Pyrallax ("Company," "we," "our," or "us") is committed to protecting the privacy of our clients and their customers. This Privacy Policy describes how we collect, use, disclose, retain, and safeguard information when you engage our website design, hosting, and digital presence management services ("Services"), visit our website at pyrallax.com, or interact with us in any capacity.
By using our Services or providing information to us, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with the practices described herein, you should not use our Services.
Definitions
- "Client" refers to the business or individual who subscribes to Pyrallax Services.
- "End User" refers to visitors of websites designed and hosted by Pyrallax on behalf of the Client.
- "Personal Information" means any information that identifies or can be used to identify an individual, directly or indirectly.
- "Business Information" refers to non-personal data related to a business entity, including but not limited to business name, address, phone number, operating hours, and service offerings.
- "Processing" means any operation performed on Personal Information, including collection, recording, organization, storage, adaptation, retrieval, use, disclosure, or deletion.
Information We Collect
2.1 Information Provided Directly by Clients
When you engage our Services, we collect information that you voluntarily provide:
- Identity Information: Full legal name of the business owner or authorized representative, business entity name, and job title.
- Contact Information: Email address, phone number, mailing address, and preferred method of contact.
- Business Information: Business name, physical address, phone number, hours of operation, services offered, pricing, menu items, staff names (if provided for website team pages), business history, and brand guidelines.
- Visual Content: Photographs, logos, brand assets, and other visual materials provided for use on the Client's website.
- Financial Information: Billing name, billing address, and payment method details. Payment card information is processed and stored exclusively by our payment processor, Stripe, Inc. Pyrallax does not directly store, process, or have access to full credit card numbers, CVV codes, or complete bank account numbers.
- Communication Records: Emails, messages, phone call notes, meeting notes, and other correspondence between the Client and Pyrallax.
- Third-Party Account Credentials: If the Client provides login credentials for existing accounts (Google Business Profile, social media accounts, domain registrars, or booking platforms), these are used solely for the purpose of managing the Client's digital presence and are stored securely.
2.2 Information Collected Automatically
When you visit pyrallax.com, we may automatically collect:
- Device Information: Browser type, operating system, device type, screen resolution, and language preferences.
- Usage Data: Pages visited, time spent on pages, referring URL, and navigation patterns.
- Network Information: IP address and approximate geographic location (city/region level only).
2.3 Information Collected Through Client Websites
Websites we build and host on behalf of Clients may collect information from End Users through:
- Contact Forms: Name, email, phone number, and message content submitted by End Users.
- Analytics Tools: Google Analytics may be installed on Client websites to collect anonymized visitor data including page views, session duration, traffic sources, geographic regions, and device types.
- Booking or Ordering Integrations: Third-party booking or ordering systems integrated into a Client's website have their own privacy policies governing the data they collect.
2.4 Information Collected from Third Parties
We may collect publicly available information about a Client's business from Google Business Profile, Google Maps, Yelp, social media platforms, public business directories, and Chamber of Commerce listings. This information is used solely to build and optimize the Client's website and digital presence.
Legal Basis for Processing
- Contractual Necessity: Processing is necessary to perform our Services under the agreement between Pyrallax and the Client.
- Legitimate Interest: Processing is necessary for our legitimate business interests, such as improving our Services, communicating with Clients, and protecting against fraud.
- Consent: Where required by applicable law, we obtain your consent before processing your information for specific purposes.
- Legal Obligation: Processing may be necessary to comply with applicable laws, regulations, or legal proceedings.
How We Use Your Information
4.1 Service Delivery
- Designing, developing, deploying, and maintaining your website
- Creating and managing your Google Business Profile
- Setting up and configuring Google Analytics and Google Search Console
- Claiming and optimizing your Yelp business page
- Integrating third-party services (booking systems, ordering platforms, social media feeds)
- Performing SEO optimization and keyword targeting
- Generating monthly performance reports
- Conducting monthly strategy calls (Pro tier)
- Executing content updates as requested
4.2 Business Operations
- Processing subscription payments and issuing invoices
- Communicating with you about your account, service updates, and support requests
- Maintaining internal records for accounting and tax purposes
- Resolving disputes and enforcing our Terms of Service
4.3 Service Improvement
- Analyzing aggregate, anonymized usage patterns to improve our service offerings
- Developing new features and services
- Training and quality assurance
Information Sharing and Disclosure
Pyrallax does not sell, rent, lease, or trade your Personal Information to any third party for their marketing purposes. We may share your information only in the following limited circumstances:
5.1 Service Providers
| Provider | Purpose | Data Shared |
|---|---|---|
| Stripe, Inc. | Payment processing | Billing name, email, payment method |
| Cloudflare, Inc. | Domain, DNS, CDN, hosting | Domain data, website files, visitor IPs |
| Framer B.V. | Website hosting | Website content and files |
| Google LLC | Analytics, Search Console, GBP | Anonymized analytics, business info |
| Proton AG | Business email | Email correspondence |
5.2 Legal Requirements
We may disclose your information if required by law, or in the good faith belief that such action is necessary to comply with a legal obligation, subpoena, court order, or governmental request; protect and defend the rights or property of Pyrallax; prevent or investigate possible wrongdoing; or protect the personal safety of users or the public.
5.3 Business Transfers
In the event of a merger, acquisition, reorganization, or sale of assets, your information may be transferred as part of that transaction. Affected Clients will be notified via email before their information becomes subject to a different privacy policy.
Data Security
We implement and maintain reasonable administrative, technical, and physical safeguards:
- Encryption: All websites use SSL/TLS encryption (HTTPS). All data in transit is encrypted.
- Payment Security: Payments are handled by Stripe, PCI-DSS Level 1 certified.
- Access Control: Client information access is limited to authorized personnel on a need-to-know basis.
- Infrastructure Security: Cloudflare and Framer provide enterprise-grade DDoS protection, WAF, and global CDN.
- Credential Management: Third-party credentials are stored with encryption and never shared with unauthorized parties.
- Communication Security: Email is operated through Proton Mail with end-to-end encryption.
While we strive to protect your information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security but are committed to promptly addressing any security incidents.
Data Retention
| Data Type | Retention Period | Reason |
|---|---|---|
| Business and contact info | Service duration + 12 months | Accounting, legal, reactivation |
| Payment records | 7 years after last transaction | IRS tax compliance |
| Website content and files | 30 days after termination | Client data retrieval grace period |
| Email correspondence | Service duration + 24 months | Dispute resolution, continuity |
| Analytics data | Service duration | Remains in Client's Google account |
| Third-party credentials | Deleted within 7 days of termination | Security |
| Website backups | 90 days after termination | Disaster recovery |
After the applicable retention period, information is permanently deleted or anonymized.
Domain and Website Data
- Domains registered on behalf of Clients use WHOIS privacy protection where available.
- Website files are hosted on Cloudflare Pages and/or Framer and removed within 30 days of termination.
- Website backups may be maintained for up to 90 days following termination for disaster recovery, after which they are permanently deleted.
Cookies and Tracking Technologies
9.1 On pyrallax.com
Our website does not currently use cookies for advertising, tracking, or behavioral profiling. We may use essential cookies necessary for basic site functionality.
9.2 On Client Websites
- Google Analytics: Uses cookies for anonymized visitor data, governed by Google's Privacy Policy.
- Google Search Console: Does not use cookies on Client websites.
- Third-Party Integrations: Booking platforms, ordering systems, and social media embeds may set their own cookies under their respective privacy policies.
Clients are responsible for ensuring their websites comply with applicable cookie consent laws. Pyrallax can assist with implementing cookie consent banners upon request.
Your Rights
10.1 General Rights
- Access: Request a copy of the Personal Information we hold about you.
- Correction: Request correction of inaccurate or incomplete information.
- Deletion: Request deletion of your information, subject to legal retention requirements.
- Restrict Processing: Request limits on how we use your information.
- Data Portability: Request a copy in a structured, machine-readable format.
- Object: Object to processing for certain purposes.
- Withdraw Consent: Withdraw consent at any time without affecting prior processing.
10.2 Massachusetts Residents
Under Massachusetts General Laws Chapter 93H, we maintain a written information security program. In the event of a data breach, we will notify you in accordance with M.G.L. c. 93H, Section 3.
10.3 California Residents (CCPA/CPRA)
California residents have additional rights: the right to know what data we collect, the right to delete, the right to opt out of sale or sharing (Pyrallax does not sell or share Personal Information), the right to non-discrimination, the right to correct inaccurate data, and the right to limit use of sensitive information.
10.4 Exercising Your Rights
Contact us at hello@pyrallax.com with the subject line "Privacy Request." We respond to verified requests within 30 days.
Children's Privacy
Our Services are intended for businesses and are not directed at individuals under 18. We do not knowingly collect Personal Information from children. If we become aware of such collection, we will delete that information promptly.
International Data Transfers
Our Services are operated in the United States. If you are located outside the United States, information may be transferred to, stored, and processed in the United States, where data protection laws may differ. By using our Services, you consent to this transfer.
Third-Party Links and Services
Client websites may contain links to third-party websites or integrate third-party services. Pyrallax is not responsible for the privacy practices of these third parties. We encourage End Users to review the privacy policies of any third-party services they interact with.
Data Breach Notification
In the event of a security breach that compromises Personal Information, Pyrallax will:
- Investigate and contain the breach promptly
- Notify affected Clients via email within 72 hours of becoming aware of the breach
- Notify relevant authorities as required by applicable law, including the Massachusetts Attorney General and Office of Consumer Affairs per M.G.L. c. 93H
- Provide information about the nature of the breach, data affected, and recommended protective measures
- Take reasonable steps to mitigate the effects of the breach
Artificial Intelligence and Automated Tools
Pyrallax may use artificial intelligence tools to assist in website content creation, copywriting, and design. Client information processed through these tools is used solely for delivering the Services. We do not use Client information to train AI models and select tools with appropriate data handling protections.
Changes to This Privacy Policy
When we make material changes, we will update the date at the top of this page, notify active Clients via email at least 30 days before changes take effect, and post the updated policy at pyrallax.com/privacy. Continued use of Services after changes take effect constitutes acceptance.
Contact
If you have questions about this Privacy Policy, contact us at:
Pyrallax
Boston, Massachusetts 02210
hello@pyrallax.com
If unsatisfied with our response, you may file a complaint with the Massachusetts Attorney General's Office or your local data protection authority.