Privacy Policy

1. Scope

This Policy applies to personal information we collect through the Site. It does not apply to information collected by third parties we do not control, or to information we receive in the course of providing services under a separate written agreement, which is governed by that agreement.

2. Information We Collect

We collect the following categories of personal information:

• Identifiers and contact data you submit directly through our contact form, quote requests, email inquiries, or scheduling tool — including name, email address, business or company name, telephone number (if provided), and any other information you choose to include in your message.
• Scheduling data processed by our embedded scheduling provider (Cal.com) when you book a meeting, including your name, email address, selected time, time zone, and any details you provide about the meeting purpose.
• Internet and device activity automatically logged by our hosting and infrastructure providers, including IP address, browser type and version, operating system, referring URL, pages requested, and request timestamps. This information is used for security, abuse prevention, and basic operations.
• Communications you send to us, including emails and any follow-up correspondence.

We do not knowingly collect Social Security numbers, government ID numbers, financial account credentials, precise geolocation, biometric data, or information about your race, ethnicity, religion, health, sexual orientation, or political views through the Site. Please do not submit such information to us.

You are not required to provide personal information to browse the Site, but you must provide certain information (such as your name and email) to submit a form, request a quote, or book a meeting. If you do not provide that information, we will be unable to respond.

3. Sources of Personal Information

We collect personal information from these sources:

• Directly from you, when you interact with the Site
• Automatically from your device and browser, through our hosting and infrastructure providers
• From our service providers acting on our behalf (for example, scheduling, hosting, and email providers)

4. How We Use Personal Information

We use personal information for the following purposes:

• To respond to inquiries, quote requests, and messages
• To schedule, prepare for, conduct, and follow up on consultations and meetings
• To negotiate, enter into, and perform services under engagement agreements
• To send transactional and project-related communications and, where permitted, occasional updates about our services
• To operate, maintain, secure, and improve the Site, including detecting and preventing fraud, abuse, and security incidents
• To comply with our legal obligations and enforce our terms and agreements

5. Legal Bases for Processing (EEA / UK)

If you are located in the European Economic Area, the United Kingdom, or Switzerland, we process your personal information under one or more of the following legal bases:

• Consent — where you have given us consent for a specific purpose (which you may withdraw at any time)
• Performance of a contract — to respond to pre-contract inquiries and to perform engagement agreements
• Legitimate interests — to operate and secure the Site, prevent abuse, and communicate with prospective clients, where those interests are not overridden by your rights
• Legal obligation — to comply with applicable laws, regulatory requests, and lawful process

6. How We Share Personal Information

We do not sell personal information, and we do not share personal information for cross-context behavioral advertising. We disclose personal information only as follows:

• Service providers that process information on our behalf under written contracts, including:
  • Netlify, Inc. — hosting and form submission processing
  • Cal.com, Inc. — meeting scheduling
  • Google LLC (Google Workspace) — business email and document collaboration
• Professional advisors such as lawyers, accountants, and auditors, where reasonably necessary
• Legal and safety disclosures when we believe in good faith that disclosure is required to comply with law, respond to lawful process, enforce our agreements, or protect the rights, property, or safety of Redrock, our clients, or others
• Business transfers in connection with a merger, acquisition, financing, reorganization, or sale of all or part of our business, subject to standard confidentiality protections

7. International Data Transfers

We and our service providers are based in the United States, and personal information you submit will be processed in the United States and may be processed in other countries where our service providers operate. These countries may have data protection laws that differ from those in your country. Where required, we rely on appropriate safeguards (such as the European Commission's Standard Contractual Clauses) for transfers of personal information from the EEA, UK, or Switzerland.

8. Cookies and Similar Technologies

The Site uses only strictly necessary cookies and similar technologies required for basic functionality, security, and load balancing. We do not currently use advertising, cross-site tracking, or third-party analytics cookies. Because we do not engage in tracking that triggers the requirement, the Site does not respond to browser “Do Not Track” signals. If we add non-essential cookies or analytics in the future, we will update this Policy and, where required by law, request your consent.

9. Data Retention

We retain personal information for as long as necessary to fulfill the purposes for which it was collected, including to respond to your inquiry, perform contracted services, comply with our legal, accounting, and tax obligations, and resolve disputes. As general guidance:

• Inquiry and form submissions that do not lead to an engagement: up to 24 months from last contact
• Client communications and project records: for the duration of the engagement and up to 7 years thereafter, consistent with applicable statutes of limitation and tax recordkeeping requirements
• Server and security logs: typically 30–90 days, longer if needed to investigate a security incident

When information is no longer needed, we delete, de-identify, or anonymize it.

10. Security

We maintain administrative, technical, and physical safeguards designed to protect personal information against unauthorized access, disclosure, alteration, and destruction, including encryption in transit (TLS), access controls, principle of least privilege, and use of reputable infrastructure providers. No method of transmission or storage is completely secure, however, and we cannot guarantee absolute security.

11. Your Privacy Rights

California residents (CCPA / CPRA)

If you are a California resident, you have the right to:

• Know the categories and specific pieces of personal information we have collected about you, the categories of sources, the business or commercial purposes for collection, and the categories of third parties with whom we share it
• Delete personal information we have collected from you, subject to certain exceptions
• Correct inaccurate personal information we maintain about you
• Opt out of the “sale” or “sharing” of personal information — we do not sell or share personal information as those terms are defined under California law
• Limit use of sensitive personal information — we do not collect or use sensitive personal information for purposes that would trigger this right
• Non-discrimination — we will not deny services, charge different prices, or provide a different level of quality because you exercised your rights

You may exercise these rights by emailing info@redrockwebdev.com. We will verify your request using the contact information you have previously provided to us and respond within the timeframes required by law (generally 45 days, extendable by an additional 45 days where reasonably necessary). You may designate an authorized agent to make a request on your behalf, subject to verification.

EEA, UK, and Swiss residents (GDPR / UK GDPR)

If you are located in the EEA, UK, or Switzerland, you have the right to access, rectify, erase, restrict, or object to the processing of your personal information, and the right to data portability. Where processing is based on consent, you have the right to withdraw consent at any time without affecting the lawfulness of processing before withdrawal. You also have the right to lodge a complaint with your local supervisory authority.

Other U.S. state residents

Residents of states with comprehensive privacy laws (including Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, and others) may have similar rights to access, delete, correct, and opt out of certain processing. Contact us at the email above to exercise any rights available to you under applicable law.

12. Automated Decision-Making

We do not engage in automated decision-making that produces legal or similarly significant effects concerning you.

13. Children's Privacy

The Site is intended for a general business audience and is not directed to children under 16. We do not knowingly collect personal information from children. If you believe a child has provided personal information to us, please contact us and we will take appropriate steps to delete it.

14. Third-Party Links

The Site may link to or embed content from third-party services we do not control. This Policy does not apply to those services. We encourage you to review the privacy policies of any third-party services you use.

15. Changes to This Policy

We may update this Policy from time to time. When we make material changes, we will update the “Effective” and “Last updated” dates above and, where appropriate, provide additional notice (such as a notice on the Site or by email). Your continued use of the Site after the effective date of any update constitutes your acknowledgment of the changes.

16. Contact Us

To exercise a privacy right, ask a question about this Policy, or make a complaint, contact us at:

Redrock Tech Solutions LLC
Las Vegas, Nevada, USA
info@redrockwebdev.com