Privacy Policy

Introduction

Framework First, Inc. (“Company,” “we,” “us,” “our”) is committed to the lawful, fair, and transparent collection of your data. This policy governs data collection by us and our affiliates when you purchase or use our products, services, software, and website (collectively, the “Services”). It aims to help you understand the types of information we collect, how we use it, and how we share, store, and protect it. By accessing or using our Services, you agree to this policy, which may change from time to time. Your continued use after any changes indicates acceptance of those changes.

Children Under the Age of 13

Our Services are not intended for minors (children under 13 years of age or equivalent depending on jurisdiction, “Children”), and use of our Services by Children is strictly prohibited. We do not knowingly collect personally identifiable information from Children. If we learn we have collected or received personal information from Children without verification of parental consent, we will delete that information. If you believe we might have any information from or about Children, please contact us.

Types of Information We Collect

We collect information you voluntarily provide to us. For example, you might provide us with your name and email address when you sign up for our Services or submit information through surveys, forms, portals, or other interactive activities on our website. It is always your choice whether or not to provide personal data. Do not provide personal data unless you are authorized to do so.

We may collect the following information directly from you:

  • Personal information such as name, address, email address, phone number, and other identifiers by which you may be contacted online or offline.
  • Property information you submit through our Online Property Analysis, feasibility-study intake, or ADU Designer tools (lot address, parcel data, project preferences).
  • Information that does not individually identify you.
  • Information about how you interact with our website, such as internet connection or the equipment you use to access the Services.

Financial-account information (Framework First internal use only). Our internal executive dashboard uses Plaid Inc. (“Plaid”) to securely retrieve our own company bank-account names, balances, and transaction history for internal cash-flow reporting. We do not use Plaid to collect financial-account information from website visitors, customers, or any other third party. The Plaid integration aggregates only Framework First’s own operating accounts, and the data never leaves our internal systems.

This policy does not apply to third-party sites that may link to, or be accessible from, our site. We do not control these third parties’ tracking technologies or how they may be used. Your interactions with these sites are governed by the third parties’ applicable privacy statements. If you have any questions about these sites, you should contact the responsible provider directly.

We may also collect information automatically as you interact with our website, including:

  • Details of your visits to our website and information about your computer and internet connection. The information we collect automatically does not include personal information.
  • The technologies we use for automatic data collection may include cookies. You may refuse to accept browser cookies by adjusting your browser settings, but doing so may prevent you from accessing certain parts of our website.

How We Use Your Information

We use information that we collect about you or that you provide to us, including personal information, to:

  • Present our Services to you.
  • Provide you with information, products, or services that you request from us.
  • Fulfill any other purpose for which you provide it.
  • Provide you with notices about your account or subscription, including expiration and renewal notices.
  • Carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collection.
  • Comply with legal obligations.
  • For any other purpose with your consent.

If you are an EU resident, we will collect and use your personal data only if we have one or more legal bases for doing so under the GDPR. This means we collect and use your personal data only where you have given your consent for one or more specific purposes; it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests; it is necessary to protect the vital interests of you or another natural person; or it is necessary to comply with a legal obligation.

Who We Share Your Information With

We may disclose aggregated information about our users, and information that does not identify any individual, without restriction. We may disclose personal information that we collect or you provide as described in this policy to:

  • Our team members, agents, subsidiaries, and affiliates who have a business need to know.
  • Contractors, service providers, and other third parties we use to support our business.
  • A buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of the Company’s assets.
  • Fulfill the purpose for which you provide it.
  • For any other purpose disclosed by us when you provide the information.
  • With your consent.

Service providers we rely on. The principal service providers that process information on our behalf include:

  • Google LLC — Google Workspace for email, file storage, and identity (single sign-on) for our internal team.
  • Supabase, Inc. — managed database, authentication, and storage for our internal executive dashboard.
  • Vercel Inc. — application hosting for our internal executive dashboard.
  • Plaid Inc. — secure retrieval of Framework First’s own company bank-account balances and transaction information for internal cash-flow reporting. Plaid acts as a service provider to Framework First, Inc. and processes financial-account data on our behalf in accordance with its own privacy policy. Plaid’s end-user privacy policy is available at plaid.com/legal/#end-user-privacy-policy, and Plaid’s general privacy policy is available at plaid.com/legal/.
  • WordPress.com / Automattic Inc. — public website hosting and domain services for frameworkfirst.com.
  • HighLevel, Inc. (GoHighLevel) — customer relationship management, email and SMS communication, and marketing automation.

We may also disclose your personal information:

  • To comply with any court order, law, or legal process, including to respond to any government or regulatory request.
  • To enforce or apply our terms of use and other agreements, including for billing and collection purposes.
  • If we believe disclosure is necessary or appropriate to protect the rights, property, or safety of the Company, our customers, or others.

How We Protect Your Personal Information

We implement reasonable processes and adhere to industry best practices to protect your personal information from accidental loss and from unauthorized access, use, alteration, and disclosure. These measures include encryption in transit (TLS 1.2 or higher), encryption at rest (AES-256) for data stored in our managed database and storage providers, role-based access control with multi-factor authentication on every account that can access confidential data, and reliance on service providers that maintain current SOC 2 Type II attestations. However, the transmission of information via the internet is not completely secure, and we cannot guarantee the security of your personal information transmitted to our website. Any transmission of personal information is at your own risk. We are not responsible for circumvention of any privacy settings or security measures on the website. We will store your personal data only until it is no longer needed to fulfill the purpose(s) for which it was collected or as required or permitted by law, at which point it will be anonymized, deleted, or isolated.

Data Retention

We retain personal information only as long as needed to fulfill the purposes described in this policy, satisfy our legal obligations, resolve disputes, and enforce our agreements. Specific retention windows include: marketing leads and CRM contact records, until you request deletion or 36 months of inactivity, whichever comes first; internal financial records (general ledger, invoices, contracts, tax filings), 7 years from the close of the relevant tax year; project and client records, 10 years from project completion (California Code of Civil Procedure §337.15); website server logs and analytics, 13 months rolling. Our full data retention and disposal policy is available upon request.

Your California Privacy Rights (CCPA / CPRA)

If you are a California resident, you have the right to: (i) know what personal information we collect, use, disclose, and sell about you; (ii) request deletion of personal information we have collected from you, subject to certain exceptions; (iii) request correction of inaccurate personal information; (iv) opt out of the sale or sharing of your personal information; and (v) not be discriminated against for exercising any of these rights. We do not sell your personal information. To exercise any of these rights, email us at [email protected]. We will verify your identity using a reasonable method (such as matching the email of record) and respond within 45 days as required by law.

Accessing and Correcting Your Information

You can request to access, correct, or delete any personal information that you have provided to us by contacting us at [email protected]. We may not accommodate a request to change information if we believe the change would violate any law or legal requirement or cause the information to be incorrect.

Changes to This Policy

We may update this policy from time to time. When we do, we will revise the “Last modified” date at the top of this page. If we make material changes, we will provide additional notice (such as a banner on our website or an email to active subscribers). Your continued use of the Services after any change indicates acceptance of the revised policy.

How to Contact Us

To ask questions or comment about this privacy policy and our privacy practices, contact us at:

Framework First, Inc.
1610 Moffett Street, Suite C
Salinas, California 93905, United States

[email protected]