Privacy & cookie policy

Last Updated: February 24, 2026

Heartland Digital Studio ("we," "us," or "our") operates the website https://heartlanddigitalstudio.com and provides web design, marketing automation, and "Smart Website System" (SwaS) services. We are committed to protecting your privacy and ensuring the security of your personal data.

This Privacy and Cookie Policy explains how we collect, use, disclose, and safeguard your information when you visit our website or use our services, including our AI receptionist, CRM, and SMS automation tools. Our SwaS services are delivered using GoHighLevel ("GHL") as a core platform provider for CRM, unified inbox, scheduling, and automation workflows.

1. Information We Collect

We collect information that identifies, relates to, or could reasonably be linked to you ("Personal Information").

A. Information You Provide Directly:

  • Contact Data: Name, email address, phone number, and business name provided via contact forms, chat widgets, or appointment booking.
  • Account Data: Billing information, login credentials, and business profile details.
  • Communication Data: Records of your interactions with our AI receptionist, SMS chat widgets, and support team.

B. Information Collected Automatically:

  • Usage Data: IP address, browser type, device information, operating system, and pages viewed.
  • Tracking Data: Information gathered through cookies, web beacons, and pixels regarding your interaction with our site.

C. Information Processed for Clients (Service Provider / Processor):
In our capacity as a service provider, we may process lead and customer information on behalf of our contractor clients (for example: names, phone numbers, email addresses, service addresses, appointment details, message content, and related communications). In these situations, the contractor client is generally the Data Controller / Business (they decide what data is collected and why), and Heartland Digital Studio is generally the Service Provider / Processor (we process data to provide and support the services).

Client lead data is processed and protected under our Data Processing Addendum (DPA) and the applicable client agreement(s). Where the contractor controls the website, forms, and lead capture experiences, the contractor’s own privacy policy governs their end-user relationship.

2. How We Use Your Information

We use the collected data for the following purposes:

  • Service Delivery: To build, host, and maintain your Smart Website System and related CRM/automation features delivered through GoHighLevel (GHL).
  • Automation: To facilitate missed call text-back, AI-driven lead responses, scheduling support, and automated follow-ups.
  • AI Receptionist & Scheduling Support: To process lead data (including message content and contact details) through AI-assisted logic in order to (i) respond to inquiries, (ii) qualify leads, (iii) suggest or confirm appointment times, and (iv) route messages to the appropriate contractor/client team. AI may generate or suggest responses based on the information provided by the lead and configuration set by the contractor client.
  • Communication: To send project updates, invoices, and marketing communications (where permitted).
  • Optimization: To analyze website performance and improve our SEO and conversion strategies.
  • Compliance: To meet legal obligations and enforce our Terms of Service.
3. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience and analyze traffic.

  • Essential Cookies: Required for the website to function (e.g., security and session management).
  • Analytical Cookies: Help us understand how visitors interact with the site (e.g., Google Analytics).
  • Functional Cookies: Remember your preferences, such as chat widget history.
  • Marketing Cookies: Used to track the effectiveness of our advertising campaigns.

Managing Cookies: You can set your browser to refuse all or some cookies. However, if you disable cookies, some parts of our Smart Website System may not function properly.

4. SMS and Mobile Communication

Heartland Digital Studio utilizes SMS/MMS and mobile messaging automation (including missed call text-back and chat-to-text) as part of our SwaS offering, typically delivered through GoHighLevel (GHL) and its connected messaging providers/carriers.

  • Opt-In / Consent: By providing your mobile number or otherwise opting in, you consent to receive text messages related to the services you requested (for example: responding to inquiries, scheduling, confirmations, follow-ups, and support). Message frequency may vary. Message and data rates may apply.
5. Data Sharing and Disclosure

We do not sell your personal information. We share data only as needed to operate our website and deliver services, including:

  • Platform Provider (GoHighLevel / GHL): We use GoHighLevel (GHL) as a core platform provider for CRM, scheduling, unified inbox, and automation workflows. Information submitted through forms, chat widgets, and messaging features may be processed and stored within GHL in order to provide the services.
  • Service Providers / Vendors: Third parties who assist in operations (for example: hosting providers, analytics providers, payment processors such as Stripe, and communications delivery providers used to send SMS/MMS).
  • AI Providers (AI Receptionist Logic): Data may be processed through AI models to power AI receptionist and automated response logic, including assisting with lead responses and scheduling. We limit AI processing to what is necessary to deliver the feature(s) and follow configured instructions.
  • Contractor Clients (Controller): When you submit information to a contractor’s website, chat widget, or booking experience that we operate for that contractor, that information is shared with and accessible to that contractor client (the Data Controller / Business) so they can respond, quote, and provide services.
  • Legal Requirements: If required by law, subpoena, or to protect the rights and safety of Heartland Digital Studio and our clients.
6. Data Security

We implement industry-standard security measures, including SSL encryption and secure API integrations through our CRM stack, to protect your data. However, no method of transmission over the Internet is 100% secure, and we cannot guarantee absolute security.

  • SMS/MMS Data Protection (No Marketing Sharing): Phone numbers and mobile messaging consent collected for SMS/MMS automation are not shared with third parties or affiliates for their own marketing or promotional purposes. We do not sell or rent SMS/MMS opt-in data. All other categories exclude text messaging originator opt-in data and consent; this information will not be shared with any third parties for marketing/promotional purposes.
7. Data Retention
  • Service Providers for Delivery: We may share the minimum necessary information with platform and communications providers (such as GHL and downstream messaging delivery partners) solely to send and manage messages you have consented to receive and to operate the services.

We retain personal information for as long as necessary to provide our services, comply with legal obligations, resolve disputes, and enforce our agreements. Lead data processed for clients is retained according to the client's subscription status and the terms of our DPA.

  • Opt-Out: You may opt out of SMS communications at any time by replying "STOP" (or any other method we provide). After opting out, you may receive a final confirmation message. For help, reply "HELP" or contact us using the information in Section 10.

8. Your Rights (GDPR/UK GDPR, CCPA/CPRA, and Other U.S. State Privacy Laws)

Depending on your location and our role (Controller vs. Service Provider/Processor), you may have the following rights:

  • Access / Right to Know: Request access to and/or details about the personal data we hold about you.
  • Correction: Request that we correct inaccurate personal information.
  • Deletion: Request that we delete personal information, subject to legal exceptions.
  • Portability (GDPR/where applicable): Request a copy of certain information in a portable format.
  • Objection / Restriction (GDPR/where applicable): Object to or request restriction of certain processing.
  • Withdraw Consent: Where processing is based on consent, you may withdraw consent at any time (this does not affect processing that occurred before withdrawal).
  • Opt-Out of Marketing: Opt out of marketing emails/texts at any time (SMS opt-out is described in Section 4).
  • CCPA/CPRA (California) Additional Notices: We do not sell personal information and we do not share personal information for cross-context behavioral advertising in a manner that would constitute "selling" or "sharing" under the CPRA. You will not be discriminated against for exercising privacy rights.

Important (Data Separation): If your request relates to data submitted to, collected by, or controlled by one of our contractor clients (for example, you became a lead of a contractor through a contractor website we built/operate), the contractor is the Data Controller / Business and we may be required to direct your request to that contractor or process it on their documented instructions.

To exercise these rights, please contact us at the details provided below.

9. Changes to This Policy

We may update this Privacy and Cookie Policy from time to time. We will notify you of any changes by posting the new policy on this page and updating the "Last Updated" date.

10. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact:

Brendan Makidon
Founder, Heartland Digital Studio
Alma, Michigan 48801
Email: legal@heartlanddigitalstudio.com
Website: https://heartlanddigitalstudio.com