1. Introduction
SmartBuzz AI (“we,” “our,” or “us”) is committed to protecting the privacy and security of the personal information entrusted to us by visitors, clients, and users of our website at smartbuzzai.com (the “Site”). This Privacy Policy explains what data we collect, why we collect it, how we use and share it, and the rights you have regarding your personal information.
By accessing or using our Site, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree, please discontinue use of the Site immediately.
2. Categories of Data Collected
2.1 Information You Provide Directly
- Full name, email address, phone number, and mailing address submitted through contact forms, consultation requests, or account registration.
- Payment and billing information (credit or debit card numbers, billing address) processed through our secure third-party payment processors.
- Contents of communications you send to us, including emails, chat messages, and attachments.
- Professional or employment-related information you voluntarily provide (e.g., company name, job title).
2.2 Information Collected Automatically
- Device and browser information: IP address, browser type and version, operating system, device identifiers, screen resolution, and language preferences.
- Usage data: pages visited, time spent on pages, clickstream data, referring and exit URLs, and search queries entered on the Site.
- Location data: approximate geolocation derived from your IP address.
- Cookies, web beacons, pixels, and similar tracking technologies (see Section 5).
2.3 Information from Third Parties
- Data from analytics providers (e.g., Google Analytics), advertising networks, and social media platforms when you interact with our content on those services.
- Publicly available information from government records, professional directories, or public databases relevant to our services.
3. Legal Basis for Processing
We process your personal data only when we have a lawful basis to do so. The applicable bases include:
| Legal Basis | Description |
|---|---|
| Contractual Necessity | Processing required to perform a contract with you or to take pre-contractual steps at your request (e.g., providing requested services, responding to inquiries). |
| Consent | Where you have given clear, affirmative consent for a specific processing purpose (e.g., subscribing to our newsletter). You may withdraw consent at any time. |
| Legitimate Interests | Processing necessary for our legitimate business interests (e.g., improving our services, fraud prevention, direct marketing), provided these interests are not overridden by your fundamental rights. |
| Legal Obligation | Processing necessary to comply with applicable laws, regulations, court orders, or other legal requirements. |
| Vital Interests | Processing necessary to protect the vital interests of you or another natural person. |
4. Purpose of Processing
We use the personal information we collect for the following purposes:
- To provide, maintain, and improve our services and the functionality of the Site.
- To process transactions, send related information (confirmations, invoices), and provide customer support.
- To communicate with you, including responding to inquiries and sending service-related notices.
- To send marketing and promotional communications where you have opted in or where permitted by law.
- To detect, investigate, and prevent fraudulent transactions, unauthorized access, and other illegal activities.
- To comply with legal obligations and enforce our Terms of Service.
- To conduct research, analytics, and statistical analysis to improve our offerings.
5. Cookie Usage & Tracking Technologies
5.1 What Are Cookies
Cookies are small text files placed on your device when you visit our Site. They help us recognize your browser, remember preferences, and understand how you interact with our content.
5.2 Types of Cookies We Use
| Cookie Type | Purpose | Duration |
|---|---|---|
| Strictly Necessary | Essential for the Site to function (e.g., session management, authentication, security). Cannot be disabled. | Session / up to 1 year |
| Performance & Analytics | Collect anonymized data on how visitors use the Site (e.g., Google Analytics). Help us improve user experience. | Up to 2 years |
| Functional | Remember your preferences (e.g., language, region) to personalize your experience. | Up to 1 year |
| Advertising / Targeting | Track browsing activity to deliver relevant advertisements and measure campaign effectiveness. | Up to 2 years |
5.3 Managing Cookies
You may control or disable cookies through your browser settings. Please note that disabling certain cookies may impair Site functionality. Where required by law, we will obtain your consent before placing non-essential cookies on your device. You may also manage your preferences through our cookie consent banner when it is displayed.
6. Third-Party Sharing & Disclosure
We do not sell your personal information. We may share your data with third parties only in the following circumstances:
- Service Providers: Vendors who perform services on our behalf (e.g., hosting, payment processing, email delivery, analytics) under contractual obligations that require them to protect your data.
- Legal Compliance: When required by law, regulation, subpoena, court order, or governmental request; or to protect our rights, property, or the safety of our users or the public.
- Business Transfers: In connection with a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of our assets, your data may be transferred to the acquiring entity.
- With Your Consent: We may share your information with third parties when you provide explicit, informed consent.
- Professional Advisors: Attorneys, accountants, auditors, and insurers who need the information to provide professional services to us.
7. User Rights
Depending on your jurisdiction, you may have some or all of the following rights regarding your personal data:
- Right of Access: Request a copy of the personal data we hold about you, including the categories of data, purposes of processing, and recipients or categories of recipients.
- Right to Rectification: Request correction of inaccurate or incomplete personal data.
- Right to Erasure (Right to Be Forgotten): Request deletion of your personal data, subject to certain legal exceptions (e.g., compliance with a legal obligation or defense of legal claims).
- Right to Restriction of Processing: Request that we limit the processing of your data under certain conditions.
- Right to Data Portability: Receive your personal data in a structured, commonly used, machine-readable format and transmit it to another controller.
- Right to Object: Object to processing based on legitimate interests or for direct marketing purposes.
- Right to Withdraw Consent: Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.
- Right to Non-Discrimination: Under the CCPA, you will not receive discriminatory treatment for exercising your privacy rights.
To exercise any of these rights, please contact us at sebastian@smartbuzzai.com. We will respond to verifiable requests within the time frame required by applicable law (generally 30 days under GDPR or 45 days under CCPA).
8. Data Retention Periods
We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, to comply with legal obligations, to resolve disputes, and to enforce our agreements. Specific retention periods are as follows:
| Data Category | Retention Period |
|---|---|
| Client / account data | Duration of engagement plus 7 years after termination |
| Transaction records | 7 years (tax and regulatory compliance) |
| Communications (email, chat) | 3 years from date of last communication |
| Server logs / analytics | 13 months |
| Cookie data | Per cookie type (see Section 5) |
| Marketing preferences | Until consent is withdrawn or account is deleted |
Upon expiration of the applicable retention period, personal data will be securely deleted or irreversibly anonymized.
9. Security Measures
We implement a combination of administrative, technical, and physical safeguards to protect your data, including:
- Encryption of data in transit using TLS 1.2 or higher, and encryption of data at rest using AES-256 or equivalent standards.
- Access controls enforcing the principle of least privilege, with multi-factor authentication required for administrative systems.
- Regular vulnerability assessments, penetration testing, and security audits conducted by qualified personnel.
- Employee training on data protection, privacy awareness, and incident response procedures.
- Physical security measures for facilities that house servers or store physical records containing personal data.
- Intrusion detection and prevention systems, firewalls, and continuous monitoring of network traffic.
While we take reasonable precautions, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security, but we are committed to promptly addressing any vulnerabilities or incidents.
10. Breach Notification Procedures
In the event of a personal data breach that is likely to result in a risk to the rights and freedoms of affected individuals, we will:
- Regulatory Notification: Notify the relevant supervisory authority (e.g., an EU Data Protection Authority) within 72 hours of becoming aware of the breach, as required by Article 33 of the GDPR, or within the time frames required by applicable U.S. state breach notification laws (including the Louisiana Database Security Breach Notification Law, La. R.S. 51:3071 et seq.).
- Individual Notification: Where the breach is likely to result in a high risk to affected individuals, notify those individuals without undue delay, providing: (a) a description of the nature of the breach; (b) the categories and approximate number of records affected; (c) the likely consequences of the breach; (d) the measures taken or proposed to address the breach; and (e) contact information for further inquiries.
- Documentation: Maintain an internal record of all data breaches, including the facts, effects, and remedial actions taken, regardless of whether notification to authorities or individuals is required.
11. International Data Transfers
11.1 General
SmartBuzz AI is headquartered in Gonzales, Louisiana, United States. Your personal data may be transferred to, stored in, or processed in the United States or other jurisdictions where our service providers operate. These jurisdictions may have data protection laws that differ from those in your country of residence.
11.2 GDPR — European Economic Area (EEA) Transfers
Where we transfer personal data from the EEA, the United Kingdom, or Switzerland to a country that has not been recognized as providing an adequate level of data protection by the European Commission, we will implement appropriate safeguards, including:
- Standard Contractual Clauses (SCCs) approved by the European Commission.
- Binding Corporate Rules, where applicable.
- Any other lawful transfer mechanism recognized under Articles 46–49 of the GDPR.
You may request a copy of the relevant safeguards by contacting us at the address below.
11.3 CCPA — California Residents
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) / California Privacy Rights Act (CPRA), including:
- The right to know what personal information is collected, used, shared, or sold.
- The right to delete personal information held by us and our service providers.
- The right to opt out of the sale or sharing of personal information. We do not sell personal information.
- The right to non-discrimination for exercising CCPA rights.
- The right to correct inaccurate personal information.
- The right to limit the use and disclosure of sensitive personal information.
To exercise these rights or to designate an authorized agent to make a request on your behalf, contact us at sebastian@smartbuzzai.com.
11.4 Other Jurisdictions
We are committed to complying with applicable data protection laws in every jurisdiction in which we operate. If a specific data protection framework applies to you that is not addressed above, please contact us so we can address your specific needs.
12. Children’s Privacy
Our Site is not directed to individuals under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that we have inadvertently collected personal data from a child under 16, we will take steps to delete that information as soon as practicable. If you believe a child has provided us with personal data, please contact us immediately.
13. Do Not Track Signals
Some web browsers transmit “Do Not Track” (DNT) signals. Because there is no uniform standard for interpreting DNT signals, our Site does not currently respond to DNT browser signals. We will update this Policy if a uniform standard is adopted.
14. Links to Third-Party Websites
Our Site may contain links to third-party websites or services. We are not responsible for the privacy practices or content of those websites. We encourage you to review the privacy policies of any third-party sites you visit.
15. Severability
If any provision of this Privacy Policy is found to be invalid, illegal, or unenforceable by a court of competent jurisdiction, the remaining provisions shall continue in full force and effect. The invalid, illegal, or unenforceable provision shall be modified to the minimum extent necessary to make it valid, legal, and enforceable while preserving the original intent of the parties.
16. Governing Law & Jurisdiction
This Privacy Policy shall be governed by and construed in accordance with the laws of the State of Louisiana, United States, without regard to its conflict-of-law principles. Any disputes arising under or in connection with this Privacy Policy shall be subject to the exclusive jurisdiction of the state and federal courts located in Ascension Parish, Louisiana, except where mandatory consumer protection laws require otherwise.
Nothing in this section shall limit the rights of individuals under applicable data protection laws, including but not limited to the GDPR, CCPA/CPRA, or other jurisdiction-specific privacy regulations.
17. Changes to This Privacy Policy
We reserve the right to update or modify this Privacy Policy at any time. When we make material changes, we will (a) update the “Last Revised” date at the top of this Policy, (b) post the revised Policy on the Site, and (c) where required by law, provide notice through email or a prominent notice on the Site. Your continued use of the Site after changes are posted constitutes your acceptance of the revised Policy.
17.1 Revision History
| Version | Date | Description of Changes |
|---|---|---|
| 1.0 | April 1, 2026 | Initial publication of this Privacy Policy. |
18. Contact Information
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
711 E Ascension St S66
Gonzales, LA 70737
Email: sebastian@smartbuzzai.com
Website: smartbuzzai.com