Inquill Privacy Policy
At Inquill Agency LLC (“we,” “us,” or “our”), we take your privacy seriously. This Privacy Policy outlines how we collect, use, share, and protect personal and non-personal information in compliance with applicable data protection regulations, including the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other privacy frameworks. By accessing our website or using our tools and services, you acknowledge and consent to the practices outlined in this policy.
This Privacy Policy applies to visitors to our website, clients who use our tools and services, and end users or leads whose data is collected and processed through our tools. It governs data collected directly, automatically, or through third-party integrations and outlines our responsibilities as both a data controller and a data processor in accordance with applicable laws. For jurisdictions outside of GDPR, CCPA, or PIPEDA, we implement GDPR-like standards as a baseline unless stricter local laws apply.
We collect and process the following categories of data to provide and improve our services:
Personal Information: This includes names, email addresses, phone numbers, job titles, company names, and information submitted via lead generation forms, such as household size, energy consumption habits, and energy provider details. Personal information collected through custom client forms is governed by the client’s privacy policies, and we process it solely on their behalf as a data processor.
Non-Personal Information: This encompasses IP addresses, browser types, device details, session durations, and referring URLs. This data is collected automatically through cookies and analytics tools to analyze website performance and user behavior.
Payment Data: For clients who subscribe to our services, we collect billing addresses, payment methods, and transaction histories. Payment data is securely stored and deleted one year after account termination, except for invoices retained indefinitely for tax compliance.
Tracking Data: We use session cookies, persistent cookies, and tracking pixels to monitor user interactions and measure advertising performance. These tools help us analyze conversions and optimize campaigns across platforms. Non-essential cookies and tracking technologies are only activated after explicit consent.
Direct Collection: Information is provided directly by users and leads through forms on our website or client websites. Examples include lead generation submissions, sign-ups, or payment processing details.
Automated Collection: Data is collected automatically through tools like Google Analytics and Facebook Pixel. This includes browsing behavior, session details, and device usage patterns. Tracking tools comply with GDPR and CCPA consent requirements, ensuring no data is collected without user opt-in.
Third-Party Integrations: Our services integrate with advertising platforms (e.g., Google Ads, Facebook, LinkedIn, X) and CRM tools at the client’s request. These integrations facilitate data sharing necessary for advertising and performance analytics while adhering to contractual safeguards.
We use the collected data for the following purposes:
Service Delivery: To facilitate lead generation, manage accounts, and deliver contracted services.
Performance Optimization: To analyze user behavior and improve website functionality, campaign performance, and user experience.
Advertising and Retargeting: To execute email campaigns, retargeting ads, and marketing strategies tailored to client needs.
Payment Processing: To process transactions securely and maintain accurate financial records.
Data shared with third-party platforms, such as Google Ads or Facebook Pixel, is limited to what is necessary for campaign performance tracking and optimization, and only occurs with explicit consent.
We do not sell personal information. Data sharing is limited to:
Advertising Platforms: Necessary data is shared with platforms like Google, Facebook, and LinkedIn to track advertising performance and conversions.
Analytics Tools: Data collected by tools like Google Analytics is anonymized and used solely for reporting purposes.
Legal Obligations: Data may be shared with legal authorities if required by law, in compliance with GDPR Article 23 and CCPA Section 1798.145(c).
We maintain Data Processing Agreements (DPAs) with all third-party vendors to ensure compliance with applicable privacy laws. We conduct regular audits of vendors’ practices and require certifications or attestations of compliance where applicable.
We are committed to protecting the personal and non-personal information collected through our website, SaaS platform, and tools. We do not sell, trade, or redistribute any information collected about users of our website or end users whose data is processed through our clients’ use of our tools and services.
Information collected through our SaaS platform, including lead details or user activity, is processed solely for the purposes agreed upon with our clients. This data remains confidential and is used strictly for its intended purpose, such as lead management, analytics, or service improvement.
We may share data with trusted third-party service providers (e.g., advertising, analytics, or CRM platforms) solely to support the functionality of our tools or to enhance service delivery, and only under strict contractual agreements that ensure compliance with applicable privacy laws. These third parties are prohibited from using the data for any purpose other than supporting our services.
Our clients maintain full ownership of any data collected through their use of our tools. We act as a processor on their behalf, and all processing activities are governed by applicable data protection laws, including GDPR, CCPA, and similar frameworks.
Primary Storage: Data is stored on secure servers in the United States. Custom regional storage solutions can be provided at the client’s request.
Retention Periods: Lead data is retained while the client is actively using our services and purged 3-6 months after account inactivity. Payment data is deleted one year after account termination, except for tax-related financial records, which are retained indefinitely.
Compliance Safeguards: Cross-border data transfers are secured with Standard Contractual Clauses (SCCs) or equivalent mechanisms to comply with GDPR Chapter V. Supplementary technical measures, such as encryption and pseudonymization, are applied to protect transferred data.
Users have the right to:
Access: Request a copy of the personal data we hold.
Correction: Update inaccurate or incomplete information.
Deletion: Submit requests to delete personal data. Verified requests are processed within 30 days under GDPR and 45 days under CCPA.
Portability: Request their data in a structured, machine-readable format for transfer to another controller.
Opt-Out: Decline marketing communications or data sharing for advertising purposes via provided links or cookie preferences.
Requests can be made through automated forms on our website or by contacting our Data Protection Officer (DPO). Identity verification is required to process all user rights requests.
Our website uses cookies and similar technologies to enhance functionality and analyze performance.
Essential Cookies: Required for core website functionality and security.
Analytics Cookies: Used to understand user behavior and optimize site performance.
Advertising Cookies: Used for retargeting and measuring advertising success.
Consent for non-essential cookies is obtained through a cookie banner managed by Google Cookie Manager. Non-essential cookies remain disabled until explicit consent is provided. Users can manage preferences at any time.
Clients are responsible for:
Informing their users about data collection practices on their websites.
Managing data retention policies for lead data and ensuring compliance with local privacy regulations.
Configuring our tools to align with applicable laws, such as GDPR Article 13 and CCPA Section 1798.110.
While we offer guidance and compliance tools, the ultimate responsibility for legal compliance lies with the client.
We implement strong security measures to protect data, including:
Encryption: Data is encrypted at rest and in transit to prevent unauthorized access.
Access Controls: Role-based permissions ensure only authorized personnel can access sensitive data.
Audits: Regular security assessments identify and mitigate vulnerabilities.
We have a breach response protocol in place to notify affected parties within 72 hours under GDPR Article 33 and to comply with CCPA Section 1798.150.
We adhere to GDPR’s principles of transparency, data minimization, and purpose limitation, as well as CCPA’s requirements for access, deletion, and opt-out rights. For Canadian users, we comply with PIPEDA’s fair information principles. Data transfers outside the EU are secured using SCCs or equivalent safeguards.
This policy may be updated periodically to reflect changes in our practices or legal requirements. Updates will be posted on our website, and we encourage users to review the policy regularly.
For questions about this policy or to exercise your rights, contact our Data Protection Officer: Jared Thompson, contact@inquill.com
