Privacy Policy

Red Leaf Software LLC Online Privacy Policy

How Red Leaf Software LLC collects, uses, discloses, and protects personal data through redleafsoft.com and related services.

Last Updated July 2, 2026
Effective Date July 2, 2026
Organization Red Leaf Software LLC

At Red Leaf Software LLC ("Red Leaf Software," "we," "us," or "our"), we are committed to protecting privacy and personal data. This Privacy Policy explains how we collect, use, disclose, and protect personal data when you visit our website, contact us, or use our software development, consulting, support, and related services.

This Policy is intended to address applicable privacy laws, including, where applicable, the General Data Protection Regulation and UK GDPR, the California Consumer Privacy Act as amended by the California Privacy Rights Act, Brazil's Lei Geral de Proteção de Dados, Canada's Personal Information Protection and Electronic Documents Act, Japan's Act on the Protection of Personal Information, and the Australian Privacy Principles.

By using our website or providing personal data to us, you acknowledge the practices described in this Policy.

1. Introduction and Scope

This Policy applies to personal data processed by Red Leaf Software in connection with our public website, business inquiries, client relationships, software development engagements, and support activities.

For personal data that a client provides to us for a custom software project, support request, migration, or other contracted service, Red Leaf Software may act as a service provider or processor on the client's behalf. In those cases, the client's privacy policy and instructions may govern how that data is handled.

Contact Details

Company
Red Leaf Software LLC
Mailing address
P.O. Box 201, Colchester, VT 05446, United States
Phone
(802) 735-0730
Website contact
Use the "Get in touch" / "Say Hello" form on www.redleafsoft.com.
Privacy contact
Use the contact details above and include "Privacy Request" in your message.

2. Information We Collect

We collect personal data only as reasonably necessary for the purposes described in this Policy.

2.1 Personal Data You Provide

  • Identifiers and contact information: name, email address, phone number, company name, mailing address, and similar contact details that you provide.
  • Business and professional information: job title, organization, project requirements, procurement information, and other information you share in a business capacity.
  • Communications: information you provide in website forms, email, phone calls, support inquiries, feedback, surveys, or other direct communications.
  • Client and project information: files, data, documentation, credentials, system information, or other materials provided for software development, migration, troubleshooting, support, or consulting.
  • Billing and contract information: invoices, purchase orders, tax and accounting records, payment status, and related business records. Payment card information, if ever collected, is handled by third-party payment processors; we do not intentionally store full payment card numbers through the public website.
  • Career or applicant information: information you submit in connection with employment or contractor opportunities, such as resume details, work history, references, portfolio links, and communications with us.

2.2 Usage Data Collected Automatically

  • Device and log information: IP address, browser type and version, operating system, device identifiers, pages viewed, referral source, timestamps, error logs, and similar diagnostic data.
  • Usage patterns: interactions with our website, such as pages visited, links clicked, time spent on pages, navigation paths, and form interaction data.
  • Approximate location: general location inferred from your IP address, such as city, region, or country.
  • Cookies and similar technologies: information collected through cookies, local storage, session storage, pixels, web beacons, and similar tools as described below.

2.3 Sensitive Personal Information

Our public website is not intended to collect sensitive personal information such as health data, racial or ethnic origin, political opinions, religious or philosophical beliefs, genetic data, biometric data, sexual orientation, precise geolocation, or government-issued identifiers. Please do not submit sensitive information through the website contact form unless we specifically request it for a defined purpose.

If a client engagement requires us to process sensitive personal data contained in client systems or project materials, we will process it under the applicable contract, documented instructions, lawful basis, and appropriate safeguards.

2.4 Tracking Technologies

We and our service providers may use cookies and similar technologies to enable website functionality, remember preferences, maintain security, measure website performance, and understand how visitors use the website. These technologies may include:

  • Cookies: small text files stored on your device.
  • Local and session storage: browser storage used to improve functionality and remember settings.
  • Log files and analytics tools: tools that help us understand performance, usage trends, and technical issues.
  • Web beacons or pixels: small images or scripts used to measure whether content has been accessed.

You can adjust your browser settings to limit or block cookies. Some website features may not function properly without certain cookies.

3. How We Use Your Information

We use personal data for the following purposes and, where required, rely on the legal bases listed below:

  • To respond to inquiries and provide services: to communicate with you, evaluate project needs, prepare proposals, deliver software development or consulting services, and provide support. Legal basis: performance of a contract, steps prior to entering a contract, and legitimate interests.
  • To manage client relationships: to administer contracts, projects, invoices, payments, scheduling, documentation, and account communications. Legal basis: performance of a contract, legitimate interests, and legal obligation.
  • To improve and personalize our website and services: to understand usage, improve functionality, troubleshoot issues, develop new features, and measure performance. Legal basis: legitimate interests and, where required, consent for non-essential cookies.
  • To send business communications: to provide service updates, respond to requests, and, where permitted, send information about our services. You may opt out of marketing communications at any time. Legal basis: consent or legitimate interests, depending on applicable law and context.
  • For security and fraud prevention: to protect our website, systems, clients, employees, and business operations. Legal basis: legitimate interests and legal obligation.
  • To comply with legal obligations: to satisfy tax, accounting, recordkeeping, regulatory, dispute-resolution, and law-enforcement requirements. Legal basis: legal obligation and legitimate interests.

4. How We Share Your Information

We do not sell or rent personal data. We may share personal data in the following circumstances:

  • Service providers: with vendors that provide hosting, cloud infrastructure, website operations, analytics, security, communications, scheduling, customer relationship management, billing, payment processing, professional services, and similar support services.
  • Clients and project collaborators: where necessary to provide software development, support, consulting, migration, or related services under contract.
  • Professional advisers: with accountants, attorneys, insurers, auditors, and other advisers when reasonably necessary.
  • Business transfers: in connection with a merger, acquisition, financing, reorganization, sale of assets, or similar business transaction.
  • Legal requirements and protection: when we believe disclosure is necessary to comply with law, respond to lawful requests, enforce agreements, protect rights or safety, investigate wrongdoing, or protect against legal liability.
  • With your consent: for any other purpose that we disclose to you and for which you consent.
  • Aggregated or de-identified data: information that cannot reasonably be used to identify you.

Where California privacy law applies, we do not knowingly sell personal information. We also do not knowingly share personal information for cross-context behavioral advertising unless we provide legally required notice and an opt-out method.

5. International Data Transfers

Red Leaf Software is based in the United States. Your information may be transferred to, stored in, or processed in the United States or other countries where we or our service providers operate. These countries may have data protection laws that differ from the laws in your jurisdiction.

Where required for transfers from the European Economic Area, United Kingdom, Switzerland, or other jurisdictions with transfer restrictions, we use appropriate safeguards such as Standard Contractual Clauses, data transfer agreements, vendor due diligence, transfer impact assessments where required, and supplementary security measures.

6. Data Security and Retention

6.1 Security Measures

We use technical and organizational measures designed to protect personal data from unauthorized access, alteration, disclosure, or destruction. These measures may include:

  • HTTPS / TLS encryption for data transmitted through our website;
  • access controls and role-based access restrictions;
  • secure development, deployment, and support practices;
  • data minimization and retention limits;
  • security monitoring, backups, and incident response procedures; and
  • confidentiality obligations and data protection awareness for personnel.

No method of transmission over the internet or electronic storage is completely secure, so we cannot guarantee absolute security.

6.2 Retention

We retain personal data only for as long as reasonably necessary for the purposes described in this Policy, unless a longer retention period is required or permitted by law. Retention periods may vary based on the type of data, the nature of the relationship, contractual requirements, legal obligations, dispute-resolution needs, and security requirements. When personal data is no longer needed, we will delete, anonymize, or securely retain it in accordance with applicable law and our retention practices.

7. Your Data Protection Rights

Depending on your location and applicable law, you may have rights regarding your personal data. These rights may include:

  • Right to be informed: to know what personal data we collect and how we use it.
  • Right of access: to request a copy of personal data we hold about you.
  • Right to correction: to ask us to correct inaccurate or incomplete data.
  • Right to deletion: to ask us to delete personal data under certain circumstances.
  • Right to restrict processing: to ask us to limit processing in certain situations.
  • Right to data portability: to receive certain personal data in a structured, commonly used, machine-readable format.
  • Right to object: to object to processing based on legitimate interests or direct marketing.
  • Right to withdraw consent: where we process data based on consent, to withdraw that consent at any time.
  • Rights related to automated decision-making: where applicable, to avoid certain decisions based solely on automated processing that produce legal or similarly significant effects.

7.1 Region-Specific Rights

California residents. You may have the right to know, access, delete, correct, opt out of sale or sharing, limit certain uses of sensitive personal information, and be free from discrimination for exercising privacy rights. We do not knowingly sell personal information. The categories of personal information we may collect are described in Section 2, the purposes are described in Section 3, and the categories of recipients are described in Section 4.

EU, EEA, UK, and Swiss residents. You may have rights under GDPR or similar laws, including rights of access, correction, deletion, restriction, objection, portability, and complaint to a supervisory authority.

Brazilian residents. You may have rights under the LGPD, including confirmation of processing, access, correction, anonymization, blocking or deletion, portability, information about sharing, information about consent, and revocation of consent.

Canadian residents. You may have rights to access personal information, challenge accuracy and completeness, request correction, and challenge our compliance.

Japanese residents. You may have rights to disclosure, correction, suspension of use, deletion, and other rights under APPI.

Australian residents. You may have rights to access and correct personal information and to complain about handling of personal information.

7.2 How to Exercise Your Rights

To exercise your rights, contact us using the details in Section 1 and include "Privacy Request" in your message. We may need to verify your identity before fulfilling your request. We will respond within the time required by applicable law, such as 30 days under GDPR or 45 days under CCPA, unless an extension is permitted.

8. Children's Privacy

Our website and services are not directed to children under 13, and they are not intended for children under 16 in the EU, EEA, or UK. We do not knowingly collect personal data from children without appropriate parental or guardian consent. If you believe a child has provided us personal data, please contact us and we will take appropriate steps to delete it.

10. Changes to This Privacy Policy

We may update this Policy from time to time. When we do, we will post the updated Policy on this page and update the "Last Updated" date. Changes are effective when posted unless a different effective date is stated.

11. Complaints and Supervisory Authorities

If you have concerns about our privacy practices, please contact us first using the details in Section 1. You may also have the right to contact a supervisory authority in your jurisdiction, including: