Privacy Policy

Last Updated: August 5, 2025

1) Who we are and scope

This Privacy Policy explains how Acquisition Stars (the "Firm," "we," "us," or "our") collects, uses, discloses, and protects personal information when you use our website at acquisitionstars.com, contact us, book a consult, or engage with our services. It also describes rights that may apply to you under applicable laws.

Contact (Primary):

Acquisition Stars
26203 Novi Road, Suite 200
Novi, MI 48375, USA
Phone: (248) 266-2790
Email: consult@acquisitionstars.com

2) Information we collect

A. Information you provide directly

  • Identifiers and contact details (name, email, phone, address, employer/title)
  • Matter/engagement data you choose to share in forms, emails, or calls
  • Scheduling and intake details (e.g., preferred times, questionnaire responses)
  • Career information if you apply for a role

B. Information collected automatically

  • Device and usage data (IP address, device/browser, pages viewed, timestamps, referring URLs)
  • Cookie and similar tech data for site operations and performance analytics. Your current site banner indicates Strictly Necessary and Performance cookies only; Targeting/Advertising cookies are not used.

C. Sources

  • You, your devices, and your communications with us
  • Service providers (e.g., website hosting, analytics, scheduling, legal practice tools)

3) How we use information

We process personal information to:

  • Operate and improve the website and our services
  • Respond to inquiries, schedule consultations, and manage client intake
  • Maintain client files, manage matters, and deliver legal services
  • Communicate about events, updates, or services (you can opt out of marketing at any time)
  • Protect security, prevent fraud, and comply with legal/ethical obligations

If you are in the EU/UK, our legal bases may include contract, consent, legal obligation, and legitimate interests (e.g., site security and essential analytics).

4) Law-firm confidentiality vs. website submissions

Communications sent through the website or before a formal engagement do not create an attorney-client relationship and should not include confidential information. Once an engagement is established, client information is protected by professional obligations and applicable law; we handle it consistent with this Policy and our duties.

5) Cookies and similar technologies

  • Strictly necessary cookies: run core site functions
  • Performance cookies: measure traffic and improve site performance; info is aggregated
  • Targeting/advertising cookies: not in use per your current banner

You can manage cookies via the on-site banner and your browser settings.

6) Sharing and disclosures

We do not sell or "share" personal information for cross-context behavioral advertising. We disclose data to:

  • Service providers/Processors (hosting, analytics, practice management/scheduling, email, document storage) under contracts that restrict use
  • Professional advisors (e.g., auditors) under confidentiality
  • Authorities or parties in legal matters when required by law or to protect rights
  • Successors in a business transaction, subject to this Policy's protections

7) Data retention

We retain personal information only as long as needed for the purposes above, to meet legal/ethical obligations (including file-retention duties for law firms), resolve disputes, and enforce agreements. Under GDPR, retention must be disclosed in a transparent way and limited to what's necessary.

8) Security

We maintain reasonable administrative, technical, and physical safeguards designed to protect personal information against loss, misuse, and unauthorized access or disclosure. No method of transmission or storage is 100% secure.

9) Michigan-specific disclosures

Identity Theft Protection Act (MCL 445.61 et seq.): If a breach of the security of our systems involves Michigan residents' personal information, we will provide notice without unreasonable delay and no later than 45 days after determining a breach, subject to law-enforcement delay. Notices generally describe the incident, types of information involved, actions taken, steps you can take, and contact info.

Social Security Number Privacy Act (MCL 445.81 et seq.): We limit the collection, use, display, transmission, and storage of SSNs; we do not publicly post or display more than four sequential digits and we protect SSNs' confidentiality consistent with the Act. We do not collect SSNs through the public website intake forms.

10) U.S. children's data

Our services and site are not directed to children under 13, and we do not knowingly collect personal information from them. If we learn we have, we will delete it and take appropriate steps under COPPA.

11) Marketing communications (CAN-SPAM)

If we send commercial emails, they will include our valid physical address and a clear way to opt out; opt-out requests are honored within required timeframes.

12) California residents (CCPA/CPRA)

If you are a California resident, you may have the rights to know/access, correct, delete, and opt out of sale/sharing, plus the right to limit use/disclosure of sensitive personal information. We currently do not sell or share your personal information. We provide a Notice at Collection via this Policy summarizing categories, purposes, and retention. You can submit requests as described in Section 15 below.

Category Examples Purpose(s) Disclosed to
Identifiers name, email, phone, IP intake, consults, communications, security service providers; practice tools
Professional/Employment role, company, application info intake, conflict checks, hiring service providers; advisors
Internet/Usage device, pages viewed, referrer site operation, performance analytics analytics/hosting providers

We do not use or disclose "sensitive personal information" to infer characteristics.

13) International data transfers (GDPR/UK GDPR)

If you are in the EEA/UK and your data is transferred to the U.S. or elsewhere, we rely on appropriate safeguards (e.g., Standard Contractual Clauses) and implement supplementary measures consistent with GDPR transparency and Articles 12–14.

14) Your privacy rights and choices

Depending on your location, you may have rights to:

  • Access/know the categories and specific pieces of personal information we hold about you
  • Correct inaccurate information
  • Delete/erase information, subject to legal/ethical retention obligations (see GDPR Article 17 for EEA/UK)
  • Object/opt out of certain processing (e.g., non-essential cookies, marketing)
  • Portability (receive a copy in a portable format)
  • Limit the use/disclosure of sensitive personal information (California)
  • Appeal a denial (where required by state law)

We will not discriminate against you for exercising your privacy rights. (CCPA/CPRA.)

15) How to submit a request

Submit access, correction, deletion, or other privacy requests by email to consult@acquisitionstars.com or mail to Privacy Request, Acquisition Stars, 26203 Novi Road, Suite 200, Novi, MI 48375. Please provide sufficient information to verify your identity and describe your request. Authorized agents may submit requests where permitted by law.

16) Data breach notifications (Michigan)

If a breach triggers notice obligations under Michigan's Identity Theft Protection Act, we will notify affected Michigan residents and, where applicable, consumer reporting agencies and the Michigan Attorney General, within statutory timelines (generally no later than 45 days of determining a breach and subject to lawful delay). Notices include the elements required by law.

17) Changes to this Policy

We may update this Policy from time to time. The "Last Updated" date at the top reflects the latest revision. Material changes will be posted on this page.

18) How to contact us

Questions about this Policy or our privacy practices: consult@acquisitionstars.com or (248) 266-2790.