What information we collect from West Palm Beach customers
When you contact us about chimney services in West Palm Beach, we collect only the information needed to schedule and perform the work: your name, the service address, a phone number to confirm the appointment, an email address if you prefer email communication, and a short description of what is going on with the chimney. That is the entire data set for most customers. We do not ask for date of birth, social security number, driver license, payment card on file, or any other information that is not directly required to schedule and perform the chimney service.
If you choose to apply for financing through our financing partner, additional information is collected by the financing partner directly — typically name, address, date of birth, social security number, and employment information for the credit application. This information flows from you to the financing partner, not through us; we do not see it and do not store it. The financing partner's privacy policy governs what they do with that data. We only see whether your application was approved and what the approved amount is, which we use to size the financing portion of your invoice.
For active customers (anyone who has had work done at their address), we maintain a service history record: dates of visits, work performed, materials used, technician notes, and photographs of completed work. This record is what makes future warranty claims possible and what supports same-day questions like what gauge of stainless was used on a previous installation. The record is retained as long as the customer relationship is active and for seven years after the last service date for warranty and tax recordkeeping purposes. After seven years, the records are deleted from active storage.
How we use your information and who can see it
Customer information is used exclusively to schedule, perform, document, and follow up on chimney services. We do not sell customer lists, do not rent customer information to third parties, and do not share customer data with marketing partners. The internal team members who can see customer records are the dispatchers who schedule appointments, the technicians assigned to a specific job, the bookkeeper who processes invoices and payments, and the owner who reviews work for quality. No one outside this small team has access to customer records.
If we use a payment processor for credit card or bank transfer payments — currently a single PCI-compliant processor that handles all card-not-present transactions — the processor sees only the payment information needed to process the specific transaction. They do not see your service history, your contact preferences, or any other information. They retain the payment record for the period required by financial regulations (typically seven years) under their own data security obligations.
We use Google Analytics 4 (configured with IP anonymization) and Google Ads conversion tracking on the public website, which means Google sees aggregated and anonymized information about visits and conversions. Google's processing of this data is governed by their privacy policy and the Data Processing Addendum that applies to our analytics account. We do not provide Google with personally identifiable information from our customer records, and we have not configured any user-level or device-graph integrations that would link analytics data to specific named customers.
Your privacy rights and how to exercise them
As a Florida resident, you have the right to ask us what information we hold about you, to ask us to correct any information that is wrong, and to ask us to delete information that is no longer needed for the purpose for which it was collected. To exercise any of these rights, send a written request (email is fine) to the address listed in the contact section of the privacy policy. We respond to verified requests within thirty days. Verification is the simple step of confirming you are the person whose information you are asking about, which we do by matching the request to the customer record using information that only you would know.
Florida law gives you the right to opt out of the sale of your personal information. We do not sell personal information, full stop, so this right is moot in our case — there is nothing to opt out of because we are not selling anything to begin with. If you are concerned that information you provided to us has somehow ended up with a third party we did not authorize, contact us with the specifics and we will investigate. In our records of every customer relationship to date, no such incident has occurred and we treat any such concern as a priority response item.
You can opt out of marketing communications at any time. If you receive an email from us (typically appointment reminders, service follow-ups, or rarely a newsletter), the email includes an unsubscribe link that processes the opt-out instantly. If you receive a text message from us (only sent for active appointment communications, not marketing), reply STOP to opt out. Phone calls from us are limited to scheduled service confirmations and reschedule notifications; we do not make outbound sales calls or telemarketing calls.
Security, retention, and what happens if data is breached
Customer information is stored on servers managed by reputable hosting providers (currently Vercel for the website and Neon Postgres for the database, both with industry-standard encryption at rest and in transit) and in cloud-based customer relationship management software (currently Google Workspace for email-based customer correspondence). Access is gated through individual employee accounts with two-factor authentication required on every account that touches customer data. The owner reviews access logs quarterly for anomalies.
Data retention follows the operational need: active customer records are retained as long as the relationship is active, financial records are retained for seven years per IRS requirements, and marketing lists (where consented) are retained until the customer opts out. When data is deleted, it is deleted from both active storage and backups according to a documented retention schedule. The seven-year financial retention is a regulatory minimum, not a target — we delete records as soon as they are no longer needed beyond that minimum.
In the event of a data breach affecting personally identifiable information of West Palm Beach customers, our response procedure is: contain the breach within twenty-four hours of detection, assess the scope within seventy-two hours, notify affected customers in writing within thirty days regardless of state law minimums, and report to applicable regulators as required by law. We have never had a data breach to date and have invested in straightforward technical and operational controls to keep it that way. If a breach were ever to occur, we would not minimize or delay disclosure — we would tell affected customers immediately and clearly what happened and what we are doing about it.
