Legal

Privacy
Policy

Last updated: April 13, 2026

1. Information We Collect

We collect the following categories of information when you interact with our website, fill out forms, book a call, or engage our services:

  • Contact information: Name, email address, phone number, and company name when you fill out forms, request an audit, or book a call.
  • Communication data: Messages, emails, and other correspondence you send to us, including content submitted through our contact and scheduling forms.
  • Business information: Details about your software stack, workflows, team size, and business operations shared during audits and engagements.
  • Usage data: Information about how you interact with our website, collected via Google Analytics (measurement ID: G-96ZDYSF0S0), including pages visited, time on page, referral sources, click behavior, and browsing patterns.
  • Device information: Browser type and version, operating system, screen resolution, and device type.
  • IP address: Your Internet Protocol address, which may be used to derive approximate geographic location.
  • Advertising and conversion data: If you arrive at our site via a Google Ads campaign, we collect the Google Click Identifier (gclid) and related parameters passed through the URL. When you submit a lead form, book a call, or request a strategy call, we fire a Google Ads conversion event so we can attribute the action back to the ad click. This data is shared with Google Ads for measurement and campaign optimization.

We do not collect Social Security numbers, financial account numbers, or health information through our website.

2. How We Use Your Information

We use the information we collect for the following purposes:

  • Respond to inquiries: Reply to your questions, form submissions, and requests for information.
  • Schedule calls: Coordinate strategy calls, discovery calls, and ongoing engagement meetings.
  • Deliver services: Provide custom software development, AI integration, and operational optimization services under your engagement.
  • Send transactional communications: Confirmations, scheduling reminders, engagement updates, invoices, and other messages directly related to your service engagement.
  • Send marketing communications: Occasional updates about new services, case studies, or insights. You may opt out of marketing emails at any time using the unsubscribe link in each email.
  • Improve our website: Analyze usage patterns and site performance to make our website more useful and effective.
  • Measure advertising performance: Track which Google Ads campaigns drive conversions (form submissions, bookings) and optimize our ad spend. This includes firing conversion events and, where enabled, showing remarketing ads on other websites.
  • Comply with legal obligations: Meet applicable legal, regulatory, and contractual requirements.

3. Data Sharing and Third-Party Services

We use the following third-party services to operate our business. Each service receives only the data necessary to perform its function:

  • Google Analytics (G-96ZDYSF0S0): Website analytics. Collects IP address, device information, and browsing behavior via first-party cookies. Used to understand how visitors use our site and to improve our content and user experience. Data is governed by Google's Privacy Policy.
  • Google Ads: Advertising and conversion tracking. When you click one of our Google Ads campaigns, Google sets cookies on your device. When you submit a lead form, book a call, or request an audit, we report the conversion event back to Google Ads for campaign measurement and optimization. Google Ads may also be used for remarketing, which means showing you our ads on other websites or apps in the Google Display Network after you visit our site. Data is governed by Google's Advertising Policies.
  • SmallBizHQ (driftops.smallbizhq.ai): Our CRM platform for contact management, scheduling, and client engagement tracking. Your contact information, communication history, and scheduling data are stored here.
  • SendGrid: Email delivery service. Processes your email address and message content to deliver transactional and marketing emails on our behalf.
  • Stripe: Payment processing. If applicable, Stripe securely handles payment card information for service invoicing. We do not store your payment card details on our own systems.

These services are contractually obligated to protect your data and are prohibited from using it for purposes other than providing their services to us.

We do not sell your personal information as defined under applicable state privacy laws, including the California Consumer Privacy Act (CCPA), the California Privacy Rights Act (CPRA), and similar state statutes.

4. Cookies and Tracking Technologies

Analytics cookies (Google Analytics)

  • _ga: Distinguishes unique visitors. Expires after 2 years.
  • _ga_<G-96ZDYSF0S0>: Maintains session state and tracks interactions across pages. Expires after 2 years.

Advertising cookies (Google Ads)

  • _gcl_au: First-party cookie set by the Google Ads Conversion Linker. Used to attribute ad clicks to conversions (form submissions, bookings). Expires after 90 days.
  • NID: Third-party cookie set by Google that stores preferences and tracks ads you interact with across the web. Expires after 6 months.
  • IDE / test_cookie: Third-party cookies set by doubleclick.net (Google) used for ad serving, targeting, and measurement. Expires after up to 13 months.
  • gclid (URL parameter): When you click a Google Ads ad, Google appends a unique click identifier to the destination URL. We capture this identifier to measure which campaigns drive conversions. It may be stored in an analytics cookie or transmitted with form submissions.

These cookies are used for conversion measurement, remarketing, and showing you relevant Google ads on other websites after you visit ours.

How to opt out or control these cookies

  • Browser settings: Most browsers allow you to block cookies, clear existing cookies, or receive a notification before a cookie is set.
  • Google Analytics opt-out: Install the Google Analytics Opt-out Browser Add-on.
  • Google personalized ads: Adjust your ad preferences at Google My Ad Center or opt out of personalized advertising across Google services at adssettings.google.com.
  • Industry-wide opt-outs: Opt out of interest-based advertising from participating ad networks at the Digital Advertising Alliance or the Network Advertising Initiative.
  • Global Privacy Control: We recognize the Global Privacy Control (GPC) signal. If your browser sends a GPC signal, we treat it as a valid opt-out request for the sale or sharing of personal information for cross-context behavioral advertising under applicable state privacy laws.

Disabling advertising or analytics cookies will not prevent you from accessing our content or contacting us. You will still see Google ads on other sites, but they may be less relevant to you.

5. Data Retention

We retain your information only as long as necessary for the purposes described in this policy. Specific retention periods by category:

  • Contact and business information from active engagements: Duration of the engagement plus two (2) years.
  • Website analytics data: 14 months (the Google Analytics default retention period).
  • Email communications: Duration of the engagement plus two (2) years.
  • Marketing subscriber data: Until you unsubscribe or request removal.

You may request deletion of your personal data at any time by contacting us at [email protected].

6. Your Privacy Rights

Regardless of where you reside, you have the right to:

  • Access the personal information we hold about you
  • Correct any inaccurate or incomplete information
  • Delete your personal information from our systems
  • Portability — request a copy of your data in a commonly used, machine-readable format
  • Opt out of marketing communications at any time

To exercise any of these rights, contact us at [email protected] with "Privacy Request" in the subject line.

California Residents (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):

  • Right to know: You may request the categories and specific pieces of personal information we have collected about you.
  • Right to delete: You may request that we delete the personal information we have collected from you, subject to certain exceptions.
  • Right to opt out of sale/sharing: We do not sell your personal information for money. However, our use of Google Ads (including conversion tracking and remarketing) and Google Analytics may constitute "sharing" of personal information under the CPRA for cross-context behavioral advertising purposes. You may opt out by: (a) sending a Global Privacy Control (GPC) signal from your browser, (b) adjusting your Google ad preferences at adssettings.google.com, (c) using industry opt-outs at optout.aboutads.info, or (d) blocking advertising cookies in your browser.
  • Right to non-discrimination: We will not discriminate against you for exercising any of your privacy rights.
  • Right to limit use of sensitive personal information: We do not collect sensitive personal information as defined by the CPRA (such as SSN, financial account credentials, precise geolocation, racial/ethnic origin, or health data) through our website.

Authorized agents: You may designate an authorized agent to submit a privacy request on your behalf. We may require the agent to provide proof of written authorization and verify your identity directly.

Verification: When you submit a request, we will verify your identity by sending a confirmation to the email address associated with your account or inquiry. We will respond to verified requests within 45 calendar days. If we need additional time, we will notify you and may extend the response period by an additional 45 days.

Categories of personal information collected in the past 12 months (using CCPA taxonomy):

  • Identifiers: Name, email address, phone number, IP address, Google Click Identifier (gclid), and advertising cookie identifiers.
  • Commercial information: Records of services engaged or considered, engagement history, form submissions, conversion events.
  • Internet or other electronic network activity: Browsing history, search history, referral source, ad click data, and information regarding your interaction with our website and ads.
  • Geolocation data: Approximate location derived from IP address.
  • Professional or employment-related information: Company name, job title or role.
  • Inferences: Advertising audience segments and remarketing lists derived by Google based on your activity on our site.

Virginia, Colorado, Connecticut, and Utah Residents

If you reside in Virginia, Colorado, Connecticut, or Utah, you have rights under your state's respective privacy law, including:

  • Right to access, correct, and delete your personal data.
  • Right to data portability — obtain a copy of your personal data in a portable, readily usable format.
  • Right to opt out of targeted advertising based on personal data collected from your activities across websites. We process personal data for targeted advertising through Google Ads (including remarketing). To opt out, send a Global Privacy Control (GPC) signal from your browser, or adjust your Google ad preferences at adssettings.google.com.
  • Right to opt out of profiling in furtherance of decisions that produce legal or similarly significant effects.

Appeal process: If we deny your privacy request, you may appeal by emailing [email protected] with the subject line "Privacy Appeal." We will respond to your appeal within 60 days. If your appeal is denied, you may contact your state's Attorney General to file a complaint.

Colorado and Connecticut residents: We honor the Global Privacy Control (GPC) universal opt-out signal as a valid request to opt out of the sale of personal data and targeted advertising under your state's law.

7. Data Security

We implement industry-standard security measures to protect your personal information, including:

  • Encrypted data transmission via HTTPS/TLS on all pages and forms
  • Encryption of stored data at rest where applicable
  • Access to personal data restricted to authorized personnel who need it to perform their job functions

No method of electronic transmission or storage is 100% secure. While we strive to protect your personal information, we cannot guarantee its absolute security.

8. Children's Privacy

Our website and services are not directed to children under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal information from a child under 16, we will take steps to delete that information promptly. If you believe that a child under 16 has provided us with personal information, please contact us at [email protected] so we can take appropriate action.

9. Data Breach Notification

In the event of a data breach affecting your personal information, we will notify affected individuals within 72 hours of discovery via email. We will also notify applicable regulatory authorities as required by law. Breach notifications will include a description of the incident, the categories of data involved, and the steps we are taking in response.

10. Changes to This Policy

We may update this privacy policy from time to time. Changes will be posted on this page with an updated "last updated" date. For material changes, we will communicate updates via email at least 30 days before they take effect to active clients and contacts in our system. Your continued use of our website after changes are posted constitutes your acceptance of the updated policy.

11. Contact Us

If you have questions about this privacy policy, want to exercise your privacy rights, or need to report a concern about how your data is handled, please contact us:

Email: [email protected]

Phone: (727) 349-5111

For privacy-specific requests, please include "Privacy Request" in the subject line of your email.

Expected response time: Within 15 business days for general inquiries. For formal requests under the CCPA or other state privacy laws, we will respond within 45 calendar days as required by law.