How we handle your information

Wellbuilt Systems ("Wellbuilt," "we," "us") is operated as a service of Wellhaircare LLC, a California limited liability company. We provide operational intelligence systems for founder-led businesses. This Privacy Policy explains what information we collect, how we use it, who we share it with, and the choices you have. It applies to wellbuilt.systems, the operational intelligence systems we deploy for clients, and any related services we provide.

We are a small business. We collect the minimum information necessary to operate our website and deliver our services to clients. We do not sell personal data, and we do not use client operational data to train third-party AI models.

1. Who we are

Wellbuilt Systems is operated by Wellhaircare LLC, a California limited liability company, with Ian Tidwell as its founder and operator. Our business address is 2108 N St, Ste N, Sacramento, CA 95816, United States. You can reach us at [email protected].

2. Information we collect from website visitors

Analytics

When you visit wellbuilt.systems we use Google Analytics 4 to understand how visitors use the site. Google Analytics collects pseudonymous information including pages viewed, approximate location (country / region), device type, browser, and referring source. We do not collect names, email addresses, or other identifying information from visitors unless you provide them voluntarily (for example, by booking a call).

Booking a call

If you book a discovery call, we use Calendly to handle scheduling. Calendly collects your name, email address, and the meeting time. We use that information solely to hold the meeting. Calendly's own privacy policy governs their handling of that data.

Server logs

Our hosting infrastructure (Cloudflare and our origin server) keeps standard request logs that include IP addresses, user agents, and timestamps. These logs are used for security, abuse prevention, and operational troubleshooting, and are retained for a limited time.

3. Information we receive when delivering client services

When we deploy an operational intelligence system for a client, the system runs on private infrastructure dedicated to that client and processes operational data the client connects to it. Depending on the engagement, that data can include:

• Customer support messages (e.g., email, SMS, chat) that the client routes through the system.
• Order, customer, and product data from the client's commerce platform (e.g., Shopify).
• Marketing and engagement data from the client's marketing tools (e.g., Klaviyo).
• Web analytics from the client's analytics provider (e.g., Google Analytics 4).
• Advertising performance data from the client's ad platforms (e.g., Google Ads).
• Operator corrections, notes, and decisions captured inside the deployed system.

This data may include personal information about the client's own customers (such as names, email addresses, or order details). In that context the client is the data controller and Wellbuilt acts as a processor on the client's behalf, under a written services agreement.

4. How we use information

We use the information described above to:

• Operate and improve wellbuilt.systems and respond to inquiries.
• Deliver, support, and improve the operational intelligence systems we build for clients.
• Generate analyses, recommendations, and automated actions on behalf of clients within their dedicated systems.
• Detect and prevent abuse, fraud, and security incidents.
• Comply with legal obligations.

We do not use client operational data to train third-party AI models. We do not sell personal information. We do not use information collected on behalf of one client to provide services to a different client.

5. Google Ads API and other Google APIs

Some clients authorize Wellbuilt to access their Google Ads accounts on their behalf through a manager link to the Wellbuilt Systems Google Ads manager account. When this is in place, we may read campaign settings, performance metrics, search terms, and related advertising data using the Google Ads API. We use that data exclusively to monitor campaign performance, generate optimization recommendations, surface anomalies, and (where the client has authorized it) execute changes to those campaigns on the client's behalf.

Wellbuilt's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. We do not sell, rent, or share Google API data with third parties for advertising or any unrelated purpose. We do not use Google API data to train AI or machine learning models.

6. Sharing information

We share information only in the following limited circumstances:

• Service providers we rely on to operate. These currently include Anthropic (large language model API used inside deployed systems), Cloudflare (DNS, CDN, TLS), Hostinger (server hosting), Google (Workspace email, Analytics, Ads API where authorized by the client), Calendly (call scheduling), and Notion (internal documentation). Each of these has its own privacy commitments.
• The client whose data is being processed. For client engagements, the client always retains access to their own data.
• When required by law. We will disclose information if compelled by valid legal process or to protect our rights, your safety, or the safety of others.

We do not share, sell, or rent personal information to advertisers, data brokers, or unrelated third parties.

7. Data retention

We retain website analytics data for the default Google Analytics retention period. Server logs are retained for a limited operational window. Client operational data is retained for the duration of the client engagement and afterwards according to the client's instructions in their services agreement. When data is no longer needed, we delete or anonymize it.

8. Security

We host client systems on dedicated private infrastructure with role-restricted access, TLS in transit, and standard server hardening. Access to client systems is limited to people who need it to operate the engagement. No system is perfectly secure, and we cannot guarantee absolute security, but we apply commercially reasonable safeguards.

9. Your choices and rights

Depending on where you live, you may have rights to access, correct, delete, or export personal information we hold about you, and to object to or restrict certain processing. To exercise any of those rights, email [email protected]. We will respond within a reasonable time and ask only for the information needed to verify your identity and locate your records.

If you are a customer of one of our clients and want to exercise rights about data the client routes through a Wellbuilt system, please contact the client directly. We will assist them in responding.

10. Children

Wellbuilt's services are intended for businesses, not for children. We do not knowingly collect personal information from anyone under 16. If you believe a child has provided personal information to us, contact us and we will delete it.

11. International users

Wellbuilt is based in the United States. If you access our website from outside the United States, you understand that information will be processed in the United States, where data protection laws may differ from those of your country.

12. Changes to this policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top of this page reflects the most recent revision. Material changes will be highlighted on this page or communicated to clients through their normal channel.