Privacy Policy

Branch and Root Consulting (“Branch & Root,” “we,” “us,” or “our”) operates the website at branchandrootconsulting.com (the “Site”). This Privacy Policy explains what personal information we collect, why, who we share it with, how long we keep it, and the rights you have — with a focus on the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA).

1. Information We Collect (Notice at Collection)

You can browse the Site without giving us any personal information. We only collect what you choose to provide, plus a limited amount of technical data. In the last 12 months we collect, or may collect, the following categories of personal information (the category names come from the CCPA, Cal. Civ. Code § 1798.140):

• Identifiers — your name, email address, phone number, and IP address.
• Customer records (Cal. Civ. Code § 1798.80(e)) — contact details you submit, such as your business name and phone number.
• Commercial information — the services you ask about and notes you include about your business.
• Internet or network activity — pages viewed, time on page, referring URL, and similar analytics data.
• Geolocation data — only coarse, city-level location inferred from your IP address. We do not collect precise geolocation.
• Professional or employment information — your business type or industry, if you tell us.
• Inferences — basic, aggregate inferences (for example, which pages tend to lead to inquiries). We do not build individual advertising profiles.

Sensitive personal information. We do not collect “sensitive personal information” as defined by the CPRA (Cal. Civ. Code § 1798.140(ae)) — we don’t ask for your Social Security number, driver’s license, financial-account login, precise location, or any health, biometric, racial, religious, or similar data. Because we don’t collect it, the right to limit its use (see Section 8) does not apply in practice.

We do not store credit-card or payment information on our systems.

2. Where the Information Comes From

• Directly from you — when you fill out a form, download our checklist, book a call, or email us.
• Automatically — through cookies and analytics tools when you use the Site (see Section 4).
• From our service providers — our CRM and scheduling platform record the details of requests you submit.

3. How and Why We Use It

We use your information for these business and commercial purposes:

• Respond to your request and schedule or confirm your consultation.
• Follow up about our services if you’ve expressed interest.
• Keep our internal client-relationship records (CRM) if you become a client.
• Operate, secure, and improve the Site — including spam prevention (our forms use a hidden anti-spam field).
• Measure how the Site performs through analytics, and — only if those features are switched on — advertising measurement.
• Comply with the law and enforce our terms.

We do not add you to automated marketing sequences without your consent. If you submit a request, you may receive one follow-up to schedule your call — nothing more unless you engage further.

4. Analytics, Cookies & Tracking

We use or may use the tools below. Cookies are small files stored by your browser; you can manage or block them in your browser settings, and doing so will not break the Site.

Google Analytics 4 (active)

We use Google Analytics 4 to understand, in aggregate, how visitors navigate the Site. We have configured it as an analytics service provider and do not use it to build cross-site advertising profiles. You can also install the Google Analytics Opt-out Browser Add-on.

Google Ads & Meta Pixel (not currently active)

The Site is built to support Google Ads conversion tracking and the Meta (Facebook/Instagram) Pixel, but these are not running today. If we turn them on, they may set advertising cookies and share limited activity data with Google or Meta to measure ads — activity that can count as “sharing” under California law. These tags are already wired to respect your opt-out choice and the Global Privacy Control signal before they ever fire, and we use Google Consent Mode so they stay off for anyone who has opted out. You can set your preference now on Your Privacy Choices.

Booking & maps

Our booking page loads a scheduling widget from our CRM (GoHighLevel), and some pages may embed a Google Map. These load from third-party servers, which receive your IP address as a normal part of delivering the content.

5. How We Share It — “Sale” and “Sharing”

We do not sell your personal information for money, and we have not done so in the last 12 months.

Under the CPRA, “sharing” has a special meaning: disclosing personal information to a third party for cross-context behavioral advertising (targeted ads that follow you across other sites), even when no money changes hands. We do not share your information this way today. If we activate the advertising tools described in Section 4, that activity could be considered “sharing” — and you can opt out at any time on Your Privacy Choices; we also honor your browser’s Global Privacy Control signal.

We disclose information to others only in these limited ways:

• Service providers who process data on our behalf under contract — our CRM and scheduling platform (GoHighLevel), our website host (Vercel), and Google Analytics. They may use the data only to provide their service to us, not for their own purposes.
• Advertising partners (Google, Meta) — only if and when the tools in Section 4 are turned on, and subject to your opt-out.
• Legal and safety — when required by law or a valid legal request, or to protect our rights.
• Business transfer — if the business is sold or merged, with notice to you before your information becomes subject to a different policy.

6. How Long We Keep It

We keep personal information only as long as we need it for the purposes above, then delete or de-identify it:

• Inquiry and CRM records (name, email, phone, messages) — while we’re in contact and for up to 24 months after our last interaction, unless you ask us to delete it sooner or you become a client (in which case we keep records for the life of the engagement plus any period the law requires).
• Analytics data — retained according to our Google Analytics retention setting (no longer than 14 months at the event level).
• Privacy-request records — kept for 24 months as required by the CCPA regulations (Cal. Code Regs. tit. 11, § 7101).

7. How We Protect It

Information you submit is stored in our CRM, hosted by GoHighLevel, which maintains industry-standard security including encryption in transit and at rest. The Site is served over HTTPS. No method of transmission or storage is 100% secure, but we take reasonable steps to protect your information.

8. Your California Privacy Rights

If you are a California resident, the CCPA (as amended by the CPRA) gives you the following rights. We will not discriminate or retaliate against you for using them.

• Right to know / access — ask what personal information we’ve collected about you, where it came from, why, and who we shared it with, and get a copy.
• Right to delete — ask us to delete the information we collected from you (with limited legal exceptions).
• Right to correct (Cal. Civ. Code § 1798.106) — ask us to fix inaccurate information.
• Right to opt out of sale or sharing — tell us not to “sell” or “share” your information. We don’t sell it, and you can switch off ad-related sharing on Your Privacy Choices.
• Right to limit use of sensitive personal information (Cal. Civ. Code § 1798.121) — we don’t collect sensitive personal information, so there is nothing to limit; the right is listed here for completeness.
• Right to non-discrimination / no retaliation — we won’t deny you service, charge you more, or give you a lower level of service for exercising these rights.

You may use an authorized agent to submit a request for you; we’ll ask for proof that you gave them permission, and we may still ask you to verify your own identity.

9. How to Submit a Request

You can submit a privacy request in two ways:

• Online: use the request form on our Your Privacy Choices page.
• Email: write to sales@branchandrootconsulting.com with “Privacy Request” in the subject line.

How we handle it. To protect your information, we verify your identity — usually by confirming details (such as your email or phone) against what we already have on file. We acknowledge your request within 10 business days and respond within 45 days. If we need more time, we may extend once by another 45 days and will tell you why (Cal. Civ. Code § 1798.130).

10. Global Privacy Control & Opt-Out Signals

We honor opt-out preference signals, including the Global Privacy Control (GPC). If your browser or a browser extension sends a GPC signal, we automatically treat it as a request to opt out of the sale or sharing of your personal information for that browser — you don’t need to do anything else. You can confirm your current setting on Your Privacy Choices.

11. Children and Minors Under 16

Our Site is meant for business owners and is not directed to children. We do not knowingly collect personal information from anyone under 16, and we do not sell or share the personal information of minors. If you believe a child has given us information, contact us and we will delete it.

12. Links to Other Sites

Our Site may link to third-party websites (such as our social media profiles). We are not responsible for their privacy practices, and we encourage you to read their policies.

13. Changes & Annual Review

We review this Privacy Policy at least once every 12 months and update it when our practices or the law change. When we make material changes, we’ll update the “Last updated” date at the top of this page. Your continued use of the Site after a change means you accept the updated policy.

14. Contact Us

Questions about this policy or your privacy? Reach us at:

Branch and Root Consulting
Orange County, California
sales@branchandrootconsulting.com

For privacy requests, see How to Submit a Request above — we acknowledge requests within 10 business days and respond within 45 days.