Privacy Policy

1. Information We Collect

1.1 Personal Data You Provide

We may collect personal information that you voluntarily provide when you:

• Fill out contact forms, request a consultation, or schedule a strategy call
• Subscribe to our newsletter, download resources, or register for events
• Engage with our AI-powered chatbot assistant
• Enter into a service agreement or contract with us
• Communicate with us via email, phone, text message, or social media

This information may include:

• Full name, email address, phone number, and mailing address
• Company or business name, job title, and industry
• Billing and payment information (processed via secure third-party providers; we do not store payment card data)
• Any information you voluntarily include in messages, form submissions, or communications

1.2 Usage Data & Automatically Collected Information

When you visit our website, we automatically collect certain technical information, including:

• IP address (which may be anonymized), browser type and version, operating system
• Device type, screen resolution, and language preference
• Pages visited, time spent on pages, referring URLs, and click patterns
• Date and time of access, session duration, and navigation paths

1.3 Cookies & Tracking Technologies

We use cookies, pixel tags, web beacons, and similar technologies to collect information about your browsing behavior. See Section 4: Cookie Policy for detailed information about the cookies we use and how to manage them.

1.4 Analytics Data

We use third-party analytics services, including Google Analytics 4 (GA4), to understand how visitors interact with our website. These services may collect information such as how often users visit the site, what pages they visit, and what other sites they used prior to visiting our site. We use this data solely for website improvement and marketing optimization.

2. How We Use Your Information

We use the information we collect for the following purposes:

2.1 Service Delivery

• To provide, operate, and maintain our digital marketing services
• To process your inquiries, consultation requests, and service agreements
• To manage client accounts and deliver project deliverables
• To communicate with you about your projects, services, and account

2.2 Marketing & Communications

• To send you newsletters, marketing materials, and promotional content (with your consent)
• To provide you with relevant industry updates and educational resources
• To personalize your experience and tailor content to your interests
• To conduct market research and analyze trends to improve our services

2.3 Website Improvement & Analytics

• To monitor and analyze usage patterns and trends on our website
• To improve our website functionality, design, and user experience
• To troubleshoot technical issues and ensure website security
• To develop new features, products, and services

2.4 Legal & Compliance

• To comply with applicable laws, regulations, and legal processes
• To enforce our Terms of Service and other agreements
• To protect the rights, property, and safety of our company, clients, and users
• To detect, prevent, and address fraud, security breaches, and technical issues

3. Information Sharing & Third Parties

We do not sell your personal information. We do not rent or trade personal information with third parties for their direct marketing purposes. We may share your information with the following categories of third parties for legitimate business purposes only:

3.1 Service Providers & Processors

• FormSubmit.co — Processes form submissions on our website. Data submitted through our contact and inquiry forms is routed through FormSubmit.co's servers for delivery to our email.
• OpenAI — Powers our AI chatbot assistant ("Grace"). Conversations with our chatbot may be processed by OpenAI's API. We do not share identifying personal information with OpenAI beyond the content of your chat messages. See Section 7: AI Usage Disclosure for more details.
• Google Analytics 4 (GA4) — Collects anonymized website usage data to help us understand visitor behavior and improve our website. Google Analytics may use cookies and collect IP addresses (which may be anonymized).
• Calendly — Processes scheduling requests. When you book a consultation, Calendly collects the information you provide (name, email, phone) subject to their own privacy policy.
• Advertising Platforms — We may use platforms such as Google Ads, Meta (Facebook/Instagram) Ads, LinkedIn Ads, and other advertising networks to deliver targeted advertising. These platforms may use cookies and tracking pixels to measure ad performance.
• GoHighLevel — Our client relationship management (CRM) platform used for managing client communications, workflows, and service delivery.

3.2 Business Transfers

If Growth & Grace Digital Labs LLC undergoes a merger, acquisition, reorganization, dissolution, or sale of assets, your personal information may be transferred as part of that transaction. We will notify you of any such change and any choices you may have regarding your information.

3.3 Legal Requirements

We may disclose your information when required by law, subpoena, court order, or governmental request, or when we believe disclosure is necessary to protect our rights, your safety, or the safety of others, investigate fraud, or respond to a government request.

4. Cookie Policy

4.1 What Are Cookies

Cookies are small text files placed on your device when you visit a website. They are widely used to make websites work more efficiently and to provide information to website owners.

4.2 Cookies We Use

• Essential Cookies: Required for the website to function properly (theme preferences, session management). These cannot be disabled without affecting site functionality.
• Analytics Cookies: Used by Google Analytics 4 and similar services to collect anonymized data about how visitors use our website, including pages visited, session duration, and traffic sources.
• Advertising Cookies: Used by advertising platforms (Google Ads, Meta, LinkedIn) to deliver relevant advertisements and measure campaign performance. Only activated with your consent.
• Functional Cookies: Used to remember your preferences and settings, such as dark/light mode theme preference, language preferences, and form data.

4.3 Managing Cookies

You can control and manage cookies through your browser settings. Most browsers allow you to view, delete, and block cookies from specific or all websites, set preferences for certain types of cookies, and use private/incognito browsing mode.

You may also opt out of interest-based advertising through the Digital Advertising Alliance (DAA) at optout.aboutads.info, the Network Advertising Initiative (NAI) at optout.networkadvertising.org, or the European Digital Advertising Alliance (EDAA) at youronlinechoices.eu.

Please note that disabling cookies may affect the functionality of our website and your ability to access certain features.

5. Your Privacy Rights

Depending on your location, you may have specific rights regarding your personal information under applicable privacy laws. Growth & Grace Digital Labs LLC respects and upholds these rights for all users regardless of location.

5.1 California Residents — CCPA/CPRA

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

• Right to Know: You may request that we disclose the categories and specific pieces of personal information we have collected about you, the sources of that information, our purposes for collecting it, and the categories of third parties with whom we share it.
• Right to Delete: You may request that we delete any personal information we have collected about you, subject to certain exceptions required by law.
• Right to Correct: You may request that we correct inaccurate personal information we maintain about you.
• Right to Opt-Out of Sale or Sharing: You have the right to opt out of the sale or sharing of your personal information. We do not sell personal information.
• Right to Non-Discrimination: We will not discriminate against you for exercising any of your privacy rights.
• Right to Limit Use of Sensitive Personal Information: If we collect sensitive personal information, you may request that we limit its use to what is necessary to provide our services.

5.2 European Union & UK Visitors — GDPR

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have the following rights under the General Data Protection Regulation (GDPR):

• Right of Access: You may request a copy of the personal data we hold about you.
• Right to Rectification: You may request correction of inaccurate or incomplete personal data.
• Right to Erasure (Right to Be Forgotten): You may request deletion of your personal data under certain circumstances.
• Right to Restriction of Processing: You may request that we restrict the processing of your personal data.
• Right to Data Portability: You may request that we provide your personal data in a structured, commonly used, machine-readable format.
• Right to Object: You may object to the processing of your personal data for direct marketing or based on legitimate interests.
• Right to Withdraw Consent: Where processing is based on consent, you may withdraw your consent at any time.

Our lawful bases for processing personal data include consent, performance of a contract, legitimate interest, and compliance with legal obligations.

5.3 Virginia Residents — VCDPA

If you are a Virginia resident, you have rights under the Virginia Consumer Data Protection Act (VCDPA), including the right to access, correct, delete, and obtain a copy of your personal data, and the right to opt out of targeted advertising, sale of personal data, and profiling.

5.4 Tennessee Residents — TIPA

If you are a Tennessee resident, you have rights under the Tennessee Information Protection Act (TIPA), including the right to access, correct, and delete your personal information. You also have the right to opt out of the sale of your personal information, targeted advertising, and certain profiling activities. We comply with all applicable provisions of TIPA.

5.5 Canadian Residents — CASL & PIPEDA

If you are a Canadian resident, your personal information is protected under Canada's Anti-Spam Legislation (CASL) and the Personal Information Protection and Electronic Documents Act (PIPEDA). You have the right to:

• Know what personal information we hold about you and why
• Access your personal information and request corrections
• Withdraw consent for the collection, use, or disclosure of your personal information
• File a complaint with the Office of the Privacy Commissioner of Canada

We will not send commercial electronic messages to Canadian residents without express or implied consent as required by CASL. All commercial messages include a clear unsubscribe mechanism that is honored within 10 business days.

5.6 Other US State Privacy Laws

We comply with all applicable state privacy laws in the United States, including but not limited to privacy laws in Colorado (CPA), Connecticut (CTDPA), Utah (UCPA), Oregon (OCPA), Texas (TDPSA), Montana (MCDPA), Iowa (ICDPA), Indiana (ICDPA), and any future state privacy legislation enacted during the effective period of this policy.

5.7 Exercising Your Rights

To exercise any of these rights, please contact us using the information provided in Section 15. We will respond to your request within the timeframes required by applicable law (typically 30–45 days). We may need to verify your identity before processing your request. You will not be charged a fee for exercising your rights unless your request is manifestly unfounded or excessive.

6. CAN-SPAM Act Compliance

Growth & Grace Digital Labs LLC fully complies with the CAN-SPAM Act of 2003 (15 U.S.C. § 7701 et seq.) and all applicable federal and state anti-spam regulations. We commit to the following:

• No False or Misleading Headers: We will not use false or misleading header information. Our "From," "To," "Reply-To," and routing information will always accurately identify the person or business who initiated the message.
• No Deceptive Subject Lines: Subject lines will accurately reflect the content of the message.
• Identification as Advertisement: If a message is an advertisement, it will be clearly identified as such.
• Physical Address: All commercial emails will include our valid physical postal address: Growth & Grace Digital Labs LLC, Bristol, Tennessee 37620.
• Opt-Out Mechanism: Every commercial email includes a clear, conspicuous, and functioning opt-out (unsubscribe) mechanism. We honor all opt-out requests within 10 business days.
• No Opt-Out Conditions: We will not require you to pay a fee, provide information beyond your email address, or take any steps other than replying or visiting a single page to opt out.
• Monitoring Third Parties: We monitor the compliance of any third parties who send messages on our behalf. We do not permit third parties to send unsolicited emails on our behalf.

If you receive unsolicited email from us, you may unsubscribe at any time using the link provided in the email, or by contacting us directly at growthngracedigitallabs@gmail.com.

7. Artificial Intelligence (AI) Usage Disclosure

7.1 AI Technologies We Use

Growth & Grace Digital Labs LLC utilizes artificial intelligence technologies in the following capacities:

• AI Chatbot ("Grace"): Our website features an AI-powered chatbot assistant built on OpenAI's language models. This chatbot provides general information about our services, answers frequently asked questions, and assists with scheduling consultations. The chatbot does not provide professional advice and should not be relied upon for legal, financial, medical, or other professional guidance.
• AI-Assisted Content: We may use AI tools to assist with content creation, including blog posts, marketing copy, and educational materials. All AI-generated content is reviewed and approved by our team before publication.
• AI-Enhanced Marketing: We utilize AI-powered tools for search engine optimization (SEO), generative engine optimization (GEO), answer engine optimization (AEO), advertising optimization, analytics, and marketing automation.

7.2 AI Data Processing

• Conversations with our AI chatbot may be processed by OpenAI's servers located in the United States
• We do not intentionally share personally identifiable information with AI providers beyond the content you voluntarily include in chat messages
• AI chatbot conversations may be retained for up to 12 months for quality assurance and service improvement
• We do not use your personal data to train AI models. Our use of third-party AI services is governed by their respective data processing agreements.

7.3 AI Limitations & Disclaimers

AI-generated responses, recommendations, and content are provided "AS IS" without warranty of any kind. AI outputs may contain inaccuracies, errors, or hallucinations. Users should independently verify any information provided by AI tools before making business or personal decisions. Growth & Grace Digital Labs LLC expressly disclaims all liability for any decisions made based on AI-generated content, recommendations, or advice. By interacting with our AI tools, you acknowledge and accept these limitations.

8. Data Security

We implement commercially reasonable administrative, technical, and physical security measures to protect your personal information from unauthorized access, use, alteration, and disclosure. These measures include:

• SSL/TLS encryption for all data transmitted between your browser and our website
• Secure storage of personal data with access controls and authentication
• Regular security assessments, vulnerability scanning, and updates to our systems
• Limited access to personal information on a need-to-know basis
• Use of reputable, security-compliant third-party service providers
• Honeypot-based spam protection on forms (no user-facing CAPTCHAs required)

While we strive to protect your personal information using industry-standard measures, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security of your data, and any transmission is at your own risk. In the event of a data breach affecting your personal information, we will notify you and relevant authorities as required by applicable law.

9. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. Our retention periods are as follows:

• Client Account Data: Retained for the duration of the business relationship plus 7 years for tax, legal, and regulatory compliance purposes.
• Marketing & Communication Data: Retained until you unsubscribe or request deletion, whichever occurs first.
• Website Usage & Analytics Data: Retained for up to 26 months, consistent with Google Analytics default retention settings, unless configured otherwise.
• Form Submissions: Retained for up to 3 years or until the inquiry is resolved, whichever is longer.
• AI Chatbot Conversations: Retained for up to 12 months for service improvement and quality assurance purposes.
• Financial & Billing Records: Retained for 7 years as required by applicable tax and financial regulations.

When personal data is no longer needed, we will securely delete or anonymize it in accordance with our data retention and disposal procedures.

10. Children's Privacy

Our website and services are not directed to individuals under the age of 13 (or under 16 in certain jurisdictions, including the EEA). We do not knowingly collect personal information from children under 13 years of age. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately at the information provided in Section 15.

If we become aware that we have collected personal information from a child under the applicable minimum age without verifiable parental consent, we will take steps to promptly delete that information from our records.

11. International Data Transfers

Growth & Grace Digital Labs LLC is based in the United States and primarily processes data within the United States. If you are accessing our website or using our services from outside the United States — including from Canada, the European Union, United Kingdom, or any other jurisdiction — please be aware that your information may be transferred to, stored, and processed in the United States.

By using our website or services, you consent to the transfer of your information to the United States and other jurisdictions where our service providers operate. We take appropriate measures to ensure that any international transfers of personal data comply with applicable data protection laws, including the use of standard contractual clauses (SCCs), data processing agreements, or other approved transfer mechanisms where required.

The data protection laws in the United States may differ from those in your country of residence. We will take commercially reasonable steps to ensure your personal information receives an adequate level of protection in the jurisdictions in which we process it.

12. Limitation of Liability & Indemnification

12.1 Limited Liability Company Structure

Growth & Grace Digital Labs LLC is a Tennessee limited liability company. As an LLC, the personal assets of its members, managers, and employees are separate from and not liable for the debts, obligations, or liabilities of the Company. Any claims or disputes arising from or relating to this Privacy Policy, our website, our services, or any interaction with our company shall be made solely against Growth & Grace Digital Labs LLC and not against any individual member, manager, employee, contractor, or agent in their personal capacity.

12.2 Limitation of Liability

TO THE FULLEST EXTENT PERMITTED BY APPLICABLE LAW, GROWTH & GRACE DIGITAL LABS LLC, ITS MEMBERS, MANAGERS, OFFICERS, EMPLOYEES, AGENTS, CONTRACTORS, AFFILIATES, AND SUCCESSORS (COLLECTIVELY, "THE COMPANY PARTIES") SHALL NOT BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, PUNITIVE, OR EXEMPLARY DAMAGES, INCLUDING BUT NOT LIMITED TO DAMAGES FOR LOSS OF PROFITS, GOODWILL, USE, DATA, OR OTHER INTANGIBLE LOSSES, REGARDLESS OF WHETHER THE COMPANY PARTIES HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

THE COMPANY PARTIES' TOTAL AGGREGATE LIABILITY TO YOU FOR ALL CLAIMS ARISING FROM OR RELATING TO THIS PRIVACY POLICY, OUR WEBSITE, OUR SERVICES, OR ANY INTERACTION WITH OUR COMPANY SHALL NOT EXCEED THE GREATER OF: (A) THE TOTAL AMOUNT PAID BY YOU TO THE COMPANY IN THE TWELVE (12) MONTHS PRECEDING THE CLAIM, OR (B) ONE HUNDRED DOLLARS ($100.00 USD).

This limitation of liability applies to all causes of action, whether based on contract, tort (including negligence), strict liability, statutory liability, or any other legal theory, even if a limited remedy set forth herein is found to have failed of its essential purpose.

12.3 Indemnification

You agree to indemnify, defend, and hold harmless Growth & Grace Digital Labs LLC and the Company Parties from and against any and all claims, demands, actions, suits, proceedings, losses, damages, liabilities, costs, and expenses (including reasonable attorneys' fees and court costs) arising from or relating to: (a) your use of our website or services; (b) your violation of this Privacy Policy or our Terms of Service; (c) your violation of any applicable law, regulation, or third-party right; (d) any information you submit or transmit through our website; or (e) any claim that your use of our services caused damage to a third party.

12.4 Disclaimer of Warranties

OUR WEBSITE, SERVICES, CONTENT, AI TOOLS, AND ALL MATERIALS PROVIDED ARE OFFERED "AS IS" AND "AS AVAILABLE" WITHOUT ANY WARRANTIES OF ANY KIND, WHETHER EXPRESS, IMPLIED, OR STATUTORY. WE EXPRESSLY DISCLAIM ALL WARRANTIES, INCLUDING BUT NOT LIMITED TO WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, NON-INFRINGEMENT, AND ACCURACY. We do not warrant that our website will be uninterrupted, error-free, or free of viruses or other harmful components. We do not warrant the accuracy, reliability, or completeness of any information provided on our website or through our services, including AI-generated content.

12.5 No Professional Advice

Nothing on our website, in our communications, or generated by our AI tools constitutes legal, financial, medical, tax, or other professional advice. Our marketing services are provided for business growth purposes only. You should consult with qualified professionals for advice specific to your situation. Growth & Grace Digital Labs LLC is not liable for any decisions made based on information provided on our website or through our services.

13. Dispute Resolution & Arbitration

13.1 Governing Law

This Privacy Policy and all disputes arising from or relating to it shall be governed by and construed in accordance with the laws of the State of Tennessee, United States of America, without regard to its conflict of laws provisions.

13.2 Mandatory Binding Arbitration

PLEASE READ THIS SECTION CAREFULLY. IT AFFECTS YOUR LEGAL RIGHTS, INCLUDING YOUR RIGHT TO FILE A LAWSUIT IN COURT.

Any dispute, claim, or controversy arising out of or relating to this Privacy Policy, our Terms of Service, our website, or our services ("Dispute") shall be resolved exclusively through final and binding arbitration administered by the American Arbitration Association (AAA) under its Commercial Arbitration Rules, rather than in court. The arbitration shall be conducted by a single arbitrator in Sullivan County, Tennessee, or at a location mutually agreed upon by the parties.

The arbitrator shall have exclusive authority to resolve all disputes, including questions of arbitrability. The arbitrator's award shall be final and binding, and judgment on the award may be entered in any court of competent jurisdiction.

13.3 Class Action Waiver

YOU AGREE THAT ANY DISPUTE RESOLUTION PROCEEDINGS WILL BE CONDUCTED ONLY ON AN INDIVIDUAL BASIS AND NOT IN A CLASS, CONSOLIDATED, OR REPRESENTATIVE ACTION. You waive any right to participate in a class action lawsuit or class-wide arbitration against Growth & Grace Digital Labs LLC. If this class action waiver is found to be unenforceable, then the entirety of this arbitration provision shall be null and void, and the dispute shall be resolved in the courts of Sullivan County, Tennessee.

13.4 Small Claims Exception

Notwithstanding the foregoing, either party may bring an individual action in small claims court in Sullivan County, Tennessee, for claims that are within the court's jurisdictional limits.

13.5 Notice of Dispute

Before initiating arbitration, you must send a written notice of dispute ("Notice") to Growth & Grace Digital Labs LLC at the contact information in Section 15. The Notice must describe the nature and basis of the claim and the specific relief sought. If we cannot resolve the dispute within 60 days of receiving the Notice, either party may commence arbitration.

13.6 Statute of Limitations

Any claim arising out of or relating to this Privacy Policy, our website, or our services must be filed within one (1) year after the cause of action accrues, or the claim is permanently barred. This one-year limitation period applies regardless of any statute of limitations that might otherwise apply.

14. Changes to This Policy

We reserve the right to update or modify this Privacy Policy at any time without prior notice. When we make changes, we will update the "Last Updated" date at the top of this page. If we make material changes to how we treat your personal information, we will notify you through a prominent notice on our website or by other appropriate means.

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. Your continued use of our website and services after any changes to this Privacy Policy constitutes your acceptance of those changes.