At Shielded Ascent, we value your privacy and are committed to protecting your personal data. This Privacy Policy explains how we collect, use, share, and safeguard your information when you access or use our services, including our white-labeled SaaS platform powered by GoHighLevel. It also outlines your rights under applicable privacy laws, such as GDPR (EU), PIPEDA (Canada), and U.S. state laws like CCPA/CPRA.
By accessing or using our services, you agree to the practices described in this Privacy Policy. If you do not agree with this policy, please discontinue use of our services immediately.
For any questions or concerns about this Privacy Policy or how we handle your data, please contact us at [email protected].
We are committed to ensuring that this Privacy Policy is accessible to all users, including individuals with disabilities. If you require this document in an alternative format or need assistance accessing its content, please contact us at [email protected].
We collect personal data to deliver our services effectively, improve user experience, and comply with legal obligations. Below, we outline the types of information we collect, how it is collected, and why it is needed.
We collect the following categories of personal data:
1. Contact Information: Names, email addresses, phone numbers, billing addresses, and payment details provided during account registration or service use.
2. Marketing Data: Data related to marketing campaigns managed through our services, such as: Email lists. Campaign performance metrics. Customer engagement data (e.g., open rates, click-through rates).
3. Usage Data: Data collected from your interactions with our platform features, including:AI-powered Missed Call Text Back.Conversation AI for automated client engagement. Google Reviews management tools. Calendar scheduling tools.CRM (Customer Relationship Management) tools . Voice AI interactions for customer support automation. Chat Widget conversations on websites. Unified Inbox communications and contact management.
4. Technical Data: IP addresses, browser types, operating systems, device information (e.g., model, manufacturer), and other metadata collected when interacting with our platform.
5. Cookies and Tracking Technologies: Data collected through cookies or similar technologies for analytics, personalization, marketing purposes, or improving platform functionality (see Section 7 for more details).
6. Payment Information: Credit card details or other payment method information processed securely through third-party payment gateways.
7. Other Voluntarily Provided Information: Any additional information you provide voluntarily during interactions with our services (e.g., survey responses, feedback forms).
We collect personal data through the following methods:
1. Direct Interactions: When you register for an account or subscribe to our services. When you fill out forms on our website/platform (e.g., contact forms or payment forms). When you communicate with us via email, phone, or support channels.
2. Automated Technologies: Through cookies or similar tracking technologies that collect usage data when you interact with our website/platform (see Section 7 for more details). Through analytics tools that track user behavior across our platform.
3. Third-Party Integrations: When you connect third-party tools or services to our platform (e.g., social media accounts or email marketing platforms), we may receive data from those integrations based on your permissions.
4. Subprocessors: Certain personal data may be collected by trusted subprocessors (e.g., GoHighLevel) on our behalf as part of delivering specific features like CRM tools or Voice AI interactions.
We collect personal data to fulfill the following purposes:
1. Service Delivery: To provide one-time setup services (e.g., AI-powered automation tools) and recurring features (e.g., Google Reviews management).
2. Customer Support: To respond to inquiries and provide technical assistance.
3. Platform Improvement: To analyze usage trends and improve functionality based on user feedback.
4. Marketing Communications: To send newsletters or promotional offers with your explicit consent where required by law. Legal Compliance: To comply with legal obligations under GDPR (EU), PIPEDA (Canada), and U.S.-state privacy laws like CCPA/CPRA.
We do not intentionally collect sensitive personal data unless explicitly required for specific features or compliance purposes (e.g., geolocation data for targeted services). Where sensitive personal data is collected:
Explicit consent will be obtained in advance where required by law. Such data will be processed only for legitimate purposes and protected using enhanced security measures.
1.5 Children’s Data
Our services are not intended for use by children under the age of 18, and we do not knowingly collect personal data from individuals under this age without appropriate consent where required by law. If we become aware that personal data from a child under the age of 18 has been collected without proper consent, we will take steps to delete it promptly.
1. GDPR (EU/Greek Clients): Parental consent is required for processing personal data of children under 16 years old (or lower if specified by local law but no less than 13). By setting the threshold at 18, we ensure additional safeguards beyond GDPR’s requirements.
2. COPPA (U.S.-Based Clients): We comply with COPPA regulations, which apply to children under the age of 13. By extending protections to individuals under 18, we exceed COPPA’s requirements.
3. PIPEDA (Canadian Clients): Under PIPEDA, we require parental or guardian consent before collecting personal information from minors. By defining minors as individuals under the age of 18, we ensure heightened protection for children’s data.
If you believe that a child’s personal data has been provided to us without proper consent, please contact us at [email protected]. We will take steps to delete it promptly.
We use your personal data to provide our services effectively, improve your experience, and comply with legal obligations. Below is a detailed explanation of how we use the information we collect.
We use your personal data to:
1. Deliver one-time setup services such as:
AI-powered Missed Call Text Back.
Conversation AI for automated client engagement.
2. Provide recurring services such as:
Google Reviews management.
Calendar scheduling tools.
CRM (Customer Relationship Management) tools.
Voice AI interactions for customer support automation.
Chat Widget for website-based customer engagement.
Unified Inbox for managing communications and contacts in one place.
Process payments for subscriptions or one-time setup fees securely.
We use your personal data to:
1. Respond to inquiries or requests submitted through our contact forms, email, or support channels.
2. Provide technical assistance with account setup, troubleshooting, or feature usage.
3. Notify you of updates, changes, or issues related to your account or services.
We analyze usage data and feedback to:
1. Improve the functionality and performance of our platform and features.
2. Identify trends in user behavior to enhance user experience.
3. Develop new tools or features based on user needs and technological advancements.
With your explicit consent where required by law, we may use your personal data to:
1. Send newsletters or promotional offers about our services or related products.
2. Inform you about new features, updates, or special events that may be relevant to your business needs.
You can withdraw consent for marketing communications at any time by clicking the "Unsubscribe" link in our emails or contacting us at [email protected].
We process personal data to comply with legal obligations under GDPR (EU), PIPEDA (Canada), and U.S.-state privacy laws (e.g., CCPA/CPRA). This includes:
1. Tax reporting and financial record-keeping requirements.
2. Preventing fraud, misuse of our platform, or other unlawful activities.
3. Responding to lawful requests from public authorities (e.g., court orders or regulatory investigations).
1. Ensuring the security of our platform and preventing unauthorized access.
2. Conducting analytics to improve service delivery and user experience.
3. Developing new features or tools that align with client needs.
In all cases, we ensure that legitimate interests do not override your fundamental rights and freedoms.
1. Conducting research and analysis to improve our services.
2. Generating insights about platform usage trends.
3. Sharing industry benchmarks with clients without revealing individual user data.
This type of data is not subject to privacy laws governing identifiable personal information.
Our services are designed to adapt to the needs of businesses through flexible plans that may evolve over time. We are committed to providing transparency about how our plans and features are structured, as well as any updates or changes that may occur.
We currently offer two main service plans:
1. Starter Shield:
Description:The Started Shield Plan is designed for businesses that need essential tools to improve communication and customer engagement. It provides foundational features to streamline operations and ensure no opportunity is missed.
Features: Auto Missed Call Text Back: Automatically follow up with customers via text when a call is missed, ensuring quick responses.
Conversation AI: Engage leads and customers with AI-powered conversations to save time and boost efficiency.
One-Time Setup Fee: Includes onboarding and customization to get your system up and running quickly.
2. Pro Ascent:
Description:The Pro Ascent Planis tailored for businesses ready to scale with advanced tools that enhance customer management, communication, and automation. It includes everything in the Started Shield Plan plus additional features forgrowing businesses.
Features: Everything in the Started Shield Plan.
Voice AI: Automate voice-based interactions with customers using advanced artificial intelligence.
Mobile App: Manage your business on the go with a fully branded mobile app for your team and clients.
CRM (Customer Relationship Management): Organize leads, track sales pipelines, and manage customer relationships effectively.
Calendar Scheduling Tools: Simplify scheduling with integrated calendars that sync seamlessly with workflows.
Chat Widget: Engage website visitors in real-time through a customizable chat widget.
Unified Inbox: Centralize all communication channels into one interface for streamlined client interactions.
Google Reviews Management: Monitor, respond to, and manage Google reviews to build trust, improve local SEO, and maintain a strong online reputation.
Each plan is designed to meet specific business needs and includes a combination of features that help streamline operations and improve customer engagement.
Recurring Fee: $197/month.
For Greek clients, this fee typically includes VAT (ΦΠΑ), but any applicable taxes will be clarified during billing.
Includes all features listed above with no additional hidden fees, unless clarified during billing.
As part of our commitment to innovation, we continuously evaluate and improve our offerings. This means:
1. Features may be introduced over time or enhanced based on user feedback, technological advancements, or evolving business needs.
2. Plans may be adjusted to reflect these updates while ensuring that they continue to deliver value to our clients.
We will notify you of any significant updates to our plans or features in advance, as required by applicable laws:
1. Material Changes: If changes materially affect your current plan or the way your personal data is processed, we will provide advance notice through email or platform notifications.
Notice periods will comply with jurisdiction-specific requirements: GDPR (EU/Greek Clients): At least 30 days’ notice before changes take effect.
PIPEDA (Canadian Clients): Reasonable notice before implementing significant changes.
CCPA/CPRA (U.S.-Based Clients): Notice provided "without unreasonable delay" before changes are implemented.
2. Minor Updates: For minor updates that do not materially affect your plan or rights, we may implement changes without prior notice.
These updates will be reflected in the "Last Updated" date at the top of this Privacy Policy.
Depending on your jurisdiction, you have specific rights related to updates or changes in our plans:
1. Right to Be Informed: You have the right to be informed about how updates to our plans may impact your personal data or service experience.
2. Right to Object: If you disagree with any updates that materially affect your rights or access to features, you may object by contacting us at [email protected].
3. Right to Terminate Services: If you do not agree with the updated terms of a plan, you may terminate your account or discontinue using our services.
Our goal is always to ensure that any changes enhance the value we provide to our clients while maintaining compliance with applicable privacy laws. We strive to keep our plans flexible, transparent, and aligned with your business needs.
We process personal data in compliance with applicable laws across the jurisdictions we serve, including GDPR (EU), PIPEDA (Canada), and U.S. state privacy laws (e.g., CCPA/CPRA). Below, we outline the legal bases for processing data based on each jurisdiction:
Under GDPR, we process your personal data based on the following legal grounds:
1. Consent: When you explicitly agree to activities such as receiving newsletters, promotional offers, or enabling non-essential cookies.
Consent can be withdrawn at any time without affecting the lawfulness of prior processing.
2. Contractual Necessity: To provide services you have purchased or subscribed to, including one-time setup services or recurring features like CRM tools or Google Reviews management.
3. Legal Obligations: To comply with regulatory requirements such as tax reporting, fraud prevention, or responding to lawful requests from authorities.
4. Legitimate Interests: To improve our platform and services, ensure security, prevent misuse of our platform, and analyze usage data to enhance user experience.
We ensure that legitimate interests do not override your fundamental rights and freedoms.
Under PIPEDA, we process personal data based on the following principles:
1. Consent: Your consent is required for the collection, use, or disclosure of personal information unless otherwise permitted by law (e.g., legal obligations or fraud prevention).
Consent may be expressed (e.g., signing up for a service) or implied (e.g., providing information to complete a transaction).
You may withdraw consent at any time by contacting us at [email protected].
2. Reasonable Purposes: We collect and use personal information only for purposes that a reasonable person would consider appropriate under the circumstances (e.g., delivering services or improving functionality).
3. Compliance with Legal Obligations: We may process your data without consent if required by law, such as for tax reporting or responding to lawful requests from Canadian authorities.
Under U.S. state privacy laws like CCPA/CPRA, we process personal data based on the following principles:
1. Consent for Sensitive Data: For certain types of sensitive personal information (e.g., geolocation data), we require explicit consent before processing.
2. Performance of Services: To deliver services you have purchased or subscribed to, including processing payments and providing access to features like Voice AI or Chat Widgets.
3. Legal Compliance: To comply with state-specific regulations such as tax reporting or responding to lawful requests from U.S. authorities.
4. Legitimate Business Purposes:To improve our platform functionality, conduct analytics, and ensure security while respecting your rights under applicable laws.
If you reside in a jurisdiction where additional legal bases apply (e.g., provincial laws in Canada such as Quebec’s Bill 64), we will process your data in line with those requirements.
For cross-border transfers of personal data (e.g., between Canada/EU and the U.S.), we implement safeguards such as Standard Contractual Clauses (SCCs) under GDPR and equivalent measures under PIPEDA.
We do not sell your personal data to third parties. However, we may share your personal data in limited circumstances to provide our services effectively, comply with legal obligations, or improve our platform. Below, we outline how and why your data may be shared:
We work with trusted third-party service providers (subprocessors) to deliver specific features and services. These subprocessors act on our behalf and are contractually obligated to:
Process your personal data only for the purposes specified by us.
Comply with applicable privacy laws, including GDPR, PIPEDA, and U.S.-state privacy laws.
Implement appropriate security measures to protect your data.
Examples of subprocessors include:
GoHighLevel: For delivering platform functionalities like CRM tools, Voice AI interactions, Chat Widgets, and Unified Inbox features.
Payment Processors: For securely processing payments for subscriptions or one-time setup fees.
Analytics Providers: For analyzing platform usage and improving functionality.
We may disclose your personal data if required to do so by law or in response to valid requests from public authorities (e.g., court orders or government investigations). This includes:
Compliance with tax reporting requirements.
Responding to lawful requests from regulatory bodies in jurisdictions such as Canada (e.g., under PIPEDA), the EU (e.g., under GDPR), or the U.S. (e.g., under CCPA/CPRA).
In the event of a merger, acquisition, or sale of all or a portion of our business assets, your personal data may be transferred to the acquiring entity. In such cases:
You will be notified via email or a prominent notice on our platform before your personal data is transferred.
The acquiring entity will be required to honor this Privacy Policy or provide equivalent protection for your personal data.
In certain cases, we may share your personal data with third parties based on your explicit consent. For example:
When you agree to integrate third-party tools or services with our platform.
When you opt into marketing partnerships or promotional offers.
You have the right to withdraw your consent at any time by contacting us at [email protected].
We may share aggregated or anonymized data that cannot reasonably identify you for purposes such as:
Conducting research and analysis to improve our services.
Generating insights about platform usage trends.
This type of data does not contain any personally identifiable information (PII) and is not subject to privacy laws governing identifiable data.
As part of providing our services, your personal data may be transferred outside of your country of residence. For example:
EU/EEA Clients: Data transfers outside the EU/EEA (e.g., to the U.S.) are safeguarded by Standard Contractual Clauses (SCCs) under GDPR.
Canadian Clients: Data transfers outside Canada are conducted in compliance with PIPEDA’s requirements for equivalent protections.
U.S.-Based Clients: Data transfers within the U.S. comply with state-specific privacy laws like CCPA/CPRA.
We ensure that all cross-border transfers are protected by adequate safeguards such as contractual agreements with subprocessors.
7. Data Processing Agreements (DPAs)
If you use our platform to process personal data on behalf of your clients, we can provide a Data Processing Agreement (DPA) upon request. This agreement ensures compliance with GDPR (EU), PIPEDA (Canada), and other applicable privacy laws. The DPA defines our role as a data processor and your role as a data controller, including details about processing instructions, security measures, and cross-border data transfers.
To request a DPA, please contact us at [email protected].
We do not share your personal data with:
Advertisers or marketing agencies without your explicit consent.
Unaffiliated third parties for their independent use unless legally required.
As part of providing our services, your personal data may be transferred, stored, or processed outside your country of residence. We ensure that all cross-border data transfers comply with applicable privacy laws, including GDPR (EU), PIPEDA (Canada), and U.S. state privacy laws (e.g., CCPA/CPRA). Below, we outline how these transfers are safeguarded:
If you reside in the EU/EEA or Greece, your personal data may be transferred to countries outside the European Economic Area (EEA), including the United States, where our subprocessors (e.g., GoHighLevel) operate. These transfers are safeguarded by:
1. Standard Contractual Clauses (SCCs): We rely on SCCs approved by the European Commission to ensure that your data receives an equivalent level of protection as required under GDPR.
2. Adequacy Decisions: Where applicable, we may transfer data to countries deemed “adequate” by the European Commission, meaning they provide a similar level of data protection as the EU.
3. Additional Safeguards: Encryption of personal data during transmission.Regular audits of subprocessors’ compliance with GDPR requirements.
If you reside in Canada, your personal data may be transferred outside Canada, including to the United States or other jurisdictions where our subprocessors operate. These transfers are conducted in compliance with PIPEDA and include the following safeguards:
1. Equivalent Protections: We ensure that any third party processing your personal data outside Canada provides protections comparable to those required under PIPEDA.
2. Transparency: You will be informed if your personal data is stored or processed outside Canada and how it is protected.
3. Subprocessor Agreements: All subprocessors are contractually obligated to comply with PIPEDA’s principles for safeguarding personal information.
If you reside in the United States, your personal data may be transferred within or outside the U.S., depending on where our subprocessors operate. These transfers comply with state-specific privacy laws like CCPA/CPRA and include:
1. Consent for Sensitive Data: For certain sensitive personal information (e.g., geolocation data), explicit consent is obtained before transferring such data internationally.
2. Legitimate Business Purposes:Transfers are conducted only for legitimate business purposes such as delivering services or improving platform functionality.
3. Data Security Measures: Personal data is encrypted during transmission and stored securely on servers operated by trusted subprocessors.
Regardless of where you reside, we implement the following safeguards for all cross-border transfers:
1. Contractual Obligations: All subprocessors are contractually required to process personal data in compliance with applicable privacy laws and our instructions.
2. Encryption and Access Controls: Personal data is encrypted during transmission and protected by access controls to prevent unauthorized access.
3. Periodic Audits: We conduct regular audits of our subprocessors’ security practices to ensure compliance with GDPR, PIPEDA, CCPA/CPRA, and other applicable laws.
4. Data Minimization: Only the minimum amount of personal data necessary for service delivery is transferred across borders.
Depending on your jurisdiction, you have specific rights regarding cross-border transfers:
1. EU/Greek Clients (GDPR): You have the right to request a copy of the safeguards in place for cross-border transfers (e.g., SCCs).
You may object to international transfers in certain circumstances if they do not meet GDPR requirements.
2. Canadian Clients (PIPEDA): You have the right to know if your personal information is being transferred outside Canada and how it is being protected.
You may withdraw consent for cross-border transfers at any time by contacting us at [email protected].
3. U.S.-Based Clients (CCPA/CPRA): You have the right to opt out of certain cross-border transfers involving sensitive personal information.
You may request details about how your personal data is stored or processed internationally.
We work with trusted subprocessors who process personal data across borders as part of delivering our services. Examples include:
GoHighLevel: For platform features like CRM tools, Voice AI interactions, Chat Widgets, and Unified Inbox functionality.
Payment processors: For securely managing subscriptions or one-time fees.
Analytics providers: For analyzing platform usage and improving functionality.
All subprocessors are required to comply with applicable privacy laws and implement robust security measures.
Your Paragraph text goes Lorem ipsum dolor sit amet, consectetur adipisicing elit. Autem dolore, alias, numquam enim ab voluptate id quam harum ducimus cupiditate similique quisquam et deserunt, recusandae. here
We use cookies and similar tracking technologies on our website/platform to enhance user experience, analyze traffic, and provide personalized content. This section explains how we use cookies, the types of cookies we use, and your rights regarding cookie preferences.
Cookies are small text files that are placed on your device (e.g., computer, smartphone) when you visit a website. They help websites recognize your device and store information about your preferences or actions. In addition to cookies, we may use similar technologies such as:
1. Web Beacons: Small graphic images embedded in emails or web pages to track user activity.
2. Local Storage: Browser-based storage for saving data locally on your device.
We use the following types of cookies on our website/platform:
1. Necessary Cookies: These cookies are essential for the basic functionality of our website/platform. Examples include maintaining login sessions or enabling secure payment processing. Without these cookies, certain features may not function properly.
2. Performance Cookies: These cookies collect information about how users interact with our website/platform. Data collected includes page visits, time spent on pages, and error messages encountered. Performance cookies help us improve the functionality and user experience of our platform.
3. Functional Cookies: These cookies remember your preferences (e.g., language settings) to provide a more personalized experience. They enable features such as auto-filling forms or saving user preferences for future visits.
4. Marketing/Advertising Cookies: These cookies track your browsing activity to deliver targeted advertisements based on your interests. They may also limit the number of times you see an ad and measure the effectiveness of advertising campaigns. Marketing cookies are often set by third-party advertising networks.
5. Analytics Cookies: These cookies help us understand how users interact with our platform by collecting aggregated data.Examples include tracking user behavior across different pages or identifying trends in platform usage.
We use cookies to:
1. Provide essential services (e.g., maintaining secure sessions or processing payments).
2. Analyze user behavior to improve platform functionality and performance.
3. Personalize content and remember user preferences for a seamless experience.
4. Deliver targeted advertisements based on user interests (only with explicit consent where required).
5. Comply with legal obligations under GDPR, PIPEDA, and U.S.-state privacy laws.
For users in jurisdictions where consent is required (e.g., EU/EEA under GDPR, Canada under PIPEDA), we will not place non-essential cookies on your device unless you provide explicit consent through our cookie banner.
1. Cookie Banner: When you visit our website/platform for the first time, you will see a cookie banner asking for your consent to use non-essential cookies. You can choose to accept all cookies, reject all cookies, or customize your preferences.
2. Managing Cookie Preferences: You can update your cookie preferences at any time through the "Cookie Settings" link available on our website/platform.
Depending on your jurisdiction, you have specific rights regarding cookie usage:
1. EU/Greek Clients (GDPR): You have the right to refuse non-essential cookies without affecting access to our website/platform. You can withdraw consent for non-essential cookies at any time by updating your preferences in the "Cookie Settings" section.
2. Canadian Clients (PIPEDA): You have the right to know how we use cookies and what data is collected through them. You can manage or disable cookies through your browser settings or via our cookie banner.
3. U.S.-Based Clients (CCPA/CPRA): You have the right to opt out of certain tracking technologies used for targeted advertising purposes.Use the "Do Not Sell My Personal Information" link if applicable to opt out of marketing-related cookie tracking.
6. How to Manage or Disable Cookies
You can manage or disable cookies using one of the following methods:
1. Browser Settings: Most web browsers allow you to control cookie settings through their "Preferences" or "Settings" menu. You can block all cookies, delete existing ones, or configure browser alerts when a website attempts to place a cookie on your device.
2. Cookie Banner: Use our cookie banner to accept or reject non-essential cookies based on your preferences.
3. Third-Party Opt-Out Tools: For targeted advertising cookies, you may opt out via tools provided by third-party networks such as the Digital Advertising Alliance (DAA) or Network Advertising Initiative (NAI).
Some cookies on our website/platform are placed by third parties (e.g., Google Analytics, Facebook Pixel). These third-party providers may collect data about your online activities across different websites and services.
1. We ensure that all third-party providers comply with applicable privacy laws (e.g., GDPR, PIPEDA).
2. For more information about how third parties process your data, please refer to their respective privacy policies.
The duration for which a cookie remains active depends on its type:
1. Session Cookies: These are temporary cookies that expire when you close your browser.
2. Persistent Cookies: These remain on your device until they expire or are manually deleted. The retention period varies depending on the purpose of the cookie (e.g., analytics vs marketing).
You can view specific retention periods for each cookie type in our "Cookie Settings" section.
Your Paragraph text goes Lorem ipsum dolor sit amet, consectetur adipisicing elit. Autem dolore, alias, numquam enim ab voluptate id quam harum ducimus cupiditate similique quisquam et deserunt, recusandae. here
We respect your rights regarding your personal data and are committed to ensuring transparency and control over how your information is collected, used, and shared. Depending on your jurisdiction, you have specific rights under GDPR (EU), PIPEDA (Canada), and U.S. state privacy laws (e.g., CCPA/CPRA). Below, we outline your rights based on these frameworks:
Under GDPR, you have the following rights regarding your personal data:
1. Right to Access: You can request a copy of the personal data we hold about you. We will provide this information in a structured, commonly used, and machine-readable format.
2. Right to Rectification: You can request corrections to inaccurate or incomplete personal data.
3. Right to Erasure ("Right to Be Forgotten"): You can request that we delete your personal data when: It is no longer necessary for the purposes for which it was collected. You withdraw consent for processing. You object to processing, and there are no overriding legitimate grounds for us to continue processing.
4. Right to Restrict Processing: You can request that we limit how we process your personal data in certain circumstances (e.g., while verifying the accuracy of data or resolving an objection).
5. Right to Data Portability: You can request that we transfer your personal data to another service provider in a structured, machine-readable format.
6. Right to Object: You can object to the processing of your personal data for direct marketing purposes or when processing is based on legitimate interests.
7. Right to Withdraw Consent: If we rely on your consent for processing, you can withdraw it at any time without affecting the lawfulness of prior processing.
8. Right to Lodge a Complaint: You have the right to file a complaint with your local Data Protection Authority if you believe we have violated GDPR.
Under PIPEDA, you have the following rights regarding your personal information:
1. Right to Access: You can request access to the personal information we hold about you. We will provide details about how your information is being used and who it has been shared with.
2. Right to Correct: You can request corrections to inaccurate or incomplete personal information.
3. Right to Withdraw Consent: You can withdraw consent for the collection, use, or disclosure of your personal information at any time unless it is required by law or necessary for fulfilling a contract.
4. Right to File Complaints: If you believe we have mishandled your personal information, you can file a complaint with Canada’s Office of the Privacy Commissioner
Mailing Address: Office of the Privacy Commissioner of Canada
30 Victoria Street
Gatineau, Quebec
K1A 1H3
Toll-Free Phone:1-800-282-1376
TTY: 819-994-6591
Website: www.priv.gc.ca
For more details, visit their complaints page:
File a Formal Privacy Complaint.
5. Transparency About Cross-Border Transfers: You have the right to know if your personal information is being transferred outside Canada and how it is being protected.
Under CCPA/CPRA and other U.S.-state privacy laws, you have the following rights regarding your personal data:
1. Right to Know: You can request details about what personal data we collect, how it is used, and who it is shared with. This includes categories of data collected, sources of collection, purposes of use, and third parties with whom data is shared.
2. Right to Delete: You can request that we delete certain personal data we have collected about you unless an exception applies (e.g., legal obligations or security purposes).
3. Right to Opt-Out of Sale/Sharing: If applicable, you can opt out of the sale or sharing of your personal data by clicking on our "Do Not Sell My Personal Information" link.
4. Right to Correct Inaccuracies: You can request corrections to inaccurate or incomplete personal information.
5. Right to Limit Use of Sensitive Personal Information: For certain sensitive categories of data (e.g., geolocation), you can limit how this information is used or disclosed.
6. Non-Discrimination: We will not deny services, charge different prices, or provide a lower quality of service if you exercise any of these rights.
7. Authorized Agents: If you prefer, you may designate an authorized agent to submit requests on your behalf by providing written authorization or proof of power of attorney.
You may exercise any of these rights by contacting us at [email protected]. When submitting a request:
1. Please include sufficient details so that we can verify your identity (e.g., name, email address associated with your account).
2. For requests related to access or deletion under CCPA/CPRA, we may require additional verification steps before fulfilling your request.
3. We will respond within 30 days as required by applicable laws.
While we strive to honor all user rights under applicable laws, there may be circumstances where certain requests cannot be fulfilled due to legal or contractual obligations:
1. For example: We may retain certain data for tax reporting or fraud prevention purposes.
Requests for deletion may be denied if retaining the data is necessary for completing transactions or complying with legal requirements.
2. In such cases, we will provide an explanation outlining why the request could not be fulfilled.
We retain personal data only as long as necessary to fulfill the purposes outlined in this Privacy Policy or as required by applicable laws. Below, we outline how retention periods are determined and how we handle data deletion.
The length of time we retain personal data depends on:
1. The Purpose of Collection: Data is retained only as long as necessary to provide our services (e.g., maintaining your account or delivering recurring features like CRM tools or Google Reviews management).
2. Legal Obligations: Certain data must be retained to comply with legal requirements such as tax reporting, fraud prevention, or responding to lawful requests from authorities.
3. Contractual Obligations: Data may be retained to fulfill obligations under agreements with you or third parties (e.g., payment processors).
4. Legitimate Interests: Data may be retained for a limited time to improve services, resolve disputes, or ensure platform security.
We categorize personal data into different types and apply specific retention periods for each:
1. Account Information: Retained for the duration of your relationship with us (e.g., while your account is active). Deleted or anonymized within 30 days after account closure unless required for legal purposes.
2. Payment Information: Retained for 7 years to comply with tax reporting and financial record-keeping laws.
3. Marketing Data: Retained until you withdraw consent or opt out of marketing communications. Deleted or anonymized within 30 days after you opt out.
4. Usage Data: Aggregated or anonymized usage data may be retained indefinitely for research and analytics purposes. Identifiable usage data is deleted within 12 months after collection unless required for security purposes.
5. Cookies and Tracking Data: Session cookies are deleted when you close your browser. Persistent cookies are retained based on their purpose (e.g., analytics vs marketing) and are subject to your cookie preferences. Legal Compliance Data: Data required for legal purposes (e.g., tax reporting, fraud prevention) is retained as mandated by applicable laws.
When personal data is no longer needed for its original purpose or required by law, we take steps to securely delete or anonymize it:
1. Deletion: Personal data is securely deleted from our systems using industry-standard methods.
Backup copies are also deleted within a reasonable timeframe unless required for disaster recovery purposes.
2. Anonymization: In some cases, we may anonymize personal data so that it can no longer identify you.
Anonymized data may be used for research, analytics, or improving our services without further notice to you.
We retain certain types of personal data to comply with legal obligations under GDPR (EU), PIPEDA (Canada), and U.S.-state privacy laws (e.g., CCPA/CPRA):
1. EU/Greek Clients (GDPR): Personal data must be retained only as long as necessary for the purposes it was collected.
Specific retention periods may apply based on local regulations (e.g., tax record retention requirements).
2. Canadian Clients (PIPEDA): Personal information must be retained only as long as necessary to fulfill identified purposes.
You have the right to request deletion of your personal information when it is no longer needed.
3. U.S.-Based Clients (CCPA/CPRA): Personal data must not be retained longer than reasonably necessary for disclosed business purposes.
You have the right to request deletion of your personal information unless an exception applies (e.g., legal obligations).
Depending on your jurisdiction, you have specific rights related to how long your personal data is stored:
1. Right to Access Retention Details: You can request details about how long your personal data will be retained and why.
2. Right to Request Deletion: You can request that we delete your personal data when it is no longer needed for its original purpose or required by law.
3. Right to Object to Retention: In certain circumstances, you can object to the continued retention of your personal data (e.g., if processing is based on legitimate interests).
To exercise these rights, contact us at [email protected].
While we strive to honor all requests related to retention periods, there are exceptions where certain data cannot be deleted immediately:
1. Legal Obligations: Some data must be retained for a specific period due to legal requirements (e.g., tax reporting or fraud prevention).
2. Dispute Resolution: If there is an ongoing dispute or investigation involving your account, we may retain relevant data until the issue is resolved.
3. Security Purposes: Certain usage data may be retained temporarily to monitor and prevent security threats.
In such cases, we will inform you about why the requested deletion cannot be fulfilled and when the relevant retention period will expire.
We are committed to protecting your personal data from unauthorized access, disclosure, alteration, or destruction. To achieve this, we implement industry-standard security measures that comply with GDPR (EU), PIPEDA (Canada), and U.S. state privacy laws (e.g., CCPA/CPRA). Below, we outline the safeguards we have in place and how we handle potential security incidents.
We use advanced technical measures to secure your personal data during collection, processing, and storage. These include:
1. Encryption: Personal data is encrypted both in transit (e.g., SSL/TLS protocols) and at rest to prevent unauthorized access. Payment information is processed through secure payment gateways that comply with PCI DSS standards.
2. Access Controls: Access to personal data is restricted to authorized personnel who require it for legitimate business purposes. Multi-factor authentication (MFA) is used to secure access to sensitive systems.
3. Data Anonymization: Where possible, personal data is anonymized or pseudonymized to reduce the risk of identification in case of a breach.
4. Regular Security Audits: We conduct regular audits of our systems and subprocessors’ platforms (e.g., GoHighLevel) to ensure compliance with security standards.
5. Firewalls and Intrusion Detection Systems: Firewalls are used to protect our network from unauthorized access.Intrusion detection systems monitor for suspicious activity or potential threats.
We have implemented organizational policies and procedures to ensure that personal data is handled securely across all levels of our organization:
1. Employee Training: All employees undergo regular training on data protection laws (e.g., GDPR, PIPEDA) and best practices for safeguarding personal information.
2. Data Protection Policies: Internal policies govern how personal data is collected, processed, stored, and deleted.
Employees are required to adhere to strict confidentiality agreements.
3. Incident Response Plan: A comprehensive incident response plan is in place to address potential security breaches promptly and effectively.
We also take steps to protect physical access to systems where personal data is stored:
1. Secured Data Centers: Our subprocessors’ servers are located in secure data centers with controlled physical access.
Data centers are equipped with 24/7 monitoring, biometric access controls, and backup power supplies.
2. Device Security: Company devices used to access personal data are secured with encryption, password protection, and remote wipe capabilities in case of loss or theft.
To ensure our security measures remain effective over time, we regularly monitor and test our systems:
1. Vulnerability Assessments: Regular vulnerability scans are conducted to identify potential weaknesses in our systems or subprocessors’ platforms.
2. Penetration Testing: Periodic penetration testing is performed by third-party security experts to simulate real-world attacks and identify areas for improvement.
3. Continuous Monitoring: Automated tools monitor system activity for unusual behavior or potential threats in real time.
Despite our best efforts, no system is completely immune to security breaches. In the unlikely event of a breach involving your personal data:
1. Immediate Action: We will take immediate steps to contain the breach, assess its impact, and mitigate any further risks.
2. Notification Requirements: If required by law, we will notify affected individuals and relevant authorities within the timeframe specified by applicable regulations:
Under GDPR: Notification must occur within 72 hours of becoming aware of the breach.
Under PIPEDA: Notification must occur if there is a "real risk of significant harm" resulting from the breach.
Under CCPA/CPRA: Notification must occur "without unreasonable delay."
3. Details Provided in Notifications: The nature of the breach.
The types of personal data affected.
Steps taken to mitigate the breach.
Recommendations for affected individuals (e.g., monitoring accounts for suspicious activity).
4. Post-Breach Review: After addressing the breach, we will conduct a thorough review of our systems and processes to prevent future incidents.
We work with trusted subprocessors (e.g., GoHighLevel) who are contractually obligated to implement robust security measures that comply with GDPR/PIPEDA/U.S.-state privacy laws:
Subprocessors must encrypt personal data during transmission and storage.
Subprocessors must regularly audit their systems for vulnerabilities.
Subprocessors must notify us immediately in the event of a breach affecting your personal data.
While we take significant steps to secure your personal data, you also play an important role in protecting your information:
Use strong passwords for your accounts and update them regularly.
Avoid sharing sensitive information over unsecured networks or devices.
Notify us immediately if you suspect unauthorized access to your account or personal data.
We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or the services we offer. Below, we outline how we handle updates and notify you of any significant changes.
We may revise this Privacy Policy for the following reasons:
1. Legal Compliance: To comply with new or updated privacy laws and regulations (e.g., GDPR amendments, PIPEDA updates, or new U.S. state privacy laws).
2. Service Enhancements: To reflect changes in our services, such as the introduction of new features or tools.
3. Organizational Changes: In the event of a merger, acquisition, or restructuring that affects how your personal data is processed.
4. Best Practices: To improve transparency or align with industry best practices for data protection.
When we make material changes to this Privacy Policy, we will notify you in advance by:
1. Email Notification: Sending an email to the address associated with your account (if applicable) outlining the key changes.
2. Platform Notification: Displaying a prominent notice on our website/platform informing you of the updates.
3. Effective Date: Clearly stating the effective date of the updated Privacy Policy at the top of this document.
We will provide advance notice of material changes as required by applicable laws:
1. GDPR (EU/Greek Clients): We will notify you at least 30 days before any material changes take effect.
2. PIPEDA (Canadian Clients): We will notify you within a reasonable timeframe before implementing significant changes that affect how your personal information is processed.
3. CCPA/CPRA (U.S.-Based Clients): We will provide notice "without unreasonable delay" before implementing material changes that affect your rights under U.S.-state privacy laws.
Depending on your jurisdiction, you have specific rights related to changes in this Privacy Policy:
1. Right to Be Informed: You have the right to be informed about how updates to this Privacy Policy may impact your personal data.
2. Right to Object: If you disagree with any updates that materially affect your rights or how your personal data is processed, you may object by contacting us at [email protected].
3. Right to Withdraw Consent: If any changes require new consent (e.g., for additional processing activities), you have the right to withdraw consent at any time without affecting prior processing.
4. Right to Terminate Services: If you do not agree with the updated terms of this Privacy Policy, you may terminate your account or discontinue using our services.
For minor updates that do not materially affect your rights or how your personal data is processed:
1. We may update this Privacy Policy without providing advance notice.
2. The updated version will be posted on our website/platform with a revised "Last Updated" date at the top of this document.
3. You are encouraged to review this Privacy Policy periodically to stay informed about how we protect your personal data.
To ensure transparency, we maintain an archive of previous versions of this Privacy Policy for reference purposes:
1. Archived versions can be requested by contacting us at [email protected].
2. These archives allow you to review how our data practices have evolved over time.