Remote Work Policy – PrivacyStudios

Section 1

Purpose and Scope

PrivacyStudios operates as a fully remote organization. This policy defines how remote work functions at PrivacyStudios, what it means for team members in practice, and the professional standards expected when working with client data, AI tools, and confidential information.

This policy applies to all PrivacyStudios team members, contractors, and advisors engaged in work on behalf of the firm.

Remote work at PrivacyStudios is not an exception to normal operations — it is the normal operation. There is no central office. All work is performed remotely by default.

Section 2

What Remote-First Means at PrivacyStudios

Being remote-first means that our organizational structure, communication practices, and client delivery model are all designed around distributed work — not adapted from an office model.

2.1 Autonomy Over Location

Team members choose where they work. PrivacyStudios does not mandate a home office, co-working space, or specific geography. What matters is the quality and security of the working environment, not its location.

You are responsible for your own workspace setup.
Ensure your environment supports focused, confidential work.
Client calls and sensitive work should not be conducted in public spaces without appropriate precautions (headphones, VPN, screen privacy).

2.2 Flexibility With Accountability

Remote work at PrivacyStudios is built on trust. Team members manage their own schedules with one clear expectation: responsiveness and delivery take priority over fixed hours.

There are no mandatory check-in times or fixed working hours.
You are expected to be responsive within a reasonable window during agreed working days.
Client deadlines and commitments are non-negotiable regardless of personal scheduling preferences.
If you are unavailable for an extended period, you must communicate this in advance.

2.3 Communication Standards

In a remote environment, communication must be intentional. The absence of a shared physical space means that clarity, documentation, and responsiveness carry more weight.

Default to written communication for decisions, task updates, and client matters.
Use agreed tools for team coordination — do not introduce unauthorized platforms for work communication.
Video calls are the default for client-facing meetings unless the client prefers otherwise.
Acknowledge messages promptly, even if a full response requires more time.

Section 3

Technology and Security Requirements

Given the nature of PrivacyStudios work — advising organizations on AI governance, privacy compliance, and data handling — security is not a formality. It is a professional obligation.

3.1 Required Technical Standards

Minimum Requirements — All Devices

Secure internet connection: Use a private, password-protected network. Do not conduct client work over public or shared Wi-Fi without a VPN.

VPN: Required when accessing client files, internal systems, or any sensitive material on unsecured networks.

Device security: All devices used for PrivacyStudios work must have full-disk encryption enabled, current OS updates applied, and strong authentication (password + MFA) active.

Screen lock: Devices must auto-lock within 5 minutes of inactivity.

Antivirus and endpoint protection: Required on all devices used for firm work.

3.2 Approved Tools

Only approved tools may be used for client work, internal communication, and document management. Use of unauthorized platforms — particularly for AI assistance or document processing — is prohibited.

Given that PrivacyStudios advises clients on AI governance, team members are expected to model the same discipline internally. Any AI tool used in client work must be documented, assessed for data exposure risk, and approved by the principal.

3.3 Data Handling

Client data must never be stored on personal cloud accounts, personal devices, or unauthorized platforms.
Do not upload client documents to AI tools unless the tool has been approved and the client has been informed.
All data handling must comply with applicable privacy law — GDPR, Quebec Law 25, or other relevant frameworks depending on client jurisdiction.
Report any actual or suspected data incidents immediately to the principal.

Section 4

AI Tool Usage Policy

PrivacyStudios actively uses AI tools in its work. This is intentional and aligned with our positioning. It also creates obligations.

4.1 General Principles

AI tools may be used to support research, drafting, analysis, and internal operations.
AI-generated output must always be reviewed and validated by a qualified team member before delivery to a client.
PrivacyStudios team members remain professionally responsible for all work product, regardless of how it was produced.
AI tools must not be used as a substitute for legal, compliance, or strategic judgment.

4.2 Client Confidentiality

Never input identifiable client information into an AI tool unless the tool has been explicitly approved for that purpose.
Anonymize or abstract client data before using it as AI input where full approval is not in place.
When in doubt, consult the principal before using AI on a client matter.

Our credibility with clients depends in part on the discipline with which we handle their information. What we advise clients to do, we must do ourselves.

Section 5

Availability and Collaboration

5.1 Core Availability

While PrivacyStudios does not impose fixed hours, team members are expected to establish and communicate predictable availability windows that overlap with client and team needs.

Communicate your general working hours to the team at the start of each week or engagement.
Notify the principal in advance of planned absences, travel, or reduced availability.
Client-facing commitments — calls, deliverable deadlines, response SLAs — take priority and must be honored regardless of personal scheduling.

5.2 Team Coordination

Participate in scheduled team calls and project check-ins.
Keep shared task trackers and project documentation current — do not rely on verbal updates alone.
If you are blocked on a task, communicate proactively. Do not wait until a deadline to flag an issue.

Section 6

Professional Responsibility

PrivacyStudios operates at the intersection of law, technology, and compliance. The professional standards applicable to this work do not change because the work is performed remotely.

Maintain the same level of professionalism in remote settings as you would in a client-facing office environment.
All client communications — written or verbal — must be clear, accurate, and appropriate.
Do not make representations to clients about PrivacyStudios services, capabilities, or positions without authorization from the principal.
Conflicts of interest must be disclosed promptly.
Confidentiality obligations survive the end of your engagement with PrivacyStudios.

Section 7

Equipment and Expenses

Team members are responsible for providing their own working equipment unless otherwise agreed in their engagement terms.

PrivacyStudios does not provide standard equipment by default for contractors and part-time advisors.
Reimbursable expenses — where applicable — must be pre-approved by the principal and submitted with documentation.
Software or tool subscriptions required for firm work will be assessed on a case-by-case basis.

Section 8

Policy Updates and Acknowledgement

This policy will be reviewed and updated as PrivacyStudios evolves. Team members will be notified of material changes.

Continued engagement with PrivacyStudios following notification of a policy update constitutes acceptance of the revised terms.

Questions about this policy should be directed to the principal.

Acknowledgement

Signature

Date

Full Name

Role / Title