Privacy Policy

Heaston Innovations LLC ("Heaston Innovations," "we," "us," or "our") respects your privacy and is committed to protecting the personal information you share with us. This Privacy Policy explains what information we collect, how we use it, who we share it with, and the choices you have. It applies to information collected through our website at heastoninnovations.com and any related pages, forms, downloads, or services we provide (collectively, the "Services").

By using our Services, you agree to the practices described in this Privacy Policy. If you do not agree, please do not use our Services.

1. About Us

Heaston Innovations LLC is a South Carolina limited liability company that provides Answer Engine Optimization (AEO), Search Engine Optimization (SEO), web design, web development, and related digital marketing services to businesses. We operate primarily online.

You can reach us at:

2. Information We Collect

We collect information in three ways: information you provide to us directly, information collected automatically when you use our website, and information we receive from third parties.

2.1 Information You Provide Directly

When you interact with our Services, you may choose to provide us with personal information, including:

• Contact details: name, email address, phone number, company name, and job title — typically submitted through contact forms, scheduling tools, or email.
• Project information: details about your business, website, current marketing efforts, goals, and any information you share when requesting a quote, proposal, or consultation.
• Download requests: information submitted to download resources such as the AI ROI Calculator, guides, templates, or other lead magnets.
• Communications: the contents of emails, messages, voicemails, and any other correspondence you send to us.
• Payment information: if you become a client, we collect billing information necessary to process payments. Payment card details are handled directly by our payment processor (currently Stripe) and are not stored on our servers.

2.2 Information Collected Automatically

When you visit our website, certain information is collected automatically through cookies, tracking pixels, and similar technologies. This may include:

• Device and browser information: browser type and version, operating system, screen resolution, language preferences, and device type.
• Usage information: pages viewed, time spent on pages, links clicked, referring URLs, exit pages, and similar engagement metrics.
• Network information: IP address, approximate geographic location derived from IP, and internet service provider.
• Cookie data: see Section 6 below for details.

2.3 Information from Third Parties

We may receive information about you from third parties, such as:

• Service providers that help us deliver our Services (e.g., analytics platforms, email marketing tools, CRM systems).
• Publicly available sources such as company websites, LinkedIn, or business directories — typically used during outreach or sales research.
• Referrals from existing clients, partners, or affiliates.

3. How We Use Your Information

We use the information we collect for the following purposes:

• To respond to inquiries, provide quotes, and schedule consultations.
• To deliver the digital marketing, SEO, AEO, and web services you've engaged us to provide.
• To send you the resources, downloads, or content you've requested.
• To send you marketing communications, newsletters, and updates about our Services — you can unsubscribe at any time.
• To process payments and manage client accounts.
• To improve our website, our Services, and the user experience.
• To analyze website performance and traffic patterns.
• To prevent fraud, enforce our terms, and protect our rights and the rights of others.
• To comply with legal obligations and respond to lawful requests.

We will not sell your personal information. We do not engage in cross-context behavioral advertising as defined under California law.

4. How We Share Your Information

We share personal information only as described in this Privacy Policy. The categories of recipients include:

• Service providers and contractors who perform functions on our behalf, such as web hosting, analytics, email delivery, CRM, payment processing, customer support, and IT services. These providers are contractually required to handle your information consistently with this Privacy Policy.
• Professional advisors such as accountants, attorneys, and insurers, where reasonably necessary.
• Business transfers: if Heaston Innovations is involved in a merger, acquisition, asset sale, or similar transaction, personal information may be transferred as part of that transaction. We will notify you before your information becomes subject to a different privacy policy.
• Legal compliance: we may disclose information if required by law, subpoena, court order, or other legal process, or if we believe disclosure is necessary to protect our rights, the safety of others, or to investigate fraud or security issues.
• With your consent: we may share information for other purposes with your explicit consent.

We do not sell your personal information to third parties for monetary consideration.

5. Third-Party Services We Use

We rely on a number of third-party services to operate our business. These providers may collect or process information about you under their own privacy policies. Categories include:

• Analytics: Google Analytics and similar tools, used to understand how visitors use our website.
• Email and marketing: email service providers used to send transactional and marketing emails.
• Customer Relationship Management (CRM): used to manage leads, client communications, and project information.
• Payment processing: Stripe and similar processors, which handle billing information directly.
• Hosting and infrastructure: web hosting providers, content delivery networks, and similar services.

A list of current third-party providers can be requested at team@heastoninnovations.com.

6. Cookies and Tracking Technologies

Our website uses cookies and similar technologies to function correctly, remember your preferences, and analyze how the site is used. Cookies are small text files stored on your device.

Categories of cookies we may use:

• Strictly necessary cookies — required for the website to function (e.g., remembering form inputs during a session).
• Performance and analytics cookies — help us understand how visitors interact with the site.
• Functional cookies — remember your preferences and choices.
• Marketing cookies — used to deliver more relevant content and measure the effectiveness of marketing efforts.

You can control cookies through your browser settings. Most browsers allow you to refuse cookies, delete existing cookies, or alert you when cookies are being sent. Note that disabling cookies may affect the functionality of our website.

We do not currently respond to "Do Not Track" browser signals, as no industry standard for these signals has been finalized.

7. Data Retention

We retain personal information only as long as needed to fulfill the purposes outlined in this Privacy Policy, comply with legal obligations, resolve disputes, and enforce our agreements. Specific retention periods vary based on the type of information and the context in which it was collected. When information is no longer needed, we delete it or anonymize it.

8. Data Security

We use reasonable administrative, technical, and physical safeguards to protect personal information against unauthorized access, alteration, disclosure, or destruction. These include encrypted data transmission (HTTPS), secured servers, access controls, and regular review of our security practices.

No method of transmission over the internet or method of electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security. You are responsible for keeping any passwords or credentials you use to access our Services confidential.

9. Your Privacy Rights

Depending on where you live, you may have the following rights regarding your personal information:

• Access: request a copy of the personal information we hold about you.
• Correction: request that we correct inaccurate or incomplete information.
• Deletion: request that we delete your personal information, subject to certain exceptions.
• Opt-out of marketing: unsubscribe from marketing emails at any time using the link in any email we send, or by contacting us directly.
• Restrict or object: request that we restrict or stop certain processing of your information.

9.1 California Residents (CCPA / CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act and the California Privacy Rights Act, including:

• The right to know what categories and specific pieces of personal information we have collected about you.
• The right to delete personal information we have collected.
• The right to correct inaccurate personal information.
• The right to opt out of the sale or sharing of personal information (we do not sell or share personal information as defined under California law).
• The right to non-discrimination for exercising your rights.

To exercise any of these rights, contact us at team@heastoninnovations.com. We may need to verify your identity before responding. You may also designate an authorized agent to make a request on your behalf.

9.2 Other Jurisdictions

If you are located outside the United States, your information may be transferred to and processed in the United States. The privacy and data protection laws of the United States may differ from those of your country. By using our Services, you consent to this transfer.

If applicable laws in your jurisdiction provide you with additional rights, we will honor those rights when required by law.

10. Children's Privacy

Our Services are not directed to children under the age of 13, and we do not knowingly collect personal information from children under 13. If we learn that we have collected personal information from a child under 13, we will delete it. If you believe a child has provided us with personal information, please contact us at team@heastoninnovations.com.

11. Third-Party Links

Our website may contain links to third-party websites, products, or services. We are not responsible for the privacy practices or content of those third parties. We encourage you to read the privacy policies of any third-party sites you visit.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other reasons. When we make changes, we will update the "Last Updated" date at the top of this policy and, where appropriate, provide additional notice (such as an email or a notice on our website).

Your continued use of our Services after the effective date of the updated policy constitutes your acceptance of the revised terms.

13. HICRM Mobile App & Bothub CRM Platform

This section applies to users of the HICRM mobile application (available on Google Play) and the underlying Bothub CRM software-as-a-service platform operated by Heaston Innovations LLC. The mobile app is a client interface for the SaaS platform; both share the same backend infrastructure and data handling practices.

13.1 Information Collected by the App and Platform

When you install and use the HICRM mobile app or access Bothub CRM through a web browser, we collect:

• Account information — your name, email address, and password (stored hashed using industry-standard algorithms) when you create or sign in to an account.
• Push notification tokens — provided by Firebase Cloud Messaging (FCM) so we can send you in-app notifications about new contacts, form submissions, appointments, and tasks. Tokens are linked to your user account and stored encrypted on our servers.
• Device identifiers — operating system version and approximate device model, used for crash diagnostics and notification delivery.
• Contact and CRM data — the contacts, deals, tasks, notes, documents, forms, and other business records you create or upload into the platform. This data belongs to you and your business; we act as a custodian.
• Integration data — if you connect third-party services (such as Google Calendar, Stripe, Meta Lead Ads, or email providers), we store the authentication tokens necessary to maintain those integrations, encrypted at rest.
• Usage activity — pages viewed, features used, error reports, and similar engagement metrics used to improve the product.

13.2 How App Data Is Used

We use the data collected through the app and platform to:

• Provide the CRM, scheduling, document, and notification features you have subscribed to.
• Send push notifications and email alerts when events occur in your account (new contact, form submission, task due, etc.). You can disable specific notification types in your account settings at any time.
• Authenticate you and maintain your session securely.
• Diagnose crashes, debug issues, and improve product performance.
• Respond to support requests.

13.3 Data Sharing in the Platform

Your CRM data is not sold, rented, or shared with third parties for marketing purposes. Data may be processed by the same categories of service providers described in Section 5 (hosting, payment processing, email delivery, analytics) under the same contractual protections. If you connect third-party integrations (Google Calendar, Stripe, Meta, etc.), data flows between Bothub CRM and those services according to the scopes you have granted — those third parties handle that data under their own privacy policies.

13.4 Multi-Tenant Architecture

Bothub CRM is a multi-tenant platform. Each customer business (a “tenant”) has its own isolated workspace. Data belonging to one tenant is not accessible by other tenants. Tenant data is segregated at the database and application layers.

13.5 Data Retention for the App and Platform

We retain your CRM data for as long as your account remains active. If you cancel your subscription, we retain your data for 30 days to allow reactivation, after which it is permanently deleted unless legal obligations require longer retention. You can request earlier deletion by contacting us at team@heastoninnovations.com.

13.6 Children

HICRM and Bothub CRM are business tools intended for use by adults. The app is not directed to children under 13, and we do not knowingly collect data from children. Account creation requires users to be 18 years of age or older.

13.7 Permissions Requested by the Mobile App

The HICRM Android app requests the following permissions:

• Internet access — required to communicate with the Bothub CRM servers.
• Push notifications — required to deliver real-time alerts about CRM events. You can disable notifications at any time in your device settings.

The app does not request access to your contacts, location, camera, microphone, photos, calendar, or storage beyond what is necessary to function. No personal data is collected from these device sources.

14. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our handling of your personal information, please contact us:

We will do our best to respond to all reasonable requests within a reasonable timeframe.