Legal · Privacy Policy

Privacy Policy

Effective date: 2026-05-22 · Operator: Dale Thomas, ActionableOps · Contact: dale@actionableops.com

The short version. We collect the answers you give us in the AI Activation Brief intake (five multiple-choice selections, plus your name and email). We use them to generate a one-page advisory note and deliver it by email, and we record the lead in our CRM so we can follow up if you want help. We never sell your data, we don't share it with marketers, and we never use it to train any AI model — ours or anyone else's.

What we collect

When you use the AI Activation Brief intake form at /ai-brief/, we collect the following:

Your selections from the five intake questions (tool stack, staff size, pain points, AI policy status, shadow AI status), plus an optional pre-form indication of whether you run a nonprofit or a small business. The five form questions are multiple choice.
Optionally, if you select "Other / Not listed" for the tools question, a short free-text note (≤200 characters) telling us what tools we missed. We store this for the sole purpose of expanding our tools list; we never share or sell it, we never use it to train any AI model, and we never include it in the generated brief, the email, or the archive page.
Your first name, last name, and email address, which you provide on the final step. We use your name to address the brief to you and on your CRM contact record; it is never sent to the language model or used to generate recommendations.
Standard request data that Cloudflare logs when serving the site, including your IP address and approximate user agent. We use this only for rate limiting and abuse prevention.
Aggregate analytics events (which form step you reached, whether you submitted) via Cloudflare Web Analytics. These are not joined to your identity.

We do not collect phone numbers, organization details (beyond the size bucket you select), payment information, or any other personal data. We do not use third-party advertising trackers or marketing pixels on this site.

How we use what we collect

Generate your brief. Your selections are sent to Ollama Cloud (running an open-weight large language model) to generate the advisory text. The brief text is then validated, formatted, and sent to your email address via GoHighLevel.
Deliver the brief. GoHighLevel handles transactional email delivery. They process your email address as a data processor on our behalf.
Record the lead. We create a contact in our GoHighLevel CRM containing your name, email, and the same five intake selections, tagged so we can follow up if you book a call.
Operate the site. Cloudflare hosts the site and runs the serverless function that does the work above. Logs are retained as outlined below.

Who processes your data

We use the following third-party processors:

Cloudflare — hosts the site, runs the serverless function, and stores brief archive records. Cloudflare's privacy policy.
Ollama Cloud — runs the open-weight large language model that generates the advisory text. Ollama Cloud's terms prohibit training on inputs received via the API. Ollama's privacy policy.
GoHighLevel — delivers the email containing your brief and stores the lead record for sales follow-up. GoHighLevel's privacy policy.

We do not authorize any of these processors to sell your data, share it with their own marketing partners, or use it to train any AI model.

How long we keep what we collect

Brief archive. The generated brief and its metadata are stored at /brief/<id> for 90 days, then automatically deleted. We do not store the full brief text in any operational log.
Email address in logs. Your email address is hashed (SHA-256) before any log retention beyond the immediate request. Plain-text emails appear only in the GoHighLevel delivery and contact records.
CRM record. Your contact in GoHighLevel persists until you ask us to delete it. Email dale@actionableops.com with the subject line "Delete my data" and we will remove the record within 7 days.
Rate-limit records. IP-bucketed rate-limit counters expire after one hour. Email-bucketed rate-limit counters expire after 24 hours.

Your rights

Regardless of where you live, you can:

Request a copy of any data we hold on you. Email dale@actionableops.com.
Request deletion of your CRM record and brief archive. We will confirm completion within 7 days.
Request correction of any data that is wrong.

If you are in the EU, UK, or California, you have specific rights under GDPR, UK GDPR, and CCPA respectively. You can exercise those rights by emailing the address above. We will not discriminate against you for exercising any of these rights.

Cookies and tracking

We use sessionStorage to remember your in-progress answers on the intake form so you can navigate back without losing them. This data lives only in your browser and is cleared when you close the tab. We do not use cookies for tracking and we do not run third-party advertising scripts.

Children

The site is intended for adults working in an organizational capacity. We do not knowingly collect data from anyone under 16.

Changes to this policy

If we materially change how we handle data, we will update the effective date at the top and, where we have your email, notify you. Minor wording fixes will be made silently.