Legal
Privacy Policy
Byrd House LLC (“Byrd House,” “we,” “us,” or “our”) is a marketing and design studio based in Great Falls, Montana. We respect your privacy and are committed to handling your personal information responsibly. This policy explains what we collect, why we collect it, how we use and protect it, and the choices and rights you have.
1. Who we are & scope
This Privacy Policy applies to byrdhouse.xyz (the “Site”) and the services we provide through it — including our contact form, online invoice payment pages, proposal review and electronic signing, and our client portal. Byrd House LLC is the party responsible for your personal information (the “data controller”). This policy does not apply to third-party websites we may link to, or to the internal employment records of our team.
2. Information we collect
We collect only the information we need to respond to inquiries, deliver our services, and run our business. How much we hold about you depends on how you interact with us.
Information you provide
- Contact form. When you use our contact form, we collect your name, email address, optional company name, and the contents of your message. We store these submissions and email them to ourselves via Resend (see How we share information).
- Client & billing details. If you become a client, we collect business contact details — such as name, email address, phone number, and billing or mailing address — along with the proposal, project, invoice, and payment records needed to work together.
- Proposals & e-signatures. When you review and accept a proposal, we record the name you provide and, for click-to-accept proposals, the IP address used to accept it, as a record of agreement. Where electronic signatures are used, signing is handled by SignWell.
- Files you share. Files exchanged for a project — such as assets and deliverables — are stored so that you and our team can access them through the client portal.
- Client portal sign-in. Our client portal uses passwordless, magic-link sign-in. We use your email address to send a one-time sign-in link.
Information we collect automatically
- Analytics. We use Plausible Analytics, a privacy-friendly service that uses no cookies and does not collect personal data or track you across other sites. It gives us aggregate, anonymized statistics such as page views, referring sites, and general device, browser, and country information.
- Log & security data. Our hosting and application infrastructure automatically record technical information — such as IP address, browser type, and the pages requested — for security, troubleshooting, and to keep the Site running. When you sign in to the portal or back office, we record the IP address and browser of the session.
- Error monitoring. We use Sentry to detect and diagnose technical errors. If something goes wrong, diagnostic data — which can include your IP address, request details, and the page involved — may be sent to Sentry.
Payment information
Payments are processed by Stripe. When you pay an invoice or save a card for recurring retainer billing, your card details are entered directly into Stripe’s secure checkout — we never see or store your full card number. We receive a confirmation and a payment reference for our records. For clients who authorize automatic retainer billing, we store a secure token that points to the payment method Stripe holds on file, along with limited details used to identify the card, such as its brand, last four digits, and expiration date. You can remove a saved card at any time from the client portal.
4. How we use your information
We use the information we collect to:
- Respond to your inquiries and communicate with you;
- Provide, deliver, and bill for our services, including proposals, projects, invoices, and payments;
- Operate the client portal and authenticate sign-ins;
- Send transactional and service emails, such as invoices, proposal links, and sign-in links;
- Maintain the security and integrity of the Site and our systems;
- Understand, in aggregate, how the Site is used so that we can improve it; and
- Meet our legal, tax, and accounting obligations.
We do not sell or rent your personal information, and we do not use it for third-party or cross-context behavioral advertising.
5. Legal bases (EEA / UK)
If you are in the European Economic Area or the United Kingdom, we process your personal information on the following legal bases:
- Performance of a contract — to deliver our services and process payments;
- Legitimate interests — to run and secure our business, respond to inquiries, and understand aggregate Site usage;
- Consent — where required; you may withdraw consent at any time; and
- Legal obligation — to meet tax, accounting, and record-keeping requirements.
7. Data retention
We keep personal information only as long as we need it for the purposes described in this policy, and to meet legal, tax, and accounting requirements. Inquiry messages are kept while we evaluate and, where relevant, pursue a working relationship. Client, project, invoice, and payment records are retained for the life of the relationship and for the period required for financial and legal record-keeping. One-time sign-in links expire within 30 minutes, and portal sign-in sessions within one week. When we no longer need information, we archive or delete it; some records are kept in archived form to preserve financial and contractual history. Our service providers retain data according to their own policies.
8. How we protect your information
We take reasonable and appropriate measures to protect personal information, including:
- Encryption of data in transit over HTTPS;
- Hashed storage of passwords (we never store plaintext passwords);
- Signed, HTTP-only session cookies;
- Rate limiting on sign-in and other sensitive actions;
- Cryptographic verification of incoming payment and signature notifications;
- Restricted, role-based access to client data; and
- Filtering of sensitive values out of our application logs.
No method of transmission or storage is completely secure, so while we work hard to protect your information, we cannot guarantee its absolute security.
9. International users
We are based in the United States, and our service providers may process information in the United States and other countries. If you access the Site from outside the U.S., you understand that your information will be processed in the U.S., where data-protection laws may differ from those in your country. Where required, we rely on appropriate safeguards for such transfers.
10. Your privacy rights
Depending on where you live, you may have rights over your personal information — such as the right to access, correct, delete, or receive a copy of it, and to object to or restrict certain processing. We do not sell personal information or share it for cross-context behavioral advertising, and we will not discriminate against you for exercising your rights.
Montana residents
Under the Montana Consumer Data Privacy Act, you may request access to, correction of, deletion of, or a portable copy of your personal data, and you may opt out of targeted advertising, the sale of personal data, or certain profiling. We do not engage in those activities.
California residents
Under the California Consumer Privacy Act (as amended by the CPRA), you have the right to know, delete, and correct your personal information, and to opt out of the “sale” or “sharing” of personal information. We do not sell or share your information as those terms are defined under California law.
EEA & UK residents
Under the GDPR and UK GDPR, you have rights of access, rectification, erasure, restriction, portability, and objection, and the right to lodge a complaint with your local supervisory authority.
To exercise any of these rights, email us at brooks@byrdhouse.xyz. We will respond within the timeframe required by applicable law and may need to verify your identity before acting on your request.
11. Children’s privacy
The Site and our services are intended for businesses and adults. They are not directed to children, and we do not knowingly collect personal information from children under 13 (or under 16 where a higher age applies). If you believe a child has provided us with personal information, please contact us and we will delete it.
12. Third-party links
Our Site may link to third-party websites or services we do not control. This policy does not cover their practices, and we encourage you to review the privacy policy of any site you visit.
13. Changes to this policy
We may update this policy from time to time. When we do, we will revise the “Last updated” date at the top of this page, and significant changes will be reflected here. Your continued use of the Site after an update means you accept the revised policy.
14. Contact us
Questions about this policy or your personal information? We are glad to help.
Byrd House LLC
Great Falls, Montana, USA