Privacy Policy

1. Introduction

Welcome to Reboot Media ("we," "us," or "our"). We are committed to protecting your privacy and the privacy of your customers. This Privacy Policy explains how we collect, use, and disclose information when you use our AI-powered website development and management services.

This policy covers both our direct clients (businesses we build websites for) and their end users (visitors to client websites). We maintain strict data separation between clients.

2. Information We Collect

From Our Clients (Business Customers):

• Business Information: Company name, contact person, email, phone, address, and industry type
• Account Credentials: Login information for our management portal
• Payment Information: Billing details processed through secure payment processors
• Content and Assets: Text, images, videos, and other materials provided for website development
• Communication Records: Emails, support tickets, and project correspondence
• Analytics Data: Website performance metrics, traffic data, and conversion statistics

From End Users (Visitors to Client Websites):

• Lead Information: Name, email, phone, and other data submitted through forms
• AI Chat Interactions: Conversation logs with AI chatbots
• Appointment Data: Scheduling preferences and calendar bookings
• Device Information: Browser type, IP address, device type, and operating system
• Usage Data: Pages visited, time spent, clicks, and navigation patterns
• Cookies: Session cookies and analytics cookies (with consent where required)

AI-Generated Data:

• Lead Scoring: AI-calculated qualification scores based on interaction patterns
• Behavioral Analytics: AI-analyzed user intent and interest indicators
• Response Patterns: AI-generated replies and conversation flows
• Optimization Metrics: AI-identified improvement opportunities

3. How We Use Information

Client Information is Used to:

• Design, develop, and maintain websites
• Provide AI automation and optimization services
• Process payments and manage accounts
• Communicate about projects and services
• Provide technical support and troubleshooting
• Send service updates and important notices
• Improve our services and develop new features

End User Information is Used to:

• Capture and qualify leads for our clients
• Respond to inquiries through AI chat systems
• Schedule appointments and send confirmations
• Generate quotes and estimates
• Analyze website performance and user behavior
• Optimize conversion rates and user experience
• Comply with legal obligations

AI Training and Improvement:

We may use anonymized and aggregated data to improve our AI models and services. This includes:

• Training chatbots to better understand common inquiries
• Improving lead scoring algorithms
• Enhancing automated response quality
• Optimizing conversion prediction models

Individual client data is never shared with other clients or used to benefit competitors.

4. Data Sharing and Disclosure

We do not sell, rent, or trade personal information. We share data only in these circumstances:

Service Providers:

• Hosting: Cloudflare for website hosting and CDN services
• AI Services: OpenAI, Anthropic Claude for AI processing
• CRM Systems: Airtable for lead management
• Automation: n8n and similar workflow providers
• Analytics: Google Analytics (with appropriate consents)
• Payment Processing: Stripe, PayPal, or similar processors

Client Access:

Each client has access only to their own data and their end users' information. We provide:

• Real-time lead notifications to designated client contacts
• Access to conversation logs and analytics dashboards
• Data exports in standard formats (CSV, JSON)
• API access where applicable

Legal Requirements:

We may disclose information when required by law, court order, or to protect our rights, property, or safety.

5. Data Security

We implement comprehensive security measures to protect your data:

• Encryption: SSL/TLS for data in transit, encryption at rest for sensitive data
• Access Controls: Role-based permissions, multi-factor authentication available
• Regular Audits: Security assessments and vulnerability testing
• Secure Development: Following OWASP guidelines and best practices
• Incident Response: Procedures for detecting and responding to security incidents
• Employee Training: Regular security awareness training
• Data Isolation: Client data is logically separated and access-controlled

While we implement industry-standard security measures, no system is 100% secure. We cannot guarantee absolute security of data transmission or storage.

6. Data Retention

Client Data:

• Active account data: Retained for duration of service agreement
• After termination: 90 days for data recovery requests
• Backups: Rotated on 30-day cycle
• Financial records: 7 years per legal requirements

End User Data:

• Lead information: Per client's retention policy
• Chat logs: 12 months unless client specifies otherwise
• Analytics data: 26 months
• Cookies: Session or up to 1 year for analytics

Clients can request data deletion at any time, subject to legal retention requirements.

7. Your Data Rights and Choices

For Our Clients:

• Access: View all data we hold about your business
• Correction: Update inaccurate information
• Export: Receive your data in portable formats
• Deletion: Request removal of your data (subject to legal requirements)
• Restriction: Limit how we process your data
• Objection: Opt-out of certain data uses

For End Users:

If you are a visitor to one of our client's websites, your data rights are primarily managed by that business. However, you can:

• Contact the business directly for data requests
• Contact us if the business is unresponsive
• Opt-out of cookies through browser settings
• Request removal from marketing communications

8. Regional Privacy Rights

California Residents (CCPA/CPRA):

California residents have additional rights:

• Right to know what personal information is collected
• Right to know if personal information is sold or shared
• Right to opt-out of sale (we do not sell personal information)
• Right to delete personal information
• Right to correct inaccurate information
• Right to limit use of sensitive personal information
• Right to non-discrimination for exercising rights

EU/UK Residents (GDPR):

EU and UK residents have rights including:

• Right to access personal data
• Right to rectification of inaccurate data
• Right to erasure ("right to be forgotten")
• Right to restrict processing
• Right to data portability
• Right to object to processing
• Rights related to automated decision-making

Our legal basis for processing is typically legitimate interests or contractual necessity. We will respond to requests within 30 days.

9. Cookies and Tracking Technologies

Websites we build may use cookies and similar technologies:

Types of Cookies:

• Essential: Required for website functionality
• Analytics: Help understand visitor behavior
• Marketing: Track advertising effectiveness (if enabled by client)
• Preferences: Remember user settings and choices

Visitors can control cookies through browser settings. Disabling cookies may affect website functionality. Where required by law, we implement cookie consent banners.

10. AI and Automated Decision-Making

Our AI systems may make automated decisions including:

• Lead scoring and qualification
• Chat response generation
• Appointment scheduling
• Quote calculations
• Content personalization

These decisions are based on algorithms and data patterns. End users can request human review of automated decisions by contacting the business directly. Our clients maintain ultimate control over AI behaviors and can override automated decisions.

11. Children's Privacy

Our services are not directed at children under 13. We do not knowingly collect personal information from children. If we discover we have collected information from a child under 13, we will delete it promptly. Clients are responsible for ensuring their websites comply with children's privacy laws if applicable to their business.

12. International Data Transfers

Data may be processed in the United States and other countries where our service providers operate. We ensure appropriate safeguards are in place for international transfers, including standard contractual clauses where required. By using our services, you consent to the transfer of information to countries outside your country of residence.

13. Changes to This Privacy Policy

We may update this Privacy Policy to reflect changes in our practices or legal requirements. Material changes will be notified to clients via email at least 30 days before taking effect. The updated policy will be posted on our website with the new effective date. Continued use of our services after changes constitutes acceptance.

14. Contact Information