1. Who we are
This site is operated by Michael Heredia, a solo operator. Contact: info@michaelheredia.com. These privacy practices cover michaelheredia.com and any deployment-related communications you have with me directly.
2. What I collect
If you just visit the site
- Analytics: pageviews, the URL you came from, the country your IP resolves to, browser type, device type, and which buttons you click. Collected via Google Analytics 4 and Meta Pixel.
- UTM / click-id parameters: if you arrive from an ad or campaign, the utm_source / utm_medium / utm_campaign / utm_term / utm_content / fbclid / gclid query parameters are stored in your browser's localStorage for up to 30 days so I can connect a purchase back to the campaign that drove it.
- Cloudflare logs: standard web-server logs (IP address, request time, URL, user agent) for security and performance, retained per Cloudflare's default policy.
If you submit the contact form or email me
- Your name (optional), email address, and the contents of your message.
- The same UTM parameters from above, attached so I know which campaign you came from.
- This gets delivered to info@michaelheredia.com via Cloudflare's email service and routed to my personal inbox.
If you book a call via Calendly
- Your name, email, and chosen time slot are collected by Calendly directly.
- I receive that info as a calendar invite. Calendly's privacy policy applies to the data they hold on their side.
If you check out via Stripe
- Name, email, billing address, and payment method are collected by Stripe directly. I receive a notification that includes your name, email, and the SKU you bought — never your card number or full billing details.
- Stripe's privacy policy governs the payment data on their side.
3. What I don't collect
- I don't sell your data. Ever.
- I don't use it for retargeting outside of the Meta Pixel ad-attribution mentioned above, and even that is limited to ads I run for michaelheredia.com.
- I don't use your data to train AI models.
- I don't read your private deployment data once you're live — the agent runs on your server, in your accounts, with your API keys. I only see it during onboarding or if you specifically ask me to debug something together.
4. Third-party processors
The named services that touch your data on my behalf:
- Cloudflare — hosting, CDN, request logs, contact-form email delivery via their Email Service.
- Stripe — payment processing.
- Google Analytics 4 — pageview analytics.
- Meta Pixel — ad attribution for paid campaigns I run.
- Calendly — scheduling.
- WhatsApp Business — chat support when you tap the chat button.
Each of those has their own privacy policy that covers the data they hold. I don't share your data with anyone else.
5. Cookies and local storage
- Theme preference: which color theme you've chosen (dark/light) is stored in localStorage so the site remembers next time.
- UTM stash: campaign parameters from inbound links stored in localStorage for 30 days (see above).
- Analytics cookies: GA4 and Meta Pixel set their own first/third-party cookies for measurement. These load only after the page has finished painting, to keep the site fast.
You can clear all of these any time via your browser's site-data settings.
6. How long I keep it
- Contact form messages and email: I keep them in my inbox indefinitely unless you ask for deletion.
- Stripe payment records: retained per Stripe's policy and tax/legal obligations (typically 7 years for tax purposes).
- Analytics: GA4 default retention (14 months for event-level data unless changed).
- Cloudflare logs: standard CF retention (a few weeks).
- Calendly bookings: per Calendly's retention policy.
7. Your rights
Regardless of where you live, you can ask me to:
- Tell you what data I have on you.
- Correct it if it's wrong.
- Delete it (subject to tax/legal record-keeping obligations on the Stripe side).
- Stop sending you any non-transactional communications.
Email info@michaelheredia.com and I'll respond within 30 days, usually within 48 hours. If you're in the EU/UK, California, or another jurisdiction with specific data rights (GDPR, CCPA, etc.), those rights apply to you in addition to anything stated here.
8. Children
These services aren't aimed at anyone under 18. If I learn that someone under 18 has submitted data, I'll delete it.
9. Security
The site runs on Cloudflare with TLS encryption end-to-end. Payments are processed by Stripe (PCI DSS Level 1). I don't store passwords or card data — Stripe and the other named processors handle that on their respective infrastructure. That said, no system is perfectly secure; you transmit information at your own risk, and I'll notify you if I become aware of a breach affecting your data.
10. Changes to this policy
I may update this policy over time. The "Last updated" date at the top reflects the most recent revision. If a change is material (e.g., adding a new processor that materially changes data handling), I'll surface a notice on the site for at least 30 days after the change.
11. Contact
Questions, deletion requests, or anything privacy-related: info@michaelheredia.com.