Privacy Policy

1. Introduction

Samuel Holley AI Consulting ("we," "us," "our") operates the website samuelholley.com (the "Site"). We are committed to protecting your privacy and complying with applicable data protection laws, including the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and CAN-SPAM Act.

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our Site or use our services.

2. Information We Collect

A. Personal Information You Provide

We collect information you voluntarily provide when you:

• Contact Form: Name, email address, company name, phone number, and message content
• Email Signup: Email address and communication preferences (Signal Drop or Deep Signal)
• Client Agreements: Name, role, email address, and digital signature information
• Scheduling (Calendly): Name, email, phone, and appointment details via our third-party scheduling tool
• Payment Processing (Stripe): Payment information processed by Stripe (we do not store credit card data)

B. Automatically Collected Information

When you visit our Site, we automatically collect certain information through cookies and similar technologies:

• Analytics Data: IP address, browser type, device information, pages visited, time spent on pages, referral sources (via Google Analytics)
• Performance Data: Site load times, errors, and performance metrics (via Vercel Analytics & Speed Insights)
• Cookies: Small text files stored on your device for analytics and site functionality

C. Information We Do NOT Collect

• Sensitive personal data (racial origin, political opinions, health data, etc.)
• Children's information (our services are not directed to individuals under 18)
• Social Security Numbers or government-issued ID numbers
• Credit card data (handled solely by Stripe)

3. How We Use Your Information

We use your personal information for the following purposes:

Legal Basis for Processing (GDPR)

• Consent: Email signups, contact forms, cookies (where required)
• Contract Performance: Client agreements, service delivery, payment processing
• Legitimate Interests: Site analytics, security, fraud prevention, service improvements
• Legal Obligation: Compliance with tax, accounting, and legal requirements

Specific Uses

• Service Delivery: Respond to inquiries, schedule consultations, deliver consulting services
• Communications: Send newsletters, AI insights, service updates (only with consent)
• Analytics: Understand Site usage, improve user experience, optimize content
• Legal Compliance: Maintain records for tax, contractual, and regulatory purposes
• Security: Protect against fraud, unauthorized access, and security threats
• Business Operations: Invoicing, payment processing, record-keeping

4. Third-Party Services & Data Sharing

We use the following third-party services that may access your personal information:

No Data Sales: We do not sell, rent, or trade your personal information to third parties for marketing purposes.

5. Cookies & Tracking Technologies

We use cookies to enhance your experience and analyze Site performance. For detailed information, see our Cookie Policy.

Types of Cookies We Use

• Essential Cookies: Required for Site functionality (e.g., session management)
• Analytics Cookies: Google Analytics for usage statistics
• Performance Cookies: Vercel Speed Insights for site optimization

Managing Cookies

You can control cookies through your browser settings or our cookie consent banner. Note that disabling cookies may affect Site functionality.

6. Data Retention

We retain your personal information only as long as necessary for the purposes outlined in this policy:

• Contact Form Data: Deleted after 2 years or upon request
• Email Subscribers: Retained until you unsubscribe
• Client Agreement Data: Retained for 7 years for legal/tax purposes
• Analytics Data: Aggregated data retained indefinitely; individual IP data anonymized after 14 months
• Payment Records: Retained for 7 years per IRS requirements

7. Your Privacy Rights

GDPR Rights (EU Residents)

If you are located in the European Economic Area (EEA), you have the following rights:

• Right to Access: Request a copy of your personal data
• Right to Rectification: Correct inaccurate or incomplete data
• Right to Erasure: Request deletion of your data ("right to be forgotten")
• Right to Restriction: Limit how we use your data
• Right to Data Portability: Receive your data in a machine-readable format
• Right to Object: Object to processing based on legitimate interests
• Right to Withdraw Consent: Withdraw consent at any time
• Right to Lodge a Complaint: File a complaint with your local data protection authority

CCPA Rights (California Residents)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA):

• Right to Know: Request information about personal data collected, used, disclosed, or sold
• Right to Delete: Request deletion of your personal data
• Right to Opt-Out: Opt-out of the "sale" of personal data (Note: We do not sell personal data)
• Right to Non-Discrimination: We will not discriminate against you for exercising your rights

How to Exercise Your Rights

To exercise any of these rights, please contact us at:

We will respond to your request within 30 days (GDPR) or 45 days (CCPA). We may need to verify your identity before processing your request.

8. Data Security

We implement reasonable security measures to protect your personal information:

• Encryption: HTTPS/TLS encryption for data transmission
• Access Controls: Limited access to personal data (need-to-know basis)
• Secure Hosting: Vercel's secure infrastructure with DDoS protection
• Multi-Factor Authentication: MFA enabled on critical accounts (Google, Stripe, etc.)
• Regular Updates: Software dependencies kept up-to-date

Important: No method of transmission over the Internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

9. International Data Transfers

Our Site is hosted in the United States. If you access our Site from outside the U.S., your information will be transferred to, stored, and processed in the United States. By using our Site, you consent to this transfer. We rely on Standard Contractual Clauses (SCCs) and other legal mechanisms for GDPR-compliant international transfers.

10. Children's Privacy

Our Site and services are not directed to individuals under 18 years of age. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child without parental consent, we will delete it promptly.

11. Email Communications & Unsubscribe

CAN-SPAM Compliance: All marketing emails include:

• Clear identification of the sender
• Accurate subject lines
• Our physical business address: Mendocino County, CA
• An unsubscribe link in every email

To Unsubscribe: Click the "Unsubscribe" link in any email or email sam@samuelholley.com with "Unsubscribe" in the subject line. We will process your request within 10 business days.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last Updated" date. Material changes will be communicated via email to registered users or a prominent notice on our Site. Continued use of the Site after changes constitutes acceptance of the updated policy.

13. Contact Information

For questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact:

14. Governing Law

This Privacy Policy is governed by the laws of the State of California, United States, without regard to conflict of law provisions. Any disputes shall be resolved in the courts of Mendocino County, California.