Privacy Policy — BuiltRight Digital

Effective date: 2026-04-23 · Last revised: 2026-04-23

1. Who we are

BuiltRight Digital LLC, a Florida limited liability company ("BuiltRight", "we", "us", "our") operates the website builtrightdigital.us (the "Site") and provides website design, hosting, and related digital services to small businesses, primarily in Florida.

Principal office: Florida, USA — mailing address available on request at support@builtrightdigital.us Contact for privacy requests: support@builtrightdigital.us

2. Information we collect

2.1 Information you provide directly

Contact form / inquiry form submissions: name, business name, email address, phone number, business website URL, industry/trade, message text.
Booked-meeting information: date/time of meeting, any notes you provide.
Email replies to any outreach we send: full email content, your email address, signature data.
Voice / phone interactions: if you speak with our AI voice assistant ("Jake") or a human team member, we collect the phone number dialed, call duration, recording (if consent given — see §3), and a transcript of the conversation.
Billing information (only if you become a paying Client): name, business name, billing address, payment card or ACH info (processed via our payment processor — BuiltRight does not store full card numbers).

2.2 Information collected automatically

Site analytics: via our analytics provider — pages visited, time on page, referring URL, device/browser type, approximate geographic region (city/country, inferred from IP).
IP address at the time of request (used for fraud prevention and rough geolocation).
Cookies and local storage: session cookies (essential), analytics cookies (set by our analytics provider), optionally marketing cookies (none as of 2026-04-23).

2.3 Information from third parties

Prospect data: if we reach out to you cold, we may have obtained your business name and phone number from publicly available business directories (Google Business Profile, Yelp, Bing Places), government databases (Florida Sunbiz, county BTR records), or licensed data aggregators.
Payment processing data from our payment processor when you pay an invoice.
CRM enrichment via our CRM platform — business name lookups, social profiles.

2.4 Information we do NOT collect

We do NOT collect precise geolocation.
We do NOT collect government IDs, SSNs, financial account numbers directly (payment data goes through our payment processor).
We do NOT collect biometric data beyond voice recordings of calls you participate in (voice recordings are not used for biometric identification).
We do NOT collect information about children under 13. The Site is not directed to children.

BuiltRight uses an AI voice assistant ("Jake") to place outbound calls to published business phone numbers in Florida and other US states.
Recording. Outbound calls may be recorded for quality, training, compliance, and dispute-defense purposes. We treat the dialed number as a published business line with a reduced expectation of privacy under federal one-party consent (18 U.S.C. §2511(2)(d)).
Two-party consent jurisdictions. If you are located in a two-party consent state (e.g., Florida, Fla. Stat. §934.03(2)(d), and similar provisions in other states), you may stop the recording at any time during the call by saying "stop recording", "don't record me", or words to similar effect; we will disable the recording for the remainder of that call. Continuing the conversation without objection constitutes your implied consent under those states' equivalent provisions.
AI disclosure. If you ask whether you are speaking with a human or an AI, our caller will confirm that you are speaking with an AI assistant.
Recording retention: we retain call recordings only as long as required by federal TCPA and TSR recordkeeping rules and our internal quality and dispute-defense needs. Retention is shortest for non-Client cold calls and longest for calls that resulted in a booked meeting or Client engagement.
Access to recordings: only authorized BuiltRight personnel have access. Recordings are NOT used to train external AI models. Recordings are NOT shared with third parties outside the sub-processor list in §6.
Request deletion of your call recording: email support@builtrightdigital.us with the phone number dialed and approximate date/time. We will delete within 30 days of verification, except where retention is legally required.

4. How we use your information

To provide services: build your website, host it, respond to support inquiries, process payments.
To contact you: respond to inquiries, schedule meetings, deliver website updates, send invoices.
For cold outreach (prospects only): place outbound AI voice calls to business phone numbers, send follow-up SMS with meeting links, send email nurture sequences.
For analytics and site improvement: understand Site traffic, improve Site UX, measure campaign effectiveness.
For compliance and legal reasons: respond to lawful requests by public authorities, enforce our Terms of Service, defend against claims.
Marketing email opt-out: every marketing email we send includes an unsubscribe link (CAN-SPAM compliant). Clicking unsubscribe removes you from the marketing list within 10 business days (often within 24 hours).

We do NOT sell your personal data. We do NOT share your personal data with third parties for their own marketing. We do NOT use your personal data for automated decision-making with legal or similar significant effects.

For visitors located in the EU/EEA/UK (though not our target market):

Consent (Art. 6(1)(a) GDPR): analytics cookies, marketing emails.
Legitimate interest (Art. 6(1)(f) GDPR): fraud prevention, Site security, direct B2B outreach.
Contract performance (Art. 6(1)(b) GDPR): providing services to Clients.
Legal obligation (Art. 6(1)(c) GDPR): retention to satisfy TCPA/TSR rules.

6. Sub-processors (third parties that process data on our behalf)

We use a small number of US-based service providers across the categories below. We do not publicly list specific vendor names in this policy. If you need the current list of named vendors operating under any category for a legitimate compliance, security-review, or data-subject-rights purpose, email support@builtrightdigital.us with subject line "Sub-processor list request" and we will respond within 30 days.

Sub-processor category	Purpose	Data processed	Location
AI voice call infrastructure	Power outbound voice calls	Call audio, transcripts, caller-ID, recording metadata	US
Telephony / SMS provider	Telephony, SMS, programmable voice	Phone numbers, call records, SMS content	US
Database + backend infrastructure	Store CRM, call, client, recording data	All CRM, call, client, recording data	US
CRM / sales pipeline platform	Sales CRM, pipeline management	Lead contact info, pipeline stage, meeting data	US
Payment processor	Process invoices and Client payments	Billing name, business name, card data (tokenized — we never see the PAN), ACH details	US
Site hosting provider	Host builtrightdigital.us	Page view logs, edge function logs	US
Product / site analytics provider	Aggregate traffic + UX metrics	Session IDs, event data, IP address (anonymized), device info	US or EU
Business email + calendar provider	Operational email + scheduling	Email content, calendar events	US
Voice synthesis (TTS) provider	Render Jake's spoken voice	Text-to-speech prompts only (no PII)	US
LLM provider(s)	Power Jake's real-time conversation reasoning	Real-time transcripts during call	US

We require each sub-processor to (a) have commercially reasonable security practices, (b) process data only for our instructed purposes, (c) support our deletion / access requests. We review this list at least annually and update as the infrastructure changes.

7. Your rights

7.1 Rights for everyone (FL + anywhere in US)

Access / portability: request a copy of the personal data we hold about you.
Correction: ask us to fix inaccurate data.
Deletion: ask us to delete your data (exceptions apply — see §7.4).
Marketing opt-out: unsubscribe from marketing emails; ask us to add you to our internal Do Not Call (DNC) list.
Opt-out of sale of sensitive data (FDBR, applies to all businesses regardless of revenue): we do not sell any personal or sensitive data, but if this ever changes, an opt-out path will be published here first.

7.2 Additional rights for California residents (CCPA/CPRA)

Right to know categories and specific pieces of personal information collected.
Right to delete personal information.
Right to correct inaccurate personal information.
Right to opt out of sale or sharing of personal information. We do not sell or share your personal information.
Right to limit use of sensitive personal information. We do not use sensitive personal information beyond permitted purposes.
Right to non-discrimination for exercising CCPA rights.

All rights under Arts. 15-22 GDPR (access, rectification, erasure, restriction, portability, objection, non-automated decision-making).
Right to lodge a complaint with a supervisory authority.

7.4 How to exercise your rights

Email: support@builtrightdigital.us
Subject line: "Privacy Request — [Access / Deletion / Correction / Opt-Out]"
Response time: 30 days for most requests; 45 days if complex (we will notify you of any extension).
Verification: we may ask you to verify your identity before acting on a request (typically by matching the email address or phone number on file).

7.5 Retention exceptions to deletion

We may retain data past a deletion request if legally required:

TCPA/TSR recordkeeping (5 years for outbound call artifacts).
Accounting/tax records (7 years per IRS guidance).
Active litigation or legal hold.
Fraud prevention records.

8. Data retention

We retain personal data only for as long as needed for the purposes for which it was collected, and as required by applicable law. The categories below are operational; specific retention periods are reviewed periodically and may be adjusted to meet legal, accounting, or security needs.

Data type	Retention principle
Contact form submissions (non-Client)	Retained for sales follow-up; deleted on request unless an active pipeline relationship exists
Cold-outreach lead records (phone, email)	Retained for sales cycle duration; DNC requests retained indefinitely so we never re-dial an opted-out number
Call recordings + transcripts (non-Client)	Retained only as long as required for our internal quality review and applicable federal recordkeeping rules
Call recordings + transcripts (Client / booked meeting)	Retained for the duration of the engagement plus the periods required by federal TCPA + TSR rules
Client project + deliverables	Retained as required by tax + intellectual-property recordkeeping rules
Client billing records	Retained as required by IRS rules
Website analytics	Retained on a rolling window for product improvement
Server logs	Retained on a rolling window for security + debugging
Backup snapshots	Retained on a short rolling window for disaster recovery

9. Security

All data in transit encrypted via TLS 1.2+.
Database uses AES-256 encryption at rest.
Access controls: role-based; only authorized BuiltRight personnel have admin access.
Call recordings stored in private object storage with signed-URL-only access.
Incident response: any confirmed data breach affecting 50+ records or sensitive personal data will trigger notification to affected individuals within 30 days, per FL, CA, and applicable federal law. Written breach notification policy on file internally.

10. Cookies and tracking

Essential cookies: required for Site function (session, CSRF protection).
Analytics cookies: set by our analytics provider — anonymized IP, session tracking. Opt-out: use the cookie banner at the bottom of the Site (if shown) or browser "Do Not Track" settings (we honor DNT).
No third-party advertising cookies.
No cross-site tracking pixels.

As of 2026-04-23, the Site does NOT require a pre-consent cookie banner under US law (even under FDBR at our scale). A banner is displayed for EU/UK visitors (detected by IP geolocation) as a voluntary GDPR best practice.

11. Children's privacy

The Site and BuiltRight's services are not directed to children under 13. We do not knowingly collect personal information from children. If you believe a child has provided personal information to us, contact support@builtrightdigital.us and we will delete it promptly.

12. Do Not Call (DNC)

If you ask us — verbally or in writing — to stop calling you, we will:

Add your number to our internal DNC list within 24 hours.
Never dial that number again from any BuiltRight-operated DID.
Propagate the DNC flag across all our calling platforms.

You may also register on:

Federal DNC Registry: https://www.donotcall.gov
Florida Do Not Call List (FDACS): https://www.fdacs.gov/Business-Services/Florida-Do-Not-Call

We scrub against both the federal and Florida DNC lists weekly prior to any outbound calling campaign.

13. International data transfers

Our infrastructure is located in the United States. If you access the Site from outside the US, your information is transferred to and processed in the US, which may have different data protection laws than your country.

For EU/UK visitors: we rely on the relevant Standard Contractual Clauses (SCCs) in place between BuiltRight and our sub-processors where applicable. (Most of our sub-processors have self-certified under the EU-US Data Privacy Framework.)

14. Changes to this Privacy Policy

We may update this Privacy Policy from time to time.
Material changes will be announced at least 30 days in advance via banner on the Site and/or email to active Clients.
The "Effective Date" at the top reflects the most recent revision.

15. Contact

Privacy questions, requests, complaints:

BuiltRight Digital LLC, a Florida limited liability company Florida, USA — mailing address available on request at support@builtrightdigital.us Email: support@builtrightdigital.us Site: https://builtrightdigital.us/privacy