Careers|Client Portal|Submit RFP

Legal

Privacy Policy

Last updated: May 15, 2026 · Effective: May 15, 2026

1. Introduction

Best Practicify ("we", "us", or "our") provides advisory services and the website at bestpracticify.co (the "Site"). This Privacy Policy explains how we collect, use, share, and protect your personal information when you visit the Site, fill out a form, download a resource, subscribe to our newsletter, engage with our chat widget, or otherwise interact with us through the Site.

We are committed to handling your information responsibly and in compliance with applicable privacy laws, including the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), the European Union General Data Protection Regulation (GDPR), and the UK GDPR. If you do not agree with the practices described in this policy, please do not use the Site.

2. Information We Collect

2.1 Information You Provide Directly

When you fill out a form on the Site, you may provide information including your name, business email address, company name, company size or revenue range, phone number, area of service interest, and any message or context you choose to share. When you apply for a role through our careers email, you provide a resume and any additional information you include.

2.2 Information Collected Automatically

When you visit the Site, our hosting provider and analytics tools automatically log certain information about your visit — including IP address, browser type and version, device type, referring URL, pages viewed, and approximate geolocation derived from IP. We use this information to operate the Site, measure performance, prevent fraud, and improve the user experience.

2.3 Cookies and Similar Technologies

The Site uses cookies and similar technologies. You can review the specific cookies we use, their purposes, and how to control them in our Cookie Policy. You can manage your cookie preferences at any time using the "Cookie Preferences" link in the Site footer.

2.4 Information from Third Parties

We may receive information about you from third parties such as technology partners (when a referral comes through a partner listing), social media platforms (when you engage with our content on LinkedIn, X, or Facebook), and from publicly available business databases used in our prospect research process.

3. How We Use Your Information

We use the information we collect for the following purposes:

  • To respond to inquiries, provide requested information, and engage with prospects
  • To deliver gated resources you have requested (PDFs, guides, worksheets)
  • To deliver newsletter content you have subscribed to
  • To process service engagements and invoice clients
  • To improve the Site, our content, and our service delivery
  • To protect the Site against fraud, abuse, and security threats
  • To comply with our legal obligations
  • For aggregated analytics and business reporting (using non-identifying data)

4. Legal Bases for Processing (GDPR)

If you are located in the European Economic Area, the United Kingdom, or Switzerland, we process your personal information on the following legal bases:

  • Consent — for newsletter subscriptions, optional cookies, and chat widget use. You may withdraw consent at any time.
  • Contract — to provide services you have requested or to take pre-contractual steps at your request.
  • Legitimate interest — to operate the Site, prevent fraud, respond to inquiries, and conduct ordinary business activities, where our interests are not overridden by your rights.
  • Legal obligation — to comply with tax, financial reporting, or other legal requirements applicable to our business.

5. How We Share Your Information

We do not sell your personal information. We share information only with the following categories of recipients:

5.1 Service Providers

We use carefully selected third-party service providers to operate the Site and deliver services. These providers process your information on our behalf under written agreements that require them to maintain confidentiality and security. Current providers include:

  • Vercel (website hosting and analytics) — United States
  • Supabase (database hosting) — United States
  • Sanity (content management system) — United States
  • Resend (transactional email delivery) — United States
  • Mailchimp (newsletter delivery) — United States
  • Stripe (payment processing for clients) — United States
  • Chatbase (AI chat widget) — United States
  • Google (reCAPTCHA security, optional Analytics) — United States

5.2 Legal and Safety Disclosures

We may disclose information when required by law, subpoena, court order, or other legal process, or to protect the rights, property, or safety of Best Practicify, our clients, our users, or others.

5.3 Business Transfers

If we are involved in a merger, acquisition, financing, or sale of business assets, your information may be transferred as part of that transaction. We will notify you before your information becomes subject to a different privacy policy.

6. Data Retention

We retain personal information only for as long as necessary to fulfill the purposes described in this policy or as required by law. Specifically:

  • Lead inquiries: 36 months from last interaction, or until you request deletion.
  • Newsletter subscribers: until you unsubscribe.
  • Client engagement records: 7 years to comply with financial recordkeeping obligations.
  • Resume submissions: 24 months from receipt, unless you request earlier deletion.
  • Analytics logs: 14 months in aggregated, non-identifying form.

7. Your Privacy Rights

7.1 Rights Under GDPR (EU/UK Residents)

If you are a resident of the European Economic Area or the United Kingdom, you have the following rights regarding your personal information:

  • The right of access — to obtain a copy of your information
  • The right to rectification — to correct inaccurate information
  • The right to erasure ("right to be forgotten") — to request deletion
  • The right to restrict processing — to limit how we use your data
  • The right to data portability — to receive your data in a portable format
  • The right to object to processing based on legitimate interest
  • The right to withdraw consent — where consent was the legal basis
  • The right to lodge a complaint with your local data protection authority

7.2 Rights Under CCPA (California Residents)

If you are a California resident, you have the following rights:

  • The right to know what personal information we collect, use, and share
  • The right to delete personal information we hold about you
  • The right to correct inaccurate personal information
  • The right to opt out of the sale or sharing of personal information (we do not sell personal information)
  • The right to limit the use of sensitive personal information
  • The right to non-discrimination for exercising your privacy rights

7.3 How to Exercise Your Rights

To exercise any of the rights above, email privacy@bestpracticify.co with your request. We will verify your identity and respond within the timeframes required by applicable law (30 days under GDPR; 45 days under CCPA, extendable by 45 days where reasonably necessary).

8. International Data Transfers

Best Practicify is based in the United States and our service providers process data primarily in the United States. If you access the Site from outside the United States, your information will be transferred to and processed in the United States. Where required, we rely on Standard Contractual Clauses adopted by the European Commission and equivalent UK Data Transfer Agreements to provide appropriate safeguards for these transfers.

9. Security

We implement reasonable administrative, technical, and physical safeguards designed to protect personal information against unauthorized access, loss, misuse, or alteration. These measures include encrypted data storage, encrypted data transmission, access controls based on role and least-privilege, and security monitoring through our infrastructure providers. No transmission over the internet or method of electronic storage is completely secure, so we cannot guarantee absolute security.

10. Children's Privacy

The Site is intended for business professionals and is not directed to children under the age of 16. We do not knowingly collect personal information from children. If you believe a child has provided personal information to us, please contact us immediately and we will take steps to delete it.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date at the top of this page and, where required by law, provide additional notice. We encourage you to review this policy periodically.

12. Contact Us

For questions about this Privacy Policy or our privacy practices, or to exercise your rights, contact us at:

Best Practicify
Email: privacy@bestpracticify.co
California, United States