DATA RETENTION AND GOVERNANCE POLICY

  • Effective Date: 1/1/2024
  • Next Review: 1/1/2025
    Blue Dragon Web uses an AI communication tool designed to enhance customer engagement through SMS. Our services cater to two
    primary use cases: database reactivation and instant lead engagement. This policy outlines our practices for data retention and
    governance, ensuring compliance with applicable regulations such as GDPR and CCPA.
  1. Data Collection:
    We collect and process the following types of data:
  2. Personal Data: Name, Phone Number, Email Address
  3. Activity Data: Past purchases (if applicable)
  4. Sensitive Data: Health or financial data (if applicable, based on the client’s industry)
  5. Data Collection Methods
  6. Database Reactivation: Client supplies their customer data.
  7. Instant Lead Engagement: Data is collected from customers via web forms.
  8. Purpose of Data Collection
    The data we collect is used for contacting customers and qualifying them for further actions, enhancing their
    engagement with our clients.
  9. Data Storage
    Data is stored in our CRM platform, Go High Level. We also utilize third-party services such as OpenAI, Google
    Workspace, and Zapier for various functionalities.
  10. Data Retention Period
    Data is retained until the customer’s campaign is complete. After this period, data is securely deleted from our
    systems.
  11. Data Access and Security
  12. Access: Only the principals of the company and engineers have access to the data. No outside contractors are
    permitted access.
  13. Security Measures: We employ two-factor authentication and database encryption to protect the data.
  14. Data Sharing and Disclosure
    We do not share customer data with outside contractors. Data is only shared with third-party services as necessary for
    our operations. Data shared with OpenAI in the course of business operations is not used to train LLMs model. OpenAI
    API policy can be found here: https://openai.com/enterprise-privacy/
  15. Data Deletion and Destruction
    Upon completion of a customer’s campaign, data is removed from the Go High Level CRM. For data deletion requests,
    users can contact us directly or reach out to the company they initially engaged with (our client).
  16. Compliance and Legal Considerations
    We adhere to GDPR and CCPA regulations and undergo independent audits to ensure compliance.
  17. User Rights and Transparency
    Users can contact us or the original company they engaged with to access, correct, or delete their data. We are
    committed to responding promptly to such requests.
  18. Policy Updates
    Our data retention and governance policy is reviewed annually. Any updates to the policy will be made available on our
    website. Users will not be notified directly of changes.