Privacy Policy

Effective Date: February 10, 2026  ·  Last Updated: February 10, 2026

1. Information We Collect

1.1 Information You Provide Directly

We collect personal information that you voluntarily provide when you interact with our services, including but not limited to:

• Contact information: Full name, email address, phone number, business name, and mailing address.
• Account information: Login credentials and account preferences.
• Form submissions: Data entered through lead capture forms, assessment tools, contact forms, and consultation booking forms on our website or landing pages.
• Communications: The content of emails, messages, or other correspondence you send us.
• Payment information: Billing address and payment details processed through our third-party payment processors. We do not directly store your full payment card number.
• Business information: Information about your business operations, processes, and goals that you share with us during consultations or through our assessment tools.

1.2 Information Collected Automatically

When you access our website or services, we may automatically collect certain information, including:

• Device information: Browser type, operating system, device type, screen resolution, and unique device identifiers.
• Usage data: Pages visited, time spent on pages, links clicked, referring/exit pages, and date/time stamps of visits.
• Network information: IP address, internet service provider, and general geographic location derived from your IP address.
• Cookies and similar technologies: Information collected via cookies, web beacons, pixels, and similar tracking technologies (see Section 5).

1.3 Information From Third Parties

We may receive information about you from third-party sources, including marketing partners, analytics providers, CRM platforms (such as GoHighLevel), social media platforms, and publicly available sources. We combine this information with other data we collect to improve our services.

2. How We Use Your Information

We use the personal information we collect for the following purposes:

• Providing services: To deliver, maintain, and improve our consulting, automation, and implementation services.
• Communications: To respond to your inquiries, schedule consultations, send appointment reminders, and provide customer support.
• Marketing: To send you promotional materials, newsletters, and information about our services that may interest you. You may opt out at any time (see Section 7).
• Personalization: To tailor our website content, recommendations, and service offerings to your interests and needs.
• Analytics: To analyze usage trends, measure the effectiveness of our marketing campaigns, and improve our website and services.
• Lead management: To manage our sales pipeline, track interactions, and follow up on inquiries through our CRM systems.
• Legal compliance: To comply with applicable laws, regulations, legal processes, or enforceable governmental requests.
• Fraud prevention: To detect, investigate, and prevent fraudulent transactions, unauthorized access, and other illegal activities.

3. Legal Bases for Processing

We process your personal information based on the following legal grounds:

• Consent: Where you have given us explicit consent to process your personal data for specific purposes, such as receiving marketing communications or submitting information through our forms.
• Contractual necessity: Where processing is necessary for the performance of a contract with you or to take pre-contractual steps at your request.
• Legitimate interests: Where processing is necessary for our legitimate business interests, such as improving our services, marketing, fraud prevention, and network security, provided these interests are not overridden by your rights.
• Legal obligation: Where processing is necessary to comply with a legal obligation to which we are subject.

4. How We Share Your Information

We do not sell your personal information. We may share your information in the following circumstances:

• Service providers: We share information with third-party vendors who perform services on our behalf, including CRM platforms (GoHighLevel), email service providers, payment processors, hosting providers, and analytics services. These providers are contractually obligated to protect your data and use it only for the purposes for which it was disclosed.
• Business transfers: In connection with a merger, acquisition, reorganization, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change.
• Legal requirements: We may disclose your information if required by law, regulation, legal process, or governmental request, or to protect the rights, property, or safety of SystemShift, our clients, or others.
• With your consent: We may share information for any other purpose with your explicit consent.

5. Cookies & Tracking Technologies

We use cookies and similar tracking technologies to collect and store information about your interactions with our website. These include:

• Essential cookies: Required for the basic functionality of our website, such as maintaining your session and security.
• Analytics cookies: Help us understand how visitors use our website, which pages are most popular, and how users navigate our site.
• Marketing cookies: Used to track visitors across websites to display relevant advertisements and measure ad campaign effectiveness.
• Functional cookies: Enable enhanced functionality and personalization, such as remembering your preferences.

You can manage your cookie preferences through your browser settings. Most browsers allow you to refuse cookies or alert you when cookies are being sent. Note that disabling cookies may affect the functionality of our website.

We also honor universal opt-out preference signals (such as the Global Privacy Control) as required by applicable state privacy laws.

6. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected, including to satisfy legal, accounting, or reporting obligations. The retention period depends on the context of our relationship with you and the nature of the data.

When we no longer have a legitimate business need to process your information, we will either delete or anonymize it. If deletion is not immediately possible (for example, because your information is stored in backup archives), we will securely store your information and isolate it from further processing until deletion is possible.

7. Your Privacy Rights

Depending on your location, you may have the following rights regarding your personal information under applicable federal and state privacy laws (including but not limited to the CCPA/CPRA, Virginia CDPA, Colorado CPA, Connecticut CTDPA, and other state privacy statutes):

• Right to know/access: You have the right to request information about the categories and specific pieces of personal data we have collected about you, the sources of that data, the purposes for collection, and the categories of third parties with whom we share it.
• Right to delete: You may request the deletion of your personal information, subject to certain exceptions permitted by law.
• Right to correct: You may request that we correct inaccurate personal information we maintain about you.
• Right to opt out: You may opt out of the sale or sharing of your personal information, targeted advertising, and certain profiling activities.
• Right to data portability: You may request a copy of your personal data in a portable, machine-readable format.
• Right to non-discrimination: We will not discriminate against you for exercising any of your privacy rights.
• Right to withdraw consent: Where processing is based on consent, you may withdraw your consent at any time.

To exercise any of these rights, please contact us using the information provided in Section 14. We will verify your identity before processing your request and respond within the timeframe required by applicable law (typically 45 days for US state privacy laws). You may designate an authorized agent to make a request on your behalf.

Opt-out of marketing communications: You can unsubscribe from our marketing emails at any time by clicking the "Unsubscribe" link included in every marketing email, or by contacting us directly.

8. Data Security

We implement reasonable administrative, technical, and physical safeguards designed to protect your personal information from unauthorized access, use, alteration, and destruction. These measures include encryption of data in transit (TLS/SSL), access controls, regular security assessments, and secure data storage practices.

However, no method of transmission over the internet or electronic storage is completely secure. While we strive to protect your information, we cannot guarantee its absolute security. You are responsible for maintaining the confidentiality of any account credentials.

9. Third-Party Links

Our website may contain links to third-party websites, services, or applications that are not operated by us. We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party site you visit. The inclusion of a link does not imply endorsement of the linked site by SystemShift.

10. Children's Privacy

Our services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children under 18 (or under 13 as defined by COPPA). If we become aware that we have inadvertently collected personal data from a child, we will take steps to delete that information promptly. If you believe we may have collected information from a minor, please contact us immediately.

11. International Data Transfers

SystemShift is based in the United States. If you are accessing our services from outside the United States, please be aware that your personal information may be transferred to, stored, and processed in the United States, where data protection laws may differ from those in your jurisdiction. By using our services, you consent to the transfer of your information to the United States and its processing as described in this Privacy Policy.

12. Do Not Track Signals

Some web browsers transmit "Do Not Track" (DNT) signals. Because there is no universally accepted standard for how to respond to DNT signals, we currently do not respond to DNT browser signals. However, we do honor Global Privacy Control (GPC) signals as required by applicable state privacy laws.

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes, we will update the "Last Updated" date at the top of this page and, where required by applicable law, provide you with notice (such as by email or a prominent notice on our website). We encourage you to review this policy periodically.

14. Contact Us

If you have questions about this Privacy Policy, wish to exercise your privacy rights, or have concerns about how we handle your personal information, please contact us: