Home/Privacy Policy
Legal

Privacy Policy

Last updated: April 16, 2026

At AIwhirks, your privacy isn't a checkbox — it's how we do business. We don't sell your data, we don't share it with marketing networks, and we don't add you to email lists you didn't ask for. This page explains what we collect, why, and what your rights are.

Who we are

AIwhirks is operated by Travis Sutphin, based in St. Augustine, FL, USA. When this policy says "we," "us," or "our," it refers to AIwhirks. The website covered by this policy is aiwhirks.com.

What information we collect

Information you give us directly

When you fill out our contact form, request a quote, or email us, you may provide:

  • Your name
  • Your email address
  • Your phone number (optional)
  • Your business name and website
  • Information about your business goals and needs

Information collected automatically

When you visit aiwhirks.com, we collect basic analytics data to understand how visitors use the site:

  • Pages you visit and how long you spend on them
  • Your approximate location (city/region, not precise location)
  • Your browser type and device type
  • The website that referred you to ours

This data is anonymized and aggregated — we don't know who you specifically are unless you submit a form.

How we use your information

We use the information you provide to:

  • Respond to your inquiry or quote request
  • Schedule and conduct consultations or project work
  • Send transactional communications related to active projects
  • Improve our website and services
What we never do: Add you to a marketing newsletter without explicit opt-in. Sell, rent, or trade your data. Share your information with advertisers or third-party marketers.

Cookies & tracking

We use minimal cookies — primarily two types:

  • Essential cookies — needed for the site to function (page navigation, security, form submissions). These can't be disabled without breaking core functionality.
  • Analytics cookies — help us understand aggregate traffic patterns (which pages get visited, average time on site). We use a privacy-respecting analytics tool that doesn't build advertising profiles.

We do not use third-party advertising cookies or cross-site tracking. You can disable non-essential cookies in your browser settings without affecting your ability to use the site. If you're in a region that requires explicit cookie consent (EU, UK, certain US states), you may see a consent banner the first time you visit.

Service providers we use

We don't sell your data. Period.

We do use a small set of trusted third-party providers to operate our business. Each one only accesses what's needed for their specific function and is bound by confidentiality and data processing agreements. They cannot use your data for their own marketing.

The categories of providers we work with:

  • Web hosting & infrastructure — keeps the site running
  • Email hosting — for transactional and project communications
  • Website analytics — for aggregate site usage data
  • Project management tools — to organize active client work
  • Payment processing — to handle invoicing for active clients (we never see or store full payment card numbers)

We will only disclose your information beyond these providers if legally required (e.g., subpoena or court order).

How we protect your information

We use industry-standard security practices including SSL encryption for all data in transit, secure hosting infrastructure, and access controls limiting who can view your information. While no system is 100% secure, we treat your data the way we'd want ours treated.

How long we keep your data

Different types of data have different retention timelines:

  • Form submissions & inquiries — kept for up to 24 months after our last contact, then deleted unless you become an active client.
  • Active client data — kept for the duration of our engagement plus 7 years after (for tax, accounting, and legal compliance).
  • Analytics data — anonymized and aggregated indefinitely; cannot be tied back to you individually.
  • Email correspondence — kept for the period required for ongoing business operations and legal record-keeping.

You can request earlier deletion at any time by emailing us — see "Your rights" below.

Data breach notification

If we ever discover that your personal information has been compromised in a security breach, we will:

  • Notify affected users without undue delay — within 72 hours where required by law (such as GDPR), and as soon as practical otherwise.
  • Tell you what information was involved, what happened, and what we're doing about it.
  • Cooperate with any required regulatory authorities.
  • Take immediate steps to contain the breach and prevent recurrence.

We hold ourselves to the standard we'd want from any company handling our data.

Your rights

You have the right to:

  • Access — Request a copy of the personal data we hold about you
  • Correct — Ask us to update inaccurate information
  • Delete — Request that we delete your data (subject to legal retention requirements)
  • Restrict — Limit how we process your data
  • Portability — Receive your data in a portable format
  • Object — Object to specific uses of your data
  • Opt out — Unsubscribe from any communications at any time

To exercise any of these rights, email us at [email protected]. We'll respond within 30 days. We won't discriminate against you for exercising any of these rights.

California residents (CCPA/CPRA)

If you're a California resident, you have additional rights under the California Consumer Privacy Act and California Privacy Rights Act:

  • Right to know what personal information we've collected about you, where it came from, why we collected it, and who we shared it with
  • Right to delete personal information we've collected (with certain legal exceptions)
  • Right to correct inaccurate personal information
  • Right to opt out of any "sale" or "sharing" of your personal information for cross-context behavioral advertising
  • Right to non-discrimination for exercising any of these rights
Do Not Sell or Share My Personal Information: We do not sell or share your personal information for cross-context behavioral advertising. There is nothing to opt out of — this is our default. If this ever changes, we'll provide a clear opt-out mechanism and notify users in advance.

To exercise any California rights, email [email protected] with "CCPA Request" in the subject line.

International users (GDPR)

If you're located in the European Union, United Kingdom, or another region with comprehensive data protection laws, this section explains the legal basis for how we process your data:

  • Legitimate interest — responding to your inquiry, providing services you've requested, and improving our website.
  • Contract performance — for active clients, processing your data to deliver the services we've agreed on.
  • Consent — for any optional communications you've explicitly opted into.
  • Legal obligation — to comply with tax, accounting, and other regulatory requirements.

You have all the rights listed above plus the right to lodge a complaint with your local supervisory authority if you believe we've handled your data improperly. We'll always try to resolve concerns directly first.

Note: AIwhirks is a US-based business and does not actively target EU/UK users with marketing. If you reach out to us from these regions, your data is processed according to this policy and the protections above apply.

Children's privacy

Our services are designed for businesses and are not intended for individuals under 18. We do not knowingly collect information from children.

Changes to this policy

We may update this policy from time to time as our practices evolve or as required by law. We'll post the updated version here with a new "last updated" date. Significant changes will be communicated to active clients via email at least 30 days before they take effect.

Contact us

Questions about this policy or your privacy? Email [email protected]. Travis personally responds — no form letters or auto-replies.