Privacy Policy

Effective Date: September 19, 2025
Entity: Hashes Agency LLC (“Hashes”, “we”, “us”, or “our”)

We respect your privacy and are committed to protecting it. This Privacy Policy explains what information we collect, how we use it, with whom we share it, and the choices you have. It applies to our websites (including hashesagency.com and hashesadvertising.com), sub‑domains, landing pages, forms, and any products or services we provide—including AI/automation solutions built on GoHighLevel (GHL), advertising and social media services, CRM consulting, and related communications (email, SMS, WhatsApp, calls, chatbots, and in‑app messages).

Important: This document is informational, not legal advice. If you operate in regulated sectors or need bespoke terms, consult counsel.

1) Who We Are & How to Contact Us

Controller: Hashes Agency LLC (registered in the United States)
Primary contact: privacy@hashesagency.com
Other contacts: support@hashesagency.com
Mailing Address (for notices): Florida, USA (update with your precise address)

If you are located in the EEA/UK and wish to exercise privacy rights, please use the addresses above; if required, we will provide details of our EU/UK representative.

2) What We Collect

We collect information in the following categories:

A. Information you provide

  • Contact & Identity Data: name, email, phone, company, role, postal address.
  • Business & Project Data: industry, goals, service interests, budgets, content you supply for campaigns or automation setup.
  • Account & Contract Data: proposals, orders, contracts, signatures, billing details, tax IDs.
  • Communications: emails, SMS/WhatsApp messages, meeting notes, support requests, call recordings (where allowed), form responses.

B. Information we collect automatically

  • Usage & Device Data: IP address, pages viewed, referring URLs, timestamps, language, browser/OS, session analytics.
  • Cookies & Similar Tech: pixels, tags, local storage; see Cookies below.

C. Information from third parties

  • Ad/Analytics Platforms: Google, Meta, LinkedIn, X/Twitter, etc. (audience performance, attribution, conversions).
  • CRM/Automation Platforms: GoHighLevel (GHL) and tools you authorize us to connect (email, telephony, calendar).
  • Enrichment/Lead Sources: lead databases you provide or authorize, webinar/lead‑gen partners, event platforms.
  • Payment & Invoicing Processors: we receive confirmation of payment status and limited payment metadata (we do not store full card numbers).

We do not intentionally collect sensitive information unless required and explicitly provided by you (e.g., tax forms). Please do not submit unnecessary sensitive data.

3) How We Use Information

We use your information to:

  • Provide services: deliver AI/CRM builds, run ads, produce content, manage projects, provide support.
  • Operate our sites & apps: maintain security, debug, and improve performance and UX.
  • Communicate: send onboarding messages, service updates, invoices, reports, and operational notices.
  • Marketing (with consent or lawful basis): newsletters, promotions, webinars, case studies, and remarketing.
  • Analytics & Optimization: measure results, improve campaigns and funnels, train private AI prompts/workflows for your sub‑account.
  • Compliance: meet tax, accounting, fraud prevention, and legal obligations; enforce agreements.

4) SMS/WhatsApp/Voice Messaging Disclosures

If you opt in to SMS/WhatsApp/voice communications:

  • You may receive marketing, reminders, service updates, and support messages.
  • Consent is not a condition of purchase.
  • Frequency varies; message and data rates may apply.
  • You can opt out at any time (e.g., reply STOP for SMS; use platform‑specific opt‑out controls for WhatsApp/voice).
  • For help, reply HELP (SMS) or email support@hashesagency.com.
  • We do not share SMS opt‑in/consent data with third parties except service providers needed to deliver messaging (e.g., aggregators, carriers, CRM/automation tools).

5) Legal Bases for Processing (EEA/UK Only)

Where GDPR/UK GDPR applies, we rely on one or more of the following legal bases:

  • Contract: To provide the services you request.
  • Consent: For certain marketing, cookies, or data sharing—you can withdraw at any time.
  • Legitimate Interests: To operate, secure, and improve our services and to promote them in ways that respect your rights.
  • Legal Obligation: To comply with laws (e.g., tax, accounting, KYC/AML where applicable).

6) Sharing & Disclosures

We do not sell your personal information. We share data only with:

  • Service Providers/Processors: hosting, analytics, communications (email/SMS/voice), CRM/automation (including GHL), support, payments, security, and cloud infrastructure—bound by contract to use data solely for our instructions.
  • Advertising & Analytics Partners: platforms that place pixels/cookies for measurement, attribution, and remarketing; see Cookies.
  • Payment Processors: to complete transactions and manage billing (e.g., Payoneer, Verifone/2Checkout, Stripe/PayPal if enabled by you). We don’t store full card or bank credentials.
  • Professional Advisors & Authorities: auditors, lawyers, regulators, courts, when necessary.
  • Business Transfers: in a merger, acquisition, or asset sale, subject to confidentiality.

We do not share SMS consent data with unrelated third parties for their own marketing.

7) International Data Transfers

We operate with team members and processors in multiple countries (including the United States, Pakistan, and the EEA/UK via subprocessors). When transferring personal data internationally, we use appropriate safeguards (e.g., Standard Contractual Clauses where required) and limit access on a need‑to‑know basis.

8) Data Retention

We keep personal data only as long as necessary for the purposes described here or as required by law:

  • Client & Contract Records: generally 7 years after last activity (tax/accounting).
  • Marketing Leads: typically 24 months from last interaction, unless you opt out sooner.
  • Project/Automation Logs: as long as your sub‑account/project is active and for a reasonable period afterward for troubleshooting, backups, and legal compliance. We may anonymize and retain aggregated data for statistics and service improvement.

9) Security

We implement administrative, technical, and physical safeguards appropriate to the sensitivity of the data, including role‑based access, MFA where available, encryption in transit/at rest by our providers, audit logging, and least‑privilege practices. No system is 100% secure; please notify us promptly of any suspected security issue at security@hashesagency.com.

10) Your Rights & Choices

Email/SMS/WhatsApp: use unsubscribe links or reply STOP (SMS).
Cookies: adjust browser settings or use our cookie banner/preferences (where available).
Access/Correction/Deletion: you may request access to, rectification or deletion of your data, or object/restrict certain processing.
Portability: request a copy of your data in a portable format where applicable.
EEA/UK: you also have the right to lodge a complaint with your local Data Protection Authority.
California (CCPA/CPRA): residents have rights to know/access, correct, delete, and opt out of certain “sharing” for cross‑context behavioral advertising. We do not “sell” personal information as defined by the CCPA. To exercise rights or to opt‑out of “sharing,” contact us or use the cookie preferences.

Requests can be made to privacy@hashesagency.com. We may need to verify your identity before responding.

11) Cookies, Pixels & Tracking

We and our partners use cookies and similar technologies to:

  • enable core site features (strictly necessary),
  • remember preferences,
  • analyze traffic and performance,
  • measure conversions and run remarketing.

You can control cookies via your browser and (where available) our preference tools. Blocking cookies may impact certain features. We may use pixels from Google (GA4/Ads), Meta, LinkedIn, and other platforms enabled in your campaigns.

12) AI, Automation & CRM Features

Because our services include AI assistants, automation, and CRM integrations:

  • We process business contact data and communication history to build workflows, sequences, and dashboards.
  • Where we use third‑party AI providers, they act as processors/sub‑processors and are contractually bound to confidentiality; we do not authorize them to use your data to train public models unless you expressly opt in.
  • You remain controller of your end‑customer data in your sub‑account; we act as a processor on your instructions for implementation and ongoing management.
  • We recommend executing a Data Processing Addendum (DPA) with us when we process personal data on your behalf.

13) Payments & Invoicing

When you purchase services, payments are processed by third‑party providers (e.g., Payoneer, Verifone/2Checkout, Stripe/PayPal, bank transfer). These providers collect and process payment data under their own privacy policies. We receive limited transaction metadata (status, amount, method) to reconcile your account.

14) Third‑Party Links

Our websites and documents may contain links to third‑party sites. We are not responsible for their content or privacy practices. Review their policies before providing personal information.

15) Children’s Privacy

Our services are not directed to children under 13, and we do not knowingly collect their data. If you believe a child has provided us information, contact privacy@hashesagency.com and we will take appropriate steps to delete it.

16) Changes to This Policy

We may update this Privacy Policy to reflect operational, legal, or regulatory changes. We will post the updated version with a new “Effective Date” and, where appropriate, notify you by email or banner.

17) How to Reach Us

Email: privacy@hashesagency.com
Support: support@hashesagency.com
Mailing Address: Florida, USA (update with full address)

If you have questions, concerns, or requests regarding this Policy or your personal data, please contact us using the details above.

No mobile information will be shared with third parties/affiliates for marketing/promotional purposes. All other categories exclude text messaging originator opt-in data and consent; this information will not be shared with any third parties.

Clients opt in to receive SMS messages during the onboarding or project initiation process. They confirm consent by checking a box or providing written approval to receive updates and service-related communications via SMS. If consent is not given, the client will not receive any messages.

By providing a telephone number and submitting this form you are consenting to be contacted by SMS text message. Message & data rates may apply. You can reply STOP to opt-out of further messaging.