Privacy Policy
Scope
This Privacy Policy explains how Negotiate For Me ("we," "us," or "our") collects, uses, and protects information when you visit our website or use our consulting services. It applies to all visitors and clients. For purposes of certain U.S. state laws, we are the "business" or "controller" of your personal information.
What We Collect
We only collect information we actually need to deliver our service. The categories below align with the personal information categories defined in the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA):
| Category | Examples |
|---|---|
| Identifiers | Name, email address, postal address, phone number, IP address, account identifiers |
| Customer Records | Billing information, transaction details, signature on engagement agreements |
| Commercial Information | Records of products or services purchased, payment history, refund history |
| Internet/Network Activity | Browser type, device information, pages visited, referring URLs, interaction with our website |
| Geolocation Data | General location derived from IP address (not precise geolocation) |
| Audio/Visual Data | Recordings of consulting calls (where you have consented), photos or images you provide |
| Professional/Financial Information | Information about the purchase you are consulting on, including asking price, target price, financing details, and outcome data |
| Communication Records | Emails, calls, chats, and messages between you and our consultants |
| Inferences | Profiles created from the above to predict your needs and improve consulting |
Sensitive Personal Information. We generally do not collect "sensitive personal information" as defined under CPRA (such as Social Security number, government ID, precise geolocation, racial/ethnic origin, religious beliefs, union membership, genetic data, biometric identifiers used for unique identification, health data, or sexual orientation). If we ever need to collect such information for a specific service (for example, certain medical procedure negotiations), we will obtain your express consent and limit use to the purpose disclosed at collection. You have the right to limit our use of sensitive personal information; see Section 13.
Sources of Information
We collect information from these sources:
- Directly from you: when you fill out forms, contact us, sign up, pay for services, or communicate with our consultants.
- Automatically: from your browser or device when you use our website (cookies, log files, analytics).
- From third parties: payment processors confirming a transaction, fraud-prevention services, and (with your permission) data you ask us to retrieve about your purchase (such as a vehicle history report or comparable home sales).
- From publicly available sources: publicly available real estate listings, market data services, and similar sources used to inform your playbook.
How We Use It
We use the information we collect for the following business and commercial purposes:
- Build and deliver your custom negotiation playbook and consulting
- Communicate with you about your engagement (transactional emails, calls, texts where consented)
- Process payments, issue receipts, and manage refunds
- Improve our methodology, scripts, and frameworks (using de-identified, aggregated data)
- Comply with legal, tax, accounting, and regulatory obligations
- Resolve disputes, enforce our agreements, and exercise legal claims
- Prevent fraud, abuse, and unauthorized access
- Analyze website performance and marketing effectiveness
- Send marketing communications, with your consent and subject to opt-out at any time
Lawful basis. Where required by GDPR or similar laws, our lawful basis for processing is: (a) contract performance for delivering the Services you purchased; (b) consent for marketing communications and optional cookies; (c) legal obligation for tax, accounting, and dispute records; and (d) legitimate interests in operating, improving, and securing our service, where those interests are not overridden by your rights.
We may use anonymized or aggregated outcome data (for example, "average savings on auto deals") in marketing materials. We will not identify you in any marketing without your written permission.
When We Share
We share personal information only in these limited circumstances:
- Service providers (processors). Vendors that help us operate, including payment processors, email and SMS delivery providers, hosting and cloud-storage providers, analytics providers, fraud-prevention services, and customer-support tools. These vendors are contractually obligated by data processing agreements to use your data only for our purposes and to maintain reasonable security. Categories of providers used may include: Stripe (payments), AWS or similar (hosting), SendGrid or similar (email), Google Analytics or similar (analytics), Twilio or similar (SMS).
- Within our team. Your assigned consultant and other team members who support your engagement, all bound by confidentiality obligations.
- Legal requirements. Where required by law, court order, subpoena, or government request, or to protect our or a third party's legal rights, safety, or property, or to investigate fraud or violations of these Terms.
- Business transfers. In connection with a merger, acquisition, financing, sale of assets, bankruptcy, or other corporate transaction. You will be notified by email and/or website notice of any such change in ownership or use of your personal information.
- With your consent. For any other purpose, only with your explicit permission.
Sale or Sharing of Personal Information
We do not sell your personal information for monetary consideration. We do not "share" your personal information for "cross-context behavioral advertising" as those terms are defined under CCPA/CPRA. We have not sold or shared personal information of consumers in the preceding 12 months. We have not sold or shared the personal information of consumers under 16 years of age.
If our practices change, we will update this Policy and provide a "Do Not Sell or Share My Personal Information" mechanism on our website. To preemptively opt out of any future sale or sharing, you may submit a request to privacy@negotiateforme.io, and we will honor opt-out preference signals (Global Privacy Control / GPC) sent by your browser.
Cookies & Tracking
Our website uses cookies and similar technologies to:
- Remember your preferences and session state (strictly necessary cookies)
- Measure how visitors use our site (analytics cookies)
- Help us understand which marketing channels bring visitors (marketing cookies)
You can control cookies through your browser settings, by clearing your browser cookies, or by using browser extensions that block trackers. Most browsers also support sending a Global Privacy Control (GPC) signal, which we honor as a request to opt out of any future sale or sharing of personal information. Disabling cookies may limit some functionality.
Payment Data
Payment processing is handled by third-party providers (such as Stripe) using industry-standard encryption and tokenization. We do not store your full card number on our servers. We retain limited transaction details (last four digits of card, transaction date, amount, authorization code) for accounting, dispute-resolution, and tax purposes for the period required by applicable law (typically 7 years).
Retention
We retain personal information only for as long as needed for the purposes for which it was collected, or as required by law. Specific retention periods include:
- Account and contact information: for the duration of your active relationship with us, plus 3 years after the last engagement, unless you request earlier deletion.
- Transaction records (payments, invoices, refunds): 7 years from the transaction date, as required by federal and state tax law.
- Consulting playbooks and engagement records: 3 years after delivery, for quality assurance and dispute resolution.
- Standard consulting call recordings: 90 days from the call, unless retained longer for an active dispute or quality-review purpose.
- Direct Negotiation session recordings: 2 years from the session, given the higher dispute-resolution stakes and zero-tolerance refund policy associated with Direct Negotiation engagements.
- Marketing communication preferences: until you withdraw consent or for 3 years of inactivity, whichever is sooner.
- Website analytics and log data: typically 14 to 26 months in identified form, then aggregated.
- Legal hold or active dispute: retained until the matter is fully resolved.
Once retention is no longer required, we delete or anonymize the data using reasonable methods.
Security
We use reasonable administrative, technical, and physical safeguards to protect your information, including:
- Encryption in transit (TLS/HTTPS) for all website and form submissions
- Encryption at rest for sensitive data stored in our systems
- Access controls limiting employee and contractor access to a need-to-know basis
- Multi-factor authentication on administrative systems
- Periodic security reviews and vendor security assessments
- Confidentiality and data-handling obligations for all consultants, employees, and contractors
No system is 100% secure. While we strive to protect your information using reasonable measures, we cannot guarantee absolute security.
Data Breach Notification
If we become aware of a security incident that results in unauthorized acquisition of, or access to, your personal information that is reasonably likely to result in identity theft, fraud, or other significant harm, we will notify you and the appropriate regulatory authorities without unreasonable delay, and in any event within the time periods required by applicable law (generally within 30 to 60 days of confirmation, or sooner where law requires). Notice will include the nature of the breach, the categories of information involved, the steps we are taking in response, and the steps you can take to protect yourself.
Your Rights
Depending on where you live, you may have rights including:
- Right to know / access: request access to the personal information we hold about you.
- Right to correct: request correction of inaccurate information.
- Right to delete: request deletion of your personal information (subject to legal retention requirements).
- Right to portability: receive a copy of your data in a portable, machine-readable format.
- Right to opt out of sale/sharing: opt out of any sale or sharing for cross-context behavioral advertising (we do not currently sell or share).
- Right to limit use of sensitive personal information.
- Right to non-discrimination: we will not deny services, charge different prices, or provide a different level of service for exercising your privacy rights.
- Right to withdraw consent for any consent-based use.
- Right to designate an authorized agent to make requests on your behalf, subject to verification.
To exercise any of these rights, contact us at privacy@negotiateforme.io with the subject line "Privacy Rights Request" and a description of your request. We will verify your identity using information already on file (such as your account email) before fulfilling the request, to protect against fraudulent requests. We will respond within the timeframe required by applicable law (generally 45 days under CCPA/CPRA, with one possible 45-day extension; 30 days under GDPR).
California Residents (CCPA/CPRA)
If you are a California resident, in addition to the rights in Section 12, you have specific rights under the California Consumer Privacy Act, as amended by the California Privacy Rights Act:
Information collected and disclosed in the past 12 months
In the past 12 months, we have collected the categories of personal information listed in Section 2 above. The sources are listed in Section 3. The business and commercial purposes are listed in Section 4. The categories of third parties to whom we disclose information for business purposes are listed in Section 5. We have not sold or shared personal information for cross-context behavioral advertising in the past 12 months.
Right to limit sensitive personal information
You have the right to direct us to limit the use and disclosure of any sensitive personal information we collect to that which is necessary to perform the Services you requested. As stated in Section 2, we generally do not collect sensitive personal information. To exercise this right, contact privacy@negotiateforme.io.
Authorized agents
You may designate an authorized agent to make a request on your behalf. The agent must provide signed written permission from you, and we may require you to verify your identity directly with us before processing the request.
"Shine the Light" requests
California Civil Code Section 1798.83 permits California residents to request information about disclosures of personal information to third parties for direct marketing purposes. We do not disclose personal information to third parties for their direct marketing purposes.
Submitting requests
To submit a CCPA/CPRA request: email privacy@negotiateforme.io with the subject line "California Privacy Request." We will acknowledge within 10 business days and respond substantively within 45 days.
Texas Residents (TDPSA)
If you are a Texas resident, the Texas Data Privacy and Security Act (TDPSA) gives you rights similar to those in Section 12, including the rights to access, correct, delete, obtain a copy, and opt out of targeted advertising, sale of personal data, or significant automated profiling. We do not currently engage in targeted advertising, sale of personal data, or significant automated profiling that produces legal effects. To exercise your TDPSA rights, contact privacy@negotiateforme.io. You may appeal a denial of any request by emailing the same address with the subject line "Privacy Appeal."
Other U.S. State Residents
Residents of states with comprehensive privacy laws (including Virginia, Colorado, Connecticut, Utah, Oregon, Montana, Iowa, Indiana, Tennessee, Delaware, New Jersey, New Hampshire, and others as enacted) have rights similar to those described in Section 12. To exercise your rights under any applicable state privacy law, contact privacy@negotiateforme.io. We will honor your rights to the extent required by your state's law.
International Users (GDPR/UK GDPR)
Our service is operated from the United States and is intended for U.S. residents. If you access our service from the European Economic Area, the United Kingdom, or other jurisdictions with data-protection laws different from the United States, your information will be transferred to and processed in the United States, which may have different data protection standards.
Lawful basis (GDPR Article 6)
Where the GDPR or UK GDPR applies, our lawful bases are listed in Section 4. We do not rely on consent for processing necessary to deliver the Services you purchased.
International data transfers
Where we transfer personal information from the EEA, UK, or Switzerland to the United States, we rely on appropriate transfer mechanisms, which may include the EU Standard Contractual Clauses (SCCs), the UK International Data Transfer Addendum, or applicable adequacy decisions, supplemented by additional technical and organizational measures where necessary.
EU/UK rights
In addition to the rights in Section 12, you have the right to lodge a complaint with your local data protection supervisory authority. In the UK, this is the Information Commissioner's Office (ico.org.uk). In the EU, you may contact your national data protection authority.
EU/UK representative
We do not currently have an appointed Article 27 representative in the EU or UK. If you are in the EU or UK and need to contact us regarding privacy matters, please use privacy@negotiateforme.io. We will appoint a representative if required by our processing activities reaching applicable thresholds.
Automated Decision-Making & Profiling
We use computer-assisted tools and analytics to inform our consulting (such as comparing your asking price to comparable transactions). However, we do not engage in solely automated decision-making that produces legal or similarly significant effects on you without human review. A human consultant reviews and is responsible for every playbook we deliver.
Third-Party Links & Services
Our website may contain links to third-party websites, services, or content (such as payment processors, listing sites, or consultant-recommended resources). This Privacy Policy does not apply to those third parties. We are not responsible for the privacy practices of third-party sites or services. We encourage you to read the privacy policies of any third party before providing them with information.
Children's Privacy
Our services are intended for adults (18+). We do not knowingly collect personal information from anyone under the age of 16. We do not "sell" or "share" the personal information of consumers under 16 (and we would obtain affirmative consent if we did). If you believe a child under 16 has provided us with personal information, please contact us at privacy@negotiateforme.io and we will promptly delete it.
Changes to This Policy
We may update this Privacy Policy from time to time. The "Last updated" date at the top reflects the most recent revision. Material changes will be communicated via email to your account email address and a prominent notice on our website at least 14 days before they take effect. Non-material changes (clarifications, formatting, contact info updates) take effect upon posting. Your continued use of the Services after changes take effect constitutes acceptance of the revised Policy.
Contact
Questions about your privacy or this Policy? Contact us:
Negotiate For Me
Privacy inquiries: privacy@negotiateforme.io
General contact: hello@negotiateforme.io
Web: negotiateforme.io