This Privacy Policy explains how GladysDrift LLC (“GladysDrift,” “we,” “us,” or “our”) collects, uses, stores, shares, protects, and otherwise processes personal information when you visit https://www.gladysdrift.com, use our websites, products, services, dashboards, forms, reports, communications, events, or other services that link to this Privacy Policy (collectively, the “Services”). If you do not agree with this Privacy Policy, do not use our Services. If you have questions, contact us at support@gladysdrift.com or through https://www.gladysdrift.com/contact.

1. Information We Collect

We collect personal information that you voluntarily provide to us, information automatically collected when you use our Services, and limited information from service providers or business partners when necessary to operate our business.

Information you provide

Depending on your interaction with us, we may collect:

• Name, business name, job title, and organization;
• Email address, phone number, mailing address, and contact preferences;
• Account credentials, usernames, authentication information, and user settings;
• Billing information and transaction-related records;
• Customer-support inquiries, form submissions, emails, and other communications;
• Business-development, vendor, partner, advisor, investor, or customer relationship information;
• Information included in documents, reports, dashboards, or materials you submit to us.

Information collected automatically

When you use our website or Services, we may collect technical and usage information, including IP address, browser type, device type, operating system, referring URLs, pages viewed, timestamps, approximate location derived from IP address, log data, cookie identifiers, and security/provenance records.

Sensitive information

We do not intentionally collect or process sensitive personal information unless it is necessary for a specific service, legally permitted, and handled with appropriate safeguards. Please do not submit sensitive personal information unless we specifically request it.

2. How We Use Information

We may process personal information for the following purposes:

• To provide, operate, maintain, and improve our Services;
• To respond to inquiries, requests, and customer-support needs;
• To create and manage accounts, authentication, access controls, and user settings;
• To process payments, invoices, subscriptions, or transactions;
• To provide reporting, analytics, optimization, compliance, provenance, security, and operational services;
• To communicate with customers, partners, vendors, advisors, investors, and prospects;
• To send service notices, administrative updates, marketing communications, and event information where permitted;
• To monitor, detect, prevent, and respond to security incidents, fraud, misuse, unauthorized access, or technical issues;
• To comply with legal, tax, accounting, contractual, regulatory, and law-enforcement obligations;
• To protect our rights, users, systems, business, and legal interests.

3. Legal Bases for EU/UK Processing

If you are located in the European Economic Area, the United Kingdom, or Switzerland, we rely on one or more of the following legal bases to process your personal information:

• Consent: where you have given us permission to process your information for a specific purpose.
• Contract: where processing is necessary to perform a contract with you or take steps before entering into a contract.
• Legal obligation: where processing is necessary to comply with law.
• Legitimate interests: where processing is necessary for our legitimate business interests and does not override your rights and freedoms.
• Vital interests or public interest: where applicable under law.

4. How We Share Information

We do not sell personal information for money. We may share personal information in limited circumstances, including with:

• Service providers, contractors, cloud-hosting providers, analytics providers, security vendors, customer-support providers, payment processors, and business operations vendors;
• Professional advisors, including attorneys, accountants, auditors, insurers, and compliance consultants;
• Customers, partners, or vendors where necessary to provide the Services or fulfill a business relationship;
• Government, regulatory, law-enforcement, or judicial authorities where required by law or necessary to protect legal rights;
• Successors or counterparties in connection with a merger, acquisition, financing, reorganization, asset sale, or similar business transaction.

When we use service providers to process personal information on our behalf, we require them to process the information only for limited and specified purposes and to protect it appropriately.

5. Payments and Third-Party Processors

If you make a purchase or payment, payment information may be processed by third-party payment providers. We may use payment and billing providers such as Stripe, PayPal, and QuickBooks Payments. We do not control those providers’ independent privacy practices.

• Stripe Privacy Policy
• PayPal Privacy Statement
• Intuit / QuickBooks Privacy Statements

6. International Transfers and Data Privacy Framework

GladysDrift LLC is based in the United States. If you are located outside the United States, your personal information may be transferred to, stored in, accessed from, or processed in the United States or other countries that may not provide the same level of data protection as your jurisdiction. Where required, we use appropriate safeguards for international transfers, which may include standard contractual clauses, data processing agreements, contractual safeguards, or participation in the Data Privacy Framework program administered by the U.S. Department of Commerce.

Data Privacy Framework Notice

GladysDrift LLC does not claim active participation in the EU-U.S. Data Privacy Framework, the UK Extension to the EU-U.S. Data Privacy Framework, or the Swiss-U.S. Data Privacy Framework unless GladysDrift LLC is listed as active on the U.S. Department of Commerce Data Privacy Framework List. If GladysDrift LLC self-certifies and remains active under one or more Data Privacy Framework programs, the applicable Data Privacy Framework Principles will govern covered personal information received in reliance on that framework if there is a conflict with this Privacy Policy. For Swiss-U.S. Data Privacy Framework purposes, GladysDrift LLC commitments cover Personal Data other than Human Resources Data. This non-HR scope includes customer or client non-HR data, website visitor data, service-request data, demo-request data, download-request data, and related business-contact communications. This public website Privacy Policy does not cover Human Resources Data collected in the context of an employment relationship. To learn more about the Data Privacy Framework program, visit https://www.dataprivacyframework.gov/.

Independent recourse mechanism

If GladysDrift LLC self-certifies under a Data Privacy Framework program, GladysDrift LLC will identify and maintain the independent recourse mechanism required for covered Data Privacy Framework complaints and will update this Privacy Policy with the selected provider before relying on that certification.

FTC enforcement

GladysDrift LLC is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission with respect to its compliance with applicable privacy commitments and, where applicable, the Data Privacy Framework.

Binding arbitration

Under certain conditions, individuals may invoke binding arbitration for residual claims regarding Data Privacy Framework compliance that are not resolved by other available redress mechanisms.

Public authority requests

We may be required to disclose personal information in response to lawful requests by public authorities, including requests related to national security, law enforcement, or regulatory requirements.

7. Data Retention

We retain personal information only for as long as reasonably necessary to fulfill the purposes described in this Privacy Policy unless a longer retention period is required or permitted by law, contract, tax, accounting, security, fraud-prevention, dispute-resolution, or legal-compliance obligations. When we no longer have an ongoing legitimate business need to process personal information, we will delete, anonymize, or securely isolate it until deletion is possible.

8. Security

We use reasonable technical, administrative, and organizational safeguards designed to protect personal information. These may include access controls, authentication measures, logging, vendor review, encryption where appropriate, limited-access workflows, and security monitoring. No system, transmission, or storage technology can be guaranteed to be 100% secure. You use the Services at your own risk and should access them only within a secure environment.

9. Minors

Our Services are not directed to children under 18. We do not knowingly collect personal information from children under 18. If we learn that we have collected personal information from a child without appropriate consent, we will take reasonable steps to delete it.

10. Your Privacy Rights

Depending on your location and applicable law, you may have the right to:

• Request access to personal information we hold about you;
• Request correction of inaccurate or incomplete information;
• Request deletion of personal information;
• Request restriction or objection to certain processing;
• Withdraw consent where processing is based on consent;
• Request portability of certain information;
• Opt out of certain uses, disclosures, marketing communications, or targeted advertising where applicable;
• Appeal a privacy-rights decision where required by law.

To exercise your rights, contact us at support@gladysdrift.com or visit https://www.gladysdrift.com/contact. We may need to verify your identity before fulfilling your request.

11. U.S. State Privacy Rights

Residents of certain U.S. states may have specific rights under state privacy laws. Depending on the state and the nature of our relationship, these rights may include access, correction, deletion, portability, opt-out rights, restriction of sensitive data use, and appeal rights.

Category	Examples	Collected?
Identifiers	Name, email address, phone number, mailing address, IP address, account name, online identifier	Yes
Commercial information	Products or services purchased, considered, or requested; billing and transaction records	Yes
Internet or network activity	Website usage, log data, device/browser data, pages viewed, timestamps	Yes
Professional or employment-related information	Job title, company, business contact details	Yes
Sensitive personal information	Government ID, precise geolocation, health, biometric, racial, religious, or similar sensitive data	No, unless specifically required and disclosed

We do not knowingly sell personal information for money. If our practices change in a way that qualifies as a “sale,” “sharing,” or targeted advertising under applicable state law, we will update this Privacy Policy and provide required opt-out mechanisms.

12. Do-Not-Track Signals

Some browsers provide “Do Not Track” signals. Because there is no uniform technology standard for recognizing and implementing these signals, we do not currently respond to DNT browser signals. We will update this Privacy Policy if a standard is adopted that we must follow.

13. Updates to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal obligations, or business operations. The updated version will be identified by the “Last updated” date at the top of this page.

14. Contact Us

If you have questions, comments, or privacy requests, contact us at: GladysDrift LLC
Email: support@gladysdrift.com
Website: https://www.gladysdrift.com
Contact page: https://www.gladysdrift.com/contact
Mailing address: Mailing details are available through the GladysDrift contact page for verified legal or privacy requests. For Data Privacy Framework complaints or EU/UK/Swiss requests, contact: support@gladysdrift.com.