Last updated: March 25, 2025
ColdSmoke AI ("we", "us", or "our") operates the ColdSmoke AI website and services (the "Services"). This Privacy Policy describes how we collect, use, share, retain and delete information when you use our Services, and the rights and choices you have.
By accessing or using our Services you agree to the practices described below. If you do not agree, please do not use our Services.
Information you provide directly, such as:
Automatically collected technical data including IP address, browser type, device identifiers, referring URLs, pages viewed, date/time stamps, error logs and similar diagnostics.
We use session, preference and security cookies to operate and improve our Services. You can disable cookies via your browser settings, but parts of our Services may not function properly as a result.
We process data to:
Legal bases under GDPR/UK-GDPR: performance of contract, legitimate interests, consent (where obtained), and compliance with law.
| Data Type | Retention Period |
|---|---|
| Contact form submissions & lead data | For as long as you are an active client and up to 7 years thereafter to meet bookkeeping & compliance duties |
| Personal & billing data | For as long as you maintain a relationship with us and up to 7 years thereafter |
| Cookies & logs | Up to 26 months unless a shorter period is sufficient |
You may request deletion of your personal data at any time by emailing us at travis@coldsmokeai.net with the subject line "Delete My Data". We will honour verified requests within 72 hours.
You may also exercise rights of access, rectification, objection, restriction, portability and complaint under GDPR/CCPA by contacting us at the address below.
We never sell or rent your personal data to third parties. We share data only with:
The following third-party service providers may process data on our behalf:
| Category | Legal Entity Name | Typical Data Touched |
|---|---|---|
| Hosting / Infrastructure | Amazon Web Services, Inc. | Servers, file storage, database backups |
| Transactional Email | Hostinger International Ltd. | Form confirmation emails, system notifications |
| CRM / Automation | HighLevel Inc. | Client contact records, appointment scheduling, follow-up sequences |
| Voice AI | Vapi AI / Twilio Inc. | Call recordings, call metadata (for clients who use Voice AI services) |
| Workflow Automation | Make.com (Celonis SE) / Zapier Inc. | Workflow trigger data as configured per client |
We operate primarily in the United States. Where we transfer data from the EEA/UK we rely on Standard Contractual Clauses or an adequacy decision as the lawful transfer mechanism.
We employ encryption in transit and at rest, role-based access controls, multi-factor authentication for internal accounts, and regular security reviews. No method of transmission over the internet is 100% secure, and we cannot guarantee absolute security. We will notify affected users promptly in the event of a data breach as required by applicable law.
Our Services are not directed to, and we do not knowingly collect information from, anyone under the age of 18. If you believe a minor has submitted personal data to us, please contact us immediately and we will delete it.
We may update this Privacy Policy from time to time. Material changes will be announced at least 30 days in advance via email or on-site notice. The "Last updated" date at the top of this page reflects the current version. Continued use of our Services after the effective date constitutes acceptance of the updated policy.
For any privacy-related questions, requests, or complaints, please contact us:
ColdSmoke AI
