Privacy Policy — the plain-English version.
What we collect, why, who we share it with, and your rights — in everyday language. Each section opens with a plain summary. The full Privacy Policy is the authoritative document.
The short version: we collect only what we need to answer you, build your redesign, and run your subscription — and we don’t sell your information. When leads come in through a website we build for a client, those leads go to the client’s own inbox or CRM, never to us. The points below are a plain-English summary; the full Privacy Policy governs.
What we collect — and why
Plain summary: only what we need to reply, build your site, and bill you — nothing extra.
- When you ask for a redesign or contact us: what you put on the form — typically your name, business name, email, phone (optional), current website, trade, city, and any notes. You don’t pay or create an account to ask for a redesign.
- When you become a client: the business details we need to build, launch, host, and maintain your site — your services, hours, address or service area, the logo and photos you upload, your domain status, and the email or customer tool where you want website leads delivered.
- Billing: our payment processor (Stripe) handles your card. We don’t store full card numbers on our systems — we keep the billing records Stripe shares with us (name, billing email, plan, amount, last four digits, payment status, and your consent to recurring billing).
- On our own site: standard, mostly de-identified analytics (rough location, browser and device, pages viewed) to understand and improve performance and security. We don’t use it to build advertising profiles about you.
We don’t sell your information
Plain summary: we never sell or trade your personal information, and we share it only with the handful of providers we need to run the business.
- We don’t sell or “share” your personal information for cross-context behavioral advertising, and we don’t hand it to data brokers.
- We share data only with the providers we need to run the business — our host (Hostinger), our payment processor (Stripe), our analytics provider, and our intake and email provider — each bound to protect it and use it only to serve us.
- We honor Global Privacy Control (GPC) browser signals as an opt-out where applicable.
Client lead data — our service-provider role
Plain summary: when visitors fill out a form on a site we built for a client, that’s the client’s data — we just route it straight to them, never to us.
- For the leads that visitors submit on a website we build and host for a client, the client is the business of record for that data. We act only as a service provider — this is our role under U.S. state privacy laws.
- We route every lead to the client’s own inbox or CRM, never to ours, and never use it for our own purposes. Each client site carries its own separate privacy policy for its visitors.
Your rights
Plain summary: you can see, fix, or delete the personal information we hold, opt out of marketing email, and we won’t penalize you for asking.
- Depending on where you live, you can access, correct, or delete the personal information we control, opt out of marketing email, and opt out of any “sale” or “sharing” (which we don’t do anyway). We won’t discriminate against you for exercising a right.
- To make a request, email us at hello@redolocal.com with “Privacy” in the subject line. We’ll verify it’s really you and respond within the time the law requires (generally 45 days under U.S. state laws).
- If your request is about lead or visitor data on a client’s website, direct it to that business — we’ll assist them as their service provider.
How long we keep it, and security
Plain summary: we keep things only as long as we need them, and we protect them with sensible safeguards — though no system online is ever perfectly secure.
- Redesign inquiries are kept while we follow up and deleted or de-identified within a reasonable period (target 12 months) if you don’t become a client. Client and billing records are kept for the life of your subscription plus what the law requires; your auto-renewal consent record is kept at least three years.
- We use reasonable safeguards — access controls, encryption in transit (the padlock on every site we host), and relying on Stripe so card numbers don’t touch our systems. Because the sites we build are fast static sites (no database, no server-side code), the attack surface is small by design. No system is perfectly secure, so we can’t promise absolute security.
Read the full Privacy Policy
This is a plain-English summary; the full Privacy Policy governs. The complete Privacy Policy is the authoritative document and covers cookies, legal bases for EU and UK visitors, international transfers, children’s data, and how to appeal a denied request. See our Terms of Service and Acceptable Use Policy too. Request the full current policy anytime at hello@redolocal.com.
This is a working draft prepared for RedoLocal, not legal advice. Real-world facts (entity, address, effective date, and the analytics and form providers in use) are owner-fill sentinels until this site goes live — their presence elsewhere on the site means it is not yet published.