Privacy Policy

Who we are

SleuthX is a product of Blueberry Security Global, Inc., a Delaware C-corporation headquartered at 7132 Lily Way, Naples, FL 34114, US. For privacy questions or to exercise your rights under the laws referenced below, contact us at quinn@sleuthx.ai.

What this policy covers

This policy applies to https://sleuthx.ai and the SleuthX AI agent (when launched), including the waitlist, paid reservation flow, and any related communications or services we provide directly to you. It does not cover third-party sites we link to — they have their own policies.

Information we collect

We collect information in three ways: information you give us directly, information collected automatically when you use the site, and information we receive from third-party services we use to run the company.

Information you give us

• Waitlist signups: email address, optional name, tier preference, optional incident type, and any free-form notes you write in the form.
• Paid reservations: the above plus payment-method details collected by Stripe (we never see or store your full card number — Stripe handles that).
• Direct contact: any email you send to quinn@sleuthx.ai, voicemail you leave on (239) 241-8095, or message you submit through Calendly when scheduling a consultation.

Information collected automatically

• Analytics: Google Analytics 4 (measurement ID G-5SPMWN01EP) records anonymized session data — pages viewed, referring URL, approximate location (city level), device type, time on site. IP addresses are anonymized before storage.
• Server logs: our hosting provider Vercel logs request metadata (IP, user-agent, timestamp, URL) for 30 days for security and debugging.
• Cookies: session cookies for navigation, GA4 analytics cookies, and Stripe payment cookies during checkout. We do not use advertising cookies that track you across other sites.

How we use it

• To respond to inquiries and schedule consultations.
• To send launch updates and product news to people who joined the waitlist.
• To process payments for paid reservations and (post-launch) subscriptions.
• To improve the site and the product (aggregated, non-identifying analytics).
• To comply with legal obligations and protect against fraud or abuse.

Who we share it with

We do not sell your personal information. We do not share it with advertisers. We share limited information with the service providers that run the company:

• Vercel — hosts the website and runs the API. Sees request metadata and form submission contents in transit.
• Stripe — processes payments. Receives your name, email, and payment-method details for the purpose of charging your subscription.
• Google Analytics — receives anonymized session data. We have IP anonymization enabled and we have signed Google's data-processing terms.
• GitHub — waitlist signups are written to a private GitHub repository we use as our internal CRM. The repository is private and access-controlled to the three-person team plus the founder.
• Calendly — when you schedule a consultation, your name, email, and any notes you provide go to Calendly so we can run the meeting.
• Email service — outbound email about your account or the launch is sent via Microsoft 365 or a transactional email provider (currently Resend, subject to change).

We may also disclose information if required by law (subpoena, court order, valid government request) or to protect against fraud or abuse. If a disclosure is legally permitted to be challenged, we will challenge overbroad requests and notify the affected user before complying when not legally prohibited from doing so.

How long we keep it

• Waitlist signups: retained until launch and for up to 24 months after, so we can honor your introductory pricing commitment. Deleted on request before then.
• Paid reservation / subscription records: retained for the active duration of your subscription plus 7 years for tax and accounting compliance.
• Server logs: 30 days, then automatically purged by Vercel.
• Analytics:retained per Google's default GA4 retention (currently 14 months) and not personally identifying.

Your rights

Regardless of where you live, you can email quinn@sleuthx.ai to:

• Request a copy of the information we have about you.
• Ask us to correct information that is wrong.
• Ask us to delete your information (subject to our legal retention requirements).
• Withdraw consent for marketing emails (also via the unsubscribe link in any email).

California residents (CCPA / CPRA)

You have the right to know what personal information we collect, the right to delete it, the right to correct it, the right to opt out of any "sale" or "sharing" for cross-context behavioral advertising (we do neither), and the right not to be discriminated against for exercising these rights. To exercise any of these, email quinn@sleuthx.aiwith "CCPA Request" in the subject line. We will respond within 45 days.

EU and UK residents (GDPR / UK GDPR)

Our lawful bases for processing are: (a) consent for marketing communications, (b) contract for fulfilling paid subscriptions, (c) legitimate interest for site security, fraud prevention, and improving the product. You have the rights of access, rectification, erasure, restriction, portability, and objection. You can lodge a complaint with your local supervisory authority. We do not currently maintain an EU representative — for any GDPR matter, contact quinn@sleuthx.ai directly.

Other US states

If you live in Virginia, Colorado, Connecticut, Utah, Texas, or any other US state with a consumer privacy law, you generally have rights similar to those above. Email us with the name of your state law and we will treat your request accordingly.

Children

The site and the SleuthX product are not directed at children under 13, and we do not knowingly collect personal information from anyone under 13. If you believe a child has submitted information to us, contact quinn@sleuthx.ai and we will delete it.

Security

We use industry-standard transport encryption (TLS 1.2+) for all traffic to the site and to our service providers. Stripe is PCI-DSS Level 1 certified. Our internal CRM repository (where waitlist signups land) is private and access-controlled. We do not claim absolute security — no system is unbreakable — but we apply the same incident response and forensic discipline to our own systems that we apply to client engagements.

International transfers

We are based in the United States. If you are using the site from outside the US, your information will be transferred to and processed in the US. By using the site you consent to that transfer. Stripe and Google Analytics rely on standard contractual clauses for their own international transfers from the EU.

Changes to this policy

We may update this policy as the product evolves. Material changes will be announced on the site and (for waitlist members and subscribers) by email at least 14 days before taking effect. The "Last updated" date at the top of this page reflects the most recent revision.

Contact

For any privacy question, request, or complaint, contact:
Blueberry Security Global, Inc.
7132 Lily Way, Naples, FL 34114
Email: quinn@sleuthx.ai
Phone: (239) 241-8095