1. Who we are
BuiltRight Digital LLC, a Florida limited liability company ("BuiltRight", "we", "us", "our") operates the website builtrightdigital.us (the "Site") and provides website design, hosting, search-engine optimization (SEO), answer-engine optimization (AEO), and related digital-presence services to local-service small businesses across the United States. Our current outreach focus is salons and beauty businesses, but our services are not limited to any single industry.
Principal office: Florida, USA — mailing address available on request at support@builtrightdigital.us Contact for privacy requests: support@builtrightdigital.us
2. Information we collect
2.1 Information you provide directly
- Contact form / inquiry form submissions: name, business name, email address, phone number, business website URL, industry/trade, message text.
- Booked-meeting information: date/time of meeting, any notes you provide.
- Email replies to any outreach we send: full email content, your email address, signature data.
- Voice / phone interactions: if you speak with a member of our sales team by phone, we collect the phone number dialed, call duration, any recording (if and when call recording is enabled — see §3), and notes from the conversation.
- Billing information (only if you become a paying Client): name, business name, billing address, payment card or ACH info (processed via our payment processor — BuiltRight does not store full card numbers).
2.2 Information collected automatically
- Site analytics: via our analytics provider — pages visited, time on page, referring URL, device/browser type, approximate geographic region (city/country, inferred from IP).
- IP address at the time of request (used for fraud prevention and rough geolocation).
- Cookies and local storage: session cookies (essential), analytics cookies (set by our analytics provider), optionally marketing cookies (none as of 2026-04-23).
2.3 Information from third parties
- Prospect data: if we reach out to you cold, we obtained your publicly listed business name, phone number, website, and similar business contact details from publicly available business directories — primarily Google Business Profile, accessed through the Google Places API — together with other public business listings and government business registries. We collect business contact information, not personal data unrelated to your business.
- Payment processing data from our payment processor when you pay an invoice.
- CRM enrichment via our CRM platform — business name lookups, social profiles.
2.4 Information we do NOT collect
- We do NOT collect precise geolocation.
- We do NOT collect government IDs, SSNs, financial account numbers directly (payment data goes through our payment processor).
- We do NOT collect biometric data beyond voice recordings of calls you participate in (voice recordings are not used for biometric identification).
- We do NOT collect information about children under 13. The Site is not directed to children.
3. Phone calls, recording, and consent
- Our outbound calls are placed by human members of the BuiltRight sales team. We do not use an AI voice assistant, automated voice, or robocalling.
- Recording. Outbound and inbound calls may be recorded for quality, training, compliance, and dispute-defense purposes. We treat a dialed published business line as having a reduced expectation of privacy under federal one-party consent (18 U.S.C. §2511(2)(d)).
- Two-party consent jurisdictions. If you are located in a two-party consent state (e.g., Florida, Fla. Stat. §934.03(2)(d), and similar provisions in other states), you may stop the recording at any time during the call by telling the representative "stop recording", "don't record me", or words to similar effect; we will disable recording for the remainder of that call. Continuing the conversation without objection constitutes your implied consent under those states' equivalent provisions.
- Recording retention: we retain any call recordings only as long as required by federal TCPA and TSR recordkeeping rules and our internal quality and dispute-defense needs. Retention is shortest for non-Client cold calls and longest for calls that resulted in a booked meeting or Client engagement.
- Access to recordings: only authorized BuiltRight personnel have access. Recordings are NOT used to train AI models. Recordings are NOT shared with third parties outside the sub-processor list in §6.
- Request deletion of your call recording: email support@builtrightdigital.us with the phone number dialed and approximate date/time. We will delete within 30 days of verification, except where retention is legally required.
4. How we use your information
- To provide services: build your website, host it, respond to support inquiries, process payments.
- To contact you: respond to inquiries, schedule meetings, deliver website updates, send invoices.
- For cold outreach (prospects only): place outbound calls by our sales team to published business phone numbers, send a follow-up SMS with a booking link after you verbally agree on a call to receive it (see the "SMS Consent" section of our Terms), and send business email outreach.
- For analytics and site improvement: understand Site traffic, improve Site UX, measure campaign effectiveness.
- For compliance and legal reasons: respond to lawful requests by public authorities, enforce our Terms of Service, defend against claims.
- Marketing email opt-out: every marketing email we send includes an unsubscribe link (CAN-SPAM compliant). Clicking unsubscribe removes you from the marketing list within 10 business days (often within 24 hours).
We do NOT sell your personal data. We do NOT share your personal data with third parties for their own marketing. We do NOT use your personal data for automated decision-making with legal or similar significant effects.
No mobile information will be shared with third parties or affiliates for marketing or promotional purposes. All of the data categories described in this policy exclude text-messaging originator opt-in data and consent; this SMS opt-in information is never shared with any third parties, and is used solely to send the booking-link and appointment messages you consented to.
5. Legal basis for processing (GDPR only, for EU visitors)
For visitors located in the EU/EEA/UK (though not our target market):
- Consent (Art. 6(1)(a) GDPR): analytics cookies, marketing emails.
- Legitimate interest (Art. 6(1)(f) GDPR): fraud prevention, Site security, direct B2B outreach.
- Contract performance (Art. 6(1)(b) GDPR): providing services to Clients.
- Legal obligation (Art. 6(1)(c) GDPR): retention to satisfy TCPA/TSR rules.
6. Sub-processors (third parties that process data on our behalf)
We use a small number of US-based service providers across the categories below. We do not publicly list specific vendor names in this policy. If you need the current list of named vendors operating under any category for a legitimate compliance, security-review, or data-subject-rights purpose, email support@builtrightdigital.us with subject line "Sub-processor list request" and we will respond within 30 days.
| Sub-processor category | Purpose | Data processed | Location |
|---|---|---|---|
| Telephony / SMS provider | Telephony, SMS, call recording | Phone numbers, call records, recordings, SMS content | US |
| Database + backend infrastructure | Store CRM, call, client, recording data | All CRM, call, client, recording data | US |
| CRM / sales pipeline platform | Sales CRM, pipeline management | Lead contact info, pipeline stage, meeting data | US |
| Lead data source | Find publicly listed businesses to contact | Public business listings (name, phone, website, address) | US |
| Payment processor | Process invoices and Client payments | Billing name, business name, card data (tokenized — we never see the PAN), ACH details | US |
| Site hosting provider | Host builtrightdigital.us | Page view logs, edge function logs | US |
| Product / site analytics provider | Aggregate traffic + UX metrics | Session IDs, event data, IP address (anonymized), device info | US or EU |
| Business email + calendar provider | Operational email + scheduling | Email content, calendar events | US |
We require each sub-processor to (a) have commercially reasonable security practices, (b) process data only for our instructed purposes, (c) support our deletion / access requests. We review this list at least annually and update as the infrastructure changes.
7. Your rights
7.1 Rights for everyone (FL + anywhere in US)
- Access / portability: request a copy of the personal data we hold about you.
- Correction: ask us to fix inaccurate data.
- Deletion: ask us to delete your data (exceptions apply — see §7.4).
- Marketing opt-out: unsubscribe from marketing emails; ask us to add you to our internal Do Not Call (DNC) list.
- Opt-out of sale of sensitive data (FDBR, applies to all businesses regardless of revenue): we do not sell any personal or sensitive data, but if this ever changes, an opt-out path will be published here first.
7.2 Additional rights for California residents (CCPA/CPRA)
- Right to know categories and specific pieces of personal information collected.
- Right to delete personal information.
- Right to correct inaccurate personal information.
- Right to opt out of sale or sharing of personal information. We do not sell or share your personal information.
- Right to limit use of sensitive personal information. We do not use sensitive personal information beyond permitted purposes.
- Right to non-discrimination for exercising CCPA rights.
7.3 Additional rights for EU/UK visitors (GDPR)
- All rights under Arts. 15-22 GDPR (access, rectification, erasure, restriction, portability, objection, non-automated decision-making).
- Right to lodge a complaint with a supervisory authority.
7.4 How to exercise your rights
- Email: support@builtrightdigital.us
- Subject line: "Privacy Request — [Access / Deletion / Correction / Opt-Out]"
- Response time: 30 days for most requests; 45 days if complex (we will notify you of any extension).
- Verification: we may ask you to verify your identity before acting on a request (typically by matching the email address or phone number on file).
7.5 Retention exceptions to deletion
We may retain data past a deletion request if legally required:
- TCPA/TSR recordkeeping (5 years for outbound call artifacts).
- Accounting/tax records (7 years per IRS guidance).
- Active litigation or legal hold.
- Fraud prevention records.
8. Data retention
We retain personal data only for as long as needed for the purposes for which it was collected, and as required by applicable law. The categories below are operational; specific retention periods are reviewed periodically and may be adjusted to meet legal, accounting, or security needs.
| Data type | Retention principle |
|---|---|
| Contact form submissions (non-Client) | Retained for sales follow-up; deleted on request unless an active pipeline relationship exists |
| Cold-outreach lead records (phone, email) | Retained for sales cycle duration; DNC requests retained indefinitely so we never re-dial an opted-out number |
| Call recordings + transcripts (non-Client) | Retained only as long as required for our internal quality review and applicable federal recordkeeping rules |
| Call recordings + transcripts (Client / booked meeting) | Retained for the duration of the engagement plus the periods required by federal TCPA + TSR rules |
| Client project + deliverables | Retained as required by tax + intellectual-property recordkeeping rules |
| Client billing records | Retained as required by IRS rules |
| Website analytics | Retained on a rolling window for product improvement |
| Server logs | Retained on a rolling window for security + debugging |
| Backup snapshots | Retained on a short rolling window for disaster recovery |
9. Security
- All data in transit encrypted via TLS 1.2+.
- Database uses AES-256 encryption at rest.
- Access controls: role-based; only authorized BuiltRight personnel have admin access.
- Call recordings stored in private object storage with signed-URL-only access.
- Incident response: any confirmed data breach affecting 50+ records or sensitive personal data will trigger notification to affected individuals within 30 days, per FL, CA, and applicable federal law. Written breach notification policy on file internally.
10. Cookies and tracking
- Essential cookies: required for Site function (session, CSRF protection).
- Analytics cookies: set by our analytics provider — anonymized IP, session tracking. Opt-out: use the cookie banner at the bottom of the Site (if shown) or browser "Do Not Track" settings (we honor DNT).
- No third-party advertising cookies.
- No cross-site tracking pixels.
As of 2026-04-23, the Site does NOT require a pre-consent cookie banner under US law (even under FDBR at our scale). A banner is displayed for EU/UK visitors (detected by IP geolocation) as a voluntary GDPR best practice.
11. Children's privacy
The Site and BuiltRight's services are not directed to children under 13. We do not knowingly collect personal information from children. If you believe a child has provided personal information to us, contact support@builtrightdigital.us and we will delete it promptly.
12. Do Not Call (DNC)
If you ask us — verbally or in writing — to stop calling you, we will:
- Add your number to our internal DNC list within 24 hours.
- Never dial that number again from any BuiltRight-operated DID.
- Propagate the DNC flag across all our calling platforms.
You may also register on:
- Federal DNC Registry: https://www.donotcall.gov
- Florida Do Not Call List (FDACS): https://www.fdacs.gov/Business-Services/Florida-Do-Not-Call
We scrub against both the federal and Florida DNC lists weekly prior to any outbound calling campaign.
13. International data transfers
Our infrastructure is located in the United States. If you access the Site from outside the US, your information is transferred to and processed in the US, which may have different data protection laws than your country.
For EU/UK visitors: we rely on the relevant Standard Contractual Clauses (SCCs) in place between BuiltRight and our sub-processors where applicable. (Most of our sub-processors have self-certified under the EU-US Data Privacy Framework.)
14. Changes to this Privacy Policy
- We may update this Privacy Policy from time to time.
- Material changes will be announced at least 30 days in advance via banner on the Site and/or email to active Clients.
- The "Effective Date" at the top reflects the most recent revision.
15. Contact
Privacy questions, requests, complaints:
BuiltRight Digital LLC, a Florida limited liability company Florida, USA — mailing address available on request at support@builtrightdigital.us Email: support@builtrightdigital.us Site: https://builtrightdigital.us/privacy