collect, use, disclose, and safeguard information when you visit our sites, create an account, subscribe to, or use our platform and services (the “Services”).

By using the Services, you consent to this Policy. If you do not agree, do not use the Services.

2) Categories of Information We Collect

A. Information you provide directly

• Identifiers and contact data (name, email, phone, mailing address).

• Account data (username, password, role, preferences).

• Billing and subscription data (plan details, invoices, payment tokens via our processors; we do not store full card numbers).

• Support communications (tickets, chats, emails, phone/SMS interactions).

• Content you upload (case notes, documents, files).

• PHI (Protected Health Information): only if you accept our BAA and store PHI in HIPAA‑enabled areas of the platform.

B. Information collected automatically

• Device and network data (IP address, device ID, browser/OS, pages viewed, timestamps, referring URLs).

• Usage and diagnostic logs (features used, errors, performance metrics).

• Cookies and similar technologies (see Section 6).

C. Information from third parties

Payment processors, communication providers (email/SMS/voice), analytics/anti‑fraud, identity verification, and hosting/sub‑processors.

D. Sensitive data

We do not seek to collect sensitive personal data outside of a HIPAA/BAA context. PHI is processed only under an executed BAA and only within HIPAA‑enabled areas.

3) How We Use Information

We use information to:

• Provide, operate, and secure the Services (including authentication, account management, usage/overage metering, and customer support).

• Process payments, manage subscriptions, and enforce our Terms.

• Send required communications (e.g., service notices, Florida auto‑renewal reminders for qualifying plans, security alerts) and optional communications (product updates/marketing, where permitted).

• Improve the platform (feature development, troubleshooting, analytics).

• Detect, investigate, and help prevent fraud, abuse, or security incidents.

• Comply with law, enforce agreements, and protect our rights and users.

4) Disclosure of Information

We do not sell or rent your personal information. We disclose information to:

• Service providers / processors that help us run the Services (hosting, storage, security, email/SMS/telephony, analytics, billing). They may only use data to perform services for us.

• Legal and compliance recipients when required by law, subpoena, or to protect rights, safety, and integrity.

• Business transfers in connection with a merger, acquisition, financing, or sale of assets.

• With your direction or consent, including integrations you enable.

5) HIPAA, PHI & Business Associate Agreement (BAA)

If you will store, process, or transmit PHI through the Services, you must accept our click‑through BAA during sign‑up. By checking the acceptance box, you execute the BAA.

Our HIPAA role: When the BAA is accepted, we act as a Business Associate and handle PHI in accordance with HIPAA and the BAA (including administrative, physical, and technical safeguards; encryption in transit and at rest; subcontractor flow‑downs; and breach notification to you within five (5) business days of discovery).

Your HIPAA role: You are the Covered Entity (or Business Associate to a Covered Entity) and are responsible for HIPAA compliance within your organization, including workforce training, device and email security, and safeguarding PHI outside the LNC Blueprint™ platform. Do not upload PHI unless the BAA is accepted.

Link to BAA

6) Cookies, Analytics & Choice

We use cookies and similar technologies for essential functionality, performance, and analytics (and, if enabled, marketing). You can control cookies through browser settings. If we engage in activities that constitute “sale” or “sharing” under certain state laws, we will provide a “Do Not Sell or Share My Personal Information” mechanism and honor Global Privacy Control (GPC) signals where required. We do not currently respond to “Do Not Track” (DNT) signals.

7) SMS, Calls & TCPA Compliance

If you opt in to texts or calls, you consent to receive communications related to onboarding, account/security alerts, product updates, renewal reminders, and (where permitted) marketing. Message/data rates may apply. You can opt out of marketing texts at any time by replying STOP (for help, reply HELP). We maintain consent records and honor opt‑outs per TCPA/FCC rules

.

8) Florida Auto‑Renewal Notices

For annual subscriptions that renew for more than one month, we use your contact information to send renewal notices 30–60 days before renewal, including renewal date/price and cancellation instructions, in line with Fla. Stat. § 501.165. These notices are required communications.

9) Data Security

We employ reasonable administrative, technical, and physical safeguards appropriate to the nature of the data (including access controls, encryption in transit and at rest for HIPAA‑enabled features, audit logging, and vendor due diligence). No method of transmission or storage is 100% secure. If we learn of a security incident affecting your information, we will notify you as required by law or contract (including the BAA, where applicable).

10) Data Retention

We retain personal information as long as necessary for:

• Providing and improving the Services,

• Managing subscriptions, renewals, and required notices,

• Meeting legal, tax, accounting, security, and enforcement obligations, and

• Resolving disputes and maintaining business records.

Retention periods vary by category and purpose; when no longer needed, we delete or de‑identify data consistent with our retention schedules and legal requirements.

11) Your Privacy Rights (U.S. State Readiness)

Depending on your state (e.g., CA/CPRA, CO, CT, UT, VA and others), you may have rights to access, correct, delete, port, and opt out of certain processing (e.g., targeted advertising/sale/profiling). We will verify your request and respond within the applicable statutory timeline. We honor GPC where required.

Exercising your rights: Email support@thelncblueprint.com with subject “Privacy Request,” the state you reside in, and the right(s) you wish to exercise. We may need additional information to verify your identity and relationship with us.

12) Children’s Privacy

The Services are not directed to children under 18, and we do not knowingly collect their personal information. If we learn we have collected such information, we will delete it.

13) International Users

If you access the Services from outside the U.S., your data may be processed in the U.S. or other countries with different laws. We apply appropriate safeguards and this Policy to all such processing. If we offer EU/UK services in the future, additional GDPR/UK GDPR notices will be provided.

14) Third‑Party Links

Our Services may contain links to third‑party sites. Their privacy practices are governed by their own policies.

15) Changes to This Policy

We may update this Policy from time to time. The “Last Updated” date reflects the latest changes. Material changes will be communicated as appropriate (and consent sought where required by law).

16) Contact Us

SELNA Consulting, LLC d/b/a LNC Blueprint™
Email: support@thelncblueprint.com

Appendix A — California Notice at Collection (CPRA)

Categories collected (past 12 months):

• Identifiers (name, email, phone, IP, device IDs).

• Customer records (billing info via processor tokens).

• Commercial information (plan tier, transaction history, usage/overage metrics).

• Internet/network activity (log data as described above).

• Geolocation (coarse) derived from IP.

• Inferences (product usage preferences, if generated).

• Sensitive PI: not sought except PHI in HIPAA/BAA contexts within HIPAA‑enabled areas.

Purposes: provide Services; account/billing; security; analytics; legal compliance; required renewal notices (Florida).

Retention: as described in Section 10.

Selling/Sharing: We do not sell personal information and do not share it for cross‑context behavioral advertising. If this changes, we will provide a “Do Not Sell or Share” control and honor GPC signals.