Privacy Policy

1. Introduction

This Privacy Policy describes how David's Dream LLC, a Texas limited liability company doing business as Biz22 ("Provider," "we," "us," or "our"), collects, uses, stores, shares, and protects your personal information when you use our website, platform, dashboard, and services (collectively, the "Service"). This Privacy Policy applies to all visitors, users, and customers of the Service.

By using the Service, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with this Privacy Policy, please do not use the Service.

This Privacy Policy should be read together with our Terms of Service and Refund Policy.

2. Information We Collect

2.1 Information You Provide Directly

When you submit an order, create an account, or interact with the Service, we may collect the following categories of information that you voluntarily provide:

• Personal identifiers: Full name, email address, phone number, mailing address
• Business information: Business name, business type, business description, hours of operation, service and product descriptions, pricing information
• Visual assets: Logo files, photographs, images, and other visual content you upload
• Social media information: Social media profile URLs (Instagram, Facebook, X/Twitter, LinkedIn, YouTube, TikTok, and others)
• Design preferences: Color preferences, style preferences, design references, and written instructions
• Communication content: Messages, support requests, revision instructions, and other communications you send to us
• Domain information: Domain names and DNS configuration details

2.2 Information Collected Automatically

When you access or use the Service, we automatically collect certain information, including:

• Device and browser information: IP address, browser type, browser version, user agent string, operating system, device type, screen resolution
• Usage data: Pages visited, time spent on pages, click patterns, referring URLs, navigation paths
• Terms acceptance data: Timestamp, IP address, user agent, and Terms version at the time of acceptance (recorded for legal compliance and dispute resolution purposes)
• Authentication data: Login timestamps, session information, authentication method used (magic link or Google OAuth)
• Cookie data: As described in Section 8 below

2.4 Client-Uploaded Content

When you upload images (including custom logos, hero images, and about/profile images) or other files during the order process, we store these files on our servers and/or third-party storage services (Supabase Storage) for the purpose of incorporating them into your Landing Page.

• Uploaded images are associated with your account and order record
• Uploaded images may be visible on your publicly accessible Landing Page for as long as your hosting subscription remains active
• We do NOT analyze, verify, or investigate the copyright status or ownership of uploaded content (see our Terms of Service § 11.8)
• Uploaded images may be transmitted to third-party AI services for quality assessment and validation as described in Section 4

2.3 Information from Third Parties

We may receive information about you from third-party services, including:

• Stripe: Payment confirmation, subscription status, and billing information (we do not receive or store full credit card numbers)
• Google OAuth: Name and email address (if you sign in with Google)

3. How We Use Your Information

We use the information we collect for the following purposes:

3.1 Service Delivery

• Processing and fulfilling your orders
• Generating your Website using AI technology (see Section 4)
• Communicating with you about your project, including status updates, revision requests, and delivery notifications
• Providing customer support
• Managing your account and subscriptions

3.2 Payment Processing

• Processing payments and refunds through Stripe
• Managing subscription billing cycles
• Sending payment confirmations and invoices

3.3 Service Improvement

• Analyzing usage patterns to improve the Service
• Developing new features and functionality
• Quality assurance and testing
• Internal analytics and reporting

3.4 Security & Compliance

• Content screening to enforce our Acceptable Use Policy
• Fraud prevention and detection
• Enforcing our Terms of Service
• Complying with legal obligations
• Responding to legal requests and preventing harm

3.5 Communications

• Sending service-related emails (order confirmations, project updates, etc.)
• Sending marketing and promotional communications (with your consent or as permitted by law; you may opt out at any time)
• Responding to your inquiries and support requests

4. AI Data Processing & Third-Party AI Services

Our Service uses artificial intelligence (AI) to generate Landing Pages. This section explains how your data is processed by AI systems:

4.1 Data Sent to AI Providers

To generate your Website, the following categories of your information may be transmitted to third-party AI service providers:

• Business name, type, and description
• Contact information (phone number, email, address)
• Hours of operation
• Service and product descriptions
• Design preferences and instructions
• Uploaded images (for validation and quality assessment)

4.2 AI Service Providers

We use the following AI service providers:

• Anthropic (Claude API) — Used for content generation, design planning, code generation, quality assurance, content screening, and image validation. Data is processed subject to Anthropic's usage policies.
• Google (Gemini API / Imagen) — Used for AI logo generation and supplemental image generation. Data is processed subject to Google's Generative AI terms.

4.3 AI Data Handling

• We transmit only the data necessary to generate your Website
• We do not control how third-party AI providers process, store, or retain data sent to their APIs
• AI providers may have their own data retention policies; we encourage you to review their privacy policies directly
• We do not use your data to train AI models; however, third-party AI providers may have their own policies regarding data usage for model improvement

4A. Analytics on Customer Landing Pages

Customer landing pages served under the biz22.com domain (e.g., yourbusiness.biz22.com) include Google Analytics 4 ("GA4"), a web analytics service provided by Google LLC. GA4 is embedded at the platform level by Biz22 and is present on all active landing pages. This section explains how analytics data is collected from visitors to those pages.

4A.1 Data Collected from Landing Page Visitors

When a visitor accesses a customer landing page, GA4 may collect:

• Device type and browser information
• Approximate geographic location (country/region derived from IP address; exact IP is not retained)
• Referring website or search query
• Pages viewed and session duration
• Interaction events (e.g., button clicks, form submissions)

No personally identifiable information is collected by GA4 unless a visitor voluntarily submits it via a contact form on the landing page.

4A.2 Consent Default and Visitor Control

GA4 on all Biz22-hosted landing pages operates under Google's Consent Mode v2. All analytics signals default to "denied" until the visitor explicitly grants consent via the cookie consent banner. Visitors who select "Reject All" will not have any analytics data collected or transmitted to Google. Visitors may also adjust their preferences at any time via the "Manage Preferences" option in the banner.

4A.3 Data Recipient and Use

Analytics data from customer landing pages is transmitted to Google LLC and processed subject to Google's Privacy Policy. We receive aggregated analytics reports and use them solely to monitor platform performance and service quality. We do not sell or share individual visitor analytics data with the landing page business owner or any third party.

4A.4 Information for Landing Page Visitors

If you are visiting a Biz22-hosted business landing page (not registering as a Biz22 customer), this section applies to your visit. You may decline analytics collection by selecting "Reject All" on the cookie consent banner displayed on the landing page. You may also block analytics cookies at the browser level. For more information about how Google processes analytics data, see How Google uses information from sites that use our services.

5. Third-Party Service Providers

We use the following third-party services to operate the Service. Each may receive certain categories of your data as necessary to perform their functions:

We require our service providers to protect your information and use it only for the purposes for which it was disclosed. However, we are not responsible for the privacy practices or data security of third-party providers. We encourage you to review their privacy policies directly.

6. Data Storage & Security

6.1 Storage Location

Your data is stored on servers located in the United States, operated by our third-party infrastructure providers (Supabase and Vercel). By using the Service, you consent to the storage and processing of your data in the United States.

6.2 Security Measures

We implement reasonable technical and organizational security measures to protect your data from unauthorized access, loss, alteration, or misuse, including:

• Encryption in transit (TLS/SSL) for all data transmissions
• Encryption at rest for stored data
• Row-level security (RLS) policies on our database to restrict data access
• Role-based access control (RBAC) for administrative functions
• Secure authentication via magic links and OAuth (no passwords stored)
• Webhook signature verification for payment processing
• Regular security assessments and updates

6.3 No Absolute Guarantee

No method of internet transmission or electronic storage is 100% secure. While we strive to use commercially reasonable means to protect your data, we cannot guarantee absolute security. You acknowledge and accept the inherent risks of transmitting data over the internet and using cloud-based services.

7. Data Retention

We retain your data according to the following guidelines:

• Account and order data: Retained for as long as your account is active, and for a minimum of seven (7) years after account closure for financial, tax, and legal compliance purposes.
• Landing Page data: Retained during active subscription, through the 30-day grace period, and for up to 90 days after archival. After 90 days, data may be permanently deleted.
• Communication records: Retained for a minimum of three (3) years for dispute resolution and quality assurance purposes.
• Payment records: Retained for a minimum of seven (7) years as required by tax and financial regulations.
• Terms acceptance logs: Retained indefinitely for legal compliance and dispute resolution.
• AI generation logs: Retained for up to two (2) years for quality assurance, debugging, and dispute resolution.
• Analytics data: Aggregated and anonymized data may be retained indefinitely.
• Uploaded content (logos, hero images, about images): Client-uploaded images and files are retained for the duration of the active service period plus 90 days after account termination (consistent with the Landing Page restoration window in Section 12.3 of our Terms of Service). However, copies may be retained longer if required for ongoing legal proceedings, dispute resolution, or compliance with legal obligations related to intellectual property claims.

You may request deletion of your personal data as described in Section 10. However, we may retain certain information as required by law, for legitimate business purposes, or to enforce our rights.

8. Cookies & Tracking Technologies

Our website uses cookies and similar tracking technologies to improve your browsing experience, analyze website performance, and provide certain features. A cookie is a small text file stored on your device when you visit our website.

8.1 Types of Cookies We Use

• Strictly Necessary Cookies: Essential for the website to function properly. These enable core functionality such as authentication, session management, security, and accessibility. You cannot opt out of these cookies as the Service cannot operate without them.
• Analytics Cookies: Help us understand how visitors interact with our website by collecting and reporting information. We may use services such as Google Analytics to track website usage, page views, and user behavior patterns to improve our Service.
• Marketing Cookies: May be used to track visitors across websites to display relevant advertisements and measure campaign effectiveness. We do NOT sell or share your personal information for third-party advertising purposes.

8.2 Your Cookie Choices

When you first visit our website, you will see a cookie consent banner allowing you to accept or reject non-essential cookies. You can change your cookie preferences at any time by clicking "Manage Preferences" in the cookie banner. You can also control cookies through your browser settings. Please note that disabling certain cookies may affect the functionality of the Service.

8.3 Do Not Track Signals

Some browsers transmit "Do Not Track" (DNT) signals. Currently, there is no industry standard for how websites should respond to DNT signals. At this time, our Service does not respond to DNT signals. However, you may control tracking through the cookie preference tools described above.

9. International Data Transfers

If you are accessing the Service from outside the United States, please be aware that your data will be transferred to, stored, and processed in the United States, where our servers and service providers are located. By using the Service, you explicitly consent to this transfer and processing of your data in the United States.

The data protection laws of the United States may differ from those in your jurisdiction. We take reasonable steps to ensure that your data is treated securely and in accordance with this Privacy Policy, but we do not guarantee that the level of protection will be equivalent to that in your home jurisdiction.

10. Your Rights & Choices

Depending on your location and applicable law, you may have certain rights regarding your personal information:

10.1 General Rights

• Access: Request a copy of the personal information we hold about you
• Correction: Request correction of inaccurate or incomplete personal information
• Deletion: Request deletion of your personal information, subject to legal retention requirements
• Portability: Request a machine-readable copy of your data where technically feasible
• Opt-out of marketing: Unsubscribe from marketing communications at any time by clicking the "unsubscribe" link in any marketing email or contacting us

10.2 California Residents (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

• Right to Know: You have the right to request that we disclose the categories and specific pieces of personal information we have collected, the categories of sources, the business purpose for collection, and the categories of third parties with whom we share your data
• Right to Delete: You have the right to request deletion of your personal information, subject to certain exceptions
• Right to Opt-Out of Sale: We do NOT sell your personal information as defined by the CCPA. We do not share personal information for cross-context behavioral advertising
• Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights
• Right to Correct: You have the right to request correction of inaccurate personal information
• Right to Limit Use of Sensitive Information: You may request that we limit the use and disclosure of sensitive personal information to only what is necessary to provide the Service

To exercise your CCPA/CPRA rights, please contact us via our contact form. We will respond to verifiable consumer requests within forty-five (45) days.

10.3 European Economic Area (EEA) and UK Residents (GDPR)

If you are located in the EEA or UK, you have additional rights under the General Data Protection Regulation (GDPR):

• Legal basis for processing: We process your data based on: (a) contractual necessity (to fulfill our obligations under the Terms of Service), (b) legitimate interests (to improve and secure the Service), (c) consent (for marketing communications and non-essential cookies), and (d) legal obligation (for tax and financial record-keeping)
• Right to restrict processing: You may request restriction of processing in certain circumstances
• Right to object: You may object to processing based on legitimate interests
• Right to lodge a complaint: You have the right to lodge a complaint with your local data protection supervisory authority
• Right to withdraw consent: Where processing is based on consent, you may withdraw consent at any time without affecting the lawfulness of processing prior to withdrawal

To exercise your GDPR rights, please contact us via our contact form.

10.4 Limitations on Deletion

Please note that we may be unable to fully delete your data if retention is necessary for:

• Completing a transaction or fulfilling an ongoing service
• Compliance with legal, tax, or regulatory obligations
• Detecting and preventing fraud or security incidents
• Exercising or defending legal claims
• Internal record-keeping required for financial auditing

11. Automated Decision-Making

We use automated systems (including AI) to make certain decisions that may affect you:

• Content Screening: Automated content screening systems evaluate order submissions for compliance with our Acceptable Use Policy. Orders flagged by automated systems may be subject to additional manual review.
• Landing Page Generation: AI systems make automated decisions about design, layout, color selection, and content arrangement based on the information you provide.
• Quality Assurance: Automated AI review systems evaluate generated Landing Pages for quality, accuracy, and compliance with design standards.

These automated processes are integral to the Service and cannot be opted out of while using the Service. If you have concerns about automated decisions that affect you, please contact us via our contact form.

12. Children's Privacy

The Service is not directed to individuals under the age of eighteen (18). We do not knowingly collect personal information from children under 13 years of age (or such higher age as may be required by applicable law, such as 16 in the EEA under GDPR). If we become aware that we have collected personal information from a child under the applicable age, we will take steps to delete such information promptly.

If you are a parent or guardian and believe that your child has provided personal information to us, please contact us via our contact form so that we can take appropriate action.

13. When We Share Your Information

We may share your information in the following circumstances:

• Service providers: With third-party service providers who assist us in operating the Service, as described in Sections 4 and 5 above
• Legal requirements: When required by law, subpoena, court order, or government request, or when we believe disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request
• Business transfers: In connection with a merger, acquisition, bankruptcy, dissolution, reorganization, or similar transaction involving all or a portion of our business, your data may be transferred to the acquiring entity
• With your consent: When you have given us explicit consent to share your information for a specific purpose
• Dispute resolution: With payment processors, financial institutions, collection agencies, or legal counsel in connection with payment disputes, chargebacks, or legal proceedings
• Published Landing Pages: Information you include in your Landing Page (business name, contact details, services, images) will be publicly accessible on the internet when your site is live
• Copyright claims & legal compliance: We may disclose information about Client-uploaded content — including the content itself, upload metadata, and Client identity and contact information — to: (a) copyright holders or their authorized representatives who submit valid DMCA takedown notices; (b) law enforcement agencies when required by law or legal process; (c) courts or arbitration panels in connection with intellectual property disputes; and (d) our legal counsel for the purpose of evaluating and responding to infringement claims. See Terms of Service § 11A for our DMCA compliance policy.

We do NOT sell your personal information to third parties for their own marketing or advertising purposes.

14. Data Breach Notification

In the event of a data breach that affects your personal information and poses a risk to your rights and freedoms, we will notify you as required by applicable law. We will make reasonable efforts to notify affected users via email within seventy-two (72) hours of becoming aware of the breach, where feasible.

15. Third-Party Links & Services

The Service or your Landing Page may contain links to third-party websites or services that are not owned or controlled by Provider. We have no control over, and assume no responsibility for, the content, privacy policies, or practices of any third-party websites or services. We strongly advise you to review the privacy policy of every site you visit.

16. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Material changes will be posted on this page with an updated "Last updated" date. For material changes that significantly affect how we handle your personal information, we will make reasonable efforts to provide advance notice via email.

Continued use of the Service after any changes to this Privacy Policy constitutes your acceptance of the updated policy. If you do not agree with the updated policy, you should discontinue use of the Service.

Contact Us

If you have any questions about this Privacy Policy, wish to exercise your data rights, or have concerns about how your data is handled, please contact us at:

David's Dream LLC (d/b/a Biz22)
biz22.com/contact

For CCPA/GDPR data requests, please indicate "Data Rights Request" in your message and provide sufficient information to verify your identity.