Privacy Policy

Welcome to G! Marketing ("we," "us," or "our"). We are a digital marketing agency based in New Lenox, Illinois, owned and operated by Nick Knaperek. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you visit our website, use our client portal, or engage with any of our services.

This policy applies to all information collected through our website (gmarketing.digital), our client portal, and any related services, communications, or tools we provide. By accessing or using our services, you agree to the terms described in this Privacy Policy. If you do not agree with the terms of this policy, please do not access our website or use our services.

We encourage you to read this Privacy Policy carefully to understand our practices regarding your personal data and how we will treat it.

We collect several types of information to provide and improve our services to you. The types of information we collect include:

Personal Information

• Full name
• Email address
• Phone number
• Company name
• Billing address

Account Credentials

• Email address and password used to access the client portal
• Authentication tokens and session data

Financial Information

• Billing and invoice data accessed through our QuickBooks integration
• Payment status and history as reflected in QuickBooks records
• We do NOT store credit card numbers, bank account details, or payment card information directly. All payment processing is handled by QuickBooks (Intuit).

Usage Data

• Pages visited on our website and client portal
• Features and tools used within the portal
• Device information (browser type, operating system, screen resolution)
• IP address
• Date and time of access
• Referring URLs and navigation paths

Communications

• Messages sent through the client portal
• Emails and other correspondence between you and our team
• Form submissions from our website

Marketing and Campaign Data

• Campaign performance metrics (impressions, clicks, conversions, spend)
• Analytics data that we manage on behalf of our clients
• Ad account data from platforms such as Google Ads and Meta (Facebook/Instagram)
• Website analytics and reporting data

We use the information we collect for the following purposes:

• Provide and maintain our services: To deliver the marketing services you have engaged us for, operate the client portal, and ensure everything functions properly.
• Process invoices and facilitate payments: To generate, send, and track invoices through our QuickBooks integration, and to display your billing history and payment status in the client portal. All actual payment processing is handled by QuickBooks (Intuit) as a third-party processor.
• Display campaign performance and analytics: To show you real-time and historical data about your marketing campaigns, including metrics from Google Ads, Meta, and other platforms we manage on your behalf.
• Communicate with you about your account: To send you updates, invoices, reports, support responses, and other information related to your account and our services.
• Improve our services: To analyze how our website and portal are used so we can make improvements, fix issues, and develop new features that better serve our clients.
• Comply with legal obligations: To meet our legal and regulatory requirements, respond to lawful requests from public authorities, and protect our legal rights.

We work with trusted third-party service providers to operate our business and deliver our services. Below is a list of the key third-party services we use and how your data may be shared with them:

QuickBooks (Intuit)

• Used for invoice management, billing, and payment processing.
• We access your invoice and payment data through Intuit's API to display it in your client portal.
• Your use of QuickBooks payment features is subject to Intuit's Privacy Policy.

Supabase

• Used for authentication (user login) and database hosting for our client portal.
• All data stored in Supabase is encrypted at rest and in transit.
• Supabase servers are hosted in secure, SOC 2 compliant data centers.

Netlify

• Used for website hosting and deployment of our website and client portal.
• Netlify may collect basic server logs including IP addresses.

Google Analytics

• Used to track and analyze website usage patterns, traffic sources, and user behavior.
• Google Analytics collects data such as your IP address, browser type, and pages visited.
• This data is used in aggregate to help us understand how visitors use our site.

Meta (Facebook/Instagram)

• Used for advertising campaign management on behalf of our clients.
• Campaign data and performance metrics are accessed through Meta's API.
• We manage ad accounts and campaigns as authorized by our clients.

Google Ads

• Used for advertising campaign management on behalf of our clients.
• Campaign data, keywords, and performance metrics are accessed through Google's API.
• We manage ad accounts and campaigns as authorized by our clients.

Important disclosures about data sharing:

• We do NOT sell your personal information to third parties. We never have and never will.
• We may share your data with the service providers listed above solely to help us operate our business and deliver services to you.
• We may disclose your information if required to do so by law, or if we believe in good faith that such action is necessary to comply with a legal obligation, protect and defend our rights or property, prevent fraud, or protect the personal safety of our users or the public.

This section provides specific disclosures required by Intuit regarding our use of the QuickBooks API and your data:

• API Access: We access QuickBooks data through Intuit's official API (Application Programming Interface) using secure, authorized connections. Our application has been reviewed and approved for access to Intuit's platform.
• Data Accessed: Through the QuickBooks API, we access the following types of data: invoices, payment status, customer records (name, email, billing address), and account balances.
• Purpose of Data Use: We use this data solely to display invoice information, payment history, and billing status within your client portal. This allows you to view your account standing, download invoices, and track payments without needing to log into QuickBooks separately.
• Payment Card Information: We do NOT store, process, or have access to your payment card information (credit card numbers, CVVs, expiration dates). All payment card processing is handled entirely by QuickBooks/Intuit through their secure payment infrastructure.
• Payment Processing: All payment processing is handled by QuickBooks/Intuit. When you make a payment through an invoice, that transaction is processed by Intuit's payment system, not by G! Marketing.
• Disconnecting Access: You can disconnect our access to your QuickBooks data at any time by contacting us at info@gmarketing.digital. Upon receiving your request, we will revoke the API connection and remove any cached QuickBooks data from our systems within 30 days.
• Data Storage: QuickBooks data displayed in the client portal is fetched in real-time or cached temporarily for performance purposes. We do not maintain a permanent separate copy of your full QuickBooks records.

We take the security of your personal information seriously and use industry-standard security measures to protect it. Our security practices include:

• Encryption in Transit: All data transmitted between your browser and our servers is encrypted using TLS/SSL (Transport Layer Security/Secure Sockets Layer) protocols.
• Encryption at Rest: Data stored in our databases is encrypted at rest using AES-256 encryption or equivalent standards provided by our hosting providers.
• Access Controls: Access to personal data is restricted to authorized personnel only. Our client portal requires authentication (email and password) to access any account information.
• Secure Authentication: We use Supabase Auth for secure user authentication, which includes password hashing, session management, and protection against common authentication attacks.
• Regular Updates: We keep our software dependencies and hosting platforms updated to address known security vulnerabilities.

While we strive to use commercially acceptable means to protect your personal information, no method of transmission over the Internet or method of electronic storage is 100% secure. We cannot guarantee absolute security. In the event of a data breach that affects your personal information, we will notify you and any applicable regulatory authorities as required by law, within 72 hours of becoming aware of the breach.

We retain your personal information in accordance with the following guidelines:

• Active Accounts: We retain your account data for the duration of our business relationship. As long as you are an active client or maintain an account with us, we will keep your data to provide our services.
• After Termination: After the termination of our business relationship or closure of your account, we may retain your data for up to 3 years for legal, tax, accounting, and compliance purposes. This includes retaining invoice and billing records as required by tax law.
• Requesting Deletion: You may request the deletion of your personal data at any time by contacting us at info@gmarketing.digital. Upon receiving a valid deletion request, we will delete or anonymize your personal data within 30 days, unless we are legally required to retain certain information.
• Backup Copies: Residual copies of your data may exist in our backup systems for a limited period after deletion. These backups are encrypted and are automatically purged on a rolling schedule.

Depending on your location and applicable laws, you may have the following rights regarding your personal data:

• Right to Access: You have the right to request a copy of the personal data we hold about you. We will provide this information in a commonly used, machine-readable format within 30 days of your request.
• Right to Correction: You have the right to request that we correct any inaccurate or incomplete personal data we hold about you.
• Right to Deletion: You have the right to request that we delete your personal data, subject to certain exceptions (such as legal retention requirements).
• Right to Object: You have the right to object to our processing of your personal data in certain circumstances, such as for direct marketing purposes.
• Right to Data Portability: You have the right to request that we transfer your personal data to another service provider in a structured, commonly used, and machine-readable format.

California Residents — CCPA Rights

If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with the following additional rights:

• Right to Know: You have the right to know what personal information we collect, use, disclose, and sell about you. You may request this information up to twice per 12-month period.
• Right to Delete: You have the right to request that we delete the personal information we have collected from you, subject to certain exceptions.
• Right to Opt-Out of Sale: You have the right to opt out of the sale of your personal information. As stated above, we do NOT sell your personal information, so this right is already honored by default.
• Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights. We will not deny you services, charge you different prices, or provide a different quality of service because you exercised your rights.

Illinois Residents — BIPA Notice

If you are an Illinois resident, please note that we do not collect biometric information (such as fingerprints, facial geometry, voiceprints, or retina scans) as defined under the Illinois Biometric Information Privacy Act (BIPA). If our practices change in the future to include the collection of biometric data, we will provide you with a separate, specific notice and obtain your written consent before collecting any such information, as required by BIPA.

To exercise any of these rights, please contact us at info@gmarketing.digital. We will respond to your request within 30 days. We may ask you to verify your identity before fulfilling your request to protect your account security.

Our website and client portal use cookies and similar tracking technologies to enhance your experience and analyze usage patterns. Here is how we use them:

Essential Cookies

• These cookies are necessary for the basic functionality of our website and client portal.
• They are used for authentication (keeping you logged into your account), session management, and security.
• Without these cookies, certain features of our services would not function properly.
• These cookies cannot be disabled without breaking core functionality.

Analytics Cookies

• We use analytics cookies (such as those from Google Analytics) to collect information about how visitors use our website.
• This includes data about pages visited, time spent on pages, traffic sources, and navigation patterns.
• This information is used in aggregate to help us improve our website and understand user behavior.
• Analytics cookies do not directly identify individual users.

Managing Cookies

You can control and disable cookies through your browser settings. Most browsers allow you to refuse cookies, delete existing cookies, or be notified when a new cookie is set. Please note that disabling essential cookies may prevent you from using certain features of our website and client portal, such as logging into your account.

Our services are not directed to individuals under the age of 13. We do not knowingly collect personal information from children under 13 years of age. If we become aware that we have collected personal information from a child under 13, we will take immediate steps to delete that information from our systems.

If you are a parent or guardian and believe that your child under 13 has provided us with personal information, please contact us at info@gmarketing.digital so that we can take appropriate action.

We may update this Privacy Policy from time to time to reflect changes in our practices, services, or applicable laws. When we make changes to this policy:

• We will update the "Effective Date" at the top of this page.
• For material changes that significantly affect how we handle your personal data, we will notify you by email (using the email address associated with your account) or by posting a prominent notice on our website at least 30 days before the changes take effect.
• Your continued use of our services after the effective date of a revised policy constitutes your acceptance of the updated terms.

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information.

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

G! Marketing
New Lenox, Illinois
Email: info@gmarketing.digital

We will do our best to respond to all inquiries within 30 days.