Privacy Policy

This Privacy Policy describes how The Switchboard, LLC (“The Switchboard,” “we,” “our,” or “us”) collects, uses, and protects information when you visit theswitchboardmarketing.com (the “Site”). The Site is our corporate marketing presence. Access to our product platform is governed by a separate written agreement with each customer and is not covered by this Policy.

At a glance

• We collect only what you submit through contact forms plus limited technical information (IP, browser, pages viewed).
• We do not sell or share personal information for cross-context behavioral advertising.
• We do not use Google Analytics, Meta Pixel, LinkedIn Insight Tag, or any third-party advertising tracker.
• You have rights to access, delete, correct, export, and opt out — see Section 10.
• Questions: use the contact form on our website or write to the address in Section 16.

1. Information we collect

1a. Information you provide

When you contact us through a form on the Site, we collect the information you submit — typically your name, business email, company, role, and message. Providing this information is voluntary and only occurs when you initiate contact with us.

1b. Information collected automatically

Our servers and our proprietary first-party analytics record limited technical information to operate and secure the Site:

• IP address and approximate geographic region
• Browser type, device type, and operating system
• Pages viewed, referring URL, and time spent on the Site
• Session identifiers used to distinguish one visit from another

1c. Information from third parties

If you reach us via a platform such as LinkedIn or a partner introduction, we may receive your contact information from that platform or partner. We do not purchase contact lists, buy enriched profiles, or receive data from data brokers for marketing to you.

2. Categories of personal information (CCPA/CPRA disclosure)

In the preceding 12 months, we collected the following categories of personal information defined under the California Consumer Privacy Act, as amended by the California Privacy Rights Act:

• Identifiers (name, business email, IP address): Yes
• Customer records (Cal. Civ. Code §1798.80): Yes
• Commercial information (company, role, inquiry context): Yes
• Internet or network activity (pages viewed, referrer, session data): Yes
• Professional or employment information (job title, employer): Yes
• Inferences drawn from the above (fit for our platform): Yes
• Protected classifications, biometric information, precise geolocation, sensory data, education information: No

Sources: directly from you; automatically from your device; occasionally from a platform through which you contacted us. Business purposes: responding to you, operating and securing the Site, internal analytics, and recordkeeping. Recipients: our service providers listed in Section 4; law enforcement where legally required.

3. Sensitive personal information

We do not collect, use, or disclose sensitive personal information as defined under the CPRA (Cal. Civ. Code §1798.140(ae)) or analogous categories under Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, Iowa, Indiana, Delaware, New Jersey, New Hampshire, Nebraska, Minnesota, Maryland, Kentucky, Rhode Island, or Florida state privacy laws, beyond what is strictly necessary to provide the services you request. Accordingly, we do not offer a “Limit the Use of My Sensitive Personal Information” mechanism.

4. How we share information

We share information only with a small set of service providers that help us operate the Site. These providers are bound by written agreements that restrict their use of personal information to performing services for us:

• Our cloud hosting provider (Railway), for Site delivery
• Our transactional email provider (Amazon SES via MailKit), to deliver replies
• Our internal customer relationship system (Phoenix CRM), operated in-house
• Our logging and observability system (Seq), operated on infrastructure we control

We may also disclose information: (a) to comply with a law, court order, or valid legal process; (b) to enforce our Terms of Service; (c) to protect the rights, property, or safety of The Switchboard, our customers, or the public; or (d) in connection with a merger, acquisition, financing, or sale of assets (in which case we will require the recipient to honor this Policy or provide notice of material changes).

5. Sale or sharing of personal information

The Switchboard does not sell personal information for monetary consideration, and we do not share personal information for cross-context behavioral advertising as those terms are defined under the CCPA/CPRA and analogous state laws. We have not done so in the preceding 12 months. Because we do not engage in these practices, no “Do Not Sell or Share My Personal Information” link is required; however, you may still submit a preference signal (including the Global Privacy Control) or contact us using the information in Section 16.

6. Cookies, tracking, and analytics

The Site uses a small number of first-party cookies and similar technologies for essential functions such as remembering session state and supporting our own analytics. We do not place third-party advertising cookies or embed third-party trackers. Most browsers allow you to refuse or delete cookies through settings. Refusing cookies may affect some Site functionality but will not prevent you from viewing public pages. We honor the Global Privacy Control signal as a request to opt out of any future sale or share, should those practices ever change.

7. Data retention

We retain personal information only as long as necessary for the purposes described in this Policy, to comply with legal obligations, resolve disputes, and enforce our agreements. Retention periods, by category:

• Contact-form submissions: 24 months after last contact with you.
• Email correspondence: 36 months after the last message, unless a longer period is required for a pending matter.
• Server and analytics logs: 90 days.
• Marketing email records: until you unsubscribe, plus a 24-month suppression record to honor your opt-out.
• Records required by law, regulation, or legitimate business need (e.g., contracts, tax records): for the period required.

8. Data security

We maintain administrative, technical, and physical safeguards designed to protect personal information against unauthorized access, loss, misuse, or alteration, including encryption of data in transit, access controls, and secure hosting. No method of transmission over the internet is completely secure, and we cannot guarantee absolute security.

9. Breach notification

We maintain an incident response program and will notify affected individuals and regulators of security breaches involving personal information without undue delay and in accordance with applicable law.

10. Your privacy rights

Subject to verification and applicable exceptions, you have the right to:

• Know or access the personal information we process about you
• Delete personal information
• Correct inaccurate personal information
• Port personal information in a structured, machine-readable format
• Opt out of the sale or sharing of personal information (not applicable to us — see Section 5)
• Opt out of targeted advertising (not applicable — we do not engage in it)
• Opt out of profiling in furtherance of decisions that produce legal or similarly significant effects (not applicable — we do not engage in such profiling)
• Limit the use of sensitive personal information (not applicable — see Section 3)
• Receive equal service and price — we do not discriminate against anyone for exercising these rights
• Appeal a denial of any of the above

These rights are available to residents of California, Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, Iowa, Indiana, Delaware, New Jersey, New Hampshire, Nebraska, Minnesota, Maryland, Kentucky, Rhode Island, Florida, and other states with comprehensive privacy laws, subject to each state’s specific scope and exemptions. Nevada residents also have the right to opt out of the sale of personal information under Nev. Rev. Stat. §§603A.300–.360.

How to exercise your rights: submit a request through the contact form on our website or write to us at the address below. Please tell us which right you are exercising and provide enough information for us to verify your request (we may ask for additional verifying information to confirm your identity). We will acknowledge your request within ten (10) business days and respond within forty-five (45) days, extendable by an additional forty-five (45) days when reasonably necessary with notice. Authorized agents may submit requests on your behalf with proof of authority. If we deny a request, you may appeal by replying to our response within thirty (30) days; we will respond to the appeal within sixty (60) days.

11. Automated decision-making

We do not use your personal information for automated decision-making or profiling that produces legal or similarly significant effects about you.

12. International users — GDPR and UK posture

The Site is operated from the United States and is directed to U.S. businesses. If you are located in the European Economic Area, United Kingdom, or Switzerland, we process your personal data on the following lawful bases under GDPR Article 6:

• Legitimate interests (Art. 6(1)(f)) — for B2B outreach, Site improvement, and security
• Contract (Art. 6(1)(b)) — to provide services you have requested
• Consent (Art. 6(1)(a)) — for marketing communications where consent is required
• Legal obligation (Art. 6(1)(c)) — to comply with applicable law

You have the rights of access, rectification, erasure, restriction, portability, and objection under GDPR Articles 15–21, and may lodge a complaint with your supervisory authority. We rely on Standard Contractual Clauses for international transfers to the United States where applicable.

13. Children’s privacy

The Site is directed to business professionals and is not intended for children. We do not knowingly collect personal information from children under 13 (or under 16 in the EEA/UK). If you believe a child has provided personal information to us, please contact us through the form on our website and we will delete it.

14. Customer-platform data (out of scope)

When our customers use the product platform to process consumer data (including personal and, where applicable, non-public personal information under the Gramm-Leach-Bliley Act), we act as a service provider / processor on their behalf. That processing is governed by a separate Data Processing Addendum or Master Services Agreement between The Switchboard and the customer, not by this Policy.

15. Changes to this Policy

We may update this Privacy Policy from time to time. When we do, we will revise the “Effective” and “Last updated” dates at the top of this page. Material changes will be communicated through a prominent notice on the Site and, where we have your email, by email at least 30 days before the change takes effect. Your continued use of the Site after the effective date constitutes your acceptance of the updated Policy.

16. Contact us

If you have questions about this Privacy Policy, wish to exercise a right, or want to report a concern, please reach out: