Privacy Policy | Seroft, Inc.

1. Introduction & Scope

Seroft, Inc. ("Seroft," "we," "us," or "our") is committed to protecting the privacy and security of your personal information. This Privacy Policy describes how we collect, use, disclose, retain, and protect personal information in connection with our website located at seroft.com (the "Site") and the professional services we provide (collectively, the "Services").

This Policy applies to all individuals who:

Visit or use the Site;
Submit information through any contact form, inquiry, or other interactive element on the Site;
Enter into a project engagement or contractual relationship with Seroft;
Communicate with Seroft by email, telephone, or any other means.

This Policy does not apply to information collected by third-party websites or services that may be linked from our Site, or to information collected by Seroft's clients from their own end users in the course of any software or systems built by Seroft on the client's behalf. Seroft's clients are independently responsible for the privacy practices governing their own platforms.

By using the Site or engaging our Services, you acknowledge that you have read, understood, and agree to the data practices described in this Policy. If you do not agree, please discontinue use of the Site immediately.

2. Information We Collect

We collect the following categories of personal information:

2.1 Information You Provide Directly

Contact information: First and last name, email address, company name, job title, and telephone number, when provided through contact forms, emails, or other direct communications.
Project information: Details about your project, business requirements, budget range, and any other information you choose to provide when enquiring about or engaging our Services.
Communications: The content of any emails, messages, or other correspondence you send to us, including any attachments.
Payment information: Billing name, billing address, and payment method details. Note: Seroft uses third-party payment processors and does not directly store full credit card or banking information on its own systems.
Client-provided materials: Any data, content, files, or materials you provide to us as part of a project engagement.

2.2 Information Collected Automatically

When you visit the Site, we and our third-party service providers may automatically collect certain technical and usage information, including:

Device information: IP address, device type, operating system, browser type and version, screen resolution, and language settings.
Usage data: Pages visited, time and date of visits, time spent on each page, referring and exit URLs, and navigation paths.
Log data: Server logs that automatically record information each time you access the Site, including your IP address, browser type, and the dates and times of your visits.
Cookie and tracking data: Information collected through cookies, pixel tags, web beacons, and similar technologies, as described in Section 5 of this Policy.

2.3 Information from Third Parties

Referral sources: If you arrive at the Site through a link from a third-party website, social media platform, or other source, we may receive information about the referring source.
Professional networks: If you connect with us through LinkedIn or other professional networks, we may receive information consistent with your public profile settings on those platforms.

3. How We Collect Information

We collect personal information through the following mechanisms:

Contact and inquiry forms: When you submit a message, project enquiry, or other form on the Site, including through our Web3Forms-powered contact form, your submission is transmitted to us and processed by our form service provider.
Direct email and communications: When you email us at ask@seroft.com or communicate with us directly.
Cookies and similar technologies: Automatically when you visit the Site, as described in Section 5.
Analytics tools: Through third-party analytics services that monitor Site usage and performance.
Bot protection: Through Cloudflare Turnstile, which is used on our contact form to verify that submissions are made by human users rather than automated bots. Cloudflare may process certain technical data in connection with this service.
Google Fonts: Our Site loads fonts from Google Fonts, which may result in your browser sending a request to Google's servers, potentially transmitting your IP address and browser information to Google.
Project engagements: Through the course of providing professional services, where you or your organisation provide us with information necessary to complete the engagement.

4. How We Use Your Information

We use the personal information we collect for the following purposes:

Responding to enquiries: To respond to your messages, questions, and project enquiries submitted through the Site or by email.
Providing services: To negotiate, enter into, and perform project agreements and to deliver the professional services you have engaged us to provide.
Client relationship management: To manage our ongoing relationship with you as a client, including project communications, status updates, and follow-up correspondence.
Invoicing and payment processing: To generate invoices, process payments, and manage accounts receivable.
Legal compliance: To comply with our legal obligations under applicable California and federal law, including tax reporting, record-keeping, and responding to lawful requests from public authorities.
Site operation and improvement: To monitor, maintain, and improve the performance, security, and functionality of the Site.
Analytics: To understand how visitors use the Site, which pages are most visited, and how to improve the user experience.
Security: To detect, investigate, and prevent fraudulent activity, unauthorised access, and other security incidents.
Marketing: With your consent where required by applicable law, to send you information about Seroft's services, industry insights, or company news. You may opt out of marketing communications at any time as described in Section 5.
Legal claims and disputes: To establish, exercise, or defend legal claims and to enforce our Terms of Service and other agreements.
Business operations: For general business purposes including internal record-keeping, business development, and strategic planning.

We will only use your personal information for the purposes for which it was collected, or for purposes that are compatible with those purposes. If we intend to use your information for a materially different purpose, we will notify you and, where required, seek your consent.

5. Cookies & Tracking Technologies

5.1 What Are Cookies?

Cookies are small text files placed on your device by a website when you visit it. They allow the website to recognise your browser and remember certain information about your visit. Similar technologies include pixel tags, web beacons, and local storage.

5.2 Cookies We Use

The Seroft website may use the following categories of cookies:

Strictly Necessary Cookies: Required for the Site to function properly, including security features such as Cloudflare's bot protection and Turnstile verification. These cookies cannot be disabled without impairing Site functionality. They do not collect personal information used for marketing.
Performance & Analytics Cookies: Used to collect information about how visitors use the Site — such as which pages are visited most frequently and how users navigate the Site. This information is used in aggregate form to improve the Site. We may use Google Analytics or similar services for this purpose.
Functional Cookies: Allow the Site to remember choices you make (such as cookie consent preferences) and to provide enhanced functionality.

5.3 Third-Party Cookies & Services

Google Analytics: We may use Google Analytics to understand Site usage. Google Analytics uses cookies to collect information such as your IP address (anonymised where required), browser type, device, and pages visited. Google's use of this data is governed by Google's Privacy Policy. You can opt out of Google Analytics tracking by installing the Google Analytics Opt-out Browser Add-on.
Cloudflare: We use Cloudflare services for website security, performance, and bot protection (Turnstile). Cloudflare may process certain technical information about your visit. Cloudflare's data practices are governed by Cloudflare's Privacy Policy.
Google Fonts: Our Site uses Google Fonts, which are loaded from Google's servers. Your browser may transmit your IP address and browser information to Google when loading these fonts. Google's use of this data is governed by Google's Privacy Policy.

5.4 Managing Cookies

You may control and manage cookies in the following ways:

Cookie consent banner: When you first visit the Site, a cookie consent banner will appear allowing you to accept or decline non-essential cookies.
Browser settings: Most web browsers allow you to control cookies through their settings. You can set your browser to refuse all cookies or to indicate when a cookie is being sent. Please note that disabling certain cookies may impair your ability to use certain features of the Site.
Opt-out tools: You may opt out of interest-based advertising by visiting the Network Advertising Initiative opt-out page at optout.networkadvertising.org or the Digital Advertising Alliance opt-out page at optout.aboutads.info.

5.5 Do Not Track

Some browsers transmit "Do Not Track" (DNT) signals to websites. Because there is currently no industry standard for responding to DNT signals, the Site does not currently alter its data collection practices in response to DNT browser settings. We will revisit this position if a standard is established.

5.6 Email Communications

If Seroft sends you email communications, those emails may contain tracking pixels or similar technology that allow us to determine whether the email was opened and whether links were clicked. You may opt out of receiving marketing emails from Seroft at any time by clicking the unsubscribe link in any such email or by contacting us at ask@seroft.com with "Unsubscribe" in the subject line.

6. Data Sharing & Disclosure

Seroft does not sell your personal information to third parties. We do not share your personal information with third parties for their own independent marketing or advertising purposes. We may share your personal information only in the following circumstances:

6.1 Service Providers

We may share information with trusted third-party service providers who assist us in operating the Site, providing services, and conducting our business. These providers are contractually obligated to keep your information confidential, to use it only as directed by Seroft for the specific purposes for which it was shared, and to maintain appropriate security measures. Our current categories of service providers include:

Form processing: Web3Forms, for processing contact form submissions;
Security & infrastructure: Cloudflare, Inc., for website security, performance optimisation, and bot protection;
Analytics: Google LLC, for website analytics (Google Analytics, if in use);
Font delivery: Google LLC, for web font delivery (Google Fonts);
Scheduling: Calendly, LLC, for booking discovery calls;
Accounting and invoicing software;
Cloud storage and project management tools used in the delivery of client services.

6.2 Legal Requirements

We may disclose your personal information if we believe in good faith that such disclosure is necessary to:

Comply with applicable law, regulation, legal process, or enforceable government request;
Enforce our Terms of Service or other applicable agreements;
Protect the rights, property, or safety of Seroft, our clients, or the public;
Detect, prevent, or address fraud, security, or technical issues.

6.3 Business Transfers

If Seroft is involved in a merger, acquisition, asset sale, financing, reorganisation, or dissolution, your personal information may be transferred as part of that transaction. We will notify you by updating this Privacy Policy, and where legally required, provide additional notice, before your personal information is transferred and becomes subject to a different privacy policy.

6.4 With Your Consent

We may share your information with third parties where you have given us your express consent to do so.

6.5 No Sale of Personal Information

Seroft does not sell, rent, trade, or otherwise transfer your personal information to third parties for monetary or other valuable consideration, as those terms are defined under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA).

7. California Privacy Rights (CCPA & CPRA)

If you are a resident of the State of California, the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA) grants you specific rights regarding your personal information. This section describes those rights and explains how to exercise them.

7.1 Your Rights as a California Resident

Right	Description
Right to Know	You have the right to request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources from which it was collected, our business purpose for collecting it, and the categories of third parties with whom we share it.
Right to Delete	You have the right to request that we delete personal information we have collected from you, subject to certain exceptions (e.g., where retention is necessary to complete a transaction, comply with a legal obligation, or exercise a legal claim).
Right to Correct	You have the right to request that we correct inaccurate personal information that we maintain about you.
Right to Opt Out of Sale or Sharing	You have the right to opt out of the sale or sharing of your personal information. As stated in Section 6.5, Seroft does not sell or share personal information for cross-context behavioural advertising purposes.
Right to Limit Use of Sensitive Information	Where applicable, you have the right to limit our use of sensitive personal information to those purposes necessary to provide the services you have requested.
Right to Non-Discrimination	You have the right not to receive discriminatory treatment for exercising any of your CCPA/CPRA privacy rights. We will not deny you services, charge you different prices, or provide a lower quality of service because you exercised a privacy right.

7.2 How to Submit a Verifiable Consumer Request

To exercise any of the rights described above, you or your authorised agent may submit a verifiable consumer request by:

Email: ask@seroft.com — please include "CCPA Privacy Request" in the subject line;
Contact form: seroft.com/contact.html — please indicate in your message that you are submitting a California privacy rights request.

To protect your privacy and security, we will take steps to verify your identity before responding to your request. We will acknowledge receipt of your request within ten (10) business days and respond to a verifiable consumer request within forty-five (45) calendar days of receipt. If we require additional time, we will inform you of the reason and extension period within the initial 45-day period.

You may submit up to two verifiable consumer requests per twelve-month period free of charge. We will not require you to create an account to submit a request.

7.3 Authorised Agents

You may designate an authorised agent to make a request on your behalf under the CCPA/CPRA. To do so, you must provide the authorised agent with written permission to make the request, and we may require you to verify your own identity directly with us or to provide proof that you have authorised the agent.

8. European Economic Area (EEA) & United Kingdom Users

To the extent Seroft interacts with individuals located in the European Economic Area (EEA) or the United Kingdom (UK), the General Data Protection Regulation (GDPR) and UK GDPR may apply to the processing of your personal data.

8.1 Legal Basis for Processing

Where the GDPR applies, we process your personal data on the following legal bases:

Contract: Processing necessary to enter into or perform a contract with you;
Legitimate interests: Processing necessary for our legitimate business interests, such as maintaining the security of the Site and improving our services, where those interests are not overridden by your rights and freedoms;
Legal obligation: Processing necessary to comply with applicable law;
Consent: Where we have obtained your prior consent, such as for marketing communications or non-essential cookies.

8.2 International Transfers

If you are located in the EEA or UK, please be aware that your personal data will be transferred to and processed in the United States, which may not provide the same level of data protection as your home country. Where required, we will implement appropriate safeguards (such as Standard Contractual Clauses) to ensure your data is adequately protected.

8.3 Your GDPR Rights

Where the GDPR applies, you have rights including access, rectification, erasure, restriction of processing, data portability, and the right to object to processing. To exercise any of these rights, please contact us at ask@seroft.com.

9. Data Retention

We retain personal information for as long as necessary to fulfil the purposes for which it was collected, to maintain accurate business records, and to comply with our legal obligations. The following general retention periods apply:

Enquiry and contact form data: Retained for up to three (3) years from the date of the enquiry, or longer if the enquiry led to a client engagement.
Client data and project records: Retained for a minimum of seven (7) years from the conclusion of the engagement, in accordance with California business record-keeping requirements and applicable tax laws.
Payment and financial records: Retained for a minimum of seven (7) years in accordance with applicable tax and financial regulations.
Analytics and usage data: Retained for up to twenty-six (26) months, or as configured in our analytics platform, in aggregate and anonymised form where possible.
Email communications: Retained for the duration of the client relationship and for a reasonable period thereafter.

When personal information is no longer required for these purposes, we will securely delete or anonymise it in accordance with our data retention procedures. Anonymised data that can no longer be linked to you as an individual may be retained indefinitely for analytical purposes.

10. Data Security

Seroft takes the security of your personal information seriously and implements a range of technical and organisational measures designed to protect personal information against unauthorised access, disclosure, alteration, or destruction. These measures include:

Transmission of data via encrypted connections (HTTPS/TLS);
Use of reputable third-party service providers with established security practices;
Access controls limiting who within Seroft can access personal information;
Use of Cloudflare for web application security and DDoS protection;
Bot protection on data collection forms via Cloudflare Turnstile.

Limitation of Security Guarantees. No method of transmission over the internet, or method of electronic storage, is completely secure. While Seroft uses commercially reasonable efforts to protect your personal information, we cannot guarantee its absolute security. In the event of a data breach that is required to be reported under applicable law, we will notify affected individuals and relevant authorities in accordance with our legal obligations.

You are responsible for maintaining the confidentiality of any credentials or access information used to communicate with Seroft, and for immediately notifying us if you believe your information has been compromised.

11. Third-Party Links & Services

The Site may contain links to third-party websites, tools, and services — including Calendly for meeting scheduling, LinkedIn, and others — that are not operated by Seroft. Clicking on such links will direct you away from the Site.

Seroft has no control over and accepts no responsibility for the content, privacy policies, or practices of any third-party websites or services. This Privacy Policy does not apply to information collected by third-party websites or services. We strongly encourage you to review the privacy policy of any third-party site you visit before providing your personal information to them.

The inclusion of a link to a third-party site or service does not constitute an endorsement of that site or service by Seroft.

12. Children's Privacy

The Site and Services are directed exclusively at individuals who are eighteen (18) years of age or older. We do not knowingly collect, solicit, or maintain personal information from children under the age of thirteen (13), in compliance with the Children's Online Privacy Protection Act (COPPA).

If we become aware that we have inadvertently collected personal information from a child under thirteen (13) without verified parental consent, we will take immediate steps to delete such information from our records. If you believe that we may have collected personal information from a child under 13, please contact us immediately at ask@seroft.com.

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our data practices, operational requirements, or applicable law. When we make material changes to this Policy, we will update the "Last Updated" date at the top of this page and, where reasonably practicable, provide notice via the Site.

For material changes that significantly affect how we use personal information already collected, we will make additional efforts to notify affected individuals, which may include an email notification to active clients of record.

Your continued use of the Site or Services after any changes to this Policy become effective constitutes your acceptance of the updated Policy. We encourage you to review this Policy periodically and to retain a copy for your records.

14. Contact & Privacy Requests

For any questions, concerns, or requests relating to this Privacy Policy or your personal information — including CCPA/CPRA verifiable consumer requests, GDPR rights requests, or any other privacy enquiry — please contact us:

Seroft, Inc. — Privacy

Email: ask@seroft.com

Subject line for CCPA requests: "CCPA Privacy Request"

Subject line for GDPR requests: "GDPR Rights Request"

Website: seroft.com

We take all privacy enquiries seriously and will respond to your request within the timeframes required by applicable law. Where we are unable to fulfil a request (for example, because retention of the information is required by law), we will explain the reason for our decision.

If you are a California resident and believe we have not responded adequately to your privacy rights request, you have the right to contact the California Privacy Protection Agency (CPPA) or the California Attorney General's office. If you are located in the EEA or UK, you have the right to lodge a complaint with your local data protection supervisory authority.