Legal

Privacy Policy

Last updated: May 2026

Xeptix Labs LLC ("we", "us", "Xeptix Labs", or sometimes just "Xeptix") respects your privacy. This page explains what information we collect when you visit our website or engage with us, and what we do with it. If anything here is unclear, email [email protected] and we'll explain.

Who this applies to

This site and our services are intended for users 18 years of age or older. We do not knowingly collect information from anyone under 18. If you believe a minor has submitted information to us, please contact us and we will delete it.

What we collect

  • Contact form submissions. When you fill out a form on this site we collect what you type — your name, email, phone (if provided), company (if provided), and the details of your project — so we can reply.
  • Booking data. If you schedule a call through our calendar tool (Cal.com or Calendly), they collect your name, email, and meeting time on our behalf.
  • Payment data. Project payments are processed by Stripe. Stripe handles the card details directly — we never see or store your full card number. We do see basic transaction metadata (amount, last 4 digits, billing name) for accounting.
  • Newsletter sign-ups. If you opt in, we store your email, optional name, sign-up date, signup source (which page you subscribed from), the IP that submitted the form, any topic interests you selected, and confirmation / unsubscribe timestamps. The data is kept in our own SQLite database on our server — not Mailchimp, not Substack. We use Maileroo (a transactional-email provider) to deliver the actual emails, and only the recipient address + message body cross over to Maileroo on send. Each newsletter email also embeds a 1×1 tracking pixel and rewrites links so we can see aggregate open + click rates per issue (per-recipient timestamps; we don't share or sell that data). One-click unsubscribe is in every email — see "Your rights" below.
  • QR / link tracking. Some of our QR codes and links carry a short tracking code in the URL (e.g. ?src=CARD_15334) so we know which business card or printed piece you scanned. This lets us route your message to the right person and improve where we place codes.
  • Server access logs. Our hosting provider keeps standard web-server logs (IP address, browser, page visited, referrer, timestamp). We analyze these in aggregate using GoAccess, a self-hosted log analyzer that runs on our own server. Logs are rotated regularly.
  • Google Analytics. The marketing pages of this site load Google Analytics 4 (gtag.js) so we can understand which pages people visit, how they got there, and where the traffic is coming from. Google receives a record of your visit including a Google-assigned client ID, your IP address (which Google truncates / anonymizes before storage in GA4), user-agent, the page URL and referrer, screen size, and approximate location derived from IP. Google may process this data on servers in the United States or other countries where Google operates. Event-level data is retained for the period configured in our GA4 property (currently the GA4 maximum, 14 months); aggregated reports may persist longer. We do not link Google Analytics data to Google Ads, do not enable Google Signals, and do not use Analytics for personalized advertising. GA is not loaded on legal / error / admin pages. You can opt out of GA tracking entirely by installing Google's Google Analytics Opt-out Browser Add-on, by enabling your browser's "Do Not Track" or "Global Privacy Control" signal, or by blocking the googletagmanager.com domain in your browser / ad-blocker.

Beyond Google Analytics described above, we do not run third-party advertising trackers or Meta Pixel, and we do not sell your information to anyone.

How we use it

  • To respond to your inquiry and follow up about your project.
  • To send a vCard, calendar invite, proposal, or invoice.
  • To process payments and maintain accounting records.
  • To send newsletters to people who have explicitly opted in.
  • To understand which marketing channels work, in aggregate (e.g. "the Akron event sent us 12 inquiries").
  • To keep the site secure, debug issues, and prevent abuse.
  • To meet our tax, accounting, and other legal obligations.

Service providers

We use a small number of vendors to run the business. They process data on our behalf under their own privacy policies and are not allowed to use it for their own purposes:

  • Hosting & infrastructure — a US-based cloud provider hosts the website and any application data.
  • Calendar booking — Cal.com or Calendly for scheduled calls.
  • Payments — Stripe (or a comparable PCI-compliant processor).
  • Email & newsletter delivery — Maileroo, a US-based transactional-email provider. They process delivery on our behalf; the subscriber list itself stays on our server.

We may also disclose information when required by law (subpoena, court order) or to protect the rights, property, or safety of Xeptix Labs, our clients, or others.

Where data is stored

Inquiry, project, and customer data is stored on US-based servers. If you contact us from outside the United States — including the EU and UK — your information will be transferred to and processed in the US. We rely on standard contractual safeguards where required by law.

How long we keep it

We keep contact, project, and customer records indefinitely until you ask us to delete them, so we can answer follow-up questions, support past clients, and maintain reference and warranty records. You can ask us to delete your data at any time and we will, except where we are legally required to retain certain records (typically tax and accounting records for up to 7 years).

Cookies & local storage

This site uses minimal cookies and browser storage. The site itself sets only what's needed to remember your theme and preference choices, plus operational cookies for the contact form's bot challenge.

Google Analytics sets first-party cookies on pages where it is loaded — typically _ga (a Google- assigned client identifier) and one or more _ga_<PROPERTY-ID> cookies that hold session state. These cookies have a default lifetime of up to 2 years. They are used solely to support GA's aggregate page-view and source reporting; we do not use them for advertising. See the Google Analytics bullet above for how to opt out.

Embedded scheduling widgets (Cal.com / Calendly) and payment flows (Stripe) may set their own cookies governed by their own policies. We do not set any other third-party advertising or behavioral-tracking cookies.

Your rights

Regardless of where you live, you can ask us:

  • What information we have on file about you.
  • To correct anything that's inaccurate.
  • To delete your information (subject to legitimate retention needs above).
  • To opt out of marketing email — every newsletter has a one-click unsubscribe.

If you live in California: the CCPA/CPRA gives you these rights plus the right to know what categories of personal information we collect and the right not to be discriminated against for exercising your rights. We do not sell or share personal information for cross-context behavioral advertising.

If you live in the EU, UK, or another GDPR-equivalent region: you also have the right to data portability, the right to object to processing, and the right to lodge a complaint with your local data protection authority. Our lawful basis is generally your consent (newsletter), contract performance (project work), or our legitimate interest (responding to inquiries, securing the site).

Email [email protected] with any of these requests and we'll respond within a reasonable time, typically within 30 days.

Security

We use HTTPS for all site traffic, store data on hardened US-based servers, limit access to people who need it, and review our security posture regularly. We build with a security-first mindset and treat client data the way we'd want our own treated. No system is perfectly secure, but if a breach affecting your data ever occurs we will notify you and the relevant authorities as required by law.

Changes

If we update this policy in a meaningful way, we'll bump the "last updated" date above. Material changes will be noted on the homepage and, where appropriate, emailed to people on our newsletter list.

Contact

Questions or concerns? Email [email protected], or write to us at:

Xeptix Labs LLC
6545 Market Ave. North, Suite 100
Canton, OH 44721-2430

Back to home