This Privacy Policy is designed to comply with:
European Union
General Data Protection Regulation (GDPR)
United States (California)
California Consumer Privacy Act (CCPA)
California Privacy Rights Act (CPRA)
Messaging & Telecommunications
A2P 10DLC requirements
CTIA and carrier guidelines
We may collect the following categories of personal data:
Full name
Email address
Phone number (including SMS-enabled numbers)
Country, state/province, and city
Business name, industry, and role
Business structure and operational information (as voluntarily provided)
Business processes, workflows, systems, and documentation shared during consulting
Intake forms, assessments, project notes, and communications
Communication preferences
Any other information you voluntarily provide during consultations or sessions
When you visit our website or interact with our systems, we may automatically collect:
IP address
Device and browser information
Log data and timestamps
Cookies and similar tracking technologies
Personal data is collected and processed for the following purposes:
Provision of Services: To provide access to the AI-powered assistant, perform the "wave check-up" analysis based on your uploaded photos, and grant access to the digital library and community platform.
Payment Processing: To facilitate secure transactions via our third-party payment processor (Stripe), verify your subscription status, and manage renewals or refunds.
Account Management: To create and maintain your user profile, send password resets, and provide technical support.
Communication: To send you essential service updates, administrative notifications, and responses to your inquiries sent to [email protected].
Service Improvement: To analyze how users interact with the AI tool and community content in order to improve the accuracy of our algorithms and the quality of our educational materials.
Legal Compliance: To comply with applicable laws, tax requirements (such as issuing invoices), and to protect against fraudulent or unauthorized transactions.
For individuals located in the European Union, personal data is processed based on:
Consent (email and SMS marketing communications)
Contractual necessity (delivery of consulting services)
Legitimate interests (business operations and service improvement)
Legal obligations (record-keeping and compliance)
We may send:
Transactional messages (appointments, confirmations, reminders)
Service-related communications
Educational content
Marketing and promotional messages
We collect explicit consent before sending marketing emails or SMS messages.
Consent may be collected through:
Website or landing page forms
CRM intake and onboarding forms
Booking systems
Explicit opt-in checkboxes
SMS keyword opt-in mechanisms
All SMS communications comply with:
A2P 10DLC regulations
Applicable telecommunications laws
GDPR and CCPA/CPRA where applicable
Key principles:
No cold or unsolicited SMS messages
No purchased, rented, or scraped contact lists
Message frequency disclosed at opt-in
Message and data rates may apply
Opt-out instructions included in every message (e.g., “Reply STOP to unsubscribe”)
No mobile information will be shared with third parties for marketing purposes without explicit consent.
You may opt out at any time by:
Clicking the “unsubscribe” link in emails
Replying “STOP” to SMS messages
Contacting us at [email protected]
We use Go High Level CRM to manage:
Client records and communication history
Email marketing and transactional communications
SMS messaging and calling logs
Scheduling and workflow automation
Go High Level acts as a Data Processor and processes personal data only on our behalf and under our instructions.
Appropriate technical and organizational safeguards are in place to protect personal data.
Through Go High Level, we may:
Send one-to-one SMS communications
Send consent-based marketing and informational messages
Place outbound calls related to services
All communications are conducted in accordance with applicable laws and carrier requirements.
In the event of changes to CRM platforms, messaging providers, routing, or rebundling:
Existing user consent remains valid unless withdrawn
Personal data continues to be protected under this Privacy Policy
No new or undisclosed purposes of processing are introduced
We may disclose personal data only:
To trusted service providers acting on our behalf
To comply with legal or regulatory obligations
To protect our rights, safety, or property
With your explicit consent
We do not sell personal data.
Personal data is retained only for as long as necessary to:
Provide services
Fulfill contractual and legal obligations
Resolve disputes
Enforce agreements
We implement appropriate technical and organizational measures, including:
Secure CRM and data storage systems
Access controls and data minimization
Confidentiality obligations
You have the right to:
Access your personal data
Request correction or deletion
Withdraw consent where processing is based on consent
Object to unlawful processing
You have the right to:
Access, rectify, or erase personal data
Restrict or object to processing
Data portability
Withdraw consent at any time
Lodge a complaint with a supervisory authority
You have the right to:
Know what personal data is collected
Request deletion or correction
Opt out of data sharing (if applicable)
Not be discriminated against for exercising your rights
Personal data may be transferred and processed outside your country of residence.
Appropriate safeguards are implemented to protect such transfers.
Our services are intended for individuals 18 years of age or older.
We do not knowingly collect personal data from minors.
We may update this Privacy Policy from time to time.
Any changes will be posted with an updated “Last Updated” date.
For privacy-related questions or requests:
📧 Email: [email protected]
📍 Jurisdiction: Dubai
This Privacy Policy is designed to meet:
Law of Dubai on Personal Data Protection
GDPR requirements
CCPA / CPRA obligations
A2P 10DLC messaging standards