Privacy Policy | Pacific Software Ventures

Effective date: April 16, 2026
Last updated: April 16, 2026

Pacific Software Ventures (“PSV,” “we,” “us”) is an AI consulting firm based in San Francisco, California, serving clients in the United States, United Kingdom, Canada, Australia, and the European Union. This policy explains what information we collect, why we collect it, how we handle it, and the rights you have over it. We wrote this to be clear rather than clever.

1. Information we collect

We collect only what we need to respond to you, deliver services, and improve our site.

Contact forms. Name, email, phone, company, role, and project details you submit.
Lead magnets and gated content. Email, name, company, and source attribution.
Tools (AI operator maturity assessment, budget calculator). The responses you enter and the results we return.
Scheduling. Appointment data (name, email, time zone, availability) submitted through our Calendly embed.
Analytics (first-party, no cookies). IP address (via Vercel Analytics), page views, scroll depth, session duration, device type, and referrer.
Advertising and marketing analytics (consent-based). If you consent, Meta Pixel and Google Analytics (GA4) may record browsing activity on our site for attribution, audience measurement, and retargeting.
Payments. If you purchase a service, payment data is collected and processed by Stripe. We never see or store full card numbers.

2. How we use your information

Respond to inquiries and fulfill requests.
Deliver lead-magnet content and scheduled reports.
Improve site performance and content through aggregated analytics.
Measure site performance and protect against abuse (legitimate interest).
With your consent, run retargeting and measure advertising effectiveness.
Meet legal, accounting, and tax obligations tied to client engagements.

3. Legal basis for processing (GDPR)

For visitors in the European Economic Area and the United Kingdom, we rely on the following legal bases under Article 6 of the GDPR:

Contract and pre-contractual measures (Art. 6(1)(b)). Responding to contact forms, scheduling calls, and delivering services you request.
Consent (Art. 6(1)(a)). Marketing and advertising cookies, including Meta Pixel and Google Analytics. You can withdraw consent at any time.
Legitimate interest (Art. 6(1)(f)). First-party performance analytics (Vercel Analytics, Web Vitals), security, and fraud prevention. We balance these interests against your rights and freedoms.
Legal obligation (Art. 6(1)(c)). Compliance with applicable laws, including tax and record-keeping requirements.

4. Data retention

Contact form submissions. Retained for up to three years from last interaction to support the ongoing business relationship. Deleted sooner on request.
Lead-magnet and newsletter signups. Retained until you unsubscribe or up to three years of inactivity, whichever comes first.
Analytics data.Up to 14 months (the GA4 default), or shorter per the platform’s own retention settings.
Call recordings or transcripts. If produced during a client engagement with your permission, retained for up to one year unless a separate agreement specifies otherwise.
Engagement and financial records. Retained as long as required by tax, accounting, and contract law (typically seven years).

5. Your rights under GDPR (EU and UK visitors)

If you are in the EEA or UK, you have the following rights:

Access (Art. 15). Confirm whether we process your data and receive a copy.
Rectification (Art. 16). Correct inaccurate or incomplete data.
Erasure (Art. 17). Request deletion of your data, subject to legal exceptions.
Restriction (Art. 18). Limit how we process your data in specific circumstances.
Portability (Art. 20). Receive data you provided in a structured, machine-readable format.
Objection (Art. 21). Object to processing based on legitimate interest or for direct marketing.
Withdraw consent (Art. 7(3)). Withdraw consent for any consent-based processing at any time, without affecting the lawfulness of prior processing.
Lodge a complaint (Art. 77). File a complaint with your local supervisory authority.

To exercise any of these rights, email privacy@pacificsoftwareventures.com. We will respond within 30 days.

6. Your rights under CCPA and CPRA (California residents)

California residents have the following rights under the California Consumer Privacy Act, as amended by the California Privacy Rights Act:

Right to know what personal information we collect, use, disclose, and sell or share.
Right to delete personal information we collected from you.
Right to correct inaccurate personal information.
Right to opt out of the sale or sharing of personal information. We do not sell personal information for money. If you use consent-based advertising trackers, you may Do Not Sell or Share My Personal Information.
Right to limit the use of sensitive personal information. We do not use sensitive personal information to infer characteristics.
Right to non-discrimination for exercising your privacy rights.

We will respond to verifiable California requests within 45 days. You may designate an authorized agent to make a request on your behalf.

7. Cookies, analytics, and third-party trackers

We use a small set of tracking technologies, grouped by purpose:

Vercel Analytics and Speed Insights. First-party, cookie-free, no personal identifiers stored. Used under legitimate interest for performance and reliability.
Web Vitals. First-party performance measurement. No cookies, no PII.
Google Analytics 4. Fires only after you consent. IP addresses are anonymized and not used to identify individuals.
Meta Pixel. Fires only after you consent. Used for advertising attribution and retargeting on Meta platforms.
Calendly. When you book a call, Calendly acts as an independent controller for the scheduling data you submit. Their privacy policy applies to the embedded widget.
Stripe. Payment information you submit during a transaction is processed by Stripe under their privacy policy.
Retention.com. Where used, this service may associate on-site activity with contact information through our data partners. You may opt out at app.retention.com/optout.

You can withdraw analytics and advertising consent at any time through the cookie preferences link in our site footer, or by emailing privacy@pacificsoftwareventures.com.

8. International data transfers

PSV is based in the United States, and your data may be processed by us and our service providers in the US. For transfers of personal data from the EEA, UK, or Switzerland to the US, we rely on the Standard Contractual Clauses (SCCs) approved by the European Commission and, where applicable, the UK International Data Transfer Addendum. We do not transfer personal data to jurisdictions lacking adequate protection without appropriate safeguards.

9. Data sharing

We do not sell your personal information for money. We share data only with:

Service providers under written data processing agreements (hosting, analytics, email delivery, scheduling, payments).
Legal, tax, and professional advisors under a duty of confidentiality.
Authorities when required by law, court order, or to protect our legal rights.
A successor in the event of a merger, acquisition, or sale of assets, subject to equivalent privacy protections.

10. Data security

We protect your data with technical and organizational measures commensurate with the risk, including:

AES-256 encryption at rest for stored data.
TLS 1.3 in transit for all site traffic and API calls.
Role-based access controls, SSO, and audit logs for internal systems.
Least-privilege access for staff and contractors, with periodic review.
Regular security reviews of our stack and third-party subprocessors.

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours of becoming aware, as required by GDPR Art. 33, and will notify affected individuals without undue delay where required.

11. Children’s privacy

PSV’s services are directed at businesses. We do not knowingly collect personal information from children under the age of 16. If you believe we have inadvertently collected data from a child, contact privacy@pacificsoftwareventures.com and we will delete it.

12. How to contact us

For any privacy question, to exercise a right, or to withdraw consent:

Privacy email: privacy@pacificsoftwareventures.com
General email: aidan@pacificsoftwareventures.com
Mail: Pacific Software Ventures, San Francisco, California, USA

We respond to GDPR requests within 30 days and CCPA requests within 45 days. PSV currently operates below the threshold that would require appointment of an EU representative under GDPR Art. 27; we will update this policy and appoint a representative if that changes.

13. Changes to this policy

We may update this policy as our services, the law, or our subprocessors change. For material changes, we will post a notice on this page at least 30 days before the changes take effect where reasonably feasible. The “Last updated” date at the top of this page always reflects the most recent revision.

Effective date: April 16, 2026
Last updated: April 16, 2026

1. Information we collect

We collect only what we need to respond to you, deliver services, and improve our site.

Contact forms. Name, email, phone, company, role, and project details you submit.
Lead magnets and gated content. Email, name, company, and source attribution.
Tools (AI operator maturity assessment, budget calculator). The responses you enter and the results we return.
Scheduling. Appointment data (name, email, time zone, availability) submitted through our Calendly embed.
Analytics (first-party, no cookies). IP address (via Vercel Analytics), page views, scroll depth, session duration, device type, and referrer.
Advertising and marketing analytics (consent-based). If you consent, Meta Pixel and Google Analytics (GA4) may record browsing activity on our site for attribution, audience measurement, and retargeting.
Payments. If you purchase a service, payment data is collected and processed by Stripe. We never see or store full card numbers.

2. How we use your information

Respond to inquiries and fulfill requests.
Deliver lead-magnet content and scheduled reports.
Improve site performance and content through aggregated analytics.
Measure site performance and protect against abuse (legitimate interest).
With your consent, run retargeting and measure advertising effectiveness.
Meet legal, accounting, and tax obligations tied to client engagements.

3. Legal basis for processing (GDPR)

For visitors in the European Economic Area and the United Kingdom, we rely on the following legal bases under Article 6 of the GDPR:

Contract and pre-contractual measures (Art. 6(1)(b)). Responding to contact forms, scheduling calls, and delivering services you request.
Consent (Art. 6(1)(a)). Marketing and advertising cookies, including Meta Pixel and Google Analytics. You can withdraw consent at any time.
Legitimate interest (Art. 6(1)(f)). First-party performance analytics (Vercel Analytics, Web Vitals), security, and fraud prevention. We balance these interests against your rights and freedoms.
Legal obligation (Art. 6(1)(c)). Compliance with applicable laws, including tax and record-keeping requirements.

4. Data retention

Contact form submissions. Retained for up to three years from last interaction to support the ongoing business relationship. Deleted sooner on request.
Lead-magnet and newsletter signups. Retained until you unsubscribe or up to three years of inactivity, whichever comes first.
Analytics data.Up to 14 months (the GA4 default), or shorter per the platform’s own retention settings.
Call recordings or transcripts. If produced during a client engagement with your permission, retained for up to one year unless a separate agreement specifies otherwise.
Engagement and financial records. Retained as long as required by tax, accounting, and contract law (typically seven years).

5. Your rights under GDPR (EU and UK visitors)

If you are in the EEA or UK, you have the following rights:

Access (Art. 15). Confirm whether we process your data and receive a copy.
Rectification (Art. 16). Correct inaccurate or incomplete data.
Erasure (Art. 17). Request deletion of your data, subject to legal exceptions.
Restriction (Art. 18). Limit how we process your data in specific circumstances.
Portability (Art. 20). Receive data you provided in a structured, machine-readable format.
Objection (Art. 21). Object to processing based on legitimate interest or for direct marketing.
Withdraw consent (Art. 7(3)). Withdraw consent for any consent-based processing at any time, without affecting the lawfulness of prior processing.
Lodge a complaint (Art. 77). File a complaint with your local supervisory authority.

To exercise any of these rights, email privacy@pacificsoftwareventures.com. We will respond within 30 days.

6. Your rights under CCPA and CPRA (California residents)

California residents have the following rights under the California Consumer Privacy Act, as amended by the California Privacy Rights Act:

Right to know what personal information we collect, use, disclose, and sell or share.
Right to delete personal information we collected from you.
Right to correct inaccurate personal information.
Right to opt out of the sale or sharing of personal information. We do not sell personal information for money. If you use consent-based advertising trackers, you may Do Not Sell or Share My Personal Information.
Right to limit the use of sensitive personal information. We do not use sensitive personal information to infer characteristics.
Right to non-discrimination for exercising your privacy rights.

We will respond to verifiable California requests within 45 days. You may designate an authorized agent to make a request on your behalf.

7. Cookies, analytics, and third-party trackers

We use a small set of tracking technologies, grouped by purpose:

Vercel Analytics and Speed Insights. First-party, cookie-free, no personal identifiers stored. Used under legitimate interest for performance and reliability.
Web Vitals. First-party performance measurement. No cookies, no PII.
Google Analytics 4. Fires only after you consent. IP addresses are anonymized and not used to identify individuals.
Meta Pixel. Fires only after you consent. Used for advertising attribution and retargeting on Meta platforms.
Calendly. When you book a call, Calendly acts as an independent controller for the scheduling data you submit. Their privacy policy applies to the embedded widget.
Stripe. Payment information you submit during a transaction is processed by Stripe under their privacy policy.
Retention.com. Where used, this service may associate on-site activity with contact information through our data partners. You may opt out at app.retention.com/optout.

You can withdraw analytics and advertising consent at any time through the cookie preferences link in our site footer, or by emailing privacy@pacificsoftwareventures.com.

8. International data transfers

9. Data sharing

We do not sell your personal information for money. We share data only with:

Service providers under written data processing agreements (hosting, analytics, email delivery, scheduling, payments).
Legal, tax, and professional advisors under a duty of confidentiality.
Authorities when required by law, court order, or to protect our legal rights.
A successor in the event of a merger, acquisition, or sale of assets, subject to equivalent privacy protections.

10. Data security

We protect your data with technical and organizational measures commensurate with the risk, including:

AES-256 encryption at rest for stored data.
TLS 1.3 in transit for all site traffic and API calls.
Role-based access controls, SSO, and audit logs for internal systems.
Least-privilege access for staff and contractors, with periodic review.
Regular security reviews of our stack and third-party subprocessors.

11. Children’s privacy

12. How to contact us

For any privacy question, to exercise a right, or to withdraw consent:

Privacy email: privacy@pacificsoftwareventures.com
General email: aidan@pacificsoftwareventures.com
Mail: Pacific Software Ventures, San Francisco, California, USA

Privacy policy.

1. Information we collect

2. How we use your information

3. Legal basis for processing (GDPR)

4. Data retention

5. Your rights under GDPR (EU and UK visitors)

6. Your rights under CCPA and CPRA (California residents)

7. Cookies, analytics, and third-party trackers

8. International data transfers

9. Data sharing

10. Data security

11. Children’s privacy

12. How to contact us

13. Changes to this policy

Privacy policy.

1. Information we collect

2. How we use your information

3. Legal basis for processing (GDPR)

4. Data retention

5. Your rights under GDPR (EU and UK visitors)

6. Your rights under CCPA and CPRA (California residents)

7. Cookies, analytics, and third-party trackers

8. International data transfers

9. Data sharing

10. Data security

11. Children’s privacy

12. How to contact us

13. Changes to this policy