Legal

Privacy Policy

How we collect, use, and protect your personal data. This policy is GDPR-compliant and applies to all visitors regardless of location.

Last updated: 26 April 2026 · Effective: 26 April 2026

1. Who We Are

This site (solutions4sf.com) is operated by Serhii Skrypnyk, a sole proprietor providing RevOps consulting services.

Contact for privacy matters:
Email: [email protected]
Operating remotely / Worldwide

2. What Data We Collect

2.1 Data You Provide Directly

When you book a consultation through Calendly or contact us by email, we collect:

  • Name (so we know who we're meeting)
  • Email address (to confirm the meeting and follow up)
  • Company name (optional, helps us understand context)
  • Message content (anything you write to us)
  • Calendar availability data (only when you book a slot)

2.2 Data Collected Automatically

When you visit this site, our analytics system collects:

  • Pages visited and time spent
  • Browser type and operating system
  • Approximate location (city/country) based on IP address
  • Referring website (if any)
  • Device type (desktop/mobile)

We do not collect: full IP addresses (anonymized), specific home addresses, financial data, government IDs, or any data unrelated to website visits.

2.3 Cookies

We use cookies for two purposes:

  • Essential cookies (always on): Required for the site to function. These cannot be disabled.
  • Analytics cookies (require your consent): Help us understand which pages are useful. You can accept or reject these via the cookie banner on first visit.

Calendly may set its own cookies when you interact with the booking widget. See Calendly's Privacy Notice for details.

3. Why We Collect This Data (Legal Basis)

Under GDPR, every collection of personal data must have a legal basis. We rely on:

  • Consent (Article 6(1)(a)): For analytics cookies. You can withdraw consent at any time.
  • Contract (Article 6(1)(b)): When you book a consultation, we process your data to fulfill the meeting.
  • Legitimate interest (Article 6(1)(f)): To respond to your direct emails and prevent fraud or abuse.

4. How We Use Your Data

Specifically, we use your data to:

  • Schedule and conduct consultation calls
  • Reply to your emails
  • Send service-related information (only if you actively request it)
  • Improve site content based on which pages are most useful
  • Detect and prevent abuse or technical issues

We do not:

  • Sell your data to third parties
  • Send unsolicited marketing emails (spam)
  • Share your data with advertising networks
  • Use your data to train AI models
  • Profile you for automated decision-making

5. Our Sub-Processors (Who We Share Data With)

We share limited data only with these sub-processors (third-party services that help us operate). Each is contractually bound to handle data only for the purposes listed below.

Service Purpose Location Safeguards
Bluehost Website hosting USA SCCs / DPF
Cloudflare CDN, DDoS protection, performance USA / EU edge SCCs / DPF
Calendly Meeting scheduling USA SCCs / DPF
Google (Gmail / Workspace) Email, document collaboration USA / EU SCCs / DPF
Google Analytics 4 Site usage analytics (only with your consent) USA / EU SCCs / DPF, IP anonymization

International transfers: Some sub-processors are based in the USA. Data transfers to the USA are protected under the EU-US Data Privacy Framework (DPF) and/or Standard Contractual Clauses (SCCs) adopted by the European Commission. Cloudflare and Google have certified to the EU-US Data Privacy Framework.

Notification of changes: If we add or change a sub-processor, we will update this list and (for active engagements) notify clients with at least 30 days' notice. Clients with active engagements can object on reasonable data protection grounds.

For B2B clients (DPA-related processing): If we process Personal Data on your behalf as part of an engagement (Pardot/Salesforce work), additional sub-processor obligations apply under our Data Processing Addendum (DPA).

6. How Long We Keep Your Data

  • Email correspondence: Up to 3 years after last contact, then deleted.
  • Calendly meeting records: Per Calendly's retention policy (typically 30 days after the meeting).
  • Analytics data: Aggregated and anonymized after 14 months.
  • Active client data: Retained for the duration of our service contract plus 7 years (legal/tax requirement).

7. Your Rights Under GDPR

If you are in the EU, UK, or other GDPR-equivalent jurisdiction, you have the right to:

  • Access — Request a copy of all data we hold about you
  • Rectification — Correct any inaccurate data
  • Erasure ("right to be forgotten") — Request deletion of your data
  • Restriction — Limit how we process your data
  • Portability — Receive your data in a machine-readable format
  • Objection — Object to processing based on legitimate interests
  • Withdraw consent — Stop analytics tracking at any time

To exercise any of these rights: Email [email protected] with subject "GDPR Request". We will respond within 30 days.

If you believe we have not handled your data correctly, you have the right to lodge a complaint with your local Data Protection Authority.

7.5 California Residents (CCPA/CPRA Rights)

If you are a California resident, you have additional privacy rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

  • Right to Know — what personal information we collect, why, and who we share it with;
  • Right to Delete — request deletion of your personal information;
  • Right to Correct — request correction of inaccurate information;
  • Right to Opt-Out — of any sale or sharing of your personal information (note: we do not sell personal information);
  • Right to Non-Discrimination — we will not penalize you for exercising your rights.

✓ We do not sell or share your personal information for cross-context behavioral advertising. We have not done so in the past 12 months and do not plan to.

For full details and how to exercise these rights, see our California Privacy Notice.

8. Data Security

We protect your data through:

  • HTTPS encryption on all pages (TLS 1.2+)
  • HSTS, Content Security Policy, and other 2026-grade security headers
  • Secure hosting infrastructure (Bluehost)
  • Two-factor authentication on all administrator accounts
  • Limited access — only the site owner has access to personal data

If a data breach occurs that affects your personal data, we will notify affected individuals within 72 hours, as required by GDPR.

9. Children's Privacy

Solutions4sf is a B2B service. We do not knowingly collect data from anyone under 18 years old. If we discover such data, we delete it immediately.

10. Changes to This Policy

We may update this Privacy Policy. The "Last updated" date at the top will reflect changes. Significant changes will be announced on our homepage. Continued use of the site after changes constitutes acceptance of the updated policy.

11. Contact

Questions about this policy or your data?

Serhii Skrypnyk
Email: [email protected]
LinkedIn: serhii-skrypnyk-salesforce