Privacy Policy | Peregrine IO

§ 1

Who we are

Peregrine IO is a custom software development and digital marketing studio operating in Aurora, Colorado and Houston, Texas. This Privacy Policy explains what personal information we collect from visitors to our websites and customers of our services, how we use it, who we share it with, and the choices and rights you have over it.

For Colorado residents, "Peregrine IO" refers to the Colorado operations of the business (entity registration pending). For Texas residents and clients, the contracting entity is Aeopic LLC, a Texas limited liability company with its registered office at 1919 Taylor St Ste F, Houston, TX 77007.

You can reach us:

Email: privacy@peregrineio.com
General contact: admin@peregrineio.com
Aurora, CO Office — [street address pending], Aurora, CO 80012
Houston, TX Office — 1919 Taylor St Ste F, Houston, TX 77007

§ 2

Information we collect

2.1 Information you give us

Contact form submissions — name, work email, optional phone, business name, business category, budget range, and the free-text description you write about your operation.
Customer onboarding — billing contact, mailing address, payment method (processed by Stripe; we receive a token, not your full card details), SLA signature data, and the operational data you load into the platforms we build for you.
Email correspondence — anything you send to our email addresses, including attachments.

2.2 Information we collect automatically

Device and browser data — IP address, browser type and version, OS, language preference.
Usage data — pages visited, time on page, scroll depth, referring URL, clicks on key UI elements.
Cookies and similar technologies — see Section 8.

2.3 Information from third parties

Stripe (transaction status), Resend (email delivery/bounce signals), and Supabase / Vercel (operational telemetry tied to your use of our software). We do not purchase personal information from data brokers.

2.4 Sensitive personal information

We do not knowingly collect sensitive personal information as defined under the Colorado Privacy Act (C.R.S. § 6-1-1303(24)). If we ever begin collecting such categories, we will update this policy and obtain affirmative opt-in consent as required.

§ 3

How we use your information

We use personal information only for the following purposes:

Respond to project inquiries (your request).
Provide our services (contract performance under your SLA).
Operate and improve the website (legitimate operational interest; consent for non-essential cookies).
Send transactional communications — invoices, security notifications, support replies.
Send marketing communications only with TCPA-compliant opt-in.
Comply with law — tax, lawful subpoenas, fraud prevention.
Protect rights and security.

We do not use personal information for:

Behavioral profiling outside the immediate purposes above.
Automated decision-making with legal or similarly significant effects.
Cross-site targeted advertising unless you have given prior opt-in consent.

§ 4

Who we share your information with

4.1 Service providers (processors)

Each processor is bound by contract that limits their use of personal information to providing the contracted service.

Provider	What we share	Purpose
Supabase	Customer account + application data	Database / auth
Vercel	Web traffic logs, deployment data	Hosting
Stripe	Billing contact + payment authorization	Payments
Resend	Email addresses for transactional + marketing email	Email delivery
Anthropic	Conversational data through AI agents (where applicable)	AI inference
Twilio	Phone numbers for SMS (where SMS is provisioned)	SMS delivery

4.2 What we do NOT do

We do not sell personal information in the conventional sense.
We do not participate in real-time bidding ad exchanges with visitor data.
We do not share personal information with social media for cross-site advertising unless you have opted in via our cookie banner.

§ 5

Your privacy rights — Colorado residents

§ COLORADO RESIDENTS

The Colorado Privacy Act (C.R.S. § 6-1-1301 et seq., effective July 1, 2023) gives you specific rights over your personal data:

Right to access your personal data.
Right to correct inaccurate personal data.
Right to delete personal data (subject to limited exceptions).
Right to data portability.
Right to opt out of targeted advertising and the sale of personal data.
Right to appeal a denied request (45-day response).

How to exercise these rights — two methods, both available:

Email: privacy@peregrineio.com (subject line "CPA Request").
Web form: submit a privacy request.

We respond within 30 days of receipt under C.R.S. § 6-1-1306, extendable by 45 days where reasonably necessary with notice.

§ 6

Your privacy rights — Texas residents

§ TEXAS RESIDENTS

The Texas Data Privacy and Security Act (Tex. Bus. & Com. Code § 541, effective July 1, 2024) gives you specific rights over your personal data:

Right to confirm processing and access.
Right to correct inaccuracies.
Right to delete personal data.
Right to data portability.
Right to opt out of targeted advertising and the sale of personal data.
Right to opt out of profiling for legally significant decisions.
Right to appeal a denied request (60-day response).

How to exercise these rights — two methods:

Email: privacy@peregrineio.com (subject line "TDPSA Request").
Web form: submit a privacy request.

We respond within 45 days of receipt under Tex. Bus. & Com. Code § 541.054.

§ 7

Global Privacy Control (GPC)

§ GLOBAL PRIVACY CONTROL

We detect and honor GPC signals from your browser. When we detect a GPC signal, we treat it as an opt-out of sale and targeted advertising for that browser, automatically — without any further action from you.

Honoring universal opt-out mechanisms (including GPC) is mandatory under the Colorado Privacy Act (C.R.S. § 6-1-1313 and 4 C.C.R. § 904-3, Part 5) as of July 1, 2024.

Learn about GPC →

§ 8

Cookies and tracking technologies

We use cookies and similar technologies (local storage, web beacons) in three categories:

Category	Purpose	Examples
Necessary	Make the site work — security, session integrity, load balancing.	Supabase auth, security tokens.
Analytics	Aggregate, non-identifying usage so we can fix what's broken.	Off by default — opt-in required.
Marketing	Ad measurement and re-targeting.	Only set if you opt in (Meta Pixel, Google Ads tags, etc.).

Cookie consent preferences are stored in a first-party cookie named pio_consent for 12 months. After 12 months we re-prompt.

§ 9

Data retention

Contact form submissions that do not become a project: 24 months.
Customer records and SLA documents: engagement duration plus 7 years (tax / statute of limitations).
Operational data inside platforms we build for you: per your SLA. Default — exported to you and deleted from our systems within 90 days of termination.
Email correspondence: 7 years.
Website analytics: aggregated 26 months; raw IP / session data discarded after 90 days.
Cookie consent records: 12 months.

§ 10

Security

We use commercially reasonable administrative, technical, and physical safeguards. These include:

TLS 1.3 encryption in transit.
Encryption at rest for databases and backups.
Role-based access controls and MFA for staff with access to customer data.
Audit logging.
Vendor security reviews.
Annual security review.

No system is 100% secure. If we experience a data breach affecting your personal information, we will notify you and applicable authorities within the timeframes required by law (Colorado: 30 days for breaches affecting 500+ residents under C.R.S. § 6-1-716; Texas: without unreasonable delay under Tex. Bus. & Com. Code § 521.053).

§ 11

International transfers

Peregrine IO operates from the United States. Our processors are primarily U.S.-based but may store or process data in other regions per their own infrastructure. We currently do not offer services to users in the European Union or United Kingdom.

§ 12

Children's privacy

Peregrine IO's services are directed at businesses, not consumers. We do not knowingly collect personal information from anyone under 18. If you believe a child under 18 has submitted personal information to us, contact privacy@peregrineio.com and we will delete it promptly.

§ 13

Changes to this policy

We will update the "Last updated" date at the top.
For material changes, post a notice on our website 30 days before the change takes effect.
For changes that affect how we use data you already gave us, give you an opportunity to opt out before the change applies retroactively.

§ 14

How to contact us

Email: privacy@peregrineio.com
Colorado mail: [Aurora street address — TBD]
Texas mail: 1919 Taylor St Ste F, Houston, TX 77007
Web form: submit a privacy request

You may also contact the Colorado Attorney General or the Texas Attorney General if you believe we have not honored your rights.

Submit a privacy request

We will respond within 30 days for Colorado residents (CPA) and 45 days for Texas residents (TDPSA). You may also email privacy@peregrineio.com directly.