Drafting privacy policy
The user requests a privacy policy for a conversion marketing agency. Since they haven't specified jurisdiction, it’s helpful to assume they're in the USA (Spokane). For legal accuracy, I'd likely need to check which laws apply, such as CCPA for California or GDPR for EU users. I'll structure it with sections like information collected, usage, rights, and security. Specific details about the business (CRM, ad management) will need to be included, but I won’t offer legal advice—just general standards.
Thought for 5 seconds
Conversion Marketing Pros Privacy Policy
Effective April 19 2025
Conversion Marketing Pros (“CMP,” “we,” “our,” or “us”) is a marketing‑technology agency headquartered in Spokane, Washington. We provide CRM, automation, paid‑advertising, and consulting services to business clients.
This Policy explains how we collect, use, disclose, and safeguard personal information when you:
Visit conversionmarketingpros.com or any CMP‑branded site (the “Sites”).Use our SaaS products (e.g., LaunchPad CRM) or mobile apps.Interact with our ads, emails, social‑media pages, or chatbots.Engage our consulting or managed‑services contracts.
It does
not
cover third‑party platforms we merely integrate with (e.g., Meta, Google, GoHighLevel). Their policies apply separately.
Category
Examples
Source
Identification
Name, postal address, email, phone, job title
You, your employer, lead‑forms
Account & CRM Data
Login credentials, user roles, pipeline data
You, your employer
Payment Data
Last 4 digits of card, billing address, transaction IDs
You, Stripe or NMI
Marketing & Usage
IP address, browser type, device IDs, pages viewed, click‑stream, email opens, ad interactions
Cookies, pixels, analytics tools
Communications
Chat transcripts, recorded calls (with consent), support tickets
You, phone/voip providers
User‑Generated Content
Uploaded files, comments, survey responses
You
We do
not
intentionally collect data from children under 13. If we discover it, we delete it.
Purpose
Legal Basis (GDPR) / Business Reason
Provide and maintain our Sites, apps, and services
Contract performance
Setup and manage client CRMs, automations, and ad campaigns
Contract performance
Process payments and send invoices
Contract performance & legitimate interests
Personalize content, deliver targeted ads, and measure results
Consent (where required) & legitimate interests
Improve products, troubleshoot, perform analytics, and develop new features
Legitimate interests
Comply with legal obligations, enforce terms, prevent fraud
Legal obligation & legitimate interests
Send service‑related or marketing emails/SMS
Consent (marketing) or legitimate interests (transactional)
You may opt out of marketing communications at any time via the unsubscribe link or by contacting us (see Section 11).
We never sell your personal information. We share it only as follows:
Service Providers – cloud hosting, payment processors, analytics, email/SMS gateways, fulfillment partners, all bound by confidentiality agreements.Integrations – when you connect CMP products to third‑party platforms (e.g., Meta Ads, Google Calendar) we pass data as you instruct.Legal/Compliance – regulators, courts, or law enforcement when required.Business Transfers – in a merger, acquisition, or sale of assets, subject to standard confidentiality and notice requirements.
We use first‑ and third‑party cookies, pixels, and similar tech to:
Keep you signed in.Remember preferences.Analyze traffic and campaign performance.Retarget ads on platforms such as Meta, Google, and LinkedIn.
Browser settings or our cookie banner let you disable non‑essential cookies. Doing so may limit functionality.
We retain personal data only as long as necessary for the purposes described above, including legal, accounting, or reporting requirements, then securely delete or anonymize it.
We are U.S.‑based but serve global clients. When transferring data from the EEA/UK or other regions with data‑transfer restrictions, we rely on:
Data Processing Agreements including Standard Contractual Clauses (SCCs).Appropriate technical and organizational safeguards (encryption, access controls).
If you are…
You may…
EEA/UK resident (GDPR)
Access, correct, delete, restrict, or port your data; object to processing; withdraw consent
California resident (CCPA/CPRA)
Know, delete, or correct personal data; opt‑out of “sale” or “sharing” (we do not sell); limit sensitive data use
All users
Opt out of marketing, disable cookies, or lodge a complaint with your local regulator
To exercise rights, email
or use the in‑app privacy portal. We will verify your identity before responding.
We follow industry best practices:
TLS encryption in transit; AES‑256 at rest.Role‑based access controls and 2FA on internal systems.Regular penetration testing and vulnerability scans.Incident‑response plan with 72‑hour breach notification for GDPR data subjects.
No system is 100 % secure, but we work to minimize risk.
We may update this Policy from time to time. Material changes will be posted on this page with a new “Effective” date and, where legally required, we will seek your consent or give advance notice.
Last reviewed April 19 2025.