ColPR

    Trust Center

    Trust, Security, and Privacy

    This page is maintained by ColPR Software Consultants to answer common security and privacy questions about this website and how we work with clients. It is editable project content, not an independent certification.

    Last updated: June 2026

    How we approach security

    ColPR Software Consultants is a small fractional CTO consultancy. This site is a marketing site. It does not store client work product, patient records, or legal matter data. The practices below describe how this website and our day-to-day operations handle the limited information visitors and clients share with us.

    We follow shared-responsibility principles. The platform that hosts this site and our backend services maintains the underlying infrastructure controls. ColPR is responsible for how we configure those services, what data we collect, and how we respond to requests.

    Hosting and platform

    This website is hosted on Lovable, which uses managed cloud infrastructure for static hosting, database, authentication, edge functions, and storage. Traffic between visitors and the site is served over HTTPS.

    Database access is governed by row-level security policies. Tables that hold submitted information are configured to deny-by-default and grant only the access required for the feature to work.

    What we collect and why

    Contact form submissions on this site collect name, email, phone (optional), and the message you send. We use this information only to respond to your inquiry, schedule a conversation, and follow up on engagements you ask us about.

    When you book a call through our embedded scheduler, the calendar provider collects the information you enter on its own form. We receive the resulting calendar invite.

    We do not sell visitor information. We do not use submissions to train AI models.

    Subprocessors

    The third parties below help us operate this site and respond to inquiries.

    • Lovable for hosting, database, authentication, and edge functions.
    • Resend for transactional email when the contact form sends notifications.
    • Google for Analytics, Tag Manager, and the embedded scheduling calendar.

    Each provider operates under its own terms and security program. Replacing or adding a subprocessor is an operational decision we make; this page is updated when the list changes.

    Cookies and analytics

    We use Google Tag Manager and Google Analytics to understand which pages visitors read and which calls to action they respond to. Analytics data is retained for the default period of fourteen months. We do not run advertising retargeting from this site.

    Retention and deletion

    Contact form submissions are retained indefinitely until you ask us to remove them, so that we have a record of prior conversations when you return to us later. Analytics data follows the fourteen-month retention above.

    You can ask us to delete your contact submission and any related email correspondence at any time using the address below.

    Access and authentication

    Internal access to the site backend is limited to the ColPR founders. We use strong, unique credentials and provider-managed multi-factor authentication on the accounts that administer this site, our email, and our backend services.

    Privacy requests and security contact

    For privacy requests, data deletion requests, or to report a potential security issue with this website, email alan@colprsc.com or call 904-257-6012. We aim to acknowledge requests within two business days.

    We do not currently hold third-party certifications such as SOC 2, ISO 27001, or HIPAA. When an engagement requires specific compliance commitments, we address them in the engagement agreement, not on this page.