1. Introduction and Scope
This Policy applies to personal data processed by Red Leaf Software in connection with our public website, business inquiries, client relationships, software development engagements, and support activities.
For personal data that a client provides to us for a custom software project, support request, migration, or other contracted service, Red Leaf Software may act as a service provider or processor on the client's behalf. In those cases, the client's privacy policy and instructions may govern how that data is handled.
Contact Details
- Company
- Red Leaf Software LLC
- Mailing address
- P.O. Box 201, Colchester, VT 05446, United States
- Phone
- (802) 735-0730
- Website contact
- Use the "Get in touch" / "Say Hello" form on www.redleafsoft.com.
- Privacy contact
- Use the contact details above and include "Privacy Request" in your message.
2. Information We Collect
We collect personal data only as reasonably necessary for the purposes described in this Policy.
2.1 Personal Data You Provide
- Identifiers and contact information: name, email address, phone number, company name, mailing address, and similar contact details that you provide.
- Business and professional information: job title, organization, project requirements, procurement information, and other information you share in a business capacity.
- Communications: information you provide in website forms, email, phone calls, support inquiries, feedback, surveys, or other direct communications.
- Client and project information: files, data, documentation, credentials, system information, or other materials provided for software development, migration, troubleshooting, support, or consulting.
- Billing and contract information: invoices, purchase orders, tax and accounting records, payment status, and related business records. Payment card information, if ever collected, is handled by third-party payment processors; we do not intentionally store full payment card numbers through the public website.
- Career or applicant information: information you submit in connection with employment or contractor opportunities, such as resume details, work history, references, portfolio links, and communications with us.
2.2 Usage Data Collected Automatically
- Device and log information: IP address, browser type and version, operating system, device identifiers, pages viewed, referral source, timestamps, error logs, and similar diagnostic data.
- Usage patterns: interactions with our website, such as pages visited, links clicked, time spent on pages, navigation paths, and form interaction data.
- Approximate location: general location inferred from your IP address, such as city, region, or country.
- Cookies and similar technologies: information collected through cookies, local storage, session storage, pixels, web beacons, and similar tools as described below.
2.3 Sensitive Personal Information
Our public website is not intended to collect sensitive personal information such as health data, racial or ethnic origin, political opinions, religious or philosophical beliefs, genetic data, biometric data, sexual orientation, precise geolocation, or government-issued identifiers. Please do not submit sensitive information through the website contact form unless we specifically request it for a defined purpose.
If a client engagement requires us to process sensitive personal data contained in client systems or project materials, we will process it under the applicable contract, documented instructions, lawful basis, and appropriate safeguards.
2.4 Tracking Technologies
We and our service providers may use cookies and similar technologies to enable website functionality, remember preferences, maintain security, measure website performance, and understand how visitors use the website. These technologies may include:
- Cookies: small text files stored on your device.
- Local and session storage: browser storage used to improve functionality and remember settings.
- Log files and analytics tools: tools that help us understand performance, usage trends, and technical issues.
- Web beacons or pixels: small images or scripts used to measure whether content has been accessed.
You can adjust your browser settings to limit or block cookies. Some website features may not function properly without certain cookies.
3. How We Use Your Information
We use personal data for the following purposes and, where required, rely on the legal bases listed below:
- To respond to inquiries and provide services: to communicate with you, evaluate project needs, prepare proposals, deliver software development or consulting services, and provide support. Legal basis: performance of a contract, steps prior to entering a contract, and legitimate interests.
- To manage client relationships: to administer contracts, projects, invoices, payments, scheduling, documentation, and account communications. Legal basis: performance of a contract, legitimate interests, and legal obligation.
- To improve and personalize our website and services: to understand usage, improve functionality, troubleshoot issues, develop new features, and measure performance. Legal basis: legitimate interests and, where required, consent for non-essential cookies.
- To send business communications: to provide service updates, respond to requests, and, where permitted, send information about our services. You may opt out of marketing communications at any time. Legal basis: consent or legitimate interests, depending on applicable law and context.
- For security and fraud prevention: to protect our website, systems, clients, employees, and business operations. Legal basis: legitimate interests and legal obligation.
- To comply with legal obligations: to satisfy tax, accounting, recordkeeping, regulatory, dispute-resolution, and law-enforcement requirements. Legal basis: legal obligation and legitimate interests.
5. International Data Transfers
Red Leaf Software is based in the United States. Your information may be transferred to, stored in, or processed in the United States or other countries where we or our service providers operate. These countries may have data protection laws that differ from the laws in your jurisdiction.
Where required for transfers from the European Economic Area, United Kingdom, Switzerland, or other jurisdictions with transfer restrictions, we use appropriate safeguards such as Standard Contractual Clauses, data transfer agreements, vendor due diligence, transfer impact assessments where required, and supplementary security measures.
6. Data Security and Retention
6.1 Security Measures
We use technical and organizational measures designed to protect personal data from unauthorized access, alteration, disclosure, or destruction. These measures may include:
- HTTPS / TLS encryption for data transmitted through our website;
- access controls and role-based access restrictions;
- secure development, deployment, and support practices;
- data minimization and retention limits;
- security monitoring, backups, and incident response procedures; and
- confidentiality obligations and data protection awareness for personnel.
No method of transmission over the internet or electronic storage is completely secure, so we cannot guarantee absolute security.
6.2 Retention
We retain personal data only for as long as reasonably necessary for the purposes described in this Policy, unless a longer retention period is required or permitted by law. Retention periods may vary based on the type of data, the nature of the relationship, contractual requirements, legal obligations, dispute-resolution needs, and security requirements. When personal data is no longer needed, we will delete, anonymize, or securely retain it in accordance with applicable law and our retention practices.
7. Your Data Protection Rights
Depending on your location and applicable law, you may have rights regarding your personal data. These rights may include:
- Right to be informed: to know what personal data we collect and how we use it.
- Right of access: to request a copy of personal data we hold about you.
- Right to correction: to ask us to correct inaccurate or incomplete data.
- Right to deletion: to ask us to delete personal data under certain circumstances.
- Right to restrict processing: to ask us to limit processing in certain situations.
- Right to data portability: to receive certain personal data in a structured, commonly used, machine-readable format.
- Right to object: to object to processing based on legitimate interests or direct marketing.
- Right to withdraw consent: where we process data based on consent, to withdraw that consent at any time.
- Rights related to automated decision-making: where applicable, to avoid certain decisions based solely on automated processing that produce legal or similarly significant effects.
7.1 Region-Specific Rights
California residents. You may have the right to know, access, delete, correct, opt out of sale or sharing, limit certain uses of sensitive personal information, and be free from discrimination for exercising privacy rights. We do not knowingly sell personal information. The categories of personal information we may collect are described in Section 2, the purposes are described in Section 3, and the categories of recipients are described in Section 4.
EU, EEA, UK, and Swiss residents. You may have rights under GDPR or similar laws, including rights of access, correction, deletion, restriction, objection, portability, and complaint to a supervisory authority.
Brazilian residents. You may have rights under the LGPD, including confirmation of processing, access, correction, anonymization, blocking or deletion, portability, information about sharing, information about consent, and revocation of consent.
Canadian residents. You may have rights to access personal information, challenge accuracy and completeness, request correction, and challenge our compliance.
Japanese residents. You may have rights to disclosure, correction, suspension of use, deletion, and other rights under APPI.
Australian residents. You may have rights to access and correct personal information and to complain about handling of personal information.
7.2 How to Exercise Your Rights
To exercise your rights, contact us using the details in Section 1 and include "Privacy Request" in your message. We may need to verify your identity before fulfilling your request. We will respond within the time required by applicable law, such as 30 days under GDPR or 45 days under CCPA, unless an extension is permitted.
8. Children's Privacy
Our website and services are not directed to children under 13, and they are not intended for children under 16 in the EU, EEA, or UK. We do not knowingly collect personal data from children without appropriate parental or guardian consent. If you believe a child has provided us personal data, please contact us and we will take appropriate steps to delete it.
9. Links to Other Websites
Our website may contain links to third-party websites or services that we do not operate. We are not responsible for the content, privacy policies, or practices of those third parties. Please review the privacy policy of every website you visit.
10. Changes to This Privacy Policy
We may update this Policy from time to time. When we do, we will post the updated Policy on this page and update the "Last Updated" date. Changes are effective when posted unless a different effective date is stated.
11. Complaints and Supervisory Authorities
If you have concerns about our privacy practices, please contact us first using the details in Section 1. You may also have the right to contact a supervisory authority in your jurisdiction, including:
- EU/EEA: your local data protection authority, listed by the European Data Protection Board.
- United Kingdom: Information Commissioner's Office.
- Canada: Office of the Privacy Commissioner of Canada.
- Brazil: Autoridade Nacional de Proteção de Dados.
- Australia: Office of the Australian Information Commissioner.
- California: California Attorney General or California Privacy Protection Agency.