Privacy Policy

Introduction

Kingmaker Analytics LLC ("Kingmaker," "we," "our," or "us") respects your privacy and is committed to protecting your personal information. This Privacy Policy explains how we collect, use, disclose, and protect information when you visit kingmakeranalytics.com (the "Website") or engage with us through our consulting, design, and technology services (the "Services"). For privacy inquiries, contact us at isaiah.stephenson@kingmakeranalytics.com.

We operate exclusively within the United States and comply with applicable U.S. federal and state privacy laws. Kingmaker provides consulting and development services for business clients, which may include design revisions, marketing strategy, and technology or application development.

International Visitors: This Website and our Services are intended for users located in the United States. If you are located in the European Economic Area (EEA), United Kingdom, Switzerland, or other jurisdictions with data protection laws that may differ from U.S. law, please be aware that by using this Website, your information may be transferred to and processed in the United States. If you do not agree to this transfer, please do not use this Website.

We collect only minimal personal information through our Website, such as name, email address, and company name, primarily for communication, newsletter, and service inquiry purposes. Website data is securely stored using Supabase (PostgreSQL) for permanent lead storage and Upstash Redis for temporary data such as download tokens and rate limiting. Client project data may be stored separately in secure cloud environments as needed for service delivery.

By accessing or using the Website or Services, you agree to this Privacy Policy. We may update this Policy from time to time, and continued use of the Website or Services after updates constitutes acceptance of those changes.

Information We Collect

We collect limited types of information, including:

• Contact Information: Your name, email address, company name, job title, company size, and primary interests you voluntarily provide through contact forms, lead magnet downloads, email inquiries, or newsletter sign-ups.
• Business Information: If you are a client, we may collect company-related details necessary to deliver our Services, such as business requirements, project specifications, or billing information.
• Website Usage Data: Non-identifiable information about your interaction with our Website, such as page visits, traffic sources, browser type, and device information. This is collected through Google Analytics 4 via Google Tag Manager.
• Chatbot Interactions: When you interact with our website chatbot, we may collect your messages, conversation history, and IP address for the purpose of providing responses and improving service quality. This data is temporarily stored and may be used to enhance the chatbot experience.
• Download Activity: When you download free resources (eBooks, cheat sheets, calculators), we track download activity including timestamps, IP addresses, and user agents to prevent abuse and understand resource usage.

We do not collect sensitive personal data such as tax identification numbers, financial account details, health information, or educational records.

How We Collect Information

We collect information in the following ways:

• Directly from You: When you fill out a form, download free resources, subscribe to a newsletter, interact with our chatbot, or contact us via email or other communication methods.
• Automatically: When you browse our Website, through cookies, analytics tools, or rate limiting systems that record general usage patterns and help maintain website security.
• Through Client Engagements: When you engage us for consulting or technical services, in which case we collect information relevant to fulfilling that contract.
• Through Email Communications: When we send you transactional emails (e.g., download links) or automated follow-up emails via our email service provider, we may track email delivery and engagement metrics.

Cookies and Analytics

Our Website uses cookies and analytics tools to improve functionality and user experience. We use the following types of cookies:

• Essential Cookies: Required for the Website to function properly, including session management, form submissions, and security features. These cookies cannot be disabled.
• Analytics Cookies: Used to understand how visitors interact with our Website. We use Google Analytics 4 via Google Tag Manager to collect aggregate usage statistics such as page views, traffic sources, and user behavior. Google Analytics may use cookies to track sessions. You can opt out of Google Analytics tracking by using the Google Analytics Opt-out Browser Add-on.

You can manage cookie preferences through the cookie consent banner that appears on your first visit. You can also disable cookies through your browser settings, though doing so may affect certain Website features. We do not use cookies for advertising or behavioral tracking purposes.

Our chatbot may use temporary session data stored in your browser to maintain conversation context. This data is automatically cleared when you close your browser or after a period of inactivity.

How We Use Your Information

We use collected information only for legitimate business purposes, including:

• To operate and present our Website and Services.
• To respond to inquiries and provide requested information or support.
• To manage newsletters, mailing lists, and client communications.
• To send automated follow-up emails related to resources you have downloaded (email sequences).
• To comply with applicable laws and contractual obligations.
• To maintain security and improve Website performance.
• For any other purpose disclosed to you at the time of collection or with your consent.

We do not sell, rent, or share your personal information with third parties for marketing purposes.

Disclosure of Information

We may share limited personal information only as necessary to support our operations:

• With trusted service providers that store or process data on our behalf under strict confidentiality and data protection terms, including:
  • Supabase (PostgreSQL database) for permanent lead storage
  • Upstash Redis for temporary data storage (tokens, rate limits, chat history)
  • Resend for transactional email delivery
  • Dropbox for hosting downloadable resource files
  • OpenAI or Anthropic for chatbot AI processing (messages are sent to these services to generate responses)
  • Vercel for website hosting and serverless function execution
  • Google Analytics 4 for website analytics (via Google Tag Manager)
• To comply with legal obligations, such as court orders or regulatory requirements.
• To protect our rights, property, or safety, or that of our clients or others, including for fraud prevention or risk reduction.
• With your consent, when you have explicitly agreed to share data for a specific purpose.

We do not sell, lease, or trade personal information.

Data Security and Storage

All personal and client data is stored in secure, cloud-based environments with industry-standard security measures:

• Supabase (PostgreSQL): Used for permanent lead storage. Supabase employs encryption at rest, secure connections (SSL/TLS), and follows SOC 2 Type II compliance standards.
• Upstash Redis: Used for temporary data storage including download tokens, rate limiting data, and chatbot conversation history. Data is encrypted in transit and at rest, with automatic expiration of temporary data.
• Resend: Email service provider that handles transactional emails. Resend is SOC 2 Type II compliant and uses encryption for data in transit.
• Dropbox: Used for hosting downloadable resource files. Dropbox employs enterprise-grade security including encryption and access controls.
• Vercel: Website hosting platform that provides DDoS protection, SSL certificates, and secure serverless function execution.

We implement reasonable administrative, technical, and physical safeguards to protect your information from unauthorized access, alteration, or disclosure. While no system is entirely immune to risk, we maintain commercially reasonable protections aligned with industry best practices.

Client project data may be stored separately in secure cloud environments (which may include Microsoft 365/Azure or other platforms) as needed for service delivery, subject to separate confidentiality agreements.

Client Confidentiality

Information shared by clients during consulting engagements is treated as confidential. We do not disclose client data, business metrics, or project details to third parties without explicit consent, except as required by law or as necessary to provide our services (e.g., with subprocessors under appropriate confidentiality terms). For enterprise clients requiring formal data protection terms, we can provide a Data Processing Agreement (DPA) upon request.

If we provide you with login credentials for any portal or system, you are responsible for maintaining the confidentiality of those credentials.

Data Retention

We retain personal information only as long as necessary to fulfill the purposes outlined in this Policy or as required by applicable law. Specific retention periods include:

• Lead Information: Retained for up to 7 years for business relationship management and legal compliance purposes, unless you request deletion earlier. We periodically review and delete data that is no longer needed.
• Download Tokens: Stored in Upstash Redis for 30 days, after which they automatically expire and are deleted.
• Rate Limiting Data: Stored temporarily in Upstash Redis with short expiration periods (1 minute to 24 hours) and automatically deleted.
• Chatbot Conversation History: Stored temporarily in Upstash Redis and automatically cleared after session expiration or when no longer needed for service provision.
• Analytics Data: Aggregated, non-identifiable usage statistics are retained indefinitely for business analysis purposes.
• Email Records: Email delivery logs and engagement data are retained by our email service provider according to their retention policies (typically 30-90 days).
• Email Sequences: Scheduled follow-up emails are stored in our database until sent or until you unsubscribe. When you unsubscribe, pending emails are cancelled immediately.

When data is no longer needed, it is securely deleted or anonymized. You may request deletion of your personal information at any time by contacting us at isaiah.stephenson@kingmakeranalytics.com.

Children's Privacy

Our Website and Services are not directed toward children under 13 years of age. We do not knowingly collect personal information from anyone under 13. If you believe a child has provided us with personal information, please contact us immediately at isaiah.stephenson@kingmakeranalytics.com so we can delete it.

Chatbot and AI Services

Our Website includes an AI-powered chatbot that uses third-party AI services (OpenAI or Anthropic) to generate responses. When you interact with the chatbot:

• Your messages are sent to the AI service provider to generate responses.
• Conversation history may be temporarily stored to maintain context during your session.
• We implement rate limiting and security measures to prevent abuse.
• After 10 interactions per day, you may be required to complete a CAPTCHA verification (via hCaptcha) to continue using the chatbot.
• We do not use your chatbot conversations to train AI models or share them with third parties beyond what is necessary to provide the service.

AI service providers (OpenAI and Anthropic) have their own privacy policies governing how they process data. We recommend reviewing their privacy policies if you have concerns about how your messages are handled.

Important: Please do not share sensitive personal information (such as Social Security numbers, financial account details, health information, or passwords) in chatbot conversations. The chatbot is not designed to handle sensitive data, and we cannot guarantee the security of such information shared through this channel.

Your Rights

Depending on your state of residence, you may have rights regarding your personal information, such as:

• The right to request access to the data we hold about you.
• The right to request correction or deletion of your personal data.
• The right to withdraw consent for communications at any time.
• The right to unsubscribe from email communications using the unsubscribe link in any email or by visiting our unsubscribe page.
• The right to opt-out of analytics cookies through the cookie consent banner.
• The right to request information about third-party services we use to process your data.

To exercise these rights, contact us at isaiah.stephenson@kingmakeranalytics.com. We will respond to your request within a reasonable timeframe and in accordance with applicable law.

California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

• Right to Know: You have the right to request information about the categories and specific pieces of personal information we have collected about you, the sources of that information, our purposes for collecting it, and the categories of third parties with whom we share it.
• Right to Delete: You have the right to request deletion of your personal information, subject to certain exceptions.
• Right to Correct: You have the right to request correction of inaccurate personal information.
• Right to Opt-Out of Sale/Sharing: You have the right to opt out of the "sale" or "sharing" of your personal information for cross-context behavioral advertising.
• Right to Non-Discrimination: We will not discriminate against you for exercising any of your privacy rights.

Do Not Sell or Share My Personal Information

Under California law, "selling" includes disclosing personal information to third parties for monetary or other valuable consideration. "Sharing" includes disclosing personal information for cross-context behavioral advertising.

When you use our website with analytics or marketing cookies enabled, certain information (such as device identifiers, browsing behavior, and IP address) may be shared with third-party advertising and analytics services. To opt out of this sharing, visit our Do Not Sell or Share My Personal Information page.

We also honor the Global Privacy Control (GPC) signal. If your browser sends a GPC signal, we automatically treat this as a request to opt out of the sale or sharing of your personal information.

How to Exercise Your California Rights

To exercise your California privacy rights, you may:

• Visit our Do Not Sell or Share My Personal Information page to opt out of data sharing
• Email us at isaiah.stephenson@kingmakeranalytics.com for other requests

We will verify your identity before processing your request and respond within 45 days as required by California law.

Authorized Agents

You may designate an authorized agent to submit privacy requests on your behalf. To do so, you must provide the agent with written permission signed by you, and we may require you to verify your identity directly with us before processing the request. Alternatively, an authorized agent may submit a request using a power of attorney under California Probate Code sections 4121 to 4130.

Other State Privacy Rights

Residents of Virginia, Colorado, Connecticut, Utah, and other states with comprehensive privacy laws may have similar rights to those described above for California residents, including:

• The right to confirm whether we are processing your personal data
• The right to access and obtain a copy of your personal data
• The right to correct inaccuracies in your personal data
• The right to delete your personal data
• The right to opt out of targeted advertising, sale of personal data, or profiling

To exercise these rights, please contact us at isaiah.stephenson@kingmakeranalytics.com. We will respond to your request within the timeframe required by your state's law (typically 45 days). If we deny your request, you may have the right to appeal by contacting us with the subject line "Privacy Rights Appeal."

Third-Party Services

We use the following third-party services to operate our Website and provide our Services. Each service has its own privacy policy and data handling practices:

• Vercel: Website hosting and serverless function execution. Privacy Policy
• Supabase: Database service for lead storage. Privacy Policy
• Upstash: Redis database for temporary data storage. Privacy Policy
• Resend: Email delivery service. Privacy Policy
• Dropbox: File hosting for downloadable resources. Privacy Policy
• OpenAI: AI service for chatbot (if enabled). Privacy Policy
• Anthropic: AI service for chatbot (alternative to OpenAI, if enabled). Privacy Policy
• Google Analytics 4: Website analytics (via Google Tag Manager). Privacy Policy
• hCaptcha: CAPTCHA verification service. Privacy Policy

We encourage you to review the privacy policies of these third-party services to understand how they handle your data.

Data Breach Notification

In the event of a data breach that affects your personal information, we will notify you in accordance with applicable law. This may include notification via email to the address associated with your account, prominent notice on our Website, or other means as required by law. We maintain reasonable security measures to prevent unauthorized access to your data, but no system is completely secure. If you believe your information has been compromised, please contact us immediately at isaiah.stephenson@kingmakeranalytics.com.

Links to Other Websites

Our Website may contain links to external websites for informational purposes. Kingmaker Analytics is not responsible for the privacy practices or content of external sites. We encourage you to review the privacy policies of those sites before submitting personal information.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect operational, legal, or regulatory changes. Any updates will be posted on this page with an updated "Last Modified" date. We encourage you to review this Policy periodically to stay informed of our data practices.

Contact Information

For questions, comments, or requests related to this Privacy Policy or your personal information, please contact:

Kingmaker Analytics LLC
Email: isaiah.stephenson@kingmakeranalytics.com
Location: United States