Privacy Policy

Automaton Agency ("Automaton," "we," "us," or "our") operates the website automatonagency.com and the services available through it. This policy explains what personal information we collect, how we use it, who we share it with, and the choices and rights you have.

We're a small agency, not an advertising network. We don't sell your personal information, we don't rent mailing lists, and we don't run third-party behavioral advertising. What we do collect is narrow and listed below in full.

Who we are and how to reach us

Automaton Agency is based in Austin, Texas, United States. For any privacy question — including requests to access, correct, or delete your data — email joseph@automatonagency.com. We aim to respond within 30 days, per applicable law.

What we collect

Information you give us directly

• Contact form submissions. When you fill out a form on our site, we collect the information you submit — typically your name, email address, and the message you send us, plus any fields the specific form requests (company, role, etc.). We use this to reply to you and, if a conversation progresses, to manage the business relationship.
• Newsletter signups. When you subscribe to our newsletter, we collect your email address and the fact that you subscribed. We use it to send the newsletter and nothing else. Every email includes a one-click unsubscribe link. If you unsubscribe, we stop sending — and we retain a suppression record (email only, no content) so we don't accidentally re-subscribe you.
• Booked meetings. When you schedule a call through our calendar embed, the scheduling provider (HubSpot) collects the information you provide (name, email, timeframe) and passes it to us so we can prepare for the meeting.

Information collected automatically

• Analytics and cookies. We use first-party and third-party analytics tools to understand how visitors use the site — pages viewed, referral source, approximate location (country/region, not precise GPS), device and browser type, and session duration. This is aggregated and used to improve the site, not to build an advertising profile of you.
• Log data. Our hosting provider automatically logs standard server information (IP address, timestamp, URL requested, HTTP response code, user-agent string) for security and reliability. Logs are retained on the order of weeks, not indefinitely.

Cookies

A cookie is a small text file stored by your browser. We use a minimal set:

• Strictly necessary cookies that the site needs to function (session management, load balancing). These don't require consent under most laws.
• Analytics cookies to measure site performance. You can decline these through your browser settings, through any cookie banner we display, or by using a browser that blocks trackers by default — the site will work either way.

We don't use advertising cookies, cross-site tracking pixels, or "like/share" buttons from social networks that would let them follow you around the web.

How we use your information

We use the data described above for the following purposes:

• To respond to your inquiries and deliver the services you've requested.
• To run the business relationship if we end up working together — invoices, scopes, deliverables.
• To send the newsletter you subscribed to, and nothing else.
• To understand how the site is used and make it better.
• To protect the site and its users from fraud, abuse, and technical problems.
• To comply with legal obligations when we have them.

We do not sell personal information. We do not use your data to train third-party AI models. We do not share your data with advertising networks.

Who we share your information with

We share data with a small number of service providers who help us run the business. Each of them is contractually bound to process your data only as needed to provide their service.

• Hosting: Vercel Inc. (website hosting, US-based).
• Database: Supabase (Postgres database, content storage).
• Scheduling: HubSpot (meeting scheduling, if you book a call).
• Email / Newsletter: the email service provider we use to send newsletters (such as Resend, Mailgun, or a similar transactional email provider).
• Analytics: the analytics provider we use to measure site usage (such as Google Analytics, Vercel Analytics, or a privacy-focused alternative).

We may also disclose information when required by law — for example, in response to a valid subpoena or court order — or when necessary to protect our rights, property, or safety, or those of our users.

If Automaton is ever acquired or merged, your information may transfer to the successor entity. We will notify you (by email and a notice on this page) before any such transfer changes how your data is used.

International data transfers

Our service providers are primarily located in the United States. If you are in the European Economic Area (EEA), the United Kingdom, or Switzerland, your personal information may be transferred to, and processed in, the United States. Where required, we rely on Standard Contractual Clauses or other lawful transfer mechanisms.

How long we keep your data

• Contact inquiries: we retain inquiry records for as long as the business relationship is active, plus up to seven years for tax, legal, and audit purposes. Inactive inquiries (no response, no relationship formed) are pruned periodically.
• Newsletter subscribers: as long as you remain subscribed, plus a suppression record after you unsubscribe so we don't re-contact you.
• Analytics data: retained in aggregated form for up to 26 months, depending on the analytics provider.
• Server logs: retained for a short window (typically 30–90 days) for security and operational purposes, then deleted.

Your rights under the GDPR (EU / UK / EEA)

If you are in the European Economic Area, the United Kingdom, or Switzerland, the General Data Protection Regulation (GDPR) gives you the following rights regarding your personal data:

• Right of access — ask us what personal data we hold about you.
• Right to rectification — correct inaccurate data.
• Right to erasure ("right to be forgotten") — ask us to delete your data, subject to our legal obligations.
• Right to restriction — pause our processing of your data.
• Right to data portability — receive your data in a machine-readable format or have us send it to another controller.
• Right to object — object to processing based on our legitimate interests.
• Rights regarding automated decision-making — we don't make automated decisions that have legal or similarly significant effects on you.
• Right to withdraw consent — where processing is based on your consent, you can withdraw it at any time.
• Right to lodge a complaint — with your local data protection supervisory authority.

To exercise any of these rights, email joseph@automatonagency.com. We will respond within 30 days. We may ask you to verify your identity before acting on a request.

Legal bases for processing (GDPR Art. 6): we process your data on the basis of (a) your consent (for the newsletter), (b) our legitimate interest in running the agency and responding to inquiries, (c) contractual necessity where we have a contract with you, and (d) compliance with legal obligations where applicable.

Your rights under the CCPA/CPRA (California)

If you are a California resident, the California Consumer Privacy Act (as amended by the California Privacy Rights Act) gives you the following rights:

• Right to know what categories of personal information we collect, the sources, the business purposes, and the third parties we share it with.
• Right to access the specific pieces of personal information we have about you.
• Right to delete personal information we have collected, subject to legal exceptions.
• Right to correct inaccurate personal information.
• Right to opt out of the "sale" or "sharing" of personal information. We do not sell or share personal information as those terms are defined by the CCPA/CPRA.
• Right to limit use of sensitive personal information. We do not collect sensitive personal information as defined by the CPRA.
• Right to non-discrimination — we will not charge you different prices or provide different service if you exercise any of these rights.

To exercise a CCPA/CPRA right, email joseph@automatonagency.com with the subject line "CCPA Request." We will verify your identity and respond within the statutory window (typically 45 days, extendable to 90 days for complex requests).

Children's privacy

The site is not directed to children under 13, and we don't knowingly collect personal information from children under 13. If you believe a child under 13 has provided us personal information, email us and we'll delete it.

Security

We take reasonable measures to protect the data we collect — including encryption in transit (HTTPS), access controls on our database, and the standard security posture of our hosting providers. No method of transmission over the internet is 100% secure, and no security system is perfect.

Changes to this policy

We may update this policy from time to time. When we do, we'll update the "Effective" date at the top of this page. For material changes (like a new category of data being collected, or a new purpose we use it for), we'll notify current subscribers by email and post a notice on this page for at least 30 days.

Governing law

This policy and any dispute arising under it are governed by the laws of the State of Texas, United States, without regard to its conflict-of-law provisions, except where applicable consumer protection laws in your jurisdiction require otherwise.

Contact us

Privacy questions, requests, or complaints: joseph@automatonagency.com.