Privacy Policy & Data Handling Statement

Avíspa Solutions, LLC  ·  Effective Date: April 15, 2025

1. Overview

Avíspa Solutions, LLC ("Avíspa Solutions," "we," "our," or "us") provides consulting and implementation services focused on designing and deploying automated workflows, including AI-enabled systems, for businesses, independent contractors, and entrepreneurs.

We are committed to protecting the privacy, confidentiality, and integrity of all information entrusted to us. Our approach prioritizes:

• Minimal data exposure
• Transparent system design
• Responsible use of AI technologies
• Alignment with client-controlled data environments

Operating Model: Avíspa Solutions functions primarily as a systems architect and data processor on behalf of clients, not as a data owner or reseller.

2. Information We Collect

A. Information You Provide

• Name, email address, phone number
• Company and business details
• Project and inquiry information

B. Client Business Data (Service Data)

In delivering services, we may process data within client systems, including:

• CRM data (contacts, leads, communications)
• Marketing and outreach data
• Operational workflow data
• Customer interaction data

Control: This data remains owned and controlled by the client.

C. Automatically Collected Information

• IP address
• Device and browser information
• Website usage data
• Cookies and analytics data

D. Payment Information

Payments are handled by third-party processors. We do not store full payment card details.

3. How We Use Information

We use information strictly to:

• Deliver and support consulting and automation services
• Design, deploy, and maintain workflows
• Communicate with clients and prospects
• Improve system performance and reliability
• Comply with legal and contractual obligations

We do not use client data for resale, profiling, or unrelated commercial purposes.

4. Data Handling & Security Principles

This section reflects how we actually design and operate systems, beyond standard policy language.

A. Data Minimization by Design

We architect workflows to:

• Limit the amount of data processed
• Avoid unnecessary duplication or storage
• Use only the data required to achieve defined outcomes

B. Client-Controlled Environments

Where possible:

• Data resides within client-owned systems (e.g., CRM, email platforms)
• We configure workflows to operate within those environments
• Clients retain visibility and control over their data

C. No Centralized Data Warehousing

Avíspa Solutions does not operate a centralized data repository of client information. Data is typically:

• Passed through secure third-party systems
• Processed transiently within workflows

D. Least Privilege Access

We:

• Access only the systems and data necessary for service delivery
• Limit permissions to the minimum required scope
• Remove access when no longer needed

E. Workflow Transparency

Clients can request:

• Clear documentation of data flows
• Visibility into how data moves across systems
• Explanation of any AI or automation logic applied

5. Use of AI and Automated Systems

We integrate AI technologies, including OpenAI and Anthropic. These systems may process inputs provided within client workflows.

AI Usage Commitments

• AI is used only for defined, client-approved use cases
• We do not use client data to train proprietary models
• We aim to minimize sensitive data exposure to AI systems
• Outputs are generated within the context of client workflows, not reused externally

Third-Party Responsibility

AI providers operate under their own privacy and security policies. We select providers based on reliability and industry standards.

6. Data Sharing and Subprocessors

We do not sell personal or business data.

We may share data with trusted service providers necessary for system operation, including:

• HubSpot
• Google
• GoHighLevel

These providers support infrastructure, communications, CRM, and automation execution.

Subprocessor Principles

• Use of reputable, widely adopted platforms
• Alignment with industry-standard security practices
• Use limited to functional requirements of workflows

7. Data Storage and Retention

Storage Model

• Data is primarily stored within client systems or third-party platforms
• Avíspa Solutions does not maintain long-term independent storage unless required

Retention Approach

• Retain only what is necessary for service delivery
• Align retention with client agreements and platform settings
• Delete or return data upon request, subject to legal obligations

8. Security Measures

We implement commercially reasonable safeguards, including:

• Secure authentication and credential management
• Access control and permission scoping
• Use of established, enterprise-grade platforms
• Periodic review of system architecture and integrations

Reality Statement: No system is completely secure. Our focus is reducing risk through intentional architecture and controlled data exposure, not reliance on a single security layer.

9. Your Privacy Rights

Depending on your jurisdiction, including under the California Consumer Privacy Act, you may have the right to:

• Access personal information we hold
• Request deletion of your data
• Request correction of inaccurate data
• Opt out of certain data uses (where applicable)

To submit a request, contact us at Datasecurity@avispasolutions.com.

10. Cookies and Analytics

We use cookies and similar technologies to analyze website usage, improve user experience, and support performance monitoring. Users may control cookie preferences through browser settings.

11. Third-Party Services and Links

Our systems may integrate with or link to third-party platforms. We are not responsible for the privacy practices of those providers.

12. Children's Privacy

Our services are not intended for individuals under 18. We do not knowingly collect data from children.

13. Geographic Scope

We currently operate in North America and anticipate working with clients in jurisdictions such as California. If operations expand, we will adapt practices to align with applicable regulations.

14. Data Processing Addendum (DPA)

For clients engaging Avíspa Solutions for services involving the processing of business or personal data, a Data Processing Addendum (DPA) governs the handling of such data and forms part of the applicable service agreement.

15. Updates to This Policy

We may update this policy periodically. Updates will be reflected with a revised effective date.

16. Contact Information