Legal

Privacy
Policy

Last updated: April 6, 2026

1. Information We Collect

We collect the following categories of information when you interact with our website, fill out forms, book a call, or engage our services:

  • Contact information: Name, email address, phone number, and company name when you fill out forms, request an audit, or book a call.
  • Communication data: Messages, emails, and other correspondence you send to us, including content submitted through our contact and scheduling forms.
  • Business information: Details about your software stack, workflows, team size, and business operations shared during audits and engagements.
  • Usage data: Information about how you interact with our website, collected via Google Analytics (measurement ID: G-96ZDYSF0S0), including pages visited, time on page, referral sources, click behavior, and browsing patterns.
  • Device information: Browser type and version, operating system, screen resolution, and device type.
  • IP address: Your Internet Protocol address, which may be used to derive approximate geographic location.

We do not collect Social Security numbers, financial account numbers, or health information through our website.

2. How We Use Your Information

We use the information we collect for the following purposes:

  • Respond to inquiries: Reply to your questions, form submissions, and requests for information.
  • Schedule audits and calls: Coordinate AI efficiency audits, discovery calls, and ongoing engagement meetings.
  • Deliver services: Provide custom software development, AI integration, and operational optimization services under your engagement.
  • Send transactional communications: Confirmations, scheduling reminders, engagement updates, invoices, and other messages directly related to your service engagement.
  • Send marketing communications: Occasional updates about new services, case studies, or insights. You may opt out of marketing emails at any time using the unsubscribe link in each email.
  • Improve our website: Analyze usage patterns and site performance to make our website more useful and effective.
  • Comply with legal obligations: Meet applicable legal, regulatory, and contractual requirements.

3. Data Sharing and Third-Party Services

We use the following third-party services to operate our business. Each service receives only the data necessary to perform its function:

  • Google Analytics (G-96ZDYSF0S0): Website analytics. Collects IP address, device information, and browsing behavior via first-party cookies. Used to understand how visitors use our site and to improve our content and user experience.
  • SmallBizHQ (driftops.smallbizhq.ai): Our CRM platform for contact management, scheduling, and client engagement tracking. Your contact information, communication history, and scheduling data are stored here.
  • SendGrid: Email delivery service. Processes your email address and message content to deliver transactional and marketing emails on our behalf.
  • Stripe: Payment processing. If applicable, Stripe securely handles payment card information for service invoicing. We do not store your payment card details on our own systems.

These services are contractually obligated to protect your data and are prohibited from using it for purposes other than providing their services to us.

We do not sell your personal information as defined under applicable state privacy laws, including the California Consumer Privacy Act (CCPA), the California Privacy Rights Act (CPRA), and similar state statutes.

4. Cookies and Tracking Technologies

Our website uses Google Analytics, which sets the following first-party cookies on your device:

  • _ga: Distinguishes unique visitors. Expires after 2 years.
  • _ga_<G-96ZDYSF0S0>: Maintains session state and tracks interactions across pages. Expires after 2 years.

These cookies collect anonymized data about your browsing behavior, including pages visited, time on site, referral source, and approximate geographic location derived from your IP address. This data helps us understand how visitors use our website so we can improve it.

You can control or delete cookies through your browser settings. Most browsers allow you to block cookies, clear existing cookies, or receive a notification before a cookie is set. Disabling cookies may affect analytics functionality but will not prevent you from accessing our content or contacting us.

We recognize the Global Privacy Control (GPC) signal. If your browser sends a GPC signal, we treat it as a valid opt-out request for the sale or sharing of personal information under applicable state privacy laws.

5. Data Retention

We retain your information only as long as necessary for the purposes described in this policy. Specific retention periods by category:

  • Contact and business information from active engagements: Duration of the engagement plus two (2) years.
  • Website analytics data: 14 months (the Google Analytics default retention period).
  • Email communications: Duration of the engagement plus two (2) years.
  • Marketing subscriber data: Until you unsubscribe or request removal.

You may request deletion of your personal data at any time by contacting us at [email protected].

6. Your Privacy Rights

Regardless of where you reside, you have the right to:

  • Access the personal information we hold about you
  • Correct any inaccurate or incomplete information
  • Delete your personal information from our systems
  • Portability — request a copy of your data in a commonly used, machine-readable format
  • Opt out of marketing communications at any time

To exercise any of these rights, contact us at [email protected] with "Privacy Request" in the subject line.

California Residents (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):

  • Right to know: You may request the categories and specific pieces of personal information we have collected about you.
  • Right to delete: You may request that we delete the personal information we have collected from you, subject to certain exceptions.
  • Right to opt out of sale/sharing: We do not sell your personal information. However, Google Analytics data sharing may constitute "sharing" of personal information under the CPRA for cross-context behavioral advertising purposes. You may opt out by disabling cookies in your browser settings or by sending a Global Privacy Control (GPC) signal.
  • Right to non-discrimination: We will not discriminate against you for exercising any of your privacy rights.
  • Right to limit use of sensitive personal information: We do not collect sensitive personal information as defined by the CPRA (such as SSN, financial account credentials, precise geolocation, racial/ethnic origin, or health data) through our website.

Authorized agents: You may designate an authorized agent to submit a privacy request on your behalf. We may require the agent to provide proof of written authorization and verify your identity directly.

Verification: When you submit a request, we will verify your identity by sending a confirmation to the email address associated with your account or inquiry. We will respond to verified requests within 45 calendar days. If we need additional time, we will notify you and may extend the response period by an additional 45 days.

Categories of personal information collected in the past 12 months (using CCPA taxonomy):

  • Identifiers: Name, email address, phone number, IP address.
  • Commercial information: Records of services engaged or considered, engagement history.
  • Internet or other electronic network activity: Browsing history, search history, and information regarding your interaction with our website.
  • Geolocation data: Approximate location derived from IP address.
  • Professional or employment-related information: Company name, job title or role.

Virginia, Colorado, Connecticut, and Utah Residents

If you reside in Virginia, Colorado, Connecticut, or Utah, you have rights under your state's respective privacy law, including:

  • Right to access, correct, and delete your personal data.
  • Right to data portability — obtain a copy of your personal data in a portable, readily usable format.
  • Right to opt out of targeted advertising based on personal data collected from your activities across websites.
  • Right to opt out of profiling in furtherance of decisions that produce legal or similarly significant effects.

Appeal process: If we deny your privacy request, you may appeal by emailing [email protected] with the subject line "Privacy Appeal." We will respond to your appeal within 60 days. If your appeal is denied, you may contact your state's Attorney General to file a complaint.

Colorado and Connecticut residents: We honor the Global Privacy Control (GPC) universal opt-out signal as a valid request to opt out of the sale of personal data and targeted advertising under your state's law.

7. Data Security

We implement industry-standard security measures to protect your personal information, including:

  • Encrypted data transmission via HTTPS/TLS on all pages and forms
  • Encryption of stored data at rest where applicable
  • Access to personal data restricted to authorized personnel who need it to perform their job functions

No method of electronic transmission or storage is 100% secure. While we strive to protect your personal information, we cannot guarantee its absolute security.

8. Children's Privacy

Our website and services are not directed to children under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal information from a child under 16, we will take steps to delete that information promptly. If you believe that a child under 16 has provided us with personal information, please contact us at [email protected] so we can take appropriate action.

9. Data Breach Notification

In the event of a data breach affecting your personal information, we will notify affected individuals within 72 hours of discovery via email. We will also notify applicable regulatory authorities as required by law. Breach notifications will include a description of the incident, the categories of data involved, and the steps we are taking in response.

10. Changes to This Policy

We may update this privacy policy from time to time. Changes will be posted on this page with an updated "last updated" date. For material changes, we will communicate updates via email at least 30 days before they take effect to active clients and contacts in our system. Your continued use of our website after changes are posted constitutes your acceptance of the updated policy.

11. Contact Us

If you have questions about this privacy policy, want to exercise your privacy rights, or need to report a concern about how your data is handled, please contact us:

Email: [email protected]

Mailing address:
DriftOps AI
204 37th Ave N
St Petersburg, FL 33704

For privacy-specific requests, please include "Privacy Request" in the subject line of your email.

Expected response time: Within 15 business days for general inquiries. For formal requests under the CCPA or other state privacy laws, we will respond within 45 calendar days as required by law.