Privacy Policy

Your privacy matters. This Privacy Policy describes how Alterra Holdings LLC, doing business as Gold Rose Studio ("we," "us," or "our"), collects, uses, shares, and protects information about you when you use our website at goldrose.ca and our AI automation services (collectively, the "Services"). By using our Services, you agree to the practices described in this Privacy Policy.

Information We Collect
How We Use Your Information
How We Share Information
Cookies & Tracking
Data Retention
Data Security
California Privacy Rights (CCPA/CPRA)
Nevada Privacy Rights
Children's Privacy (COPPA)
Third-Party Links
AI & Automated Processing
Changes to This Policy
Contact Us

Information We Collect

Information You Provide Directly

When you register for an account, complete onboarding, or contact us, we may collect:

Business information: Business name, address, phone number, website URL
Contact information: Your name, email address, phone number
Billing information: Credit card or payment details (processed and stored securely by Stripe, Inc.; we do not store full card numbers)
Configuration data: Information you provide to train your AI assistant, such as product lists, FAQs, business hours, and policies
Communications: Any messages, emails, or support requests you send us

Information Collected Automatically

When you visit our website, we automatically collect:

Log data: IP address, browser type, operating system, pages visited, time and date of visit, referring URL
Device information: Device type, unique device identifiers, screen resolution
Usage data: How you interact with our website and services
Cookies and similar technologies: See Section 4 for details

Information from Your Customers

When your customers interact with your AI assistant powered by our services, we may process on your behalf:

Customer names and contact information provided during conversations
Inquiry content, order details, and booking requests
Phone numbers for voice interactions

In this context, you are the data controller and we are a data processor acting on your instructions.

How We Use Your Information

We use the information we collect to:

Provide and improve our services: Set up, configure, maintain, and improve your AI assistant and our platform
Process payments: Bill you for subscriptions, process setup fees, and handle payment disputes
Communicate with you: Send service-related notifications, respond to support requests, and provide account updates
Marketing (with consent): Send promotional communications about our services. You may opt out at any time.
Analytics and improvement: Analyze usage patterns to improve our platform, troubleshoot issues, and develop new features
Legal compliance: Comply with applicable laws, respond to lawful requests, and enforce our Terms of Service
Safety and security: Detect, prevent, and investigate fraud, unauthorized access, and other illegal or harmful activity

We rely on the following legal bases for processing your personal information (where applicable under law): performance of a contract; compliance with legal obligations; our legitimate business interests; and, where required, your consent.

How We Share Your Information

We do not sell your personal information. We may share your information in the following circumstances:

Service Providers

We share information with trusted third-party vendors who assist us in operating our business, including:

Stripe, Inc. — payment processing
Anthropic, PBC — AI language model services
HighLevel, Inc. (GoHighLevel) — CRM and automation platform
Cloudflare, Inc. — website hosting and security
Email and communication providers — transactional and marketing communications

These providers are contractually obligated to use your information only to provide services to us and to maintain appropriate security measures.

Business Transfers

If Alterra Holdings LLC is involved in a merger, acquisition, sale of assets, or bankruptcy, your information may be transferred as part of that transaction. We will notify you of any such change in ownership and any choices you may have regarding your information.

Legal Requirements

We may disclose your information if required to do so by law or in good-faith belief that such disclosure is necessary to: comply with a legal obligation; protect our rights or property; prevent fraud or illegal activity; or protect the safety of our users or the public.

With Your Consent

We may share your information for any other purpose with your prior consent.

Cookies & Tracking Technologies

We use cookies and similar technologies (such as pixels and local storage) to enhance your experience, analyze traffic, and support our marketing efforts.

Types of Cookies We Use

Essential cookies: Required for basic website functionality, such as session management and security. These cannot be disabled without affecting core site features.
Analytics cookies: Help us understand how visitors interact with our website (e.g., pages viewed, time on site). We use this data in aggregate form.
Marketing/advertising cookies: Allow us to measure the effectiveness of our advertising campaigns and deliver relevant ads. We may use platforms such as Meta Pixel or Google Analytics.

Your Cookie Choices

Most browsers allow you to refuse or delete cookies. However, disabling cookies may affect your ability to use certain features of our website. You may also opt out of certain third-party analytics and advertising by visiting:

Google Analytics Opt-Out: tools.google.com/dlpage/gaoptout
Network Advertising Initiative Opt-Out: optout.networkadvertising.org

Our website does not currently respond to browser "Do Not Track" signals. We will update this policy if we adopt such a standard in the future.

Data Retention

We retain your personal information for as long as necessary to provide our services, comply with legal obligations, resolve disputes, and enforce our agreements. Specifically:

Account data: Retained while your account is active and for up to 3 years after termination for legal and business purposes
Billing records: Retained for at least 7 years to comply with tax and accounting requirements
Customer interaction data: Retained for up to 12 months after your account termination, unless you request earlier deletion
Communications and support records: Retained for up to 3 years

You may request deletion of your personal data at any time, subject to our legal obligations to retain certain records.

Data Security

We implement commercially reasonable administrative, technical, and physical security measures designed to protect your personal information from unauthorized access, disclosure, alteration, and destruction. These measures include:

Encryption of data in transit using TLS/SSL
Encrypted storage of sensitive data at rest
Access controls limiting employee access to personal data on a need-to-know basis
Regular security assessments of our systems
Use of PCI-DSS compliant payment processors

No method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security of your information. In the event of a data breach affecting your personal information, we will notify you as required by applicable law.

California Privacy Rights (CCPA / CPRA)

If you are a California resident, the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) provide you with specific rights regarding your personal information.

Your California Rights

Right to Know: You have the right to request that we disclose the categories and specific pieces of personal information we collect, use, disclose, and sell about you.
Right to Delete: You have the right to request that we delete personal information we have collected from you, subject to certain exceptions.
Right to Correct: You have the right to request correction of inaccurate personal information.
Right to Opt-Out of Sale or Sharing: We do not sell or share your personal information for cross-context behavioral advertising. If our practices change, we will update this policy and provide an opt-out mechanism.
Right to Limit Use of Sensitive Personal Information: You may direct us to limit our use of sensitive personal information to what is necessary to provide our services.
Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA/CPRA rights.

Categories of Personal Information Collected (Last 12 Months)

Identifiers (name, email, IP address, business name)
Commercial information (services purchased, payment history)
Internet or other network activity (website interactions, log data)
Professional or employment-related information (business details)
Inferences drawn from the above to create a profile about your preferences

How to Exercise Your California Rights

Submit a verifiable consumer request to: [email protected] or contact us at the address below. We will respond within 45 days. You may designate an authorized agent to submit requests on your behalf.

Nevada Privacy Rights

Nevada residents may request that we not sell their covered information by contacting us at [email protected]. We do not currently sell personal information as defined under Nevada law.

Children's Privacy (COPPA)

Our services are not directed to children under the age of 13. We do not knowingly collect personal information from children under 13. If we discover that a child under 13 has provided us with personal information, we will promptly delete that information. If you believe we may have collected information from a child under 13, please contact us at [email protected].

Our services are intended for business use by adults who own or operate florist shops and similar businesses.

Third-Party Links

Our website and services may contain links to third-party websites, products, or services. We are not responsible for the privacy practices of third parties. We encourage you to review the privacy policies of any third-party websites you visit. The inclusion of a link does not imply our endorsement of that website or its privacy practices.

AI & Automated Processing

Our platform uses artificial intelligence to process information and generate automated responses on your behalf. The AI systems we use (powered by Anthropic's Claude) process the information you configure and the inquiries your customers submit through your AI assistant.

We do not use customer conversation data to train AI models without explicit consent. Conversation data is processed to deliver the service and may be reviewed by our team for quality assurance, safety monitoring, and service improvement purposes.

You are responsible for ensuring that your use of our AI communications complies with applicable laws, including any requirement to disclose to your customers that they may be interacting with an automated AI system.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email (to the address associated with your account) or by posting a prominent notice on our website, at least 14 days before the changes take effect. The "Last Updated" date at the top of this policy reflects the most recent revision. Your continued use of our services after the effective date constitutes acceptance of the updated policy.

Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your personal information, please contact our Privacy team:

Alterra Holdings LLC d/b/a Gold Rose Studio
Attn: Privacy
San Clemente, California 92672
Email: [email protected]
Website: goldrose.ca

We will respond to verifiable privacy requests within the timeframe required by applicable law (generally 45 days for CCPA requests, extendable by an additional 45 days when reasonably necessary).

Contents