AutomationsHQ - Business Automation and Systems Consulting

Privacy Policy

Last updated: March 18, 2026

1. Information We Collect

At AutomationsHQ, we collect information in three ways: information you provide directly, information collected automatically through your use of our site, and information from email communications.

Information You Provide

  • Name, email, phone, and company when you submit a consultation application
  • Responses to diagnostic questions in our consultation form
  • Email address when you subscribe to communications
  • Any other information you voluntarily provide through forms on our site

Information Collected Automatically

When you visit our site, we automatically collect certain information using privacy-preserving methods:

  • Page views: Which pages you visit and when
  • Interactions: Button clicks, form interactions, and scroll depth on pages
  • UTM attribution: How you arrived at our site (e.g., from a search engine, social media, or email campaign), captured from URL parameters
  • Device category: Whether you are using a desktop, mobile, or tablet (no raw user-agent stored)
  • Session identifier: A non-reversible hash derived from your IP address and the current date, used to group your activity within a single day (not a cookie)

What we do NOT collect: We do not use cookies for tracking. We do not store raw IP addresses (they are hashed with a daily rotating salt and cannot be reversed). We do not use browser fingerprinting. We do not use third-party tracking scripts (no Google Analytics, Facebook Pixel, etc.).

Email Tracking

When we send you emails (such as consultation follow-ups or reminders), those emails may contain:

  • Open tracking pixel: A 1x1 transparent image that notifies us when you open the email
  • Click tracking: Links in the email may be routed through our server so we can record which links you click

Email tracking is consent-gated. If you opt out (see Section 6), we immediately stop tracking opens and clicks for your contact record and cancel any pending automated emails.

2. How We Use Your Information

  • Respond to your consultation requests and provide requested services
  • Schedule and manage appointments
  • Send follow-up emails, reminders, and confirmations related to your consultation
  • Understand how visitors discover and interact with our site to improve our services
  • Attribute consultations to the marketing channels that referred them (UTM analytics)
  • Analyze aggregate email performance (open rates, click rates) to improve communications
  • Comply with legal obligations

Session-to-Contact Linking

When you submit a form on our site (such as a consultation application), we associate your browsing activity from that session -- including pages visited, buttons clicked, and scroll behavior -- with the contact information you provide. This helps us understand how you discovered our services and allows us to tailor our follow-up.

This linking only occurs for the session in which you submit the form. We do not track your activity across multiple days or browsing sessions. You can request deletion of all linked behavioral data at any time (see Section 6).

3. Data Protection

  • Data encryption in transit (TLS 1.3)
  • Encrypted data storage at rest
  • Access controls and role-based authentication
  • Regular security audits and updates
  • IP addresses hashed with SHA-256 and daily rotating salt (not reversible)
  • Raw tracking events automatically purged after 90 days

4. Privacy-Focused Analytics

Our analytics system is self-hosted and privacy-first. We do not use any third-party analytics services. Our approach:

  • No cookies for tracking or analytics
  • No browser fingerprinting
  • No cross-site tracking
  • No raw IP storage (hashed with daily rotating salt)
  • No third-party data sharing
  • No advertising pixels or retargeting
  • Bot traffic automatically detected and excluded from metrics
  • Session identifiers reset daily (not persistent across visits)

5. Cookies and Local Storage

Authentication Cookies (Strictly Necessary)

Our admin portal uses essential cookies to maintain logged-in sessions. These are classified as "strictly necessary" under GDPR and are exempt from consent requirements:

  • Access Token (httpOnly, secure): 15-minute session authentication
  • Refresh Token (httpOnly, secure): 7-day session renewal
  • CSRF Token: Cross-site request forgery protection

All cookies are httpOnly (not accessible to client-side scripts), secure (HTTPS only), and first-party only (not shared with third parties).

Local Storage (UTM Attribution)

When you arrive at our site via a link with UTM parameters (e.g., from a social media post or email campaign), we store the attribution data in your browser's localStorage:

  • First-touch attribution: The first campaign source that brought you to our site (retained for 30 days)
  • Last-touch attribution: The most recent campaign source (overwritten on each visit with UTM parameters)

This data stays in your browser and is only sent to our server if you submit a consultation form. It is not a cookie and cannot be read by third parties. You can clear it at any time via your browser's developer tools (Application > Local Storage).

No Tracking Cookies

We do not use analytics cookies, advertising cookies, or any third-party cookies.

6. Your Rights

Under GDPR, CCPA, and other applicable privacy regulations, you have the following rights:

  • Right to access: Request a copy of all personal data we hold about you
  • Right to rectification: Request correction of inaccurate data
  • Right to erasure: Request deletion of your personal data, including all behavioral tracking data, email tracking events, and contact records
  • Right to object: Object to processing of your data for analytics purposes
  • Right to opt-out of email tracking: Click the unsubscribe link in any email to immediately stop all email tracking and cancel pending automated emails
  • Right to data portability: Request your data in a machine-readable format

How to Exercise Your Rights

  • Unsubscribe from emails: Click the "Unsubscribe" link in any email (processed instantly)
  • Delete tracking data: Contact us at the address below and we will delete all tracking events, email engagement data, and behavioral data linked to your contact record
  • Access or export data: Contact us at the address below

We will respond to all data rights requests within 30 days.

7. Email Communications

We send emails only to contacts who have submitted a consultation form or otherwise opted in to communications. Our emails comply with:

  • CAN-SPAM (US): Every email includes an unsubscribe mechanism, honored instantly
  • CASL (Canada): Emails sent only with implied consent (you requested a consultation) or express consent
  • RFC 8058: One-click unsubscribe via List-Unsubscribe header, supported by Gmail, Yahoo, and other major providers
  • GDPR (EU): Email tracking is consent-gated and can be revoked at any time

When you unsubscribe, we immediately: set your tracking consent to "denied," cancel all pending automated emails, and stop recording open/click events for your contact.

8. Third-Party Services

We do not share your personal information with third parties except:

  • When required by law or legal process
  • With service providers who assist in operating our platform (under strict confidentiality agreements)
  • With your explicit consent

We do not sell, rent, or trade your personal information. We do not use third-party analytics, advertising, or tracking services.

9. Data Retention

  • Consultation records: Retained for 2 years after your last interaction
  • Contact records: Retained until you request deletion
  • Raw tracking events: Automatically purged after 90 days
  • Aggregated analytics: Retained indefinitely (contains no personal data)
  • Email tracking events: Purged after 90 days; aggregated daily stats retained
  • UTM attribution data: Retained with your contact record until deletion is requested

10. Children's Privacy

Our services are not directed to individuals under 18 years of age. We do not knowingly collect personal information from children.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by posting the updated policy on this page with a revised "Last updated" date. Continued use of our site after changes constitutes acceptance of the updated policy.

12. Contact Us

If you have questions about this Privacy Policy, wish to exercise your data rights, or want to request deletion of your data, please contact us:

Email: Charles@AutomationsHQ.io
Subject line: Privacy Request - [Your Name]

Back to Home
We use privacy-preserving analytics. Privacy policy