DATA RETENTION AND GOVERNANCE POLICY
- Effective Date: 1/1/2024
- Next Review: 1/1/2025
Blue Dragon Web uses an AI communication tool designed to enhance customer engagement through SMS. Our services cater to two
primary use cases: database reactivation and instant lead engagement. This policy outlines our practices for data retention and
governance, ensuring compliance with applicable regulations such as GDPR and CCPA.
- Data Collection:
We collect and process the following types of data: - Personal Data: Name, Phone Number, Email Address
- Activity Data: Past purchases (if applicable)
- Sensitive Data: Health or financial data (if applicable, based on the client’s industry)
- Data Collection Methods
- Database Reactivation: Client supplies their customer data.
- Instant Lead Engagement: Data is collected from customers via web forms.
- Purpose of Data Collection
The data we collect is used for contacting customers and qualifying them for further actions, enhancing their
engagement with our clients. - Data Storage
Data is stored in our CRM platform, Go High Level. We also utilize third-party services such as OpenAI, Google
Workspace, and Zapier for various functionalities. - Data Retention Period
Data is retained until the customer’s campaign is complete. After this period, data is securely deleted from our
systems. - Data Access and Security
- Access: Only the principals of the company and engineers have access to the data. No outside contractors are
permitted access. - Security Measures: We employ two-factor authentication and database encryption to protect the data.
- Data Sharing and Disclosure
We do not share customer data with outside contractors. Data is only shared with third-party services as necessary for
our operations. Data shared with OpenAI in the course of business operations is not used to train LLMs model. OpenAI
API policy can be found here: https://openai.com/enterprise-privacy/ - Data Deletion and Destruction
Upon completion of a customer’s campaign, data is removed from the Go High Level CRM. For data deletion requests,
users can contact us directly or reach out to the company they initially engaged with (our client). - Compliance and Legal Considerations
We adhere to GDPR and CCPA regulations and undergo independent audits to ensure compliance. - User Rights and Transparency
Users can contact us or the original company they engaged with to access, correct, or delete their data. We are
committed to responding promptly to such requests. - Policy Updates
Our data retention and governance policy is reviewed annually. Any updates to the policy will be made available on our
website. Users will not be notified directly of changes.