Privacy Policy

Privacy Policy – Citris Consults

Effective Date: November 1, 2025

Citris Consults LLC (“we,” “us,” or “our”) is a Massachusetts-based software-as-a-service (SaaS) company that designs, builds and hosts subscription websites for U.S. clients. We recognize that handling your personal information responsibly is part of earning your trust. This Privacy Policy explains what data we collect, how we use it, the rights you have regarding that data, and how we keep it safe. We follow applicable U.S. privacy regulations, including the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), and Massachusetts data-protection requirements.

1. Information We Collect

We collect information that you provide directly to us when you request a consultation, sign up for a subscription, log in to your site or contact support. We also collect certain information automatically.

1.1 Data You Provide

  • Account and contact information: When you create an account or request a consultation, we may collect your name, business name, mailing address, email address, and phone number. Supabase’s authentication system stores your user credentials in your own Supabase database, so you retain ownership of your data.
  • Subscription and payment details: We use Stripe to process payments and do not store full card numbers.
  • Login credentials: We collect usernames, passwords, and session tokens for authentication.
  • Communications: Any messages or attachments you send us through email or Google Forms.
  • Website ownership transfer: If you cancel and buy ownership for $499.99, we collect only what’s needed to complete that transfer and delete remaining data afterward.

1.2 Data Collected Automatically

We collect analytics, cookies, IP addresses, browser data, and usage metrics using tools such as Vercel and Google Analytics to measure performance and improve usability.

2. How We Use Your Information

  • Provide and improve our website-building and hosting services.
  • Communicate with you about your account, subscriptions, and service updates.
  • Ensure security and prevent fraud.
  • Comply with applicable U.S. laws and regulations.

We do not sell personal information.

3. Sharing Your Information

We only share personal data with trusted service providers necessary to run our business: Supabase (authentication), Stripe (payments), Vercel (hosting), and Google (Forms/Analytics). These vendors process data securely and only as instructed.

4. Your Rights and Choices

  • Access, correct, or delete your personal information.
  • California residents have additional CCPA/CPRA rights including the right to know, delete, and opt out of sale (we don’t sell data).
  • You can control cookies through your browser settings.

5. Data Security

We follow 201 CMR 17.00 and Massachusetts data-security laws, using encryption, firewalls, multi-factor authentication (MFA), and staff training to safeguard your information.

6. Data Retention

We keep data only as long as necessary to manage subscriptions, transfers, or comply with law. When no longer needed, data is securely deleted or anonymized.

7. International Data Transfers

We operate in the U.S. and use providers that may process data internationally under recognized frameworks such as the EU-U.S. Data Privacy Framework.

8. Children’s Privacy

Our services are not directed to individuals under 18. We do not knowingly collect data from anyone under 16.

9. Changes to This Privacy Policy

We may update this policy periodically. When we do, we will revise the “Effective Date” and post an updated version here. Material changes will be communicated via email or site notice.

10. Contact Us

Email: citrisconsults@gmail.com
Mail: Citris Consults LLC, Randolph, MA 02368, USA

Last updated: November 1, 2025