Privacy Policy

Last updated: January 2025.

This policy describes how Crystal Palace Metals Inc. ("we", "ClientForge Lab") collects, uses, and protects information from customers and site visitors.

1. Who we are

ClientForge Lab is a digital service operated by Crystal Palace Metals Inc., Florida Corp #P15000014585, with offices at 2 S Biscayne Blvd, Suite 3200 #2415, Miami, FL 33131, USA.

2. What we collect

• Account data: name, email, business name, service vertical.
• Operational data: campaign content, customer lists you upload, performance metrics.
• Technical data: IP address, browser type, pages visited (essential and analytics cookies — no third-party ad pixels without disclosure).

3. Data residency

Your data is processed and stored in the United States (Hetzner — Hillsboro, OR / Ashburn, VA). We do not transfer data outside the US without your explicit consent.

4. AI / LLM providers

We use the following large-language-model providers:

• Google Vertex AI (primary provider)
• OpenAI (BAA tier when applicable)
• Anthropic Claude (reserve)

5. HIPAA

For Closer-tier customers (Med Spa), we sign Business Associate Agreements (BAA) as part of onboarding. The treatment-specific reactivation layer unlocks Phase 2 — we do not claim full HIPAA compliance in Phase 0.

6. CCPA and GDPR

We comply with CCPA for California residents. For EU traffic, we are GDPR-aware: data minimization, documented legal basis, right-to-be-forgotten on request.

7. TCPA — SMS and WhatsApp

We only send SMS and WhatsApp messages to contacts who have given explicit consent. Every message includes an opt-out ("Reply STOP"). We never buy lists.

8. Cookies

We use essential cookies (session, language preference) and basic analytics cookies. We do not use Meta, Google Ads, or other third-party advertising pixels on this site without prior disclosure.

9. Privacy requests

For data access, correction, or deletion, email privacy@clientforgelab.com. We respond within 30 days.