This Privacy Policy describes how The Golden Circle Consulting ("we," "us," "our") collects, uses, shares, and protects your personal information when you visit our websites, contact us, or use our Services. By using our Services, you agree to this Policy.
1. Information we collect
1.1 Information you give us
- Contact information when you submit a quote request: name, business name, email address, phone number, city & state, marketing budget, and free-text comments.
- Account & billing information if you become a client: business address, payment method, signing authority.
- Communications: emails, SMS, WhatsApp messages, and call notes you send us.
1.2 Information collected automatically
- Usage data: pages visited, time on site, referring URL, device type, browser, and approximate location (city level) — collected via standard server logs and analytics.
- Cookies and similar technologies — see "Cookies" below.
1.3 Information from third parties
When you become a client, we may receive information from platforms you authorize us to manage on your behalf — for example: Meta Ads Manager performance data, Google Ads spend, Google Search Console rankings, your CRM (Square, Vagaro, Acuity, BeautyHubPro) booking data, and email/SMS engagement metrics.
2. How we use information
- To respond to quote requests and contact you about our Services
- To deliver, support, and improve the Services you've contracted for
- To bill you and process payments
- To send important Service updates (we limit promotional email; you can unsubscribe any time)
- To produce aggregated analytics that help us improve marketing strategies (always de-identified)
- To comply with legal obligations and enforce our Terms
3. How we share information
We do not sell your personal information. We share it only in these limited cases:
- Service providers who help us deliver the Services — for example: Firebase (hosting + functions), Resend (transactional email), Stripe (payments), Twilio (SMS), Meta & Google (when you've authorized us to manage your ad accounts). Each is bound by contract to keep your data secure.
- Legal compliance: when required by law, court order, or to protect our legal rights.
- Business transfers: in connection with a merger, acquisition, or sale of assets — successor entity must honor this Policy.
- With your consent: any other purpose you specifically agree to.
4. Cookies
We use first-party cookies and similar technologies for: keeping you signed in (where applicable), remembering theme preference (light/dark), and aggregate analytics. We do not use cross-site advertising cookies on our own websites. You can disable cookies in your browser settings, though some features may not work properly.
5. Your rights (California residents — CCPA/CPRA)
If you are a California resident, you have the right to:
- Know what personal information we collect and how we use it
- Access a copy of the personal information we hold about you
- Delete personal information we hold about you (with limited exceptions, e.g. legal record-keeping)
- Correct inaccurate information
- Opt out of sale or sharing — note: we do not sell or share personal information for cross-context behavioral advertising
- Non-discrimination — we will not retaliate against you for exercising these rights
To exercise any of these rights, email thegoldencircle.skincare@gmail.com with the subject "Privacy request." We will respond within 45 days.
6. Your rights (EU/UK residents — GDPR)
If you are in the EU/UK, you have the rights of access, rectification, erasure, restriction, portability, objection, and withdrawal of consent. Our lawful bases are contract (when you engage us) and legitimate interest (responding to inquiries). Contact thegoldencircle.skincare@gmail.com to exercise them.
7. Data retention
We keep your information only as long as needed for the purposes described, plus reasonable record-keeping (e.g. tax records for 7 years). Quote requests that don't convert to engagement are retained for 18 months, then deleted.
8. Security
We use industry-standard security measures including encryption in transit (TLS), secure cloud infrastructure (Firebase / Google Cloud), access controls, and limited employee access on a need-to-know basis. No method of transmission or storage is 100% secure; we cannot guarantee absolute security.
9. Children
Our Services are for businesses and are not directed to children under 16. We do not knowingly collect information from children. If you believe a child has provided us information, contact us and we will delete it.
10. Health information (HIPAA)
When working with med spa clients, we may handle aggregated booking and demographic data. We do not collect or store protected health information (PHI) about your clients' patients. If your engagement requires PHI handling, we will execute a separate Business Associate Agreement (BAA).
11. International transfers
We are based in the United States. If you access our Services from outside the US, your information will be transferred to and processed in the US. By using the Services, you consent to this transfer.
12. Third-party links
Our Services may link to third-party websites (e.g. beautyhubpro.com, thegolden-circle.com, social media). We are not responsible for those sites' privacy practices.
13. Changes to this Policy
We may update this Policy. We will post the updated version with a new "Last updated" date and notify active clients by email of material changes.
14. Contact
Questions or privacy requests? Email thegoldencircle.skincare@gmail.com or write to:
The Golden Circle Consulting
Sandy, UT, United States
Phone: 385-474-2863
WhatsApp: 754-232-6590