Legal

Privacy Policy

Effective Date: April 9, 2026 · Last Updated: April 9, 2026

1. Introduction and Scope

Iron Automations ("Iron Automations," "we," "us," or "our") is a marketing technology company that provides lead generation funnels, customer relationship management tools, and advertising services to small home service businesses such as landscaping companies, plumbers, electricians, roofers, and HVAC contractors (our "Clients"). This Privacy Policy explains how we collect, use, share, and protect personal information when you:

Visit our corporate website at ironautomations.com (the "Site");
Submit a contact or inquiry form on the Site;
Engage with us as a prospective or existing Client of our services;
Communicate with us by email, phone, text message, or through any other channel;
Interact with any marketing materials, advertisements, or campaigns we produce.

This Privacy Policy applies to personal information we collect in our capacity as a data controller — that is, where Iron Automations determines the purposes and means of processing your information.

Important: Iron Automations also operates lead generation funnels on behalf of our Clients (for example, a quiz funnel that collects lead information for a landscaping business). When you submit information through one of those Client-branded funnels, the Client is the primary data controller of your information, and their own privacy policy governs how your data is handled. Iron Automations acts as a data processor for the Client in those scenarios. If you submitted a form on a Client's branded funnel (for example, go.clientdomain.com), please consult that specific funnel's privacy policy, which is linked in the footer of that funnel.

2. Who We Are

Iron Automations
Email: hello@ironautomations.com
Website: https://ironautomations.com

For all privacy-related inquiries, rights requests, and data access or deletion requests, please email hello@ironautomations.com with the subject line "Privacy Request."

3. Information We Collect

We collect personal information in three ways: information you provide to us directly, information we collect automatically when you interact with our Site and services, and information we receive from third parties.

3.1 Information You Provide Directly

When you contact us, sign up for our services, or communicate with us, we may collect:

Contact information: full name, email address, phone number, business name, business address, and job title or role.
Account information: username, password, and security questions for any account you create on our platform.
Business information: details about your company, services offered, service area, customer volume, marketing history, and goals you hope to achieve by working with us.
Payment information: billing name, billing address, and the last four digits of your payment card. We do not store full payment card numbers. All payment processing is handled by a third-party payment processor (Stripe), and their handling of your full payment information is governed by Stripe's privacy policy.
Communications: the content of emails, text messages, phone calls, support tickets, survey responses, and any other direct communications you have with us.
Marketing preferences: your preferences for receiving marketing communications by email, text message, or phone.

3.2 Information We Collect Automatically

When you visit our Site or use our services, we and our service providers automatically collect:

Device and technical information: your IP address, browser type and version, operating system, device type, device identifiers, screen resolution, language preference, and time zone.
Usage information: pages you view on our Site, the date and time of your visit, the URL of the page that referred you to our Site, the links you click, the searches you perform, and how long you spend on each page.
Cookies and similar technologies: we use cookies, web beacons, pixels, local storage, and similar technologies to collect information about your interactions with our Site and advertisements. See Section 7 ("Cookies and Tracking Technologies") for details.
Log data: server logs that record information about how our Site and services are used, including timestamps, error messages, and diagnostic data.
Geolocation information: approximate location derived from your IP address. We do not collect precise GPS location from your device.

3.3 Information from Third Parties

We may receive personal information about you from third parties, including:

Advertising partners: Meta (Facebook and Instagram), Google, and other advertising platforms may share information with us about how you interacted with our advertisements, including whether you clicked an ad and what actions you took afterwards.
Analytics providers: Google Analytics, Meta Pixel, and other analytics services share aggregated and event-level data about how visitors use our Site.
Public sources: business directories, social media profiles, and other publicly available sources for the purpose of prospecting and business development.
Referrals: if a current Client or partner refers you to us, they may share your name, business name, and contact information.
Service providers: our own service providers (CRM, email marketing, payment processors) may share information with us as described in Section 6.

4. How We Use Your Information

We use the personal information we collect for the following purposes:

4.1 To Provide and Maintain Our Services

Create and manage your account;
Deliver the lead generation, advertising, and CRM services you purchased from us;
Communicate with you about your account, billing, and service performance;
Provide customer support and respond to your inquiries;
Build, host, and maintain the funnels, landing pages, and advertising campaigns we operate on your behalf.

4.2 To Communicate with You

Send you transactional messages about your account, service updates, outages, billing, and security (these communications are required for us to provide the service and cannot be opted out of while you remain a Client);
Send you marketing communications about new features, services, events, case studies, and promotions (you may opt out of marketing communications at any time);
Respond to your questions, requests, and feedback;
Send you notifications about leads generated for your business, performance reports, and campaign updates.

4.3 To Improve and Develop Our Services

Analyze how Clients and prospective Clients use our Site and services;
Conduct research, testing, and product development;
Measure the effectiveness of our advertising and marketing campaigns;
Diagnose and fix technical problems;
Train and improve the machine learning and automation systems we use to deliver our services.

4.4 To Market and Advertise

Deliver targeted advertisements to you on Meta (Facebook and Instagram), Google, and other advertising platforms;
Measure the performance of our advertising campaigns and optimize them for better results;
Retarget Site visitors who did not convert on their first visit;
Build lookalike audiences of people similar to our best Clients;
Create custom audiences for retargeting and expansion campaigns.

4.5 To Protect Our Rights and Comply with Legal Obligations

Detect, investigate, and prevent fraud, unauthorized access, abuse, and security threats;
Enforce our Terms of Service and other agreements;
Comply with applicable laws, regulations, legal processes, and government requests;
Protect the rights, property, and safety of Iron Automations, our Clients, our employees, and the public.

4.6 With Your Consent

We may use your information for other purposes that you specifically consent to at the time of collection.

5. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, we process your personal information on the following legal bases under the General Data Protection Regulation (GDPR) and the UK GDPR:

Performance of a contract: when processing is necessary to provide you with the services you have requested or to take steps at your request before entering into a contract (for example, processing your account information to deliver our services to you).
Legitimate interests: when processing is necessary for our legitimate business interests and those interests are not overridden by your fundamental rights and freedoms (for example, using analytics to improve our Site, fraud prevention, direct marketing to existing customers, and communicating with you about our services).
Consent: when you have given us specific, informed, and unambiguous consent to process your information (for example, signing up for our marketing email list or consenting to non-essential cookies). You may withdraw your consent at any time.
Legal obligation: when processing is necessary to comply with a legal obligation we are subject to (for example, responding to a lawful request from law enforcement or maintaining tax records).

If you have questions about the legal basis for any specific processing activity, please contact us at hello@ironautomations.com.

6. How We Share Your Information

We do not sell your personal information to third parties in the traditional sense of the word. However, we do share personal information with the following categories of recipients:

6.1 Service Providers (Sub-Processors)

We share information with third-party service providers that perform services on our behalf. These providers are contractually obligated to use your information only to provide the services we have requested and to implement appropriate security measures. Our current sub-processors include:

Category	Provider	Purpose
CRM and marketing automation	GoHighLevel (HighLevel, Inc.)	Customer relationship management, email and SMS delivery, workflow automation
Advertising platform	Meta Platforms, Inc. (Facebook, Instagram)	Advertising delivery, conversion tracking (Meta Pixel and Conversions API), audience building
Advertising platform	Google LLC	Advertising delivery, analytics, conversion tracking
SMS delivery	Signal House	A2P 10DLC SMS messaging infrastructure
Database and storage	Supabase (self-hosted on Hetzner Cloud)	Primary data storage for our platform
Hosting infrastructure	Hetzner Online GmbH	Virtual private servers and network infrastructure
Content delivery and DNS	Cloudflare, Inc.	DNS management, content delivery network, DDoS protection, TLS certificates
Workflow automation	n8n (self-hosted on Hetzner Cloud)	Automation workflows between services
Payment processing	Stripe, Inc.	Processing of subscription and one-time payments
Email delivery (transactional)	Google Workspace (Gmail)	Transactional and support email delivery
Team chat and notifications	Mattermost (self-hosted)	Internal team notifications about Client events
Fulfillment integration (optional)	Jobber (Octopii Inc.)	When a Client uses Jobber for service delivery, we may sync lead data to their Jobber account via the Jobber API

This list may change from time to time as we add, replace, or discontinue service providers. We will update this Privacy Policy to reflect material changes.

6.2 Our Clients

If you submit information through a lead generation funnel we operate on behalf of a specific Iron Automations Client (for example, a landscaping company), your information will be shared with that Client so they can follow up with you regarding the services you requested. In those scenarios, the Client is the primary data controller of your information, and their own privacy policy governs how they handle it.

6.3 Legal and Safety

We may disclose your information to government authorities, courts, law enforcement agencies, and other third parties when we believe in good faith that disclosure is necessary to:

Comply with applicable laws, regulations, legal processes, or government requests;
Respond to subpoenas, court orders, or other lawful requests;
Enforce our Terms of Service or other agreements;
Protect the rights, property, or safety of Iron Automations, our Clients, our employees, or the public;
Detect, prevent, or address fraud, security, or technical issues;
Protect against legal liability.

6.4 Business Transfers

If Iron Automations is involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of all or a portion of our assets, your information may be transferred to the acquiring entity as part of that transaction. We will notify you of any such change in ownership or control of your personal information, and any new owner will be subject to the terms of this Privacy Policy (or a successor policy).

6.5 With Your Consent

We may share your information with other third parties when you specifically consent to the sharing at the time of collection.

6.6 Aggregated and De-Identified Information

We may share aggregated, anonymized, or de-identified information that cannot reasonably be used to identify you for any purpose, including research, benchmarking, marketing, and analytics.

7. Cookies and Tracking Technologies

7.1 What Are Cookies?

Cookies are small text files that a website places on your device when you visit. They allow the website to recognize your device and remember information about your visit (such as your preferences or login status). We also use similar technologies including web beacons, pixels, local storage, and device fingerprinting techniques.

7.2 Types of Cookies We Use

Strictly necessary cookies: required for the Site to function properly. These include cookies that maintain your session, load balance traffic, and protect against fraud. You cannot opt out of these cookies while using our Site.
Functional cookies: remember your preferences and settings to provide a more personalized experience (for example, remembering your preferred language).
Analytics cookies: help us understand how visitors use our Site by collecting anonymized information about page views, session duration, bounce rate, and traffic sources. We use Google Analytics and Meta Pixel for this purpose.
Advertising cookies: used by our advertising partners to deliver targeted advertisements to you on other websites and apps. These include Meta Pixel (Facebook/Instagram) and Google Ads conversion tracking.

7.3 Managing Cookies

Most web browsers accept cookies by default. You can configure your browser to refuse cookies or alert you when cookies are being sent. However, disabling cookies may affect the functionality of our Site. You can also use browser extensions and privacy tools to block specific cookies or trackers. For more information about cookies and how to manage them, visit https://www.allaboutcookies.org.

To opt out of targeted advertising cookies from specific providers:

Meta (Facebook/Instagram): visit https://www.facebook.com/settings?tab=ads
Google Ads: visit https://adssettings.google.com
Industry opt-out: visit https://optout.aboutads.info or https://www.networkadvertising.org/choices

8. Meta Pixel and Conversions API

We use the Meta Pixel (a snippet of JavaScript code) and the Meta Conversions API (a server-to-server integration) to track conversions from our advertisements, optimize ad delivery, and build remarketing audiences. When you visit our Site, the Meta Pixel collects information such as the pages you viewed, buttons you clicked, and forms you submitted. This information is sent to Meta and associated with your Meta account (if you have one) for advertising purposes.

The Meta Conversions API sends the same information from our servers directly to Meta, allowing us to track conversions even when cookies are blocked or restricted. Before sending personal information (such as email addresses or phone numbers) to Meta via the Conversions API, we hash the information using SHA-256 encryption, which is a one-way cryptographic function. Meta uses the hashed information to match your activity to a Meta user profile if one exists, without exposing the raw personal information.

Meta's handling of your information is governed by Meta's own Privacy Policy, which is available at https://www.facebook.com/privacy/policy.

You can opt out of Meta's use of your information for advertising by adjusting your ad preferences in your Facebook or Instagram account settings, or by visiting https://www.facebook.com/settings?tab=ads.

9. SMS and Text Message Communications

If you provide us with your mobile phone number and consent to receive text messages from Iron Automations, you agree to the following:

Message content: we may send you text messages related to your account, service updates, billing, appointment reminders, marketing offers, and other business communications.
Message frequency: message frequency varies based on your account activity and communication preferences. We will not send more than a reasonable number of messages per week.
Message and data rates: standard message and data rates may apply based on your mobile carrier plan. We are not responsible for any charges you incur from your mobile carrier as a result of receiving our messages.
Opt-out: you can opt out of receiving text messages at any time by replying STOP to any message you receive from us. After opting out, you will receive one final confirmation message, and we will cease sending you marketing or promotional messages.
Help: reply HELP to any message to receive information about how to contact us.
Carriers not liable: your mobile carrier is not liable for delayed or undelivered messages.
No sharing of phone numbers: we do not share, sell, or rent your phone number to third parties for marketing purposes. Your phone number is used only by Iron Automations and our authorized sub-processors for the purposes described in this Privacy Policy.
Consent is not a condition of purchase: you are not required to consent to receive text messages as a condition of purchasing any goods or services from us.

Iron Automations maintains A2P 10DLC brand and campaign registration with The Campaign Registry to ensure compliance with mobile carrier requirements for business-to-consumer text messaging.

10. Email Communications

If you provide us with your email address, we may send you emails related to your account, service updates, billing, support, and marketing.

Every marketing email we send includes a clear and conspicuous unsubscribe link that allows you to opt out of future marketing emails. We honor opt-out requests within ten (10) business days as required by the CAN-SPAM Act. Transactional emails (such as billing receipts, security alerts, and service notifications) are required for us to provide our services to you and cannot be opted out of while you remain a Client.

11. Data Retention

We retain your personal information for as long as necessary to provide you with our services, comply with our legal obligations, resolve disputes, and enforce our agreements. Specific retention periods depend on the type of information and the purpose for which it was collected:

Account information: retained for the duration of your account plus seven (7) years after account closure to comply with tax, accounting, and legal retention obligations.
Transactional records (invoices, receipts, payment history): retained for seven (7) years to comply with tax and accounting obligations.
Marketing communications history: retained for three (3) years after your last interaction with us unless you opt out or request deletion earlier.
Support and communication records: retained for three (3) years after the communication to help us improve our services and respond to disputes.
Analytics and usage data: retained in aggregated or anonymized form for up to twenty-six (26) months, which is the default retention period in Google Analytics.
Cookies: retained for the period specified in the cookie itself, which varies by cookie (ranging from a single session to several years).

After the applicable retention period expires, we either delete or anonymize your personal information. If deletion is not technically feasible (for example, because the information is stored in backups), we will isolate the information and prevent any further processing until deletion is possible.

12. Data Security

We implement appropriate technical and organizational security measures to protect your personal information against unauthorized access, alteration, disclosure, and destruction. Our security measures include:

Encryption of data in transit using TLS 1.2 or higher;
Encryption of data at rest for sensitive information in our databases;
Access controls, authentication requirements, and principle of least privilege for our employees and contractors;
Regular security audits, vulnerability assessments, and penetration testing;
Secure software development practices, code reviews, and dependency scanning;
Firewalls, intrusion detection systems, and network segmentation;
Regular security training for our team;
Incident response procedures.

Despite our efforts, no security measure is perfect or impenetrable, and no method of data transmission or storage is 100% secure. If we become aware of a breach that affects your personal information, we will notify you and the applicable regulatory authorities as required by law.

13. International Data Transfers

Iron Automations is based in the United States. If you are located outside the United States, please be aware that the personal information you provide to us will be transferred to, stored in, and processed in the United States, where our servers are located and our central business operations are conducted. By using our Site or services, you consent to this transfer.

For users located in the European Economic Area (EEA), the United Kingdom, or Switzerland: the United States is not currently recognized by the European Commission as providing an adequate level of data protection. When we transfer your personal information from the EEA, UK, or Switzerland to the United States, we rely on appropriate safeguards to protect your information, including the Standard Contractual Clauses (SCCs) approved by the European Commission. You may request a copy of these safeguards by contacting us at hello@ironautomations.com.

14. Your Rights and Choices

14.1 General Rights

Depending on your location and applicable law, you may have some or all of the following rights with respect to your personal information:

Right to access: request a copy of the personal information we hold about you;
Right to correction: request that we correct inaccurate or incomplete information;
Right to deletion: request that we delete your personal information, subject to certain exceptions;
Right to portability: request that we provide your information in a structured, commonly used, and machine-readable format;
Right to restrict processing: request that we limit how we process your information;
Right to object: object to certain types of processing, including direct marketing;
Right to withdraw consent: withdraw your consent for processing that is based on consent (withdrawal does not affect the lawfulness of processing based on consent before withdrawal);
Right to opt out of marketing: opt out of receiving marketing communications from us at any time.

To exercise any of these rights, please email hello@ironautomations.com with the subject line "Privacy Request" and describe what you would like us to do. We will respond to your request within thirty (30) days (or within the timeframe required by applicable law, whichever is shorter). We may need to verify your identity before fulfilling your request to ensure we are not disclosing your information to someone else.

14.2 Right to Lodge a Complaint

If you believe we have violated your privacy rights, you have the right to lodge a complaint with the applicable data protection authority in your jurisdiction. We encourage you to contact us first at hello@ironautomations.com so we can try to resolve your concerns directly.

15. GDPR Rights (EU, UK, and Swiss Residents)

If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, you have the following additional rights under the General Data Protection Regulation (GDPR) and the UK GDPR:

Right of access (Article 15 GDPR): obtain confirmation of whether we process your personal data and, if so, receive a copy of the data and information about how it is processed.
Right to rectification (Article 16 GDPR): have inaccurate personal data corrected and incomplete data completed.
Right to erasure / right to be forgotten (Article 17 GDPR): have your personal data erased under certain conditions.
Right to restriction of processing (Article 18 GDPR): have processing restricted under certain conditions.
Right to data portability (Article 20 GDPR): receive your personal data in a structured, commonly used, machine-readable format and transmit it to another controller.
Right to object (Article 21 GDPR): object to processing based on legitimate interests or direct marketing.
Rights related to automated decision-making and profiling (Article 22 GDPR): not be subject to a decision based solely on automated processing that produces legal or similarly significant effects on you.
Right to withdraw consent (Article 7 GDPR): withdraw consent at any time where processing is based on consent.
Right to lodge a complaint (Article 77 GDPR): lodge a complaint with your local supervisory authority.

To exercise any GDPR right, contact us at hello@ironautomations.com.

16. California Privacy Rights (CCPA and CPRA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):

Right to know: request that we disclose the categories of personal information we have collected about you, the categories of sources, the business or commercial purpose for collecting the information, the categories of third parties with whom we share the information, and the specific pieces of personal information we have collected.
Right to delete: request that we delete personal information we have collected from you, subject to certain exceptions.
Right to correct: request that we correct inaccurate personal information we have about you.
Right to opt out of sale or sharing: opt out of the sale or sharing of your personal information. Iron Automations does not sell personal information for monetary consideration. However, some of our advertising partners' use of cookies and pixels may be considered "sharing" for cross-context behavioral advertising under the CPRA. You can opt out of this sharing by adjusting your cookie preferences or by contacting us at hello@ironautomations.com.
Right to limit use and disclosure of sensitive personal information: we do not knowingly collect sensitive personal information as defined by the CPRA for purposes beyond what is necessary to provide our services.
Right to non-discrimination: we will not discriminate against you for exercising your CCPA/CPRA rights. We will not deny you goods or services, charge different prices, or provide a different level or quality of service because you exercised your rights.

16.1 Categories of Personal Information Collected (CCPA Disclosure)

In the past twelve months, we have collected the following categories of personal information about California residents:

Identifiers (name, email, phone, IP address, account identifiers);
Customer records (billing information, payment card last four digits);
Commercial information (records of services purchased, payment history);
Internet or network activity (browsing history on our Site, interactions with ads);
Geolocation data (approximate location from IP address);
Professional or employment-related information (job title, business name);
Inferences drawn from the above (preferences, characteristics, predispositions);
Audio and electronic information (recordings of customer service calls where permitted by law, the content of emails and text messages).

We collect these categories of personal information from the sources described in Section 3 and use them for the purposes described in Section 4.

16.2 How to Exercise Your California Rights

To exercise your California privacy rights, email hello@ironautomations.com with the subject line "California Privacy Request" and describe what you would like us to do. We will respond within forty-five (45) days of receiving your request, with an additional forty-five (45) day extension if reasonably necessary. We may need to verify your identity before fulfilling your request.

You may also designate an authorized agent to make a request on your behalf. The authorized agent must provide written proof of authorization signed by you.

17. Children's Privacy

Our Site and services are not directed to children under the age of sixteen (16), and we do not knowingly collect personal information from children under sixteen. If you are under sixteen, please do not submit any personal information through our Site. If we learn that we have collected personal information from a child under sixteen without verifiable parental consent, we will delete that information as soon as possible. If you believe we might have any information from or about a child under sixteen, please contact us at hello@ironautomations.com.

18. Third-Party Links and Services

Our Site and marketing materials may contain links to third-party websites, applications, and services that are not operated or controlled by Iron Automations. This Privacy Policy does not apply to those third parties, and we are not responsible for their privacy practices. We encourage you to review the privacy policies of any third-party websites or services you visit.

19. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes, we will notify you by:

Posting the updated policy on this page with a new "Last Updated" date;
Sending an email to the email address associated with your account (for material changes);
Displaying a prominent notice on our Site (for material changes).

Your continued use of our Site or services after the updated Privacy Policy takes effect constitutes your acceptance of the changes. We encourage you to review this Privacy Policy periodically.

20. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our handling of your personal information, please contact us:

Iron Automations
Email: hello@ironautomations.com
Subject line: Privacy Request
Website: https://ironautomations.com

We will do our best to respond to your inquiry within thirty (30) days or within the timeframe required by applicable law, whichever is shorter.