The Short Version

We use Google Analytics for basic traffic data. When connected to client websites, all visitor data is anonymized. No personal data collected. No selling your information. We keep it simple.

Product-Specific Policies

This privacy policy covers skootle.com. Our individual products have their own privacy policies that address product-specific data handling:

What We Collect

We use Google Analytics to understand how people use our site. This tool collects:

Page views (which pages are visited)
Referrer information (how you found us)
Country-level location (not precise location)
Device type (desktop, mobile, tablet)
Browser type

Legal Basis for Processing

For visitors in the EU/EEA, we process data under GDPR Article 6 using the following legal bases:

Legitimate Interest (Art 6(1)(f)): We use analytics to understand and improve our website. This is a minimal, low-risk use of anonymized data.
Consent (Art 6(1)(a)): For non-essential cookies. You can withdraw consent at any time.
Contract Performance (Art 6(1)(b)): When you engage us for services, we process data necessary to deliver those services.
Legal Obligation (Art 6(1)(c)): We retain billing records as required by tax and financial regulations.

What We Do NOT Collect

Your name, email, or any personal information (unless you email us directly)
Precise location data
Browsing history across other sites
Any information from demo pages that would identify you

Cookies

Google Analytics uses cookies to distinguish unique visitors and track sessions. These are first-party cookies set by our domain. You can opt out of Google Analytics tracking by installing the Google Analytics Opt-out Browser Add-on.

Cookie Inventory

Cookie	Provider	Purpose	Duration	Type
_ga	Google Analytics	Distinguishes unique visitors	2 years	Analytics
_ga_[ID]	Google Analytics	Maintains session state	2 years	Analytics
__stripe_mid	Stripe	Payment fraud prevention	1 year	Essential
__stripe_sid	Stripe	Payment session	30 minutes	Essential

Do Not Track

We do not currently respond to Do Not Track (DNT) browser signals. If you want to opt out of analytics tracking, we recommend using the Google Analytics Opt-out Browser Add-on instead.

Demo Pages

Our portfolio demo pages do not collect any personal information. Forms on demo pages are either non-functional or clearly marked as demos. No form submissions from demo pages are stored or transmitted to anyone.

Client Website Connections

When clients connect their websites to our products (such as Clarity or Autopilot), we access performance and visitor data to provide our services. This data is:

Anonymized. We do not collect or store personal information about your website visitors
Aggregated. We work with traffic patterns, page performance, and conversion metrics, not individual visitor profiles
Used only for your benefit. Data from your site is used solely to generate reports and recommendations for you
Never shared. Your website data is never sold, shared with third parties, or used for advertising

We do not track individual visitors on your site. Any visitor metrics we report (traffic volume, device breakdowns, geographic regions) are fully anonymized and cannot be used to identify any person.

AI Service Providers

Our products use AI models to generate content and analytics. The providers we work with include:

Anthropic (Claude): Content generation and analysis. We send business descriptions and website copy for content creation.
OpenAI (GPT): Content generation and quality checks. We send website content for review and generation tasks.
Google (Gemini): Research and content generation. We send business information for competitor research and SEO content.
xAI (Grok): Social media and market research. We send anonymized business context for trend analysis.

Business data provided by clients (business name, services, location, and brand preferences) may be processed through these services to generate websites and content. No personal visitor data is shared with AI providers. These providers do not retain data submitted through our platform for model training.

Third-Party Processors

We use these third-party services to operate our business:

Google Analytics - Traffic analytics. See their privacy policy.
Stripe - Payment processing. We do not store credit card numbers on our servers. See their privacy policy.
Vercel - Website hosting infrastructure. See their privacy policy.
Cloudflare - DNS and CDN services. See their privacy policy.
Upstash - Redis database for rate limiting, caching, and session management. Processes request metadata (IP hashes, timestamps) for rate limiting. See their privacy policy.

We do not sell, share, or transfer your data to any other third parties.

Data Retention

Analytics data is retained by Google according to their standard retention policies. We do not maintain any separate database of visitor information.

Your Rights

Even though we collect minimal data, you still have rights. Here is what you can do:

Request access to any data we hold about you
Request deletion of email correspondence if you have contacted us
Opt out of Google Analytics tracking using the browser add-on

EU/EEA Residents (GDPR)

If you are in the EU or EEA, you have the right to:

Access your personal data
Rectify inaccurate data
Request erasure of your data
Data portability

California Residents (CCPA)

If you are a California resident, you have CCPA rights including the right to know what data we collect, request deletion, and opt out of sale. We do not sell personal information.

Virginia Residents (VCDPA)

If you are a Virginia resident, you have the right to:

Access your personal data
Correct inaccuracies
Delete your data
Data portability
Opt out of targeted advertising or sale of personal data

We do not sell personal data. If we deny a rights request, you may appeal by contacting us at [email protected]. We will respond to appeals within 60 days. If you are still unsatisfied, you may contact the Virginia Attorney General.

For all data rights requests, contact [email protected]. We will respond within 30 days for GDPR requests or 45 days for CCPA/VCDPA requests.

Data Breach Notification

In the unlikely event of a data breach that affects personal information, we will:

Notify affected users via email within 72 hours of discovering the breach
Notify the relevant supervisory authority within 72 hours where GDPR requires
Provide a description of the breach, the categories of data affected, and the measures taken to address it
Comply with Virginia breach notification requirements

We maintain an incident response plan and conduct regular security reviews to minimize risk.

Compliance Standards

Every website we build and every product we operate is designed to meet current compliance standards:

HIPAA Ready. Our infrastructure supports healthcare compliance. "HIPAA Ready" means our architecture and data handling are designed with patient privacy in mind. Healthcare clients requiring full HIPAA compliance must execute a separate Business Associate Agreement (BAA). Contact [email protected] to request a BAA. BAA is available for Business tier and above.
ADA / WCAG 2.1 AA. All sites meet accessibility standards for people with disabilities
GDPR Ready. We respect data privacy regulations for European visitors
CCPA Compliant. We follow California consumer privacy requirements

We track regulatory changes and update our practices accordingly. If a new law affects how we handle data, we update before deadlines, not after.

Children's Privacy

Our services are not directed at children under 18. We do not knowingly collect personal information from children. If you believe we have inadvertently collected data from a child, please contact us at [email protected] and we will promptly delete it.

Changes to This Policy

If we change how we handle data, we will update this page. We will always keep our approach privacy-friendly.

Contact

For data rights requests or privacy questions, email us at [email protected].

For general questions, email [email protected].

Skootle LLC
Richmond, Virginia, USA

Privacy Policy