How we hold information you share with us.

STREET advises asset-management firms on securities-compliance matters. The information our clients share with us is, by definition, sensitive — books and records, regulatory exposure, internal escalations, draft correspondence with the staff. We treat that information the same way an EXAMS team would: closely held, narrowly disclosed, retained only as long as the work requires.

This page covers everything else: the data you might share with us through this website before any engagement begins.

The contact form

Your name, email address, firm, and the contents of any message you choose to send through the form on /contact. If you select an inquiry template — Mock Examinations, Exam Support, Reg S-P, Retainer, or a specific question — that selection is included so we can route the conversation to the right partner.

The dispatch list

If you subscribe to 4sight, we store the email address you provide and your subscription state (subscribed, unsubscribed, bounced). Nothing else.

Web logs

Our hosting provider records standard server logs — request path, response code, user-agent, originating IP — for security and reliability monitoring. These are retained for a short window and are not used to build profiles, deliver ads, or identify individuals.

What we do not collect

No behavioural-advertising trackers. No third-party social pixels. No cross-site identifiers. No fingerprinting. No analytics suites that profile individuals across the web.

We use the information you send for one purpose: to respond to the conversation you started, on the timeline you set. If you send a question, we read it and reply. If you subscribe to the dispatch list, we send you the dispatches and nothing else.

We do not enrich your contact details against third-party data providers, do not run lead-scoring against your firm, and do not feed your information to a customer-relationship platform that lives outside our own infrastructure.

STREET does not sell, rent, lease, license, or otherwise transfer personal information for marketing purposes. We do not participate in advertising exchanges, data co-ops, or audience syndication. We do not enable behavioural tracking. There is no opt-out because there is no market in your data to opt out of.

If you stop wanting our dispatches, the unsubscribe link at the foot of every email removes you from the list. If you want a message you sent us deleted, see §N°07 below.

We operate a deliberately small vendor footprint. The third parties that handle data on our behalf — the email delivery service for 4sight, the hosting provider that serves this site, the form processor that routes inquiries — are bound by data-processing terms that prohibit them from using our data for their own purposes.

We do not engage a vendor with a data-mining business model, and we will not begin to.

Anything you share with us inside an engagement — books and records, draft correspondence with the staff, internal escalations, the patterns we identify in your firm — is treated as engagement-confidential.

We do not disclose client identities publicly. We do not publish case studies or outcome anecdotes. The essays on this site are written so that nothing in them maps to any specific engagement.

You may ask us, at any time, to:

• tell you what information we hold about you;
• correct anything that is wrong;
• delete a message you sent us, your subscription to 4sight, or anything else we hold about you that we are not required to keep for a regulatory or record-retention reason.

We will respond to any reasonable request within thirty days and almost always sooner. If you are a resident of a jurisdiction with a specific data-protection regime — the EEA, the UK, California — those rights apply to you in full; this page does not narrow them.

We retain personal information only for the periods required by applicable law and regulatory recordkeeping obligations. Subscription records persist until you unsubscribe. Anything we are not legally required to keep is disposed of when the purpose that justified it is complete.

The Reg S-P standard we apply to client infrastructure is the standard we run our own systems against. Encryption in transit and at rest; access on a least-privilege basis; authenticated audit logs; documented incident response. We treat our internal audit log as a regulatory document — the same standard we describe in our Reg S-P practice.

If we ever identify that any of your information has been, or is reasonably likely to have been, accessed without authorisation, we will notify you directly and promptly, within the windows the amended Regulation S-P sets out — and before any window the rule does not require us to meet, when we can.

Any request, correction, deletion, or question about this page should be addressed to contact@its4street.com. Please put Privacy in the subject line so it routes quickly to the right partner.