Last updated · 11 May 2026

Privacy policy · USA.

How seo-consultant.co handles the personal information of US residents under the California Consumer Privacy Act as amended by the CPRA, and the comparable state-privacy laws of Virginia, Colorado, Connecticut, Utah, Texas, Florida, Oregon, Montana, Tennessee, Iowa, Indiana, Delaware, Minnesota, New Hampshire, Nebraska, Maryland, New Jersey, Kentucky and Rhode Island. Plus CAN-SPAM and COPPA. Written in plain English.

Where this policy applies. This US policy applies if you live in any US state at the time you give us personal information. Section 5 below lists the specific rights that residents of each state have. UK / EU visitors: see /privacy/uk. Canadian visitors: /privacy/canada.

1. Who we are & how to reach us

seo-consultant.co is an independent consultancy operated by Syed, based in London, United Kingdom, providing SEO, web-design, social-media marketing and AI-agent services to US businesses. For the purposes of US state-privacy law we are the “business” (CCPA) or “controller” (Virginia, Colorado, Connecticut and most other state laws) responsible for the personal information collected via this site.

For any privacy request, contact:

  • Syed, Privacy contact for US residents
  • Email: hello@seo-consultant.co (subject: “Privacy — US”)
  • Toll-free callback on request — reply by email to schedule.

2. Categories of personal information we collect

In the last 12 months we collected the following CCPA categories of personal information about US residents:

  • Identifiers: real name, email, phone, WhatsApp number, company name, website URL, IP address.
  • Commercial information: services you have enquired about, budget band, industry, the content of your brief.
  • Internet or other electronic network activity: pages viewed, time on site, click identifiers (gclid, fbclid), UTM source / medium / campaign.
  • Geolocation data (approximate, derived from IP address — never precise GPS).
  • Inferences: which service line you are likely interested in, drawn from the page you submitted from.
  • Professional or employment-related information: only if voluntarily included in the brief, e.g. job title.

We do not collect sensitive personal information as defined by CCPA § 1798.140(ae) — no Social Security or driver's licence numbers, no financial-account login credentials, no precise geolocation, no health, biometric, racial / ethnic / religious / sexual-orientation / immigration data. If you accidentally include any in the brief field, we will redact it on receipt.

We collect this information from you directly (when you submit the brief form, email us or message WhatsApp) and automatically from your device (server logs, GA4 if you consent).

3. Why we collect it — business and commercial purposes

  1. To reply to your enquiry and prepare a written proposal.
  2. To deliver work you have engaged us for.
  3. To invoice you and meet US recordkeeping obligations.
  4. To send transactional updates about your project (no newsletters).
  5. To measure aggregate traffic to this site (only with your consent).
  6. To attribute marketing campaigns (only with your consent).
  7. To protect this site against fraud and abuse.
  8. To comply with legal obligations and respond to lawful requests.

We retain each category only as long as needed for the purpose collected, then delete or de-identify it. Retention details are in section 7.

4. We do not sell or share your personal information

We do not sell your personal information for money. We do not engage in “sale” as defined by CCPA § 1798.140(ad) or by Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, Florida, or any other US state law that defines a sale.

We do not “share” your personal information for cross-context behavioural advertising — the CPRA-specific definition that captures third-party ad-tracking even without money changing hands — unless you have given express consent through our cookie banner. With consent, our Google Tag Manager container loads Google Analytics 4, Google Ads conversion tags and Meta Pixel / Conversions API, which can constitute sharing under the CPRA. You can withdraw that consent at any time using the “Cookie preferences” link in the footer.

We have not knowingly sold or shared the personal information of consumers under 16, and we will not without affirmative opt-in.

To exercise a do-not-sell-or-share opt-out, email hello@seo-consultant.co with the subject “Do Not Sell or Share — US”, or click Reject non-essential in the cookie banner. We honour the Global Privacy Control (GPC) browser signal — if your browser sends GPC, we treat it as a valid opt-out for the device.

5. Your rights under US state-privacy laws

Depending on the US state you live in, you have some or all of the following rights:

  • Right to know / access: the specific pieces and categories of personal information we have collected about you, the categories of sources, the business purposes, and the categories of third parties we disclose to. (CA, VA, CO, CT, UT, TX, FL, OR, MT, IA, IN, DE, TN, MN, NH, NE, MD, NJ, KY, RI.)
  • Right to delete: subject to legal-obligation exceptions (e.g. tax recordkeeping).
  • Right to correct inaccurate personal information. (CA, VA, CO, CT, OR, TX, FL, MT, DE, NH, MN, MD, NJ, KY, RI — not yet in UT, IA, IN, TN.)
  • Right to data portability: receive your personal information in a portable, readily usable format.
  • Right to opt out of sale / sharing for cross-context behavioural advertising.
  • Right to opt out of profiling that has legal or similarly significant effects. (CA, VA, CO, CT, TX, OR, MT, DE, NH, MN, NJ, MD, KY, RI.) We do not currently engage in such profiling.
  • Right to limit use of sensitive personal information. (CA, plus equivalents in other states.) Not applicable to us — we do not collect sensitive PI.
  • Right to non-discrimination: we will not deny services, charge different prices or provide lower quality if you exercise any right.
  • Right to appeal a denied request. (VA, CO, CT, UT, TX, FL, OR, MT, IA, IN, DE, TN, MN, NH, NE, MD, NJ, KY, RI.) If we deny a request, you may reply to that decision and we will reconsider within 45 days. If still denied, we provide your state Attorney General's complaint channel.

5.1 How to submit a request

Two methods:

  • Email hello@seo-consultant.co with the subject “Privacy request — US” and the right you want to exercise.
  • Message WhatsApp +44 7538 773627 with the same wording.

We respond within 45 days. We may extend by 45 days for genuinely complex requests and will tell you if we do. We may need to verify your identity proportional to the sensitivity of the request — usually by matching the email or phone we already hold.

You may use an authorised agent to submit a request. We will ask for written proof of the authorisation (signed permission from you) before processing.

6. Who we disclose your information to

We disclose personal information to the following categories of recipients only, and only for the business purposes listed in section 3:

  • Email + form delivery: Google Workspace, Web3Forms.
  • Hosting + CDN: Vercel, Cloudflare.
  • Messaging: WhatsApp / Meta (only if you message us there).
  • Analytics & ads, only with consent: Google Analytics 4, Google Ads, Meta Pixel + Conversions API.
  • Accounting + payment: accounting software, Stripe.
  • Professional advisors: lawyers and accountants under professional confidentiality.
  • Government & law enforcement: only when compelled by a valid US subpoena, warrant, court order or equivalent lawful process.

7. Data retention

  • Enquiries that did not proceed: 12 months from last contact, then deleted.
  • Active client records: duration of engagement plus 7 years for US tax and contract-statute-of-limitations purposes (longer in a small number of states with longer SOL).
  • Marketing emails: until you unsubscribe.
  • Server logs: 30 days.
  • Analytics data (with consent): 14 months (GA4 default).

8. How we keep your information secure

We use reasonable administrative, technical and physical safeguards proportional to the sensitivity of the data:

  • Encryption in transit (HTTPS/TLS 1.2+) on every page including the brief form.
  • Encryption at rest on all primary systems (Google Workspace, Vercel, Stripe).
  • Two-factor authentication on every service login that holds your data.
  • Principle-of-least-privilege access controls.
  • Disk-encrypted working devices with automatic screen lock.
  • Annual safeguard review and processor-list refresh.

No system is perfectly secure. If we suffer a breach of unencrypted or unredacted personal information that triggers state-law notification thresholds, we notify affected US residents and the relevant state Attorney General(s) in the manner and timeframe required by that state's breach-notification statute (which range from “most expedient time possible” to specific 30-90 day windows).

9. CAN-SPAM — commercial email

Any commercial email we send to a US recipient will:

  • Have an accurate “From” line that identifies the sender.
  • Have a non-deceptive subject line that reflects the content.
  • Identify the message as an advertisement where required.
  • Include our valid postal address.
  • Offer a clear unsubscribe mechanism that we honour within 10 business days.

Transactional emails about a project you have engaged us for — quotes, invoices, status updates — are not commercial messages under CAN-SPAM and may be sent without opt-in. You can still ask us to stop at any time.

10. Children — COPPA

This site is directed at adults running businesses, not at children. We do not knowingly collect personal information from anyone under the age of 13 (COPPA threshold) or under 16 for the purposes of sale or sharing (CCPA threshold). If you believe a child has submitted data to us, contact us at hello@seo-consultant.co and we will delete it.

11. California-specific disclosures (Shine the Light)

California Civil Code § 1798.83 (the “Shine the Light” law) lets California residents request information about personal information disclosed to third parties for those third parties' direct marketing purposes. We do not disclose personal information for that purpose. You can confirm in writing by emailing the address in section 1.

12. Notice of financial incentive

We do not currently offer financial incentives or price differences in exchange for personal information. If we ever do, this section will be updated with the material terms before the program launches, as required by CCPA § 1798.125(b).

13. Meta (Facebook / Instagram) Lead Ads disclosure

We run Meta Lead Generation campaigns targeting US businesses (notably Chicago, New York, Los Angeles and other major metros). If you submit your contact details through a Meta Lead Form rather than this website, the following applies in addition to everything above:

  • What Meta sends us. When you submit the Meta Lead Form, Meta transmits the fields you filled (name, email, phone, and any custom questions) to seo-consultant.co. From that moment seo-consultant.co becomes the “business” (CCPA) / “controller” (Virginia, Colorado, Connecticut and most other state laws) for those details and processes them on the legal basis and purposes set out in sections 3 above.
  • What Meta keeps. Meta also retains a copy under its own privacy policy at facebook.com/privacy/policy. Meta is a joint or independent business / controller for that retention, not us.
  • Meta Pixel + Conversions API. If you reach this website from a Meta ad and have consented to advertising cookies via our banner, our Meta Pixel reports the page view to Meta, and on a successful brief submission our server-side Meta Conversions API (CAPI) endpoint at /api/lead/capi sends a hashed copy of your name + email + phone to Meta so Meta can attribute the conversion. Hashing uses SHA-256 in line with Meta's Advanced Matching standard.
  • Is this a “sale” or “sharing”? Under CCPA § 1798.140(ad) we do not receive money for your data, so it is not a sale. Under the CPRA-specific definition of “sharing for cross-context behavioural advertising”, the Pixel + CAPI flow can constitute sharing, which is exactly why we gate it behind opt-in consent. To opt out: click Reject in the cookie banner, send the Global Privacy Control browser signal, or email hello@seo-consultant.co with subject “Do Not Sell or Share — US”.
  • Your state-law rights apply identically. Access, correct, delete, opt out of sale/sharing, opt out of profiling, appeal — see section 5 above. To remove the data Meta itself retains, submit a deletion request via facebook.com/help/contact/507739850717246 (Meta's lead-ad deletion form).
  • Withdrawal of consent on Meta's side. facebook.com/settings/?tab=ads or send the Global Privacy Control signal — our site honours GPC as a valid opt-out of sale/sharing for the originating device.

14. Cookies & similar technologies

  • Strictly necessary cookies: cookie-consent state and basic site functionality. These do not require consent.
  • Analytics cookies (GA4): only if you consent via the cookie banner.
  • Advertising cookies (Google Ads, Meta Pixel): only if you consent and only on visits with relevant attribution.

You can manage cookies in your browser, use the “Cookie preferences” link in the footer to re-open the banner, or send the Global Privacy Control signal. We honour GPC as a valid opt-out of sale / sharing for the originating device.

15. Changes to this policy

We review this policy annually and update it when our practices or US privacy law change. The “last updated” date at the top reflects the most recent substantive change. Material changes affecting US users will be communicated to active clients by email.

16. Complaints — state Attorneys General

If you believe we have not handled your personal information properly, raise it with us first at hello@seo-consultant.co. If you are not satisfied, you may file a complaint with:

  • California Privacy Protection Agencycppa.ca.gov
  • California Attorney Generaloag.ca.gov/privacy
  • Your state Attorney General — every state with a comprehensive privacy law accepts complaints through its consumer-protection division. Find yours via naag.org.

Last reviewed: 11 May 2026 · Next scheduled review: 11 May 2027 · US privacy contact: hello@seo-consultant.co.

30% OFF websites7th month FREEends 30 May →