This Privacy Policy describes how Carter Simmons (referred to here as "I", "me", or "my") collects, uses, and protects information when you visit cartersimmons.org or engage with my AI consulting services. I keep this short, plain, and human — because privacy policies usually aren't.
01. Information I collect
Information you provide directly
When you submit an inquiry form, application, or audit booking, I collect the information you give me — typically your name, email address, business name, business stage, and the answers to the application questions. When you become a paying client, I also collect billing information (handled through third-party processors like Stripe — I never store full card details on my own systems).
Information collected automatically
When you visit the site, my hosting provider may automatically collect basic technical data — IP address, browser type, device type, pages visited, time on page, and referring URL. I may use lightweight analytics (such as Plausible, Fathom, or similar privacy-respecting tools) to understand which pages people read most. I do not use ad-tracking pixels or behavioral retargeting on this site.
Cookies
The site uses minimal cookies, primarily to remember your preferences across visits. I do not use third-party advertising cookies. You can disable cookies in your browser without breaking the site.
02. How I use information
- To respond to your inquiries, applications, and questions
- To deliver the services you've engaged me for
- To send service-related communications (proposals, audit reports, invoices)
- To improve the site and my services
- To comply with legal obligations
I do not sell, rent, or trade your personal information. Ever. I do not use your data to train any AI model — yours or third-party.
03. Information sharing
I share information only with the third parties needed to run the business:
- Payment processors (e.g. Stripe) — to handle billing
- Form & scheduling tools (e.g. Typeform, Calendly) — to collect inquiries and book calls
- Hosting and email providers — to operate the site and reply to messages
- Analytics tools — to understand site usage in aggregate
Each of these vendors has its own privacy policy. I select tools that respect user privacy where I can.
I may also disclose information if legally required (e.g. by court order), or to enforce my rights or protect against fraud.
04. Client confidentiality
For paying clients, every engagement is covered by a mutual NDA by default. Your business data, customer information, and proprietary processes are confidential. I do not share client identities, screenshots of internal systems, or proprietary information without your written permission. Anonymized lessons learned may be discussed publicly — never anything that identifies you.
05. Data retention
I keep inquiry and application data for up to 24 months unless you ask me to delete it sooner. Active client data is retained for the duration of our engagement plus seven years afterward (for tax, legal, and accounting purposes). Anything stored in client-owned systems (CRMs, databases, etc.) is your data, on your retention schedule.
06. Your rights
You can ask me to:
- See what information I have about you
- Correct anything inaccurate
- Delete your information (where I'm not legally required to keep it)
- Opt out of any non-essential communications
Email carter@cartersimmons.org with the subject line "Privacy request" and I'll respond within 30 days.
07. Children
This site and my services are not directed at children under 16. I do not knowingly collect information from anyone under 16.
08. International visitors
I'm based in Tampa, Florida (United States). If you visit the site from outside the US, your information will be processed in the United States. By using the site, you consent to that transfer. If you're in the EU, UK, or California and have specific GDPR / CCPA / state-level rights, contact me and I'll honor them.
09. Security
I use reasonable technical and organizational measures to protect your information — encrypted connections (HTTPS), strong access controls on accounts, and least-privilege access on integrations. No system is perfectly secure, but I take this seriously and act fast on anything that looks off.
10. Changes to this policy
If I update this policy, I'll change the "Last updated" date at the top. Material changes get a notice via email to active clients. Continued use of the site after an update means you accept the revised policy.
11. Contact
Questions about this policy or your data? Email carter@cartersimmons.org.