What is the refund policy?

Due to the custom nature of services, deposits are non-refundable once work has commenced. No refunds will be provided for completed phases of work or delivered deliverables. Refunds may be considered only if Company fails to commence work within 30 days of deposit and agreed start date, or by mutual written agreement to terminate before any work is performed.

Who owns the website after completion?

Upon full payment of all fees, clients receive ownership of final custom deliverables specifically created for them, including custom graphic designs, website layouts, and client-specific written content. However, this does not include the underlying GoHighLevel platform, third-party services, or Company's proprietary frameworks and templates.

What happens if I need to cancel my project?

If you cancel before work commences, your deposit will be refunded minus any documented expenses already incurred. If you cancel after work commences, you remain responsible for payment for all work completed to date with no refund of deposit, and a final invoice for completed work is due immediately.

How long does a typical project take?

Basic websites typically take 4-6 weeks, while complex websites with custom features typically take 8-12 weeks or longer. Timelines may be affected by timely provision of client content, prompt feedback and approvals, scope changes, third-party service availability, or force majeure events.

What payment methods do you accept?

We accept credit cards (Visa, MasterCard, American Express, Discover), debit cards, ACH/bank transfer, checks (may require additional processing time), and other methods as agreed in writing.

Terms of service
‍

‍Last Updated: February 24, 2026

‍

1. THE AGREEMENT

These Terms and Conditions constitute a legally binding agreement between Nodikam, LLC, dba Heartland Digital Studio (“Company,” “we,” “us,” or “our”) and you (“Client,” “you,” or “your”). By paying a deposit, starting a subscription, or using our services, you agree to be bound by these terms. If you do not agree, you must immediately stop using our services.

‍

2. THE "SWAS" MODEL (SUBSCRIPTION SERVICES)

Heartland Digital Studio provides a "Smart Website System" (SwaS). This is a recurring subscription that includes website hosting, CRM access, and proprietary automation systems.

Active Subscription Required: Your website, AI receptionist, and lead capture systems only function while your subscription is active.
Platform Dependency: Our systems are built on the GoHighLevel platform. You agree to comply with their Acceptable Use Policies.

3. INTELLECTUAL PROPERTY & OWNERSHIP

Your Content: You own your logos, photos, and customer data.
Our Systems: Heartland Digital Studio owns the "brains" of the operation. This includes our proprietary GoHighLevel Snapshots, AI prompts, automation workflows, custom CSS/code, and technical configurations.
License: Upon full payment, we grant you a non-transferable license to use our systems for your internal business purposes. You may not resell, copy, or "export" our automation logic to another agency or platform without written consent.

4. AI RECEPTIONIST & AUTOMATED CONTENT

We use Artificial Intelligence to provide instant responses to your leads.

No Accuracy Guarantee: AI can occasionally provide incorrect information ("hallucinate"). HDS is not liable for any specific promises, pricing errors, or incorrect information provided by the AI to your customers.
Monitoring: You are responsible for reviewing AI conversations and intervening if the AI provides incorrect information.

5. SMS & CALL COMPLIANCE (TCPA)

HDS provides the tools for SMS "Missed Call Text-Back" and marketing automations, but you are the legal sender.

Consent: You warrant that you have obtained express written consent from every lead before contacting them via SMS or automated call.
Indemnification: You agree to indemnify and hold HDS harmless from any fines, penalties, or legal fees arising from your violation of the Telephone Consumer Protection Act (TCPA) or A2P 10DLC regulations.

6. PAYMENTS, LATE FEES, & CANCELLATION

Billing: Monthly subscriptions are billed in advance.
Late Fees: Invoices not paid within 15 days will incur a late fee of 1.5% per month.
Suspension: If a payment is 7 days late, HDS reserves the right to suspend your website and CRM access until the balance is paid.
Cancellation: You may cancel your subscription with a 30-day written notice. No partial refunds are provided for mid-month cancellations.

7. NO GUARANTEE OF RESULTS

While our systems are designed to increase conversion, HDS does not warrant or guarantee:

Specific Google Search rankings or SEO placement.
A specific number of leads or "booked jobs."
Specific revenue or ROI targets.
100% "uptime" of the third-party GoHighLevel platform.

8. LIMITATION OF LIABILITY

TO THE MAXIMUM EXTENT PERMITTED BY LAW, IN NO EVENT SHALL HEARTLAND DIGITAL STUDIO BE LIABLE FOR ANY INDIRECT, PUNITIVE, OR CONSEQUENTIAL DAMAGES. OUR TOTAL AGGREGATE LIABILITY FOR ANY CLAIM ARISING OUT OF THESE TERMS SHALL NOT EXCEED THE TOTAL AMOUNT PAID BY YOU TO US IN THE TWELVE (12) MONTHS IMMEDIATELY PRECEDING THE CLAIM, OR FIVE HUNDRED DOLLARS ($500.00), WHICHEVER IS GREATER.

‍

9. ADA & LEGAL COMPLIANCE

While we implement accessibility best practices, you are solely responsible for ensuring your website complies with the Americans with Disabilities Act (ADA) and any industry-specific regulations (e.g., HIPAA, trade licenses).

‍

10. GOVERNING LAW & DISPUTE RESOLUTION

This Agreement is governed by the laws of the State of Michigan. Any legal action must be brought exclusively in the state or federal courts located in Gratiot County, Michigan.

‍

11. CONTACT

Nodikam, LLC dba Heartland Digital Studio
257 Gemstone Drive, Alma, Michigan 48801
Email: info@heartlanddigitalstudio.com

DATA PROCESSING ADDENDUM

Effective Date: February 21, 2026

This Data Processing Addendum ("DPA") is entered into between Heartland Digital Studio ("Processor," "HDS," "we," or "us") and the client identified in the Master Service Agreement ("Controller," "Client," or "you") to which this DPA is attached.

This DPA governs the processing of Personal Data by Processor on behalf of Controller in connection with the Services provided under the Agreement.

‍

1. DEFINITIONS

‍

1.1 "Personal Data" means any information relating to an identified or identifiable natural person that is processed by Processor on behalf of Controller in connection with the Services, including but not limited to: customer names, phone numbers, email addresses, physical addresses, appointment details, service requests, and any communications captured through SMS chat widgets, AI receptionists, contact forms, or missed call text-back systems.

‍

1.2 "Processing" means any operation performed on Personal Data, including collection, recording, storage, retrieval, transmission, deletion, or any automated processing via AI systems, CRM workflows, or marketing automation.

‍

1.3 "Data Subject" means the individual to whom Personal Data relates (e.g., Controller's customers, leads, or prospects).

‍

1.4 "Sub-processor" means any third-party service provider engaged by Processor to process Personal Data on behalf of Controller.

‍

1.5 "Data Protection Laws" means all applicable federal, state, and international laws relating to data privacy and security, including but not limited to: the California Consumer Privacy Act (CCPA), Virginia Consumer Data Protection Act (VCDPA), General Data Protection Regulation (GDPR) where applicable, and the Telephone Consumer Protection Act (TCPA).

‍

1.6 "Services" means the Smart Website System, AI receptionist, CRM, missed call text-back, SMS chat widget, appointment booking, review generation, unified inbox, marketing automation, analytics dashboard, and all related services provided by Processor under the Agreement.

‍

2. ROLES AND RESPONSIBILITIES

‍

2.1 Controller Responsibilities.

Controller is the "Data Controller" and is solely responsible for:

(a) Determining the purposes and means of processing Personal Data collected through the Services;

(b) Ensuring it has obtained all necessary consents, authorizations, and legal bases to collect and process Personal Data from Data Subjects, including (where required) consent for SMS/text messaging, automated dialing, prerecorded/artificial voice messages, and other automated communications;

(d) Ensuring compliance with TCPA and similar state laws, including obtaining proper express written consent for SMS and automated call communications and honoring opt-out requests (e.g., STOP);

(e) Ensuring any required disclosures and consents are obtained for AI-assisted interactions (including, where applicable, notifying Data Subjects that automated/AI tools may be used to respond, schedule, and follow up);

(f) Responding to Data Subject requests regarding access, correction, deletion, or restriction of their Personal Data;

(g) Notifying Processor immediately if Controller becomes aware of any unauthorized access, security incident, or regulatory inquiry related to Personal Data; and

(h) Ensuring that any data uploaded to the Services (including contact lists) was collected and provided to Processor in compliance with Data Protection Laws.

‍

2.2 Processor Responsibilities.

Processor is the "Data Processor" and will:

(a) Process Personal Data solely on behalf of Controller and only in accordance with Controller's documented instructions as set forth in the Agreement and this DPA;

(b) Implement appropriate technical and organizational security measures to protect Personal Data (as detailed in Section 4);

(d) Notify Controller of any data breach affecting Personal Data within seventy-two (72) hours of discovery;

(e) Not sell, rent, or share Personal Data with third parties except as necessary to provide the Services or as required by law.

‍

2.3 Limitations; Controller Compliance Liability. Processor is not responsible for Controller's failure to comply with Data Protection Laws, including failure to obtain proper consent, provide privacy notices, implement opt-out mechanisms, configure compliance settings, or respond to Data Subject requests. Controller indemnifies Processor for any claims arising from Controller's non-compliance, including claims under TCPA, CCPA/CPRA, GDPR/UK GDPR (if applicable), and similar privacy and communications laws.

‍

3. SCOPE AND PURPOSE OF PROCESSING

3.1 Nature of Processing; Purpose. Processor will process Personal Data for the following purposes only:

(a) Operating the Smart Website System, including lead capture forms, contact forms, SMS chat widgets, missed-call text-back, appointment booking, and AI receptionist functionality;

(b) Sending and managing automated or semi-automated communications (including SMS messages, emails, and calls) on behalf of Controller to respond to leads, book appointments/estimates, confirm scheduling, send reminders, request reviews, and conduct follow-up communications, as configured by Controller and/or on Controller’s documented instructions;

(c) Storing, organizing, and displaying Personal Data in the GoHighLevel platform (including its CRM and unified inbox) to enable Controller’s sales and customer communications workflows;

(d) Using AI-assisted features to draft or send responses, route inquiries, and support lead intake and scheduling, where enabled by Controller;

(e) Generating analytics, performance reports, and dashboards for Controller's business insights; and

(f) Providing technical support, troubleshooting, and ongoing optimization of the Services.

‍

3.1A GoHighLevel Platform Dependency. Controller acknowledges Processor provides the Services using the GoHighLevel platform (including LeadConnector and related messaging/communications components) and that certain Processing (including message delivery and storage) occurs within those systems and their sub-processors.

‍

3.2 Types of Personal Data. Processor may process the following categories of Personal Data:

Contact information (names, phone numbers, email addresses, mailing addresses)
Service request details and appointment information
Communication records (SMS messages, emails, call logs, chat transcripts)
Review and feedback submissions
IP addresses and website analytics data
Any other data Controller inputs into the Services or collects from Data Subjects

3.3 Data Subject Categories. Personal Data relates to the following categories of Data Subjects:

Controller's customers and prospective customers
Individuals who submit inquiries, requests for estimates, or appointments
Website visitors who interact with chat widgets, forms, or SMS systems

4. SECURITY MEASURES

‍

4.1 Technical and Organizational Measures. Processor maintains commercially reasonable security measures to protect Personal Data, including:

(a) Encryption of Personal Data in transit (SSL/TLS) and at rest where technically feasible;

(b) Access controls limiting Processor personnel access to Personal Data on a "need-to-know" basis;

(d) Use of secure third-party hosting and cloud infrastructure providers (Sub-processors listed in Section 5);

(e) Employee training on data privacy and security best practices; and

(f) Reliance on security features and controls made available by GoHighLevel and its sub-processors (including authentication, permissioning, logging, and messaging controls), as configured by Controller and/or Processor for the Services.

‍

4.2 Security Standards. Processor's security measures are designed to be consistent with generally accepted industry standards for web hosting, CRM platforms, and marketing automation systems, and are intended to align with the security posture and controls offered by GoHighLevel and its sub-processors. However, Processor does not guarantee that unauthorized access, hacking, data loss, or breaches will never occur.

‍

4.3 Incident Response. In the event of a confirmed data breach affecting Personal Data:

(a) Processor will notify Controller within seventy-two (72) hours of discovery via email to the contact address on file;

(b) Processor will provide reasonable cooperation to Controller in investigating and mitigating the breach;

(c) Controller remains solely responsible for determining whether to notify Data Subjects or regulatory authorities and for any such notifications.

‍

5. SUB-PROCESSORS

‍

5.1 Authorized Sub-processors. Controller authorizes Processor to engage the following Sub-processors (and, where applicable, their affiliates) to perform processing activities. Controller acknowledges that Processor provides the Services using the GoHighLevel platform and related components, and that GoHighLevel and its sub-processors may process Personal Data to provide messaging, storage, and automation capabilities.

‍

5.2 Sub-processor Changes. Processor reserves the right to add, remove, or replace Sub-processors as necessary to provide the Services. Processor will notify Controller of any material changes to Sub-processors via email at least thirty (30) days prior to implementation. If Controller objects to a new Sub-processor on reasonable data protection grounds, Controller may terminate the Agreement without penalty within fourteen (14) days of notification.

‍

5.3 Sub-processor Obligations. Processor will use commercially reasonable efforts to ensure that Sub-processors engaged by Processor are bound by written agreements imposing data protection obligations substantially similar to those in this DPA.

‍

6. DATA SUBJECT RIGHTS

‍

6.1 Controller's Obligation. Controller is solely responsible for responding to Data Subject requests to exercise their rights under Data Protection Laws, including requests for:

Access to Personal Data
Correction or rectification of inaccurate data
Deletion or erasure of Personal Data ("right to be forgotten")
Restriction or objection to processing
Data portability

6.2 Processor Assistance (Including Deletion/Erasure). Upon Controller's written request, Processor will provide reasonable assistance to help Controller respond to Data Subject requests, to the extent such requests relate to Personal Data processed through the Services and to the extent technically feasible. This may include assisting Controller with locating records, exporting data, and deleting or anonymizing data within Processor-controlled systems and/or within GoHighLevel where Processor has administrative access. Processor may charge Controller reasonable fees for assistance that requires significant technical effort beyond routine support.

‍

6.3 Direct Requests. If Processor receives a Data Subject request directly, Processor will promptly forward it to Controller and will not respond to the Data Subject unless instructed by Controller or required by law.

‍

7. DATA RETENTION AND DELETION

‍

7.1 Retention Period. Processor will retain Personal Data for as long as necessary to provide the Services and as directed by Controller through the CRM and automation settings. Controller is responsible for configuring retention policies within the Services.

‍

7.2 Deletion Upon Termination. Upon termination or expiration of the Agreement:

(a) Controller may export all Personal Data from the Services within thirty (30) days using the platform's export tools;

(b) Processor will delete or anonymize all Personal Data from its active systems within sixty (60) days of termination, except as required to comply with legal obligations or maintain backup archives;

(c) Backup copies may be retained for up to ninety (90) days for disaster recovery purposes, after which they will be securely deleted.

‍

7.3 Deletion Requests. Controller may request deletion of specific Personal Data at any time by submitting a written request. Processor will complete such deletions within fourteen (14) business days where technically feasible.

‍

8. AUDITS AND COMPLIANCE

‍

8.1 Records. Processor maintains records of processing activities sufficient to demonstrate compliance with this DPA and applicable Data Protection Laws. Upon reasonable written notice (no less than thirty (30) days), Controller may request information about Processor's compliance measures.

‍

8.2 Audits. Controller may audit Processor's compliance with this DPA no more than once per calendar year, provided that:

(a) Controller provides at least forty-five (45) days' advance written notice;

(b) Audits are conducted during normal business hours and do not unreasonably interfere with Processor's operations;

(d) Controller bears all costs of the audit.

‍

8.3 Third-Party Certifications. Processor may satisfy audit requirements by providing Controller with copies of relevant third-party security certifications, audit reports, or assessments (such as SOC 2 reports from Sub-processors like GoHighLevel).

‍

9. INTERNATIONAL DATA TRANSFERS

9.1 Data Location. Personal Data is primarily processed and stored in the United States. By entering into this DPA, Controller authorizes the transfer of Personal Data to the United States and acknowledges that U.S. data protection laws may differ from those in Controller's jurisdiction.

‍

9.2 EU/UK Data Subjects. If Controller processes Personal Data of individuals located in the European Union or United Kingdom, Controller is solely responsible for ensuring appropriate safeguards are in place (such as Standard Contractual Clauses). Processor will reasonably cooperate with Controller to implement such safeguards upon request.

‍

10. LIABILITY AND INDEMNIFICATION

‍

10.1 Limitation of Liability. Processor's total liability for any claims arising under this DPA, whether in contract, tort, or otherwise, shall not exceed the lesser of: (a) the total fees paid by Controller to Processor in the twelve (12) months preceding the claim, or (b) Five Hundred Dollars ($500.00).

‍

10.2 Exclusions. Processor is not liable for:

(a) Any claims arising from Controller's failure to comply with Data Protection Laws, including TCPA violations or lack of proper consent;

(b) Data breaches caused by Controller's negligence, compromised login credentials, or misuse of the Services;

(d) Indirect, incidental, consequential, or punitive damages.

‍

10.3 Controller Indemnification. Controller agrees to indemnify, defend, and hold harmless Processor from any claims, damages, fines, or penalties arising from:

(a) Controller's violation of Data Protection Laws, including TCPA, CCPA, GDPR, or other privacy regulations;

(b) Controller's failure to obtain proper consent from Data Subjects for SMS, email, or automated communications;

(d) Controller's instructions to Processor that violate applicable law.

‍

11. TERM AND TERMINATION

‍

11.1 Term. This DPA is effective as of the Effective Date and continues for the duration of the Agreement or until all Personal Data has been deleted or returned, whichever is later.

‍

11.2 Survival. Sections 7 (Data Retention and Deletion), 10 (Liability and Indemnification), and any provisions necessary to interpret or enforce this DPA will survive termination.

‍

12. GENERAL PROVISIONS

‍

12.1 Relationship to Agreement. This DPA is incorporated into and forms part of the Master Service Agreement between the parties. In the event of a conflict between this DPA and the Agreement, this DPA controls solely with respect to data processing matters.

‍

12.2 Amendments. Processor may update this DPA from time to time to reflect changes in Data Protection Laws, industry standards, or Services. Processor will provide Controller with at least thirty (30) days' notice of material changes. Continued use of the Services after such notice constitutes acceptance.

12.3 Severability. If any provision of this DPA is found invalid or unenforceable, the remaining provisions remain in full force and effect.

‍

12.4 Governing Law. This DPA is governed by the laws of the State of Michigan, without regard to conflict of law principles. Any disputes will be resolved exclusively in the courts of Gratiot County, Michigan.

‍

12.5 Entire Agreement. This DPA, together with the Agreement, constitutes the entire understanding between the parties regarding data processing and supersedes all prior discussions or agreements on this subject.

‍

13. CONTACT INFORMATION

‍

For questions, requests, or notices related to this DPA, contact:

Heartland Digital Studio
Alma, Michigan 48801
Email: [support@heartlanddigitalstudio.com]
Website: https://heartlanddigitalstudio.com

‍

BY SIGNING THE MASTER SERVICE AGREEMENT, BOTH PARTIES ACKNOWLEDGE THAT THEY HAVE READ, UNDERSTOOD, AND AGREE TO BE BOUND BY THIS DATA PROCESSING ADDENDUM.

Terms of service‍