Shellback Strategic ("we," "us," or "our") operates the website shellback-strategic.com. This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you visit our website, use our tools, purchase our products, or engage with our services.
We respect your privacy and are committed to handling your data transparently. If you have questions about this policy, contact us at hello@shellbackstrategic.com.
1. Information we collect
Information you provide directly
We collect information you voluntarily provide through forms, tools, and purchases on our website:
| Where we collect it | What we collect | Why we collect it |
|---|---|---|
| Exit Readiness Score tool | Role, revenue range, transition timeline, dimension scores, email address (optional), name (optional), company name (optional) | To generate your personalized score results and, if you provide your email, to send you a copy of your results |
| Application form (within score tool) | Name, email, phone, LinkedIn URL, company name, industry, employee count, EBITDA range, years in business, ideal outcomes, motivation, source attribution, contact preference | To evaluate fit for our advisory services and to respond to your inquiry |
| Contact form | Name, email, phone, company name, revenue range, message, source attribution | To respond to your inquiry and provide relevant information |
| Product purchases (via Stripe) | Name, email, company name, payment information | To process your purchase and deliver your digital products |
Information collected automatically
When you visit our website, we automatically collect certain technical information:
- Analytics data (Google Analytics 4): Pages visited, time on page, scroll depth, button clicks, referral source, device type, browser type, approximate geographic location (city/region level, not precise), and interactions with the Exit Readiness Score tool (assessment start, dimension completion times, score results)
- Server logs: IP address, browser user agent, referring URL, pages requested, timestamp. These are standard web server logs maintained by our hosting provider (Vercel).
Information we do NOT collect
- We do not collect sensitive personal information such as Social Security numbers, government IDs, health data, biometric data, or precise geolocation.
- We do not sell personal information to third parties.
- We do not use your data for automated decision-making that produces legal or similarly significant effects.
2. How we use your information
We use the information we collect for the following purposes:
- Deliver products and services: Process purchases, deliver digital downloads, respond to inquiries, schedule consultations, and provide advisory services.
- Generate your Exit Readiness Score: Your assessment responses are processed locally in your browser to produce your score. If you provide your email, we store your results to send you a copy.
- Improve our website: Analytics data helps us understand which content is useful, where visitors encounter friction, and how to improve the user experience.
- Communicate with you: Respond to contact form submissions, send purchase confirmations, and follow up on advisory inquiries. We do not add you to a marketing email list without your explicit consent.
- Comply with legal obligations: Maintain records required for tax reporting and regulatory compliance.
3. Third-party service providers
We share your information with the following third-party services, each of which processes data according to their own privacy policies:
| Service | Purpose | Data shared | Privacy policy |
|---|---|---|---|
| Stripe | Payment processing | Name, email, payment information, purchase details | stripe.com/privacy |
| Google Analytics 4 | Website analytics | Page views, interactions, device/browser info, approximate location | policies.google.com/privacy |
| Vercel | Website hosting | Server logs (IP address, pages requested) | vercel.com/legal/privacy-policy |
| Google Fonts | Typography rendering | IP address (via font file request) | policies.google.com/privacy |
| Formspree (or equivalent) | Form submission handling | Form field contents (name, email, message) | See provider's privacy policy |
We do not sell, rent, or trade your personal information to any third party for marketing purposes.
4. Cookies and tracking technologies
Our website uses cookies and similar technologies. For detailed information about the cookies we use and your choices, please see our Cookie Policy.
In summary:
- Essential cookies: Required for basic website functionality, such as remembering your cookie consent preference. These cannot be disabled.
- Analytics cookies (Google Analytics 4): Help us understand how visitors use our website. These are only loaded after you consent via our cookie banner.
- Payment cookies (Stripe): Used during the checkout process to securely process payments. These are loaded only when you initiate a purchase.
You can manage your cookie preferences at any time through your browser settings or by using the cookie consent controls on our website.
5. Data retention
- Contact form submissions: Retained for 24 months from the date of submission, then deleted unless an ongoing advisory relationship exists.
- Score tool results: If you provided your email, your score data is retained for 24 months. If you skipped the email gate, your responses are processed locally in your browser and are not stored on our servers.
- Purchase records: Retained for 7 years as required for tax and accounting compliance.
- Analytics data: Google Analytics 4 data retention is set to 14 months.
- Application submissions: Retained for 24 months from submission.
6. Your privacy rights
Depending on your location, you may have the following rights regarding your personal information:
- Right to know/access: Request a copy of the personal information we hold about you.
- Right to delete: Request deletion of your personal information, subject to certain legal exceptions.
- Right to correct: Request correction of inaccurate personal information.
- Right to opt out: Opt out of the sale or sharing of your personal information (we do not sell your data, but you may exercise this right at any time).
- Right to non-discrimination: We will not discriminate against you for exercising your privacy rights.
To exercise any of these rights, email us at hello@shellbackstrategic.com with your request. We will respond within 30 days (or sooner if required by applicable law). We may need to verify your identity before processing your request.
For California residents (CCPA/CPRA)
Under the California Consumer Privacy Act, you have additional rights including the right to know what categories and specific pieces of personal information we collect, the right to request deletion, and the right to opt out of the sale of personal information. We do not sell personal information as defined by the CCPA. To submit a request, email hello@shellbackstrategic.com.
For Indiana residents (INCDPA)
Under the Indiana Consumer Data Protection Act (effective January 1, 2026), you have the right to confirm whether we are processing your personal data, access your data, correct inaccuracies, delete your data, and obtain a copy in a portable format. To exercise these rights, contact us at the email above.
For EU/EEA residents (GDPR)
If you are located in the European Economic Area, our legal basis for processing your personal data depends on the context: consent (analytics cookies), contractual necessity (product purchases, service delivery), and legitimate interest (responding to inquiries, improving our website). You have rights under GDPR including access, rectification, erasure, restriction, portability, and objection. Contact us at the email above to exercise these rights.
7. Data security
We implement reasonable administrative, technical, and physical safeguards to protect your personal information. Our website is served over HTTPS with TLS encryption. Payment processing is handled entirely by Stripe, which is PCI DSS Level 1 compliant — we never see, store, or have access to your full credit card number. However, no method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.
8. Children's privacy
Our website and services are not directed at individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a child, please contact us and we will promptly delete it.
9. Third-party links
Our website may contain links to third-party websites (such as LinkedIn, Calendly, or Stripe). We are not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies before providing any personal information.
10. Changes to this policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will update the "Last updated" date at the top of this page. We encourage you to review this policy periodically.
11. Contact us
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, contact us at:
Shellback Strategic
Email: hello@shellbackstrategic.com
Website: shellback-strategic.com