Privacy Policy

Effective date: April 15, 2026 · Last updated: April 15, 2026

Support Savvy Consulting (“Support Savvy,” “we,” “us,” or “our”) respects your privacy. This Privacy Policy explains what information we collect when you visit support-savvy.com (the “Site”) or use our services, how we use it, and the rights you have over it.

This policy describes our practices. For any processing that requires your consent (such as non-essential cookies or marketing emails), we rely on the consent you provide through our cookie banner or opt-in forms, not on your continued use of the Site.

1. Who We Are

Support Savvy Consulting is a Massachusetts sole proprietorship owned and operated by John Biske, who acts as the data controller for information collected through the Site. We maintain a Written Information Security Program (WISP) in accordance with 201 CMR 17.00 covering personal information of Massachusetts residents. No Data Protection Officer is required under GDPR Art. 37, but you may direct any data-protection inquiry to John Biske at the address below.

Support Savvy Consulting
5 Durham Street
Boston, Massachusetts 02115
United States
john.biske@support-savvy.com

2. Information We Collect

Information you provide

  • Contact form submissions. When you fill out our contact form, we collect your name, email address, and the content of your message.
  • Scheduling. When you book an intro call through our scheduling tool (Google Calendar appointments), you provide your name, email address, and any details you add to the meeting description. Google processes this information under its own privacy policy.
  • Chat interactions. If you interact with demonstration chat features on the Site, the content of your messages is sent to our AI provider (Anthropic) to generate a response.
  • Engagement information. If you become a client, we collect the information you share with us during coaching, workshops, or custom development engagements. If an engagement requires us to handle sensitive personal information (as defined by CPRA § 1798.140(ae)) or EU GDPR Art. 9 special categories, we process it only on your instructions under a written engagement agreement.

Information collected automatically

  • Log and device data. Our hosting provider automatically receives standard web-server information when you visit the Site, including your IP address, browser type, pages visited, and timestamps.
  • Advertising cookies. With your consent, we use Google Ads (gtag.js, ID AW-17915965055) to measure the performance of ad campaigns and, where permitted, to support retargeting. These tools may set cookies on your device. See Section 11 for details on how to grant, withdraw, or change your consent.

CCPA categories collected in the last 12 months

For California residents, the categories of personal information we have collected in the preceding 12 months are:

  • (A) Identifiers — name, email, IP address.
  • (B) Customer records (Cal. Civ. Code § 1798.80(e)) — name, email, contact details.
  • (C) Internet or network activity — browser type, pages visited, timestamps, ad-interaction data.
  • (D) Geolocation — approximate, IP-derived only.
  • (F) Commercial information — services purchased.

We do not collect Categories E (financial account numbers — payments handled by third-party processors), G (audio/biometric), H (professional/employment beyond what you voluntarily share), I (education), or K (inferences used for profiling). Sources: directly from you, automatically from your device, and from our service providers. Disclosed for a business purpose to: Vercel, Google, Anthropic (see Section 5). Sold: none. Shared for cross-context behavioral advertising: Identifiers and Internet activity with Google Ads (see Section 9).

We do not knowingly collect information from children under 13 (or under 16 in the EU/UK). We do not knowingly sell or share the personal information of consumers under 16 years of age. If you believe a child has provided us with personal information, please contact us and we will delete it.

3. How We Use Your Information

  • To respond to inquiries and schedule intro calls.
  • To deliver coaching, workshops, and custom development services.
  • To send transactional and service-related emails.
  • To operate, secure, and improve the Site.
  • To measure marketing performance and, where permitted, to show relevant ads.
  • To comply with legal obligations and enforce our agreements.

We do not sell your personal information. We do not use your information to train our own AI models, and our AI provider (Anthropic) does not train its models on Claude API inputs or outputs by default under its Commercial Terms. Other service providers process your information only per their own terms, linked in Section 5.

Automated decision-making. We do not engage in automated decision-making, including profiling, that produces legal or similarly significant effects about you under GDPR Art. 22.

4. Legal Bases (EU/UK Visitors)

If you are in the European Economic Area or the United Kingdom, we rely on the following legal bases under the GDPR:

  • Consent — for non-essential cookies and marketing communications.
  • Contract — to respond to your inquiry and deliver services you have requested.
  • Legitimate interests — to secure the Site, prevent abuse, and improve our services.
  • Legal obligation — to comply with applicable law.

5. Service Providers

We share information with trusted vendors who help us operate the Site and deliver services. Each processes data only as needed for the services they provide:

  • Vercel — website hosting and deployment.
  • Google (Workspace, Gmail SMTP, Calendar, Ads) — email delivery from the contact form, appointment scheduling, and advertising measurement.
  • Anthropic — AI model provider powering chat demonstrations on the Site.

We may also disclose information if required by law, to protect our rights, or in connection with a business transfer.

In the preceding 12 months, we have disclosed the categories listed in Section 2 to the service providers listed above and have shared Identifiers and Internet activity with Google Ads for cross-context behavioral advertising.

6. International Transfers

We are based in the United States and our service providers may process your information in the United States and other countries. Where required, we rely on appropriate safeguards to protect personal information transferred outside the EEA or UK, including:

  • EU Standard Contractual Clauses for transfers from the EEA.
  • The UK International Data Transfer Addendum to the EU SCCs for transfers from the UK.
  • Swiss FDPIC-recognized SCCs for transfers from Switzerland.

You may request a copy of the relevant safeguards by emailing us.

7. Data Retention

  • Contact-form messages: up to 24 months after last contact.
  • Scheduling records: 24 months after the meeting.
  • Client engagement records, invoices, and tax records: 7 years (IRS and Massachusetts Department of Revenue requirements).
  • Chat demo transcripts: not retained by us beyond the session; Anthropic retains API logs for up to 30 days per its Commercial Terms.
  • Server and access logs: 90 days.
  • Advertising cookies: per the lifetimes disclosed by Google Ads (maximum 13 months).

You can request earlier deletion at any time, subject to our legal and record-keeping obligations.

8. Your Rights (EU/UK)

If you are in the EEA or UK, you have the right to access, correct, delete, restrict, or object to our processing of your personal information, and the right to data portability. Where we rely on consent, you may withdraw it at any time. You may also lodge a complaint with your local supervisory authority.

9. Your Rights (California and Other U.S. States)

If you are a California resident, the California Consumer Privacy Act (CCPA), as amended by the CPRA, gives you the right to:

  • Know what personal information we collect, use, and disclose about you.
  • Request deletion of your personal information.
  • Correct inaccurate personal information.
  • Opt out of the “sale” or “sharing” of personal information for cross-context behavioral advertising.
  • Limit the use of sensitive personal information (we do not use it for inferences).
  • Be free from discrimination for exercising your privacy rights.

We do not sell personal information for money. We do use advertising cookies (Google Ads) that may qualify as “sharing” under the CCPA. To opt out, use the “Reject non-essential” option in our cookie banner, enable the Global Privacy Control (GPC) signal in your browser, or email us at john.biske@support-savvy.com. We honor GPC as a valid opt-out of sharing for residents of California, Colorado, Connecticut, and other states that recognize it.

Financial incentives. We do not offer financial incentives or price/service differences in exchange for personal information.

10. How to Exercise Your Rights

Email us at john.biske@support-savvy.com with your request. We will verify requests using the email on file and may request additional information to confirm your identity. You may designate an authorized agent to submit requests on your behalf with written authorization. We will respond within the timeframes required by applicable law (generally 45 days under the CCPA and one month under the GDPR). If we deny a request, you may appeal by replying to our denial; we will respond within 45 days.

11. Cookies, Tracking, and Do Not Track

We use two kinds of cookies:

  • Strictly necessary cookies for site functionality (no consent required under ePrivacy / GDPR).
  • Google Ads advertising cookies (AW-17915965055) that load only after you grant consent via our cookie banner. We do not currently use analytics cookies.

You can change or withdraw consent at any time via the “Cookie Preferences” link in the site footer, or by clearing cookies in your browser. We honor browser-level Global Privacy Control (GPC) signals as an opt-out of advertising cookies.

Do Not Track. Because no common industry standard for Do Not Track (DNT) signals exists, we do not respond to DNT headers; we do honor GPC as described above.

12. Security and Breach Notification

We use reasonable administrative, technical, and physical safeguards to protect personal information, consistent with our Written Information Security Program under 201 CMR 17.00. No system is perfectly secure, and we cannot guarantee the security of information transmitted over the internet.

In the event of a security incident affecting Massachusetts residents’ personal information, we will notify affected individuals, the Massachusetts Attorney General, and the Office of Consumer Affairs and Business Regulation as required by M.G.L. c. 93H, and will provide comparable notifications required by other applicable state or national laws.

13. Third-Party Links

The Site may link to third-party websites. We are not responsible for the privacy practices of those sites, and we encourage you to review their policies.

14. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will revise the “Effective date” and “Last updated” fields above. Material changes will be highlighted on the Site.

15. Contact Us

Questions about this policy or your information? Email john.biske@support-savvy.com or write to the mailing address above.