Privacy Policy

Effective date: April 4, 2025

1. Introduction

Fractional IT Leaders (“we,” “us,” or “our”) is committed to protecting your personal information. This Privacy Policy explains what information we collect, how we use and share it, and the choices you have regarding your information when you use our website and services (collectively, the “Platform”).

By using the Platform, you consent to the practices described in this Policy. If you do not agree, please do not use the Platform.

2. Information We Collect

a. Information You Provide Directly

  • Account registration: name, email address, password (hashed — never stored in plain text);
  • Provider listings: company name, contact email, phone number, biography, website URL, LinkedIn URL, logo, service details, and other profile information you choose to provide;
  • Buyer inquiries: name, email, company, project details, and any other information submitted through contact or referral forms;
  • Reviews and case studies: any written content you submit to the Platform;
  • Payment information: billing details collected and processed by our payment processor (Stripe). We do not store full card numbers on our servers.

b. Information Collected Automatically

  • Log data: IP address, browser type, operating system, referring URLs, pages visited, and timestamps;
  • Cookies and similar technologies: session tokens, preference cookies, and analytics identifiers (see Section 6);
  • Usage data: interactions with features, search queries, and navigation patterns.

c. Information from Third Parties

If you sign in using a third-party OAuth provider (such as Google), we receive basic profile information (name, email, profile picture) from that provider in accordance with their privacy policy and your privacy settings.

3. How We Use Your Information

We use the information we collect to:

  • Create and manage your account and provider listing;
  • Display provider profiles to buyers browsing the directory;
  • Route buyer referral inquiries to the appropriate Provider;
  • Process subscription payments and send receipts;
  • Send transactional emails (account creation, listing status updates, lead notifications);
  • Respond to your support requests and communications;
  • Detect, investigate, and prevent fraud, abuse, and violations of our Terms of Service;
  • Analyze usage patterns to improve the Platform;
  • Comply with applicable legal obligations.

We do not sell your personal information to third parties. We do not use your data for automated decision-making that produces legal or similarly significant effects.

4. How We Share Your Information

a. Publicly Displayed Information

Information you include in a Provider listing (company name, bio, contact email, phone, website, LinkedIn, service details, logo) is displayed publicly on the Platform and may be indexed by search engines. You control what you include in your listing.

b. Service Providers

We share information with trusted third-party service providers who assist us in operating the Platform, subject to confidentiality obligations. These include:

  • Supabase — database hosting, authentication, and file storage (EU/US data centers);
  • Stripe — payment processing (PCI-DSS compliant);
  • Resend — transactional email delivery;
  • Google Analytics — anonymized usage analytics (see Section 6);
  • Vercel — web hosting and content delivery.

c. Legal Requirements

We may disclose your information if required to do so by law, court order, or governmental authority, or if we believe disclosure is necessary to protect our rights, prevent fraud, or ensure the safety of any person.

d. Business Transfers

In the event of a merger, acquisition, or sale of all or substantially all of our assets, your information may be transferred to the acquiring entity, subject to the same privacy protections.

5. Data Retention

We retain your personal information for as long as your account is active or as needed to provide the Service, comply with legal obligations, resolve disputes, and enforce our agreements. You may request deletion of your account and associated data at any time (see Section 8). Note that some information may be retained in backups or audit logs for a limited period after deletion.

Buyer inquiry data (leads) is retained for as long as it is operationally relevant to the Provider to whom the lead was routed, and is subject to our standard data retention schedule.

6. Cookies and Tracking Technologies

We use the following types of cookies and similar technologies:

  • Essential cookies: Required for authentication sessions and core functionality. These cannot be disabled without impairing your use of the Platform.
  • Analytics cookies: We use Google Analytics (with IP anonymization) to understand aggregate usage patterns. Google Analytics data is governed by Google’s Privacy Policy. You can opt out via the Google Analytics opt-out browser add-on.

Most browsers allow you to control cookies through their settings. Disabling cookies may affect certain features of the Platform.

7. Data Security

We implement industry-standard technical and organizational measures to protect your information against unauthorized access, alteration, disclosure, or destruction. These include encrypted connections (HTTPS/TLS), hashed passwords, row-level security on our database, and access controls limiting data access to authorized personnel.

However, no method of transmission or storage is 100% secure. We cannot guarantee absolute security, and you use the Platform at your own risk. In the event of a data breach that affects your rights, we will notify you as required by applicable law.

8. Your Rights and Choices

Depending on your location, you may have the following rights with respect to your personal data:

  • Access: Request a copy of the personal data we hold about you;
  • Correction: Request that inaccurate or incomplete data be corrected;
  • Deletion: Request deletion of your account and personal data, subject to legal retention obligations;
  • Portability: Request a machine-readable export of your data;
  • Objection / Restriction: Object to or request restriction of certain processing activities;
  • Withdraw consent: Where processing is based on consent, you may withdraw it at any time.

To exercise any of these rights, please contact us at privacy@fractionalitleaders.com. We will respond within 30 days (or as required by applicable law). We may need to verify your identity before fulfilling your request.

Marketing communications: You may opt out of any promotional emails at any time by clicking the unsubscribe link in those messages or contacting us directly. Transactional emails (account notices, lead notifications) cannot be opted out of while your account is active.

9. Children’s Privacy

The Platform is not directed to children under 18 years of age, and we do not knowingly collect personal information from children under 18. If we become aware that we have collected personal information from a child under 18 without parental consent, we will take steps to delete that information. If you believe we may have inadvertently collected such information, please contact us at privacy@fractionalitleaders.com.

10. International Data Transfers

Our Platform is operated primarily in the United States. If you access the Platform from outside the United States, your information may be transferred to and processed in the United States or other countries that may not provide the same level of data protection as your home jurisdiction. By using the Platform, you consent to such transfers. We take appropriate steps to ensure that transfers comply with applicable data protection laws.

11. California Privacy Rights (CCPA / CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act and California Privacy Rights Act, including the right to know what personal information we collect, use, and share; the right to delete your personal information; the right to opt out of the sale or sharing of your personal information (we do not sell or share personal information for cross-context behavioral advertising); and the right to non-discrimination for exercising these rights.

To exercise your California privacy rights, please contact us at privacy@fractionalitleaders.com.

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will revise the effective date at the top of this page. If we make material changes, we will provide notice through the Platform or by email. Your continued use of the Platform after changes are posted constitutes your acceptance of the revised Policy.

13. Takedown and Dispute Process

If a provider listing on the Platform displays your personal information without your authorization, misuses your name or identity, or otherwise violates your privacy rights, you may request its removal or correction.

Privacy-based takedown requests should be submitted to disputes@fractionalitleaders.com and should include: your identity, the listing URL, the specific information at issue, and an explanation of why you believe its display violates your privacy rights or applicable law.

We will acknowledge receipt within 2 business days and complete our review within 5–10 business days. Where we determine a privacy violation has occurred, we will remove or redact the relevant information promptly. Listed providers may submit a counter-dispute within 10 business days of being notified of a takedown action.

For full details on grounds, required information, timelines, counter-disputes, and appeals, see our Takedown & Dispute Policy.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

Fractional IT Leaders
Email: privacy@fractionalitleaders.com