Privacy Policy for Happy Avocado

Effective Date: October 30, 2025

Happy Avocado ("we," "us," or "our") is a consulting business providing AI-driven marketing and growth services to trust-based industries, including healthcare, legal, accounting, and architecture firms. We are committed to protecting your privacy and handling your personal information responsibly. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website [insert website URL], engage with our services (e.g., assessments, consultations, retainers, or memberships), or otherwise interact with us.

By using our website or services, you agree to the terms of this Privacy Policy. If you do not agree, please do not use our services. We comply with applicable laws, including but not limited to the Health Insurance Portability and Accountability Act (HIPAA) for healthcare-related data, the California Consumer Privacy Act (CCPA/CPRA), the California Online Privacy Protection Act (CalOPPA), and, where relevant for international users, the General Data Protection Regulation (GDPR).

Table of Contents

• Information We Collect
• How We Collect Information
• How We Use Your Information
• How We Share Your Information
• Data Security
• Cookies and Tracking Technologies
• HIPAA Compliance
• Your Privacy Rights and Choices
• Data Retention
• Children's Privacy
• International Data Transfers
• Third-Party Links and Services
• Changes to This Privacy Policy
• Contact Us

1. Information We Collect

We collect information to provide, improve, and personalize our AI-driven consulting services. The types of information we may collect include:

• Personal Identifiers: Such as your name, email address, phone number, postal address, and other contact details you provide when inquiring about services, signing up for newsletters, or engaging in consultations.
• Professional and Business Information: Details about your firm, including industry (e.g., healthcare, legal, accounting, architecture), job title, company size, marketing goals, and website URLs for assessments.
• Usage and Device Information: Automatically collected data like IP address, browser type, operating system, referring URLs, pages viewed, time spent on pages, and interaction data (e.g., clicks, scrolls).
• Sensitive Information: For healthcare clients, we may collect or process protected health information (PHI) or other sensitive data (e.g., patient outreach preferences) strictly as needed for marketing strategies, in compliance with HIPAA.
• Payment Information: If you purchase services (e.g., assessments or retainers), we collect billing details through secure third-party processors like Stripe; we do not store full payment card information.
• Marketing and Communication Data: Preferences for receiving communications, feedback from surveys, or interactions with our content.
• Inferred Data: Derived from AI analysis, such as insights from your online presence assessment (e.g., lead generation scores).

We limit collection to what is necessary and do not collect information from individuals under 13 years old.

2. How We Collect Information

We collect information through:

• Direct Interactions: When you submit forms (e.g., for a free teaser score, webinar signup, or contact request), email us, or participate in consultations.
• Automated Technologies: Via cookies, web beacons, server logs, and analytics tools (e.g., Google Analytics) when you visit our site.
• Third Parties: From business partners, service providers (e.g., Zapier for automations), or public sources (e.g., website data for assessments).
• AI Tools: During services like online presence audits, where we analyze public or provided data using AI.

3. How We Use Your Information

We use your information for legitimate business purposes, including:

• Providing and personalizing our services, such as conducting assessments, developing AI-driven marketing strategies, and delivering retainers or memberships.
• Communicating with you, including responding to inquiries, sending updates, newsletters, or marketing materials (with opt-out options).
• Improving our services through analysis, AI model training (using anonymized data), and performance metrics.
• Administering payments, managing accounts, and fulfilling contracts.
• Complying with legal obligations, resolving disputes, or enforcing agreements.
• For healthcare clients, using PHI solely for permitted purposes under HIPAA, such as optimizing compliant marketing campaigns.

Under GDPR (if applicable), our legal bases include consent, contract performance, legitimate interests, or legal compliance. We do not use your information for automated decision-making that produces legal effects without human oversight.

4. How We Share Your Information

We do not sell, rent, or trade your personal information. We may share it in the following limited ways:

• Service Providers: With vendors who assist us (e.g., hosting providers like AWS, analytics tools like Google Analytics, payment processors like Stripe, or automation tools like Zapier), bound by confidentiality and data protection agreements.
• Business Partners: With affiliates or collaborators for joint services (e.g., health-tech partners), only with your consent and for specified purposes.
• Legal and Compliance: To comply with laws, respond to subpoenas, protect rights, or in mergers/acquisitions (with notice where required).
• HIPAA Business Associates: For healthcare data, only with entities under a Business Associate Agreement (BAA), ensuring HIPAA compliance.

We require all recipients to protect your information and use it only for the intended purpose.

5. Data Security

We implement appropriate technical, administrative, and physical measures to protect your information, including encryption (e.g., SSL/TLS for transmissions), access controls, firewalls, and regular security audits. For sensitive data like PHI, we follow HIPAA Security Rule standards. In the event of a data breach, we will notify affected individuals and authorities as required by law (e.g., within 72 hours under GDPR or 60 days under HIPAA).

However, no system is entirely secure, and we cannot guarantee absolute security against all threats.

6. Cookies and Tracking Technologies

Our website uses cookies, pixels, and similar technologies to enhance functionality, analyze usage, and personalize content. Categories include:

• Essential Cookies: Required for site operation (e.g., session management).
• Performance/Analytics Cookies: To track visitor behavior (e.g., via Google Analytics) for improvements.
• Functional Cookies: To remember preferences (e.g., language settings).
• Targeting/Marketing Cookies: To deliver relevant ads (e.g., via Google AdSense), with opt-out options.

You can manage cookies via browser settings or our cookie consent banner. We honor Do Not Track (DNT) signals and Global Privacy Control (GPC) where applicable. For CalOPPA compliance, this section discloses our tracking practices.

7. HIPAA Compliance

As a consultant serving healthcare firms, we act as a HIPAA Business Associate when handling PHI. We maintain BAAs with covered entities, use PHI only for authorized purposes (e.g., AI-driven marketing analytics), and implement required safeguards. PHI is de-identified where possible, retained only as needed, and securely disposed of. We provide breach notifications and allow access for audits. Non-healthcare data is not subject to HIPAA.

8. Your Privacy Rights and Choices

You have rights depending on your location:

• Access, Correction, and Deletion: Request to view, update, or delete your data.
• Opt-Out: From marketing communications (via unsubscribe links) or data sharing/sales (we do not sell data).
• Portability: Receive your data in a usable format.
• Non-Discrimination: We do not penalize you for exercising rights.
• CCPA/CPRA Rights (California Residents): Know categories of data collected/shared, request deletion, opt-out of sales (none occur), and limit sensitive data use.
• GDPR Rights (EU/UK Residents, if applicable): Object to processing, withdraw consent, restrict processing, and lodge complaints with authorities.

To exercise rights, submit a verifiable request to use the form at Contact Us We respond within 45 days (extendable to 90) and verify identity. For CCPA, To contact us, please use the form at Contact Us

9. Data Retention

We retain information only as long as necessary for the purposes described (e.g., 2 years after service end for most data; longer for legal compliance or HIPAA records). After that, it is deleted or anonymized securely.

10. Children's Privacy

Our services are not intended for children under 13 (or 16 in some jurisdictions). We do not knowingly collect their data. If we discover such collection, we will delete it promptly. Parents/guardians can contact us for removal. We comply with COPPA.

11. International Data Transfers

Our operations are based in the US. For users outside the US (e.g., EU), we transfer data with safeguards like Standard Contractual Clauses or consent. We ensure equivalent protection levels.

12. Third-Party Links and Services

Our site may link to third-party sites (e.g., Calendly, Stripe). We are not responsible for their privacy practices—review their policies. We disclose integrations in compliance with requirements like Google AdSense.

13. Changes to This Privacy Policy

We may update this policy to reflect changes in practices or laws. Updates will be posted here with the new effective date. For material changes, we will notify you via email or site notice. Continued use constitutes acceptance.

14. Contact Us

For questions, requests, or complaints:

Happy Avocado

To contact us, please use the form at Contact Us