Privacy Shield Data Privacy Policy

We are a responsible steward of the information we hold. We recognize our responsibility to protect all the data that users entrust to us. We take security issues seriously.

At HAYSTACKID LLC we are committed to protecting the privacy, accuracy and reliability of any personal information you choose to provide and to safeguarding such information from loss, misuse, unauthorized access, disclosure and alteration.

As such, we have adopted this Privacy Shield Policy to ensure that we are taking every measure to protect your data and privacy at all times.

This online privacy statement describes HAYSTACKID’s current online practices with respect to personal information collected through this website. If you do not agree with these terms, please do not disclose any personal information to us.

HAYSTACKID reserves the right to update or modify this Privacy Shield Policy without prior notice. Whenever HAYSTACKID modifies this Privacy Shield Policy, an updated version will be posted on this site.

HAYSTACKID’s Scope of Business

Haystack Information Discovery (“HAYSTACKID”) is a national end-to-end forensics and electronic discovery company providing flexible best in-class enterprise information discovery tools, customized strategy, and scalable services to streamline business process, improve responsiveness, reduce effort and decrease legal expenses.

In a rapidly evolving, new technology-driven enterprise landscape with new legal challenges rapidly proliferating, the costs of litigation services and risks can be monumental. HAYSTACKID works to mitigate these potentially frustrating and expensive situations by approaching every client as a partner, not simply a customer.

As many of HAYSTACKID’s clients operate abroad, HAYSTACKID has established Privacy Shield Certification and incorporated the various principles into corporate policies to ensure the safe, secure and confidential management of all personal information provided by clients and handled by HAYSTACKID employees.

HAYSTACKID keeps all electronically stored information (“ESI”) collected under strict privacy and confidentiality protocols, adhering to established Confidentiality and Non-Disclosure Agreements (“C&NDAs”) with each client with the utmost accuracy and consistency.

HAYSTACKID’s typical processing activities include extraction and formatting of all ESI requested to use commercially sold software for a variety of electronic litigation proceedings, such as forensic collection and review, predictive coding and advanced document analytics tools.

Statement of Policy

In an effort to ensure complete confidentiality of all personal and corporate information provided by clients, employees and any other entities, HAYSTACKID complies with the Privacy Shield established and governed by the U.S. Department of Commerce, Federal Trade Commission, European Commission, and European Data Protection Authorities. These structures are in place to ensure the proper and secure collection, use and retention of personal information received by companies in the United States from entities in the European Union and Switzerland.

HAYSTACKID’s Privacy Shield Certification ensures adherence to the Privacy Shield Principles related to a variety of information-management statutes, such as access, choice, data integrity, enforcement, notice, onward transfer and security.

As HAYSTACKID remains committed to ensuring the most optimal, secure and responsible handling of all information received from clients, regardless of which nation they might operate within, the Privacy Shield Certification strengthens the resolve and transparency HAYSTACKID intends to provide. The policy applies to personal information received from the European Union and Switzerland.

“Any information relating to an identified or identifiable natural person (“data subject”); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity.”

Though the majority of data processed by HAYSTACKID does not fit these criteria, some information transferred through email accounts of various parties will enter the equation from time to time. HAYSTACKID works to ensure total quality management of all actions taken, data managed and any other processes related to tasks received from clients. As such, this certification is essential to ensure all information – be it corporate or personal – is managed in a way that meets the most stringent criteria.

We also may be required to disclose an individual’s personal information in response to a lawful request by public authorities, including to meet national security or law enforcement requirements. In cases of onward transfer to third parties of data of EU individuals received pursuant to the EU-US Privacy Shield, HAYSTACKID is potentially liable.

For more information regarding the policies, please go to

EU-US Privacy Shield Framework

HAYSTACKID complies with the EU-US Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States, respectively. HAYSTACKID has certified that it adheres to the Privacy Shield Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement and Liability. If there is any conflict between the policies in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification page, please visit

In compliance with the EU-US and Swiss-US Privacy Shield Principles, HAYSTACKID commits to resolve complaints about your privacy and our collection or use of your personal information. European Union and Swiss individuals with inquiries or complaints regarding this privacy policy should first contact HAYSTACKID at: Jefferey  Stevens, Six Beacon Street, Suite 815, Boston, MA 02108

HAYSTACKID has further committed to refer unresolved privacy complaints under the EU-US and Swiss-US Privacy Shield Principles to BBB EU PRIVACY SHIELD, a non-profit alternative dispute resolution provider located in the United States and operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit for more information and to file a complaint.

HAYSTACKID is committed to cooperating with EU data protection authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC). HAYSTACKID will always comply with the advice given by such authorities regarding human resources data transferred from the EU and Switzerland in the context of employment relationships.

Please note that if your complaint is not resolved through these channels, under limited circumstances, a binding arbitration option may be available before a Privacy Shield Panel.


HAYSTACKID is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC).

Location of Website Manager

This website is managed by HAYSTACKID based in New York, NY, USA. Should you choose to contact us and provide personal information please be informed that such information is provided to our Corporate Office in the USA..

Collection, Access and Choice of Personal Information

In general, you can visit this website without telling us who you are or revealing any personal information.

However, if you want to access certain enhanced and premium services offered through this site, such as HAYSTACKID’s industry focused e-mail newsletters, exclusive content and advantage webinars, you will be required to provide some personal information, which will include but not be limited to your name, email address, and company name. Additionally, you will be given a user name and password and required to provide them whenever you access the enhanced and premium features on this website.

HAYSTACKID acknowledges that EU and Swiss individuals have the right to access the personal information and data that we maintain about them. An EY individual who seeks access, or who seeks to correct, amend, or delete inaccurate data, should direct his or her query to Jefferey Stevens at If requested to remove data, we will respond within a reasonable timeframe.

We collect email and other user-created files from computer devices and cloud locations. We are collecting the data because it is potentially relevant evidence in a civil or criminal litigation and/or government investigation. We would only share the data with outside counsel who will be reviewing that data for relevance and opposing counsel and/or the government agency.

If we ever were to engage in any onward transfers of your data with third parties for a purpose other than which it was originally collected to subsequently authorized, we would provide you with an opt-out choice to limit the use and disclosure of personal data.

Use and Disclosure of Personal Information

Should you choose to contact us or otherwise provide us with personal information:

  • We will provide information to law firms we work with, and they will in turn provide the data to opposing counsel in accordance with litigation-related production practices.
  • We may share your personal information third parties who process information on behalf of HAYSTACKID for the purpose of carrying out administrative, marketing, professional or technological support functions. In such instances, HAYSTACKID shall restrict the use such third parties may make of the information, in particular require that these third parties keep this information confidential. Such third parties must agree, via contract, to provide adequate protections for the Personal Data that are no less protective than those set out in this Policy. All third parties have signed non-disclosure and confidentiality agreements in place
  • As permitted by law, we may from time to time use your personal information to make you aware of additional products and services generally, which may be of interest to you.
  • As permitted by law we may disclose your personal information to unaffiliated third parties with whom we may enter into joint venture agreements, branding agreements or other strategic alliances in relation to products you have purchased or for which you have sought information, or in the event of our sale, merger, reorganization, liquidation or other similar event.
  • Finally, we may be required to disclose personal information by law or legal process, for the administration of justice, for interacting with governmental anti-fraud databases, to protect the security or integrity of our databases or this website, to protect and defend the rights or property of HAYSTACKID, to protect the personal safety of HAYSTACKID website users or to take precautions against legal liability. We reserve the right to contact appropriate authorities when activities that are illegal or violate our policies are taking place on a HAYSTACKID website. We also may be required to disclose an individual’s personal information in response to a lawful request by public authorities, including to meet national security or law enforcement requirements.
  • In cases of onward transfer to third parties of data of EU and Swiss individuals received pursuant to the EU-US and Swiss-US Privacy Shield, HAYSTACKID is potentially liable.

Internet Protocol Addresses

An Internet Protocol (“IP”) address is a number automatically assigned to your computer whenever you access the Internet. If you request pages from this website, our server will enter your IP address into a log. We store IP addresses for a period of time to assist law enforcement authorities and Internet Service Providers in the investigation of breaches of our in-house rules or terms of service, and to help identify visitors who threaten our service, site, customers or others.

We also will use this information to measure site traffic for purposes of system administration. This aggregate data also helps us to understand how people are using the website and helps us improve your online experience.


A cookie is a text-only string of information that is transferred to the cookie file of the browser on your computer’s hard disk so that we can recognize you as a repeat visitor.

A cookie will typically contain the name of the domain from which the cookie has come, the “lifetime” of the cookie, and a value, usually a randomly generated, unique number.

Cookies are commonly used by most major websites to arrange their content to match your preferred interests.

This website will automatically gather personal information, such as your first name and email address, through the use of cookies when accessing enhanced and premium areas of the website.

You also have the option of restricting the placing of these cookies on your computer by altering the security settings of your web browser.

Before altering any settings on your computer, you are strongly advised to familiarize yourself with this task by referring to the “Help” function for further information. You are also advised that totally disabling cookies may affect your ability to navigate this and certain other sites.

Please note if you access this website from different computers in different locations, you will need to ensure that each browser is adjusted to suit your cookie preferences.

How We Protect Personal Information

HAYSTACKID takes reasonable measures to protect your personal information from unauthorized access through the use of network firewalls, physical security, and use and access policies for employees. The security measures in place, at our physical premises and on this website, aim to protect against the loss, misuse or unauthorized alteration of the information provided to us.

Safeguarding Children’s Privacy

HAYSTACKID does not knowingly collect personal information or any other identifying data from children under 13 years of age. Should a child, whom we know to be under 13 years of age, send us personal information, we will immediately delete that information from our database.

External Links

This website may provide links to various websites. When you click on one of these links, you will be transferred from this website and connected to the website of the organization or company that you selected. Even if an affiliation exists between HAYSTACKID and such website, HAYSTACKID may not exercise any control over linked sites and we do not imply any endorsement of the activities of these websites. Unless specifically stated this online privacy statement does not govern the data collection and use practices of those sites.

If you visit a website that is linked to this website, please familiarize yourself with that site’s privacy practices before providing any personal information.

Governing Law

This online privacy statement forms part of our website Terms of Use and as such shall be governed by and construed in accordance with the laws of the State of Delaware, USA, excluding its conflict of law rules. You expressly agree to submit to the exclusive jurisdiction and venue of the courts in Delaware in all disputes arising out of or relating to the use of this website.


If you do not wish to receive e-mails from us and want to be removed from our electronic mailing list, please email us at with Unsubscribe in the Subject Line.

You have the right to obtain our confirmation of whether we maintain personal information relating to you.  Upon request, we will provide you with access to the personal information that we hold about you.  You may also may correct, amend, or delete the personal information we hold about you.  An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data, should direct his query to  If requested to remove data, we will respond within a reasonable timeframe.

Your right to access your Personal Data may be restricted in exceptional circumstances, including, but not limited to, when the burden or expense of providing this access would be disproportionate to the risks to your privacy in the case in question, or when the rights of persons other than you would be violated by the provision of such access.  If we determine that your access should be restricted in a particular instance, we will provide you with an explanation of our determination and respond to any inquiries you may have.

We will provide an individual opt-out choice before we share their data with third parties other than our agents, or before we use it for a purpose other than which it was originally collected or subsequently authorized.  To limit the use and disclosure of your personal information, you may submit a written request to

To inform us of inaccuracies or changes to the personal information we hold on you, please email us at HAYSTACKID will, in accordance with applicable law, update, grant access to or delete such information. Please note, requests to correct or delete personal information are subject to any applicable legal and ethical reporting or document retention obligations imposed on us.

Principles and Self-Certification Process

The U.S. Department of Commerce and Federal Trade Commission (“FTC”) have a variety of literature regarding the principles of Privacy Shield Certification on each respective website.

The FTC offers a short summary of the most crucial components of self-certification for Privacy Shield adherence as dictated by the guiding principles of the statutes as follows:

  • Notify individuals about the purposes for which information is collected and used;
  • Give individuals the choice of whether their information can be disclosed to a third party;
  • Ensure that if it transfers personal information to a third party, that the third party also provides the same level of privacy protection;
  • Allow individuals access to their personal information;
  • Take reasonable security precautions to protect collected data from loss, misuse or disclosure;
  • Take reasonable steps to ensure the integrity of the data collected;
  • Inform clients of third parties to which we disclose personal information, and the purposes for which we do so;
  • Explain liability of cases involving onward transfers to third parties;
  • Disclose our use of the BBB as an “alternative dispute resolution provider” based in the U.S.;
  • Inform in any situation regarding personal information disclosure to lawful requests by authorities, such as those that meet national security or law enforcement requirements;
  • and Have in place an adequate enforcement mechanism.

HAYSTACKID adheres to all of these requirements, as well as the finer points of the Privacy Shield Frameworks, and will continue to self-certify each year to maintain transparency and oblige the statutes as they evolve.

HAYSTACKID’s Commitment to Continued Compliance and Excellence

When necessary, HAYSTACKID might adjust or amend portions of this Privacy Shield Policy, and will always post a revised policy on its website, Any and all adjustments or amendments will remain consistent with the principles as dictated by the Privacy Shield agreement.

HAYSTACKID will continue to conduct regular self-assessments, and subject any and all employees found in violation of the Privacy Shield Principles to appropriate discipline. Internal auditing structures have been implemented to ensure the most accurate and consistent compliance with the principles listed above.

HAYSTACKID’s Vice President of Forensics, Alexander Gessen, should be contacted in the event of inquiries or complaints from European Union or Swiss citizens. His contact information is as follows: Six Beacon Street, Suite 815, Boston, MA 02108; 617-422-0075; or via email at

Finally, HAYSTACKID will refer any and all unresolved privacy complaints to the BBB Privacy Shield, an independent dispute resolution mechanism operated by the Council of Better Business Bureaus. For more information, interested parties can visit the BBB Privacy Shield website at

Questions, Comments and Complaints

For all questions or comments, on our privacy practices or in the event of a complaint please contact:

The Office of Compliance and Ethics
1330 Avenue of the Americas, Suite 23
New York, NY 10019, USA
Phone: 877.9.HAYSTACK

This online privacy statement was last amended on March 28, 2017.