Last updated: April 20, 2026

Privacy Policy.

How AlpacaRed handles personal data collected through this website and in the course of operating our business.

1. Scope

This Privacy Policy (the "Policy") explains how AlpacaRed ("we," "our," "us," or the "Company") collects, uses, and protects Personal Data through the alpacared.com website, our email and marketing communications, and our general business interactions with prospective clients.

This Policy applies to you when you visit our website, submit a form, subscribe to communications, or otherwise interact with us as a prospect or inquirer.

This Policy does not cover data processed during active Signal Check engagements. When a client retains AlpacaRed to conduct a Signal Check or other diagnostic engagement, the data collected during that work (including interviews, organizational artifacts, and client employee information) is governed separately by the Master Services Agreement and Data Processing Addendum signed with that client. In those engagements, AlpacaRed acts as a service provider or processor on behalf of the client company, not as the controller of that data.

We follow the obligations under the following data privacy regulations, as applicable based on your location:

  • California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA)
  • California Online Privacy Protection Act (CalOPPA)
  • Colorado Privacy Act (CPA)
  • Connecticut Data Privacy Act (CTDPA)
  • Delaware Personal Data Privacy Act
  • Indiana Consumer Data Protection Act (INCDPA)
  • Iowa Consumer Data Protection Act (ICDPA)
  • Kentucky Consumer Data Protection Act (KCDPA)
  • Maryland Online Consumer Protection Act
  • Minnesota Consumer Data Privacy Act
  • Montana Consumer Data Privacy Act
  • Nebraska Data Privacy Law
  • New Hampshire Data Privacy Act
  • New Jersey Data Privacy Act
  • Oregon Consumer Privacy Act (OCPA)
  • Rhode Island Data Transparency and Privacy Protection Act (RIDTPPA)
  • Tennessee Information Protection Act (TIPA)
  • Texas Data Privacy and Security Act (TDPSA)
  • Utah Consumer Privacy Act (UCPA)
  • Virginia Consumer Data Protection Act (VCDPA)
  • Canada's Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial legislation
  • Quebec Law 25
  • The European Union's General Data Protection Regulation (GDPR)

Where a specific right or obligation arises only under a particular law, we note that below.

2. Personal Data We Collect

From You Directly

When you contact us through our website or initiate a Signal Check inquiry, we collect:

  • Your name
  • Your email address
  • Your phone number
  • Your job title and company name
  • Any information you include in a message or inquiry field

We do not collect payment information through our website at this time. When online payment processing is enabled in the future, payments will be handled directly by Stripe under their own privacy terms. AlpacaRed will not store or transmit payment card data.

Automatically, When You Visit the Website

When you visit alpacared.com, our analytics tools automatically collect:

  • Device identifiers (a cookie-based identifier used to recognize your browser across sessions)
  • IP address (collected and then anonymized by Google Analytics)
  • Timestamps of your visits and interactions
  • Referrer data (the search term, link, or platform that brought you to the site)
  • General browsing activity on the site (pages viewed, time on page)

This data is collected through cookies and similar technologies. See Cookies below for details, and our consent banner for opt-in controls.

From Third Parties

We may receive device and usage data from our analytics provider, Google Analytics, in aggregated form.

3. How We Use Personal Data

We use Personal Data for the following purposes:

  • To respond to inquiries and provide information about our services
  • To deliver the Signal Check and related diagnostic services to clients who engage us
  • To communicate with you about our services, including following up on inquiries
  • To improve our website and services by understanding how visitors interact with our content
  • To comply with legal obligations and protect the Company's legal rights

We do not use Personal Data for targeted advertising, cross-context behavioral advertising, or profiling that produces legal or similarly significant effects. We do not sell Personal Data.

4. Third-Party Service Providers

We use the following service providers to operate our business. Each provider has its own privacy practices and processes data on our behalf under a written agreement:

  • HubSpot, Inc. Customer relationship management, form submissions, email communication, and visitor analytics.
  • Google LLC (Google Analytics 4). Website analytics and visitor measurement.
  • Netlify, Inc. Website hosting and infrastructure.
  • Enzuzo Inc. Cookie consent management and data subject request handling.
  • Stripe, Inc. Payment processing (when enabled).

We do not share Personal Data with any third party for their independent marketing use.

5. Cookies and Similar Technologies

A cookie is a small file placed on your device by a website you visit. Cookies allow the site to recognize your browser and, in some cases, to collect information about your visit.

We use two categories of cookies on alpacared.com:

  • Necessary cookies. Required for the site to function properly. These cannot be turned off.
  • Analytics cookies. Placed by Google Analytics 4 and HubSpot to help us understand how visitors use the site. These are only placed after you grant consent through our cookie banner.

We do not use marketing or advertising cookies at this time.

Managing Your Cookie Preferences

When you first visit the site, a consent banner allows you to accept or decline analytics cookies. You can change your preferences at any time through the cookie preference center, accessible via the footer of the site.

Global Privacy Control (GPC)

We honor the Global Privacy Control (GPC) signal. If your browser transmits a GPC signal, we treat it as a valid request to opt out of the sharing of Personal Data for cross-context behavioral advertising. For more information on GPC, visit globalprivacycontrol.org.

6. Data Retention

We retain Personal Data only as long as reasonably necessary for the purposes described in this Policy, plus any period required by applicable law. Inquiry data is retained for the duration of active prospect engagement and for a reasonable follow-up period afterward. You may request deletion of your data at any time using the process described in Your Rights below.

7. International Data Transfers

AlpacaRed operates in the United States, and our service providers store data primarily on servers located in the United States. If you are located in the European Economic Area, the United Kingdom, or Canada, your Personal Data will be transferred to and processed in the United States.

Where we transfer Personal Data out of the EEA or UK to jurisdictions not deemed adequate, we rely on the European Commission's Standard Contractual Clauses or equivalent mechanisms with our service providers. More information on those clauses is available at eur-lex.europa.eu.

8. How We Keep Your Data Safe

We maintain commercially reasonable administrative, physical, and technical measures to protect Personal Data from accidental loss, unauthorized access, alteration, or disclosure. Communication between your browser and our website uses encrypted connections wherever Personal Data is involved.

We require any third-party service provider contracted to process Personal Data on our behalf to maintain appropriate security measures and to handle data in accordance with applicable law.

In the event of a Personal Data breach, we will notify you and the applicable regulator when required by law to do so.

9. Children's Privacy

Our services are not directed to individuals under the age of 18. We do not knowingly collect Personal Data from anyone under 18. If we learn that we have collected Personal Data from a person under 18, we will delete it. If you believe we may have inadvertently collected such data, contact us at the email address in Contact Us.

10. Your Rights

Depending on where you live, you may have the following rights regarding your Personal Data. We extend these rights to all individuals who interact with us, regardless of residence, where practical to do so.

  • Right to Access (PIPEDA, GDPR Article 15, CCPA/CPRA, CPA, VCDPA, CTDPA, UCPA). You have the right to confirm whether we are processing your Personal Data and to request a copy.
  • Right to Rectification (PIPEDA, GDPR Article 16, CPRA, CPA, VCDPA, CTDPA). You have the right to correct inaccurate or incomplete Personal Data we hold about you.
  • Right to Deletion (GDPR Article 17, CCPA/CPRA, CPA, VCDPA, CTDPA, UCPA). You have the right to request that we delete Personal Data we hold about you, subject to exceptions for legal compliance or the establishment, exercise, or defense of legal claims.
  • Right to Restriction of Processing (GDPR Article 18). You have the right to restrict our processing of your Personal Data under certain circumstances. When restricted, we will only store the data, not otherwise process it.
  • Right to Portability (PIPEDA, GDPR Article 20). You have the right to receive Personal Data you provided to us in a structured, commonly used, machine-readable format, and to transmit that data to another controller.
  • Right to Opt Out of Sale or Sharing (CPRA, CPA, VCDPA, CTDPA, UCPA). You have the right to opt out of the sale or sharing of your Personal Data for cross-context behavioral advertising. We do not currently sell Personal Data or share it for cross-context behavioral advertising.
  • Right to Object (GDPR Article 21). Where our legal basis for processing is legitimate interest, you have the right to object to processing based on your particular situation.
  • Nondiscrimination (CCPA/CPRA, CPA, VCDPA, CTDPA, UCPA). You have the right not to be denied service or given an inferior experience for exercising your privacy rights.
  • Right to Appeal (CPA, VCDPA, CTDPA). If we decline your request, you have the right to appeal. If you disagree with our response to the appeal, you may contact your state attorney general:
  • Right to File a Complaint (GDPR Article 77). If you are in the European Economic Area, you have the right to lodge a complaint with your local supervisory authority. A list is available at edpb.europa.eu.

Withdrawing Consent

Where we process your Personal Data based on consent, you may withdraw consent at any time, free of charge. To withdraw consent for email communications, click the unsubscribe link in any email we send. For other consent matters, contact us using the information below.

How to Exercise Your Rights

To submit a request, email us at privacy@alpacared.com or use the Make a Data Request button in the footer of this page. For your own privacy and security, we may require proof of identity before fulfilling your request. We will respond within the timeframes required by applicable law, generally within 30 to 45 days.

11. Merger or Acquisition

If AlpacaRed is involved in a merger, acquisition, or sale of all or a portion of its assets, Personal Data may be transferred as part of that transaction. We will provide notice before Personal Data is transferred and becomes subject to a different privacy policy.

12. Changes to This Policy

We may update this Policy from time to time. When we make material changes, we will update the "Last Updated" date at the top of this page and, where appropriate, provide notice on the website or by email. We encourage you to review this Policy periodically.

13. Contact Us

For privacy-related inquiries, to exercise your rights, or to ask a question about this Policy, reach us at:

Email: privacy@alpacared.com

Mail:
AlpacaRed
Attn: Privacy
8401 Mayland Drive, #10251
Richmond, VA 23294