C2PA.ai ("we", "us", "our") is committed to protecting your privacy. This policy explains what data we collect, why, and how we handle it. We aim to be as straightforward as possible - no legalese where plain English will do.
Email addresses. If you subscribe to The Provenance Brief newsletter or submit an inquiry through our contact forms, we collect your email address and any information you voluntarily provide (name, company, message content). We use this to send you the newsletter or respond to your inquiry.
Form submissions. Our consulting inquiry forms collect the information you enter - name, email, company, and your message. This data is sent to our CRM system (GoHighLevel) for the purpose of responding to your inquiry and managing our client relationships.
Analytics. We use privacy-respecting analytics to understand how visitors use our site - which pages are visited, how long visitors spend, and where traffic comes from. We do not use Google Analytics. We do not track individual users across sessions. We do not build advertising profiles.
Server logs. Our hosting provider automatically logs standard connection data (IP address, browser type, pages requested, timestamps). These logs are used for security monitoring and are retained for no more than 90 days.
We do not use tracking cookies for advertising purposes. We do not sell, rent, or share your personal data with third parties for marketing. We do not build user profiles for advertising. We do not run programmatic advertising or participate in advertising networks.
Email addresses are used to send the newsletter you subscribed to and, where applicable, to respond to inquiries you initiated. Form submissions are used to respond to your consulting or partnership inquiries. Analytics data is used in aggregate to improve the site. That's it.
We use the following third-party services that may process your data:
GoHighLevel - our CRM and form processing system. Receives form submissions and newsletter signups. GoHighLevel's privacy policy applies to data they process on our behalf.
Hosting provider - serves website files and processes standard HTTP requests. Standard server logs are generated.
We do not use third-party advertising networks, social media tracking pixels, or data brokers.
You have the right to access, correct, or delete your personal data at any time. To exercise these rights, email [email protected]. We will respond within 30 days.
Newsletter unsubscribe. Every ne located in the EU/EEA, you have additional rights under the General Data Protection Regulation, including the right to data portability, the right to restrict processing, and the right to lodge a complaint with your local data protection authority. Our lawful basis for processing newsletter signups is consent (which you provide by subscribing). Our lawful basis for form submissions is legitimate interest (responding to your inquiry).
UK GDPR. UK residents have equivalent rights under the UK GDPR. The Information Commissioner's Office (ICO) is the relevant supervisory authority.
Newsletter subscriber data is retained for as long as you remain subscribed. Consulting inquiry data is retained for 24 months after the last interaction. Server logs are retained for 90 days. Analytics data is retained in aggregate form only and contains no personally identifiable information.
C2PA.ai is not directed at children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.
We may update this privacy policy from time to time. Material changes will be noted on this page with an updated date. We will not retroactively change how we use data already collected without your consent.
For privacy-related questions or requests, email [email protected].