Privacy Policy

1. Introduction

DiPilato Automations Inc. ("Company," "we," "us," or "our") is committed to protecting your privacy and personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website, use our services, or interact with us.

By using our website or services, you consent to the data practices described in this policy. If you do not agree with this policy, please discontinue use of our services immediately.

2. Information We Collect

2.1 Personal Information You Provide

We collect information you voluntarily provide when you:

• Contact Forms & ROI Calculator: Name, email address, company name, phone number, business challenges, and automation needs
• Service Agreements: Billing information, business details, technical requirements, and project specifications
• Email Communications: Content of emails, questions, feedback, and support requests
• Calendar Bookings: Appointment details, availability preferences, and meeting topics
• Payment Processing: Billing address, payment method details (processed securely by third-party payment processors)

2.2 Information Collected Automatically

When you access our website, we automatically collect:

• Usage Data: IP address, browser type, device information, operating system, pages visited, time spent, referring URLs, and clickstream data
• Analytics Data: Website interactions, user behavior patterns, conversion events, and performance metrics via Google Analytics, Vercel Analytics, and similar tools
• Cookies & Tracking: Session cookies, preference cookies, analytics cookies, and marketing cookies (see Section 8 for details)
• Heatmaps & Recordings: Session recordings, mouse movements, clicks, and scroll depth via Microsoft Clarity or similar tools (anonymized)

2.3 Information from Third Parties

We may receive information from:

• Business partners and referral sources
• Social media platforms (if you interact with our social profiles)
• Marketing platforms and advertising networks
• Data enrichment services for business intelligence
• Public databases and business directories

3. How We Use Your Information

We use collected information for the following purposes:

3.1 Service Delivery

• Providing automation consulting and implementation services
• Communicating about projects, deliverables, and timelines
• Processing payments and managing billing
• Delivering customer support and technical assistance
• Managing calendar bookings and appointments

3.2 Business Operations

• Lead qualification and sales follow-up
• ROI calculations and custom proposals
• Market research and business intelligence
• Fraud prevention and security
• Legal compliance and dispute resolution

3.3 Marketing & Communications

• Sending automation insights, tips, and educational content
• Newsletter and email marketing campaigns
• SMS marketing (with explicit consent)
• Retargeting advertisements on social media and other platforms
• Case studies and success stories (with client permission)

3.4 Website Improvement

• Analyzing user behavior to improve website experience
• A/B testing and conversion rate optimization
• Technical troubleshooting and performance monitoring
• Understanding visitor demographics and interests

4. Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA), UK, or Switzerland, we process personal data based on:

• Contractual Necessity: Processing is necessary to perform our services under a contract with you
• Consent: You have given explicit consent for specific processing activities (e.g., marketing emails, cookies)
• Legitimate Interests: Processing is necessary for our legitimate business interests (e.g., fraud prevention, business analytics)
• Legal Obligation: Processing is required to comply with legal obligations (e.g., tax records, dispute resolution)

5. How We Share Your Information

We do not sell your personal information. We may share information with:

5.1 Service Providers

• Email Services: Mailchimp, ConvertKit, Resend, or similar platforms for email delivery
• Automation Tools: n8n, Zapier, Make.com for workflow automation
• Analytics: Google Analytics, Vercel Analytics, Microsoft Clarity, Hotjar
• CRM Systems: HubSpot, Pipedrive, or GoHighLevel for customer relationship management
• Payment Processors: Stripe, PayPal, or similar for secure payment processing
• Hosting & Infrastructure: Vercel, AWS, or similar cloud service providers
• Calendar Systems: Cal.com, Calendly for appointment scheduling

5.2 Business Transfers

If we merge, are acquired, or sell assets, your information may be transferred to the new entity. You will be notified of any such change.

5.3 Legal Requirements

We may disclose information when required by law, including:

• Compliance with legal processes (subpoenas, court orders)
• Protection of rights, property, or safety
• Fraud prevention and investigation
• Enforcement of our terms and agreements

6. Data Security

We implement industry-standard security measures to protect your information:

• Encryption: SSL/TLS encryption for data transmission; encrypted storage for sensitive data
• Access Controls: Role-based access, multi-factor authentication, and password policies
• Secure Infrastructure: Regular security updates, firewalls, and intrusion detection
• Third-Party Security: We vet service providers for security compliance and data protection standards
• Employee Training: Staff are trained on data privacy and security best practices

Important: No method of transmission over the internet is 100% secure. While we strive to protect your information, we cannot guarantee absolute security. You are responsible for maintaining the confidentiality of your account credentials and system access.

7. Data Retention

We retain information for different periods based on purpose:

• Active Clients: Duration of business relationship plus 7 years for legal/tax purposes
• Leads & Prospects: Until you unsubscribe or request deletion, up to 3 years of inactivity
• Website Analytics: Typically 14-26 months (depending on platform settings)
• Financial Records: Minimum 7 years as required by tax and accounting regulations
• Legal Documents: Duration required by applicable law or until dispute resolution

After retention periods expire, we securely delete or anonymize data. You may request earlier deletion subject to legal and contractual obligations.

8. Cookies and Tracking Technologies

8.1 Types of Cookies We Use

• Essential Cookies: Necessary for website functionality, session management, and security
• Analytics Cookies: Google Analytics, Vercel Analytics for usage statistics and performance
• Marketing Cookies: Facebook Pixel, Google Ads for remarketing and conversion tracking
• Preference Cookies: Store your settings and preferences for better user experience

8.2 Managing Cookies

You can control cookies through:

• Browser settings (most browsers allow you to refuse cookies)
• Opt-out tools: Google Analytics Opt-out
• Industry opt-out pages: Digital Advertising Alliance

Note: Disabling cookies may limit website functionality and prevent certain features from working properly.

9. Your Privacy Rights

Depending on your location, you may have the following rights:

9.1 General Rights (All Users)

• Access: Request a copy of personal data we hold about you
• Correction: Request correction of inaccurate or incomplete data
• Deletion: Request deletion of your data (subject to legal retention requirements)
• Opt-Out: Unsubscribe from marketing emails (link provided in all marketing emails)
• Object: Object to certain processing activities

9.2 GDPR Rights (EEA, UK, Switzerland)

Additional rights under GDPR:

• Data Portability: Receive your data in a structured, machine-readable format
• Restrict Processing: Request limitation of processing under certain circumstances
• Withdraw Consent: Withdraw consent at any time (doesn't affect prior processing)
• Lodge Complaint: File complaint with your local data protection authority

9.3 CCPA Rights (California Residents)

California residents have additional rights:

• Know: Right to know what personal information is collected, used, shared, or sold
• Delete: Right to request deletion of personal information
• Opt-Out of Sale: We do not sell personal information
• Non-Discrimination: We will not discriminate against you for exercising your rights

9.4 How to Exercise Your Rights

To exercise any privacy rights:

• Email us at: jondipilato@dipilatoautomations.com
• Call us at: 508-466-5071
• Mail us at: 11 Apex Dr Ste 300A, PMB 2031, Marlborough, MA 01752

We will respond within 30 days (or as required by applicable law). We may request verification of your identity before processing requests.

10. International Data Transfers

Our servers are located in the United States. If you access our services from outside the U.S., your information may be transferred to, stored, and processed in the United States or other countries where our service providers operate.

For EEA/UK users, we ensure adequate protection through:

• Standard Contractual Clauses approved by the European Commission
• Service providers with Privacy Shield or equivalent certifications
• Additional security safeguards for international transfers

11. Children's Privacy

Our services are not directed to individuals under 18 years of age. We do not knowingly collect personal information from children. If we discover we have collected information from a child, we will delete it immediately. If you believe we have collected information from a child, please contact us at jondipilato@dipilatoautomations.com.

12. Third-Party Links

Our website may contain links to third-party websites, services, or applications. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing any personal information. This Privacy Policy applies only to information collected by DiPilato Automations Inc.

13. Do Not Track Signals

Some browsers support "Do Not Track" (DNT) signals. Our website does not currently respond to DNT signals because there is no industry standard for compliance. We continue to monitor developments in DNT technology and may implement support in the future.

14. Email Marketing

14.1 Subscription: By providing your email address, you consent to receive marketing communications about automation insights, tips, and our services. You can unsubscribe at any time.

14.2 Unsubscribe: Every marketing email includes an unsubscribe link. You can also email jondipilato@dipilatoautomations.com to opt-out.

14.3 Transactional Emails: You cannot opt-out of transactional emails related to services, invoices, or important account updates.

15. SMS Marketing (If Applicable)

If you opt-in to SMS messages:

• We will only send messages with your explicit consent
• Message frequency varies based on your preferences
• Standard message and data rates may apply
• Reply STOP to opt-out at any time
• Reply HELP for assistance

We use GoHighLevel or similar platforms for SMS delivery and comply with TCPA regulations.

16. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or business operations. We will notify you of significant changes by:

• Posting the updated policy on this page with a new "Last Updated" date
• Sending email notifications for material changes (to active clients)
• Displaying a prominent notice on our website

Continued use of our services after changes constitutes acceptance of the updated policy.

17. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices:

We will respond to privacy inquiries within 30 days (or as required by applicable law).