HazelDino

Privacy Policy

Privacy Policy

This policy explains what information we collect, how we use it, who we share it with, how we communicate with you across email/SMS/phone, and the rights you have over your data — in plain English, no legal fog.

Last updated: June 27, 2026Effective: June 27, 2026

1. Introduction

Hazel Dino (“we,” “us,” or “our”) operates this website and provides web development, AI automation, CRM, custom software, digital marketing, and related services to businesses in Canada, the United States, and beyond. This policy applies to anyone who visits our website, fills out a form, becomes a client, or otherwise interacts with us online.

We take privacy seriously and we keep this policy short, specific, and readable. Two important sections — Communication Consent and A2P SMS Terms — are included in this same document below. If anything is unclear, the fastest way to ask a question is the discovery form linked at the bottom of every page.

2. Information We Collect

Personal Information

When you fill out our discovery form, booking form, or contact us directly, we collect:

  • Your first and last name
  • Email address
  • Phone number
  • Business name (if you provide one)
  • Any message or project details you share
  • Your consent choices (Privacy, SMS, marketing)

Business Information

For active clients, we may also collect information needed to deliver services — for example, project goals, brand assets, login credentials for tools we are configuring on your behalf, billing details, and documents you upload to our shared workspace.

Technical Information

When you visit our website, we automatically collect standard technical data: IP address, browser type and version, device type, operating system, referring URL, pages visited, and time on each page. This information helps us keep the site fast, secure, and working properly.

Cookies and Tracking

We use a small number of cookies and tracking technologies to keep the site functional, measure performance, and improve marketing. See the Cookies & Analytics section below for the full list.

3. How We Use Your Information

We use the information we collect to:

  • Respond to your inquiry and follow up on discovery submissions
  • Add you to our CRM (GoHighLevel) so your discovery details are available when we speak
  • Send appointment confirmations, reminders, and project updates
  • Deliver the services you have hired us for
  • Send invoices, receipts, and other transactional messages
  • Send occasional marketing messages — only if you have explicitly opted in
  • Improve the website, measure performance, and fix bugs
  • Comply with our legal obligations under PIPEDA, GDPR, CCPA, CASL, A2P 10DLC, and other applicable laws

We do not use your information for automated decision-making that produces significant legal effects.

4. Sharing Information

We never sell your information. We share information only with vetted third-party service providers we use to deliver our services. Each provider only sees the information they need.

  • GoHighLevel — our CRM and communications platform (email, SMS, calendars, automations). Contact details and message history are stored here.
  • Twilio — sends SMS messages on our behalf. Only phone numbers and message content are shared.
  • Stripe — processes payments. Card and billing details are handled directly by Stripe under PCI-DSS compliance — we never see or store your full card number.
  • Google — Google Workspace for email/calendar and Google Analytics 4 for website analytics.
  • Cloudflare — DNS, security, and CDN. Standard request logs only.
  • OpenAI & Anthropic — language models we use to power AI features and automations we build for you. Data sent to these providers is not used to train their public models.
  • Meta — if we run ads for your business or use Meta Pixel on landing pages we build, anonymized event data may be shared.
  • Vercel, AWS, DigitalOcean — hosting providers for websites and applications we build.

We may also disclose information if required by law, court order, or legitimate government request, or to protect our rights or the safety of others.

5. Data Retention

We keep your information only as long as we need it for the purposes described above, or as required by law (typically up to 7 years for financial records under Canadian tax law). When you ask us to delete your data, we honor the request unless we are legally required to retain it.

  • Discovery form submissions: retained in our CRM while we may reasonably continue the conversation, generally up to 2 years from last contact.
  • Client records: retained for the duration of our engagement and 7 years afterward (financial and tax requirements).
  • Analytics data: retained per provider defaults (typically 14–26 months for Google Analytics 4).
  • Marketing list members: retained while you remain opted in; deleted promptly after unsubscribe.
  • SMS opt-in records: retained for the duration of your opt-in plus 4 years afterward for A2P 10DLC audit purposes.

6. Security

We protect your information with industry-standard safeguards: encrypted connections (HTTPS/TLS) everywhere, strong access controls, password managers and two-factor authentication on all admin accounts, and routine security reviews of the tools we use. No system is 100% secure, but we treat your data with the care we would want for our own.

7. Cookies & Analytics

We use the following:

  • Essential cookies — required for the site to function (for example, remembering your consent choices).
  • Google Analytics 4 — anonymized website usage data to measure performance and improve the site.
  • Meta Pixel — only loaded on specific landing pages where we run Meta ad campaigns; tracks conversion events.
  • GoHighLevel tracking pixels — used on funnels we build to attribute leads to source.

You can control cookies through your browser settings. Blocking all cookies may affect site functionality.

8. Your Rights

Canada (PIPEDA & CASL)

Under Canadian privacy law, you have the right to:

  • Know what personal information we hold about you
  • Access and request a copy of that information
  • Correct inaccurate or incomplete information
  • Withdraw consent at any time
  • Unsubscribe from marketing communications (CASL)
  • File a complaint with the Office of the Privacy Commissioner

European Union (GDPR)

If you are in the EU/EEA, you also have the right to data portability, erasure (“right to be forgotten”), restriction of processing, and to object to processing. Our lawful basis for processing is your consent (for marketing and SMS) or our legitimate interest and contractual necessity (for everything else).

California (CCPA / CPRA)

California residents have the right to know what personal information we collect, to access and delete it, to opt out of sale or sharing for cross-context behavioral advertising, and to be free from discrimination for exercising these rights. We do not sell personal information.

To exercise any of these rights, submit a request through our discovery form. We respond within 30 days.

9. Children's Privacy

Our services are designed for businesses and are not directed at children under 13. We do not knowingly collect personal information from anyone under 13. If you believe we have, contact us and we will delete the information immediately.

This section explains how we communicate with you, what consent applies to each channel, and how to opt out of any of them. We follow PIPEDA, CASL, A2P 10DLC, and Twilio's Messaging Policy so you stay in control.

Email

We send email for three reasons:

  • Transactional: responses to your inquiry, project updates, invoices, appointment confirmations. Sent whenever necessary to deliver the service you have asked for.
  • Service-related: updates about ongoing engagements, renewal reminders, security notices for tools we manage for you.
  • Marketing (opt-in only): tips, articles, announcements. Only sent if you explicitly opt in.

Every marketing email contains a one-click unsubscribe link. Transactional emails do not contain an unsubscribe link because they are required to deliver the service.

SMS

SMS is opt-in only, with separate consent for transactional and marketing messages. See the full A2P SMS Terms section below for verbatim opt-in language, STOP/HELP instructions, and message frequency.

Phone Calls

We may call you on the number you provide for project-related reasons — discovery calls, kickoff calls, project updates, and scheduled consultations. You can ask us to stop calling at any time and we will respect that immediately. We do not engage in cold-calling or telemarketing.

Voicemail

If we cannot reach you by phone, we may leave a brief voicemail with our name, the reason for the call, and a callback method. Voicemails are stored only as long as needed to confirm we reached out.

Appointment Reminders

If you book a consultation or discovery call with us, you will receive appointment reminders by email and, if you have opted in, by SMS. Standard reminders include an immediate confirmation when the booking is made, a reminder 24 hours before the appointment, and a reminder 1 hour before the appointment (SMS only). These are considered transactional — they are part of the service you booked.

Marketing Messages

Marketing messages — newsletters, promotional updates, special offers — are opt-in only and never required for any project or service. We do not send unsolicited commercial messages. All marketing complies with Canada's Anti-Spam Legislation (CASL) and U.S. CAN-SPAM requirements.

Transactional Notifications

Transactional notifications are messages required to deliver a service you have requested — receipts and invoices, project status updates, appointment confirmations and reminders, password resets, security alerts, and service-outage notifications. These messages are sent regardless of your marketing preferences and never contain promotional content.

Opt-Out Process

Opting out is fast and final:

  • Email: click the “Unsubscribe” link at the bottom of any marketing email. Removed within 10 business days (usually instantly).
  • SMS: reply STOP to any SMS message. Opt-out is immediate.
  • Phone calls: tell us during a call or send a message through the discovery form.
  • All channels: submit a request through our discovery form noting “Opt-out — all channels.”

Consent Withdrawal

Withdrawing consent for marketing communications does not affect our ability to deliver services you have actively engaged us for. We can still send transactional and service-related messages to active clients. If you withdraw consent and you are not an active client, we remove your contact details from active marketing lists.

11. A2P SMS Terms & Conditions

These terms govern our SMS messaging programs and are written for A2P 10DLC compliance and the Twilio Messaging Policy. Your phone number is treated as personal data and protected under the same rules as everything else in this Privacy Policy.

Program Overview

Hazel Dino operates two distinct SMS programs through GoHighLevel (powered by Twilio), each registered separately under A2P 10DLC. You can opt in to one, both, or neither — they are independent.

Transactional SMS Program

Required A2P opt-in language used at the point of consent:

By checking this box, I consent to receive transactional text messages from Hazel Dino related to my account or services I have requested. These messages may include appointment reminders, project updates, confirmations, website status notifications, invoices, and important service-related information. Message frequency may vary. Message & data rates may apply. Reply HELP for assistance or STOP to opt out.

Example transactional messages you may receive:

  • Booking and appointment confirmations
  • Appointment reminders (24 hours and 1 hour before)
  • Project status updates from your account manager
  • Invoice and payment receipts
  • Website or service outage notifications affecting your account
  • Quote delivery and follow-up

Marketing SMS Program

Required A2P opt-in language used at the point of consent:

By checking this box, I consent to receive marketing and promotional text messages from Hazel Dino including website design offers, development services, educational tips, announcements, and special promotions. Message frequency may vary. Message & data rates may apply. Reply HELP for assistance or STOP to opt out.

Marketing SMS is strictly opt-in and is never required to use our services or receive a transactional message.

SMS Opt-In

Both programs are opt-in only. You will only receive SMS messages after providing explicit consent through one of the following:

  • Checking the SMS consent box on our discovery form
  • Checking the SMS consent box on a website form
  • Checking the SMS consent box when booking an appointment
  • Replying to one of our SMS messages (treated as ongoing consent)
  • Explicitly requesting SMS in writing or during a call with our team

Each opt-in is logged with a timestamp and source. Consent for one program (transactional) does not imply consent to the other (marketing).

STOP Instructions

You can opt out of any of our SMS programs at any time. Reply STOP to any message we send and we will immediately stop sending SMS to that number for that program. You will receive one final confirmation message acknowledging the opt-out.

STOP works regardless of capitalization. UNSUBSCRIBE, CANCEL, END, and QUIT are treated the same. To opt out of both transactional and marketing SMS at once, reply STOP twice or contact us through the discovery form.

HELP Instructions

Reply HELP to any message and you will receive a short reply with: who we are, what the program is, the STOP instruction, and a link back to this page.

Message Frequency

Message frequency may vary depending on your engagement:

  • Transactional: as needed (typically 2–10 messages per month for active clients, fewer for prospects).
  • Marketing: no more than 2–4 messages per month.

Message and Data Rates

Message and data rates may apply. Your carrier may charge for sending and receiving text messages depending on your plan. Hazel Dino does not charge for SMS messages.

Supported Carriers

Our SMS program is supported on all major Canadian and U.S. carriers, including Rogers, Bell, Telus, Freedom Mobile, AT&T, Verizon, T-Mobile, Sprint, US Cellular, and most regional carriers. Carriers are not liable for delayed or undelivered messages.

No Sharing of Phone Numbers

Your phone number will never be sold or shared for marketing purposes. We do not sell, rent, or share phone numbers or SMS opt-in information with third parties for their marketing or promotional use. The only third parties that touch your phone number are the infrastructure providers required to deliver the messages — specifically GoHighLevel (our CRM) and Twilio (the SMS carrier gateway).

A2P 10DLC Compliance

Our SMS program is registered under A2P 10DLC, the U.S. carrier framework for application-to-person business messaging. Registration includes brand vetting and campaign vetting, with separate registration for transactional and marketing campaigns. We follow the Twilio Messaging Policy and the CTIA Messaging Principles & Best Practices. We do not send SHAFT-C content (sex, hate, alcohol, firearms, tobacco, cannabis), pyramid-scheme content, or any prohibited content category.

12. Policy Updates

We may update this policy as our services, tools, or laws change. When we do, we update the “Last updated” date at the top. For material changes, we notify clients directly. Your continued use of the website after an update means you accept the revised policy.

13. Contact

Questions, requests, or complaints about this policy? Use our discovery form and we'll respond within one business day. For formal privacy requests, please mention “Privacy Request” in your message so we can route it appropriately.

Questions about this policy?

The fastest way to reach us is through the discovery form. We review every submission personally and respond within one business day.

Use the Discovery Form