Privacy Policy

Introduction

ShipleyBI ("we," "our," or "us") respects your privacy and is committed to protecting your personal data. This privacy policy explains how we collect, use, disclose, and safeguard your information when you visit our website shipleybi.com and use our services.

We believe in transparency. Unlike other companies that bury important information in legal jargon, we'll tell you exactly what we collect and why—in plain English.

Information We Collect

Information You Provide

• Account Information: Name, email address, company name, phone number when you sign up
• Billing Information: Payment card details (processed securely through Stripe—we never store full card numbers)
• Communications: Messages you send us through contact forms, email, or support requests
• Integration Data: Credentials and access tokens for connected services (Google Ads, CRMs, etc.)

Information Collected Automatically

• Usage Data: Pages visited, features used, time spent in the application
• Device Information: Browser type, operating system, IP address
• Cookies: Session cookies for authentication, preference cookies for settings
• Analytics: Aggregated data about how our service is used (yes, we use our own product)

Information from Third Parties

• Ad Platforms: Campaign data, spend, impressions, clicks from Google Ads, Facebook, etc.
• CRM Systems: Lead and customer data from Salesforce, HubSpot, Pipedrive, Quickbase
• Analytics Platforms: Website visitor data from connected analytics tools

How We Use Your Information

We use your information to:

• Provide, maintain, and improve our services
• Process transactions and send related information
• Send you technical notices, updates, security alerts, and support messages
• Respond to your comments, questions, and customer service requests
• Monitor and analyze trends, usage, and activities
• Detect, investigate, and prevent fraudulent transactions and other illegal activities
• Personalize and improve your experience

What we DON'T do: We never sell your personal data to third parties. Ever. Your data is yours—we just help you understand it.

How We Share Your Information

We may share your information only in these circumstances:

• Service Providers: Companies that help us operate (hosting, payment processing, email delivery)
• Legal Requirements: When required by law or to protect our rights
• Business Transfers: In connection with a merger, acquisition, or sale of assets
• With Your Consent: When you explicitly authorize us to share

Data Security

We take security seriously. Here's how we protect your data:

• Encryption: All data transmitted via TLS 1.3; data at rest encrypted with AES-256
• Access Controls: Role-based access, multi-factor authentication required for staff
• Infrastructure: Hosted on enterprise-grade cloud infrastructure with SOC 2 compliance
• Monitoring: 24/7 security monitoring and intrusion detection
• Regular Audits: Periodic security assessments and penetration testing

Data Retention

We retain your personal data only as long as necessary to provide our services and fulfill the purposes described in this policy. When you delete your account, we remove your personal data within 30 days, except where we're required to retain it for legal or regulatory purposes.

Your Rights

You have the right to:

• Access: Request a copy of the personal data we hold about you
• Correction: Request correction of inaccurate or incomplete data
• Deletion: Request deletion of your personal data
• Portability: Request transfer of your data in a machine-readable format
• Opt-out: Unsubscribe from marketing communications at any time

To exercise these rights, contact us at [email protected].

Cookies

We use cookies and similar technologies to:

• Keep you logged in
• Remember your preferences
• Understand how you use our service
• Improve our product based on usage patterns

You can control cookies through your browser settings, but some features may not work properly if you disable them.

Utah Consumer Privacy Act (UCPA) - Primary Jurisdiction

As a Utah-based company, UCPA is our primary privacy framework (effective December 31, 2023).

UCPA Compliance Summary

• ✓ No Sale of Personal Data: We never sell consumer data
• ✓ No Targeted Advertising: Analytics not used for ad targeting
• ✓ Opt-Out Rights: Full opt-out capability provided
• ✓ Data Minimization: Only collect aggregated, anonymized data
• ✓ Transparency: Clear disclosure of data practices

Your UCPA Consumer Rights (Utah Code § 13-61-201)

• Right to Know: Confirm whether we process your data
• Right to Access: Request a copy of personal data we hold
• Right to Delete: Request deletion of your personal data
• Right to Portability: Obtain data in a portable format
• Right to Opt-Out: Opt out of targeted advertising and sale (we do neither)

UCPA Request Response Time: We will respond to UCPA requests within 45 days as required by Utah Code § 13-61-203. Submit requests to [email protected] with "UCPA Request" in the subject line.

California Privacy Rights (CCPA)

If you're a California resident, you have additional rights under the California Consumer Privacy Act:

• Right to know what personal information is collected and how it's used
• Right to delete personal information
• Right to opt-out of the sale of personal information (we don't sell your data)
• Right to non-discrimination for exercising your privacy rights

Usage Analytics

We collect anonymized, aggregated telemetry data to improve our AI agents. This section explains exactly what we collect and—more importantly—what we don't.

What We Collect (Aggregated Only)

• Agent Performance Metrics: Daily totals of conversations, success rates, confidence scores
• Intent Detection Accuracy: How well our AI understands user requests (no individual conversations stored)
• Business Outcome Counts: Daily counts like "12 appointments scheduled" (no user details)
• Feature Usage: Which features are popular to help us prioritize improvements

What We DON'T Collect

• ❌ No Names, Emails, or Phone Numbers
• ❌ No IP Addresses or Device Identifiers
• ❌ No Individual Conversation Transcripts
• ❌ No User Journey Tracking or Behavior Patterns
• ❌ No Data That Could Identify a Specific Person

Privacy Safeguards

• K-Anonymity: Minimum group size of 5 for all metrics (data with fewer users is suppressed)
• 90-Day Retention: All analytics data automatically purged after 90 days
• Aggregation: Data combined by day—no individual user trails
• Encryption: AES-256 at rest, TLS 1.3 in transit

Opt-Out Anytime: You can disable usage analytics in Settings → Privacy → Usage Analytics. This takes effect immediately and doesn't affect your access to any features. We ask for consent during signup and you can change your preference at any time.

Children's Privacy

Our services are not directed to individuals under 18. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

Changes to This Policy

We may update this privacy policy from time to time. We'll notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. For significant changes, we'll also send you an email notification.

Contact Us

Questions about this privacy policy? We're here to help.