Stay Updated
Get the latest updates delivered to your inbox.
Verify Your Email
We've sent a 6-digit verification code to:
|
Your privacy matters to us. This Privacy Policy and Cookie Policy ("Policy") describes how XJOSE LLC ("XJOSE," "we," "us," or "our") collects, uses, discloses, retains, and protects information about you when you visit our website, contact us, or engage our services. By using our website or services, you agree to the practices described in this Policy. If you do not agree, please discontinue use of our website and services.
This Policy applies to all information collected through XJOSE LLC's website (the "Site"), any related subdomains, our client-facing tools, our marketing communications, and any offline interactions connected to our services, including consultations, proposals, and client engagements (collectively, the "Services"). It does not apply to information collected by third parties, including through any application, product, or website that may link to or be linked from our Services, except as expressly described herein.
This Policy is intended to comply with applicable U.S. federal law, the Florida Information Protection Act (FIPA), the Florida Digital Bill of Rights (FDBR), the California Consumer Privacy Act as amended by the California Privacy Rights Act (CCPA/CPRA), and, as a matter of enterprise best practice, the General Data Protection Regulation (GDPR) and UK GDPR, regardless of whether these latter frameworks currently apply to our operations based on jurisdictional thresholds.
By accessing or using our Services, you acknowledge that you have read, understood, and agree to be bound by this Policy. If you are accessing our Services on behalf of a business or organization, you represent that you have the authority to bind that entity to this Policy.
XJOSE LLC is a Florida limited liability company providing business consulting, custom software development, and marketing and growth services to clients. For purposes of applicable data protection law, XJOSE LLC is the data controller (or "business," as that term is defined under the CCPA/CPRA) responsible for the information described in this Policy.
All privacy-related inquiries, requests, or complaints should be directed to the email address above. See Section 26 for full instructions on submitting a formal privacy request.
We collect the following categories of information, depending on how you interact with our Services:
Name, email address, phone number, mailing address, IP address, device identifiers, and online account credentials.
Company name, job title, industry, business needs, project scope details, and information shared during consultations or proposals.
Records of services purchased, obtained, or considered, contract terms, invoicing and payment history (processed via third-party payment processors as described in Section 11).
Browsing history on our Site, search history, information regarding interaction with our website, applications, or advertisements, referring URLs, and pages viewed.
Approximate geographic location derived from IP address or, where separately authorized, more precise location data.
Contents of messages you send us through contact forms, intake forms, email, or other correspondence, including any files, images, or documents you voluntarily submit.
Email engagement data (opens, clicks), communication preferences, and subscription status.
Inferences drawn from the categories above to create a profile reflecting preferences, characteristics, or likely business needs, used to personalize our marketing and service recommendations.
We do not knowingly collect government identification numbers, precise biometric data, or financial account credentials through our Site. If sensitive information is voluntarily submitted through a form or communication, it is handled in accordance with Section 23 of this Policy.
We collect information you provide directly, including when you complete a contact or lead intake form, request a consultation, subscribe to our newsletter, respond to a survey, or otherwise correspond with us by email or phone.
We collect information automatically through cookies, pixels, server logs, and similar tracking technologies as described in Sections 7, 8, and 9 of this Policy, when you visit or interact with our Site.
We may receive information about you from analytics providers, advertising networks, payment processors, publicly available sources, and business partners who refer you to our Services, consistent with their own privacy practices and applicable law.
Where applicable law requires a specified legal basis for processing personal data (including under GDPR/UK GDPR), we rely on the following bases:
| Processing Activity | Legal Basis |
|---|---|
| Responding to inquiries and consultation requests | Legitimate interest / contractual necessity |
| Providing contracted services to clients | Performance of a contract |
| Sending marketing communications | Consent / legitimate interest, subject to opt-out |
| Website analytics and performance monitoring | Legitimate interest / consent (cookies) |
| Advertising and remarketing | Consent (cookie-based) |
| Fraud prevention and security monitoring | Legitimate interest |
| Complying with legal obligations | Legal obligation |
| Invoicing and payment processing | Contractual necessity |
| Improving our Services and Site | Legitimate interest |
| Responding to privacy rights requests | Legal obligation |
Responding to consultation requests, scoping and delivering client engagements, and managing the ongoing business relationship.
Sending transactional messages, project updates, invoices, and, where permitted, marketing communications regarding our Services.
Analyzing usage patterns, testing new features, and diagnosing technical issues.
Delivering targeted advertising, remarketing, and newsletter content based on your interactions with our Site, subject to your cookie preferences and opt-out rights.
Detecting and preventing fraud, enforcing our agreements, defending legal claims, and complying with applicable statutes, regulations, and lawful requests from public authorities.
Cookies are small text files placed on your device when you visit a website. They allow a site to recognize your device, remember preferences, and collect information about how the site is used.
| Category | Purpose | Examples | Can Be Disabled? |
|---|---|---|---|
| Strictly Necessary | Required for core site functionality and security | Session cookies, load balancing, security tokens | No |
| Performance | Collects aggregated analytics on site usage | Google Analytics cookies | Yes |
| Functionality | Remembers preferences and settings | Language, form auto-fill preferences | Yes |
| Marketing | Tracks visitors for advertising and remarketing | Meta Pixel, Google Ads tags | Yes |
| Social Media | Enables social sharing and embedded content | LinkedIn, embedded social widgets | Yes |
| Cookie Name | Provider | Type | Duration | Purpose |
|---|---|---|---|---|
| _ga | Google Analytics | Performance | 13 months | Distinguishes unique users |
| _gid | Google Analytics | Performance | 24 hours | Distinguishes users for session reporting |
| _gat | Google Analytics | Performance | 1 minute | Throttles request rate |
| _ga_[ID] | Google Analytics 4 | Performance | 13 months | Maintains session state (GA4) |
| _gcl_au | Google Ads | Marketing | 90 days | Conversion linkage for Google Ads |
| wordpress_* | XJOSE (Site CMS) | Strictly Necessary | Session / 1 year | Site functionality and administration |
Cookie and advertising opt-outs are generally specific to the browser and device used to set them. If you clear your cookies, switch browsers, or use a different device, you may need to repeat the opt-out process.
Cookie Consent. On your first visit, our Site will present a consent banner allowing you to accept or reject non-essential cookie categories. Strictly necessary cookies do not require consent and cannot be disabled through this banner, as they are required for the Site to function. You may withdraw or update consent at any time through the cookie preference link located in the Site footer.
We use Google Analytics (including Google Analytics 4) to collect information such as pages visited, time on site, referral source, approximate location, and device/browser type. This data is used in aggregate to understand Site performance and visitor behavior.
Where technically supported, we enable IP anonymization/masking features within Google Analytics to reduce the precision of collected location data.
Google processes this data pursuant to its own privacy policy and the Google Ads Data Processing Terms. We do not control, and are not responsible for, Google's independent use of data for its own purposes as a separate data controller.
If enabled, Google Signals allows us to see cross-device reporting and remarketing audience data associated with users who have Ads Personalization enabled on their Google Account.
We use remarketing tags to display advertisements to prior visitors of our Site across third-party websites and platforms, based on their prior interactions with our content.
These pixels allow us to measure advertising effectiveness and build custom or lookalike audiences on their respective platforms, subject to each platform's own privacy terms.
Our servers automatically record information including IP address, browser type, referring/exit pages, operating system, and timestamps for security, diagnostic, and analytical purposes.
We may use pixel tags in emails and web pages to determine whether messages have been opened and links have been clicked.
Where deployed, session replay and heatmapping tools may record aggregated interaction patterns such as:
Our marketing emails may include tracking technology to record open rates and link engagement, used to measure campaign performance and tailor future communications.
We track form submissions and completions to measure lead generation performance and attribute conversions to specific marketing channels.
We may use CDNs to host static assets, which may result in your device connecting directly to CDN servers and being subject to the CDN provider's own logging practices.
We share information with vendors who perform services on our behalf, such as hosting, analytics, email delivery, and payment processing, under contractual confidentiality and data protection obligations.
Information may be disclosed or transferred in connection with a merger, acquisition, financing, or sale of all or a portion of our business or assets.
We may disclose information where required by law, subpoena, court order, or governmental request, or where we believe disclosure is necessary to protect our rights, safety, or property, or that of others.
We may share information for any other purpose disclosed to you at the time of collection, or with your explicit consent.
We may share information with any current or future affiliated entities under common ownership or control with XJOSE LLC, for purposes consistent with this Policy.
We may share information with our attorneys, accountants, auditors, and insurers as necessary to obtain professional advice or manage business risk.
We may share information that has been aggregated or de-identified such that it can no longer reasonably be used to identify an individual, without restriction.
The following categories of service providers may process personal data on our behalf. This list reflects the categories of processors we use and is updated as our vendor relationships evolve.
| Provider | Purpose | Data Shared | Privacy Policy |
|---|---|---|---|
| Google LLC | Analytics, advertising, cloud hosting | Usage data, device identifiers, IP address | policies.google.com/privacy |
| Meta Platforms, Inc. | Advertising and remarketing | Pixel/event data, device identifiers | facebook.com/privacy/policy |
| LinkedIn Corporation | B2B advertising and analytics | Pixel/event data, professional profile signals | linkedin.com/legal/privacy-policy |
| Email & CRM Platform Providers | Marketing communications, client relationship management | Name, email, engagement data | Varies by provider; available upon request |
| Payment Processors | Invoicing and payment collection | Billing details, transaction data | Varies by provider; available upon request |
A current, detailed list of specific sub-processors is available upon written request to [email protected].
XJOSE LLC is based in the United States, and information we collect may be transferred to, stored, and processed in the United States or other countries that may have data protection laws different from those in your jurisdiction. Where we transfer personal data from the European Economic Area, United Kingdom, or Switzerland, we rely on the following mechanisms:
We retain personal data only as long as reasonably necessary for the purposes described in this Policy, or as required by law.
| Data Category | Retention Period | Basis |
|---|---|---|
| Contact/lead form submissions | 24 months from last contact | Legitimate business interest |
| Client contract & engagement records | 7 years following engagement end | Legal and tax record-keeping obligations |
| Invoicing & payment records | 7 years | Tax and accounting law |
| Marketing email engagement data | Until unsubscribe + 12 months | Legitimate business interest |
| Website analytics data | 14 months (GA4 default) | Analytics provider configuration |
| Cookie consent records | 12 months | Compliance recordkeeping |
| Privacy request records | 36 months | Compliance recordkeeping |
| Security/server logs | 90 days | Security and fraud prevention |
In the event of a data breach affecting Florida residents, we will provide notification consistent with the requirements of the Florida Information Protection Act, Fla. Stat. § 501.171, including notification to affected individuals and, where required, the Florida Department of Legal Affairs, without unreasonable delay and in no case later than statutorily required.
No method of transmission or storage is completely secure. While we implement commercially reasonable safeguards designed to protect personal data, we cannot guarantee absolute security, and use of our Services is at your own risk.
Depending on your jurisdiction, you may have some or all of the following rights regarding your personal data:
What personal data we hold about you and how it's used.
Obtain a copy of the personal data we hold about you.
Request correction of inaccurate personal data.
Request deletion of your personal data, subject to legal exceptions.
Request that we limit how we process your data.
Object to processing based on legitimate interest or for direct marketing.
Receive your data in a portable, machine-readable format.
Opt out of the sale/sharing of data or targeted advertising.
Exercise your rights without receiving discriminatory treatment.
We will confirm receipt of your request within 10 business days and respond substantively within 30 days, or as otherwise required by applicable law, which may be extended by an additional period where reasonably necessary and permitted.
FIPA governs our obligations regarding the security of personal information and breach notification procedures applicable to Florida residents, as described in Section 14 of this Policy.
To the extent XJOSE LLC meets the applicable revenue or processing thresholds under the FDBR, Florida residents may have rights to confirm processing, access, correct, delete, and obtain a portable copy of their personal data, and to opt out of the processing of personal data for purposes of targeted advertising, the sale of personal data, or profiling in furtherance of decisions producing legal or similarly significant effects.
We do not engage in unfair, deceptive, or unconscionable trade practices in violation of Florida's Deceptive and Unfair Trade Practices Act in our collection or use of personal information.
If you are a California resident, the CCPA, as amended by the CPRA, may provide you with the rights described in Section 15, applicable to the following categories of personal information we may collect:
XJOSE LLC does not sell personal information for monetary consideration. To the extent our use of advertising cookies and pixels (Sections 7–8) constitutes "sharing" for cross-context behavioral advertising under the CPRA, you may opt out via our cookie preference tool or by submitting a request to [email protected].
For personal data subject to GDPR or UK GDPR, XJOSE LLC acts as the data controller as described in Section 2.
We do not currently use automated decision-making that produces legal or similarly significant effects concerning you without human involvement. If this changes, we will update this Policy and provide additional disclosures as required by applicable law.
Our Services are directed at businesses and business owners and are not intended for individuals under the age of 18. We do not knowingly collect personal information from children under 13 in a manner inconsistent with the Children's Online Privacy Protection Act (COPPA). If we become aware that we have inadvertently collected personal information from a child under 13, we will take reasonable steps to delete such information promptly.
Individuals between the ages of 13 and 17 should not use our Services without the involvement of a parent or guardian, and should not submit personal information through our Site without such involvement.
Some browsers offer a "Do Not Track" signal. Because there is no uniform industry standard for recognizing or honoring DNT signals, our Site does not currently respond to browser DNT signals.
We recognize and honor the Global Privacy Control signal as a valid method of exercising the right to opt out of the sale or sharing of personal information, where technically supported by our Site and applicable under law. Learn more about GPC at globalprivacycontrol.org.
We may send the following categories of email communications:
You may opt out of marketing emails at any time by clicking the "unsubscribe" link included in every marketing message, or by emailing [email protected] with "Unsubscribe" in the subject line. Transactional and service-related communications necessary to an active engagement may continue regardless of marketing opt-out status.
Our Site may contain links to third-party websites not owned or controlled by XJOSE LLC. We are not responsible for the privacy practices or content of such third-party sites. We encourage you to review the privacy policy of any third-party website you visit.
We do not intentionally collect the following categories of sensitive personal information through our Site:
If sensitive information is voluntarily disclosed to us through a communication or form submission, we limit its use strictly to the purpose for which it was provided and apply heightened access controls to its handling and storage.
24.1 We may update this Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.
24.2 The "Last Updated" date at the top of this Policy indicates when it was most recently revised.
24.3 Material changes affecting your rights will be communicated via a prominent notice on our Site or, where appropriate, by direct email notification prior to the change taking effect.
24.4 Your continued use of our Services after any changes take effect constitutes acceptance of the revised Policy.
Business — a for-profit legal entity that collects consumers' personal information and determines the purposes and means of its processing.
Consumer — a natural person who is a resident of the applicable jurisdiction.
Controller — the entity that determines the purposes and means of processing personal data.
Cookie — a small text file stored on a user's device by a website.
Data Subject — an identified or identifiable natural person to whom personal data relates.
De-Identified Data — data that cannot reasonably be used to infer information about, or otherwise be linked to, a particular individual.
Personal Data / Personal Information — information that identifies, relates to, describes, or is reasonably capable of being associated with a particular individual.
Processing — any operation performed on personal data, including collection, use, storage, disclosure, or deletion.
Processor / Service Provider — an entity that processes personal data on behalf of a controller or business.
Sale — the exchange of personal information for monetary or other valuable consideration, as defined under applicable law.
Sensitive Personal Information — categories of personal data subject to heightened protection under applicable law.
Targeted Advertising — advertising selected based on personal information obtained from an individual's activity across non-affiliated websites or applications.
If you believe your privacy rights have not been adequately addressed, you may file a complaint with the Florida Office of the Attorney General, the relevant EU Data Protection Authority in your country of residence, or, for UK residents, the Information Commissioner's Office (ICO) at ico.org.uk.
To the fullest extent permitted by applicable law, XJOSE LLC, its members, managers, employees, contractors, and affiliates shall not be liable for any indirect, incidental, special, consequential, exemplary, or punitive damages, including but not limited to loss of profits, data, goodwill, or business opportunity, arising out of or related to this Policy, our Services, or the collection, use, or disclosure of personal information, even if we have been advised of the possibility of such damages.
To the extent any liability is found to exist notwithstanding the foregoing, our aggregate liability arising out of or relating to this Policy or our data practices shall not exceed the greater of (a) the total fees paid by you to XJOSE LLC in the twelve (12) months preceding the event giving rise to the claim, or (b) one hundred U.S. dollars ($100).
Some jurisdictions do not allow the exclusion or limitation of certain damages or liabilities. In such jurisdictions, the above limitations apply only to the maximum extent permitted by applicable law, and our liability will be limited to the greatest extent permitted.
No provision of this Section shall be construed to limit or exclude liability that cannot lawfully be limited or excluded, including liability for gross negligence, willful misconduct, or fraud, or liability arising under statutes that expressly prohibit such limitation.
You agree to defend, indemnify, and hold harmless XJOSE LLC and its members, managers, employees, contractors, and affiliates from and against any claims, liabilities, damages, losses, and expenses, including reasonable attorneys' fees and costs, arising out of or in any way connected with:
We reserve the right, at our own expense, to assume the exclusive defense and control of any matter otherwise subject to indemnification by you, in which case you agree to cooperate with our defense of such claim.
This Policy, and any dispute arising out of or related to it, shall be governed by and construed in accordance with the laws of the State of Florida, without regard to its conflict of law principles, except to the extent superseded by applicable federal law or by mandatory consumer protection law of the jurisdiction in which you reside.
Before initiating any formal proceeding, you agree to first contact us at [email protected] and allow us a period of thirty (30) days to attempt to resolve the dispute informally.
Except where prohibited by law, or where you validly exercise a right to opt out as described below, any dispute, claim, or controversy arising out of or relating to this Policy or our data practices that cannot be resolved informally shall be resolved by binding arbitration administered by the American Arbitration Association under its Commercial Arbitration Rules, conducted in the county of our principal place of business in Florida, with judgment on the award enterable in any court of competent jurisdiction.
To the fullest extent permitted by law, any proceeding to resolve a dispute under this Policy will be conducted only on an individual basis and not as a class, consolidated, or representative action. If a court or arbitrator determines this waiver is unenforceable as to a particular claim or request for relief, that claim or request must be brought in court and severed from any arbitration.
You may opt out of the arbitration and class action waiver provisions of this Section by sending written notice to [email protected] within thirty (30) days of first accepting this Policy. Your notice must include your name and a clear statement that you wish to opt out of arbitration.
Notwithstanding the foregoing, either party may bring an individual action in small claims court, and either party may seek injunctive or other equitable relief in a court of competent jurisdiction to prevent the actual or threatened infringement, misappropriation, or violation of a party's data security, intellectual property, or confidentiality rights.
If any provision of this Policy is found to be unlawful, void, or unenforceable, that provision shall be deemed severable and shall not affect the validity and enforceability of the remaining provisions, which shall be enforced to the fullest extent permitted by law.
Our failure to enforce any right or provision of this Policy shall not be deemed a waiver of such right or provision, nor of our right to enforce it in the future.
We may assign or transfer our rights and obligations under this Policy without restriction, including in connection with a merger, acquisition, corporate reorganization, or sale of assets, as described in Section 10. You may not assign or transfer any rights or obligations under this Policy without our prior written consent.
We shall not be liable for any failure or delay in performance under this Policy resulting from causes beyond our reasonable control, including acts of God, natural disaster, war, terrorism, labor dispute, internet or utility failure, or governmental action.
This Policy should be read together with our Terms and Conditions and any separate services agreement or statement of work executed with a client. In the event of a direct conflict between this Policy and an executed client agreement regarding the treatment of that client's confidential business data, the terms of the executed client agreement shall control solely as to that conflict.
This Policy constitutes the entire understanding between you and XJOSE LLC regarding the collection, use, and disclosure of your personal information in connection with our Site and Services, and supersedes all prior or contemporaneous understandings regarding such subject matter.