Privacy Policy

Last Updated: August 13, 2025

1. Introduction

This Privacy Policy describes Our policies and procedures on the collection, use, and disclosure of Your information when You use the Service and tells You about Your privacy rights and how applicable laws protect You, including the California Consumer Privacy Act (CCPA/CPRA), other U.S. state privacy laws, the EU/UK General Data Protection Regulation (GDPR), and other relevant privacy laws.

We use Your Personal Data to provide and improve the Service. By using the Service, You agree to the collection and use of information in accordance with this Privacy Policy.

2. Interpretation and Definitions

Interpretation

Words with capitalized initial letters have meanings defined below. These definitions apply whether the terms appear in singular or plural form.

Definitions

Account – A unique account created for You to access our Service.

Affiliate – An entity that controls, is controlled by, or is under common control with a party.

Application – Cool Blue Hub, including our white-label CRM powered by Go High Level.

Business – For CCPA/CPRA, the legal entity that determines the purposes and means of personal information processing.

CCPA / CPRA – California Consumer Privacy Act and California Privacy Rights Act.

GDPR – EU/UK General Data Protection Regulation.

Company – Cool Blue Hub, 2492 Walnut Ave, Suite 104, Tustin, CA 92780, United States.

Consumer – A California resident, as defined in the CCPA/CPRA.

Controller – Under GDPR, the entity that determines the purposes and means of processing Personal Data.

Processor – Under GDPR, the entity that processes Personal Data on behalf of the Controller.

Device – Any device that can access the Service.

Do Not Track (DNT) – A web browser setting to signal opt-out of tracking.

Personal Data – Any information relating to an identified or identifiable individual.

Service – The Application, websites, and all related services.

Service Provider – A third party that processes data on behalf of the Company.

Usage Data – Data collected automatically from the Service.

You – The individual or entity using the Service.

3. Role as Data Controller and Data Processor

Data Controller: For information you provide directly to manage your Cool Blue Hub account, Cool Blue Hub acts as a Data Controller (GDPR) / Business (CCPA).

Data Processor: For information you store in the CRM about your own customers, you are the Controller/Business and Cool Blue Hub acts as a Data Processor (GDPR) / Service Provider (CCPA).

As a Processor, we:

Process Personal Data only on your documented instructions.

Maintain confidentiality and restrict access to authorized personnel.

Assist you in fulfilling data subject rights requests.

Delete or return Customer Data upon termination, unless retention is required by law.

4. Types of Data Collected

We may collect the following categories of information:

A. Personal Data You Provide

Name, email address, phone number, billing address

Payment details (processed securely via Stripe or other payment processors)

CRM contact data that you upload

Support communications and correspondence

B. Automatically Collected Data

IP address, browser type/version, device identifiers

Pages visited, date/time, time spent on pages, referring URLs

Mobile device data (OS, device ID, mobile browser type)

C. Special Categories (GDPR)

We generally do not collect sensitive personal data (e.g., health, biometric) unless you provide it voluntarily for business purposes and with explicit consent.

5. Sources of Personal Data

We collect information from:

Direct interactions (forms, account registration, service use)

Automated technologies (cookies, server logs)

Third-party integrations (Google, Facebook, LinkedIn, Instagram, X)

Service Providers (analytics, payments, messaging)

6. White-Label and Third-Party Processing

Cool Blue Hub is powered by Go High Level, which provides the underlying CRM infrastructure.

Other sub-processors may include:

Stripe – Payment processing (Privacy Policy)

Twilio – Messaging (Privacy Policy)

Zapier – Data automation (Privacy Policy)

Google Analytics – Usage tracking (Privacy Policy)

We ensure sub-processors are bound by written agreements requiring equivalent data protection obligations.

7. Lawful Bases for Processing (GDPR)

We process Personal Data based on:

Performance of a contract

Consent (e.g., for marketing, cookies)

Legitimate interests (e.g., security, service improvement)

Legal obligations (e.g., tax compliance)

8. Use of Your Personal Data

We may use your data to:

Provide, operate, and maintain the Service

Manage your account

Process payments and deliver purchased services

Communicate with you regarding updates, features, and support

Personalize marketing and deliver targeted advertising (where lawful)

Detect, prevent, and address security incidents

Comply with applicable laws and regulations

9. Cookies and Tracking Technologies

A. What Are Cookies?

Cookies are small files stored on your device that help us improve functionality and user experience.

B. Types of Cookies We Use

Strictly Necessary – For core site functionality (login, session management)

Performance/Analytics – To understand how users interact with our Service (Google Analytics)

Functionality – To remember user preferences

Advertising/Targeting – For retargeting ads and campaign measurement (Google Ads, Facebook Pixel)

C. Managing Cookies

You can control cookies through:

Your browser settings (Chrome, Firefox, Safari, Edge)

Our cookie banner (for EU/UK visitors)

Opt-out tools such as:

Network Advertising Initiative

Your Online Choices

Digital Advertising Alliance

10. Retention of Data

Account data: retained for the life of the account + 2 years

Payment records: retained for 7 years (legal compliance)

CRM data: retained until deleted by you

Analytics data: typically retained for 26 months

11. Data Sharing and Sub-Processors

We may share your data with:

Service Providers

Affiliates and partners with equivalent privacy protections

Legal authorities when required

Successors in the event of a business transfer

We do not sell personal data in the traditional sense. Under CCPA, some advertising/analytics sharing may be considered a “sale”; you may opt out.

12. Security of Your Data

We implement:

Encryption in transit (TLS) and at rest

Role-based access controls

Regular security audits and penetration testing

Breach notification procedures in accordance with law

13. International Transfers

Where data is transferred outside your country, we use Standard Contractual Clauses or equivalent safeguards.

14. Your Rights

California Residents (CCPA/CPRA)

You have the right to:

Know what personal information is collected and how it’s used

Access and request a copy of your personal information

Delete or correct personal information

Limit use of sensitive personal information

Opt out of sale/sharing of personal information

Requests can be made by email at [email protected] or by mail (see Section 18).

All U.S. Residents (Non-California)

If you reside in the United States but outside of California, you may have rights under applicable state privacy laws (such as those in Colorado, Connecticut, Utah, and Virginia). While these laws may differ, Cool Blue Hub voluntarily extends certain rights to all U.S. users, including the right to:

Know what categories of personal information we collect and the purposes for which we process it

Request a copy of the personal information we maintain about you

Request deletion of your personal information, subject to legal or contractual retention requirements

Opt out of targeted advertising or the sale of your personal information (where applicable)

To exercise these rights, please contact us at [email protected]. We will process your request in accordance with applicable state laws and our commitment to treat all U.S. customers fairly and transparently.

EU/UK Residents (GDPR)

You have the right to:

Access, rectify, and erase your personal data

Restrict or object to processing

Data portability

Withdraw consent at any time

Requests can be made by email at [email protected] or by mail (see Section 18).

15. Children’s Privacy

We do not knowingly collect data from children under 13 (or 16 in the EU) without parental consent.

16. Links to Third-Party Sites

We are not responsible for the privacy practices of third-party websites linked from our Service.

17. Changes to This Policy