Privacy Policy

1. Introduction

Annie Lipscomb Private Luxury Concierge ("Company," "we," "us," or "our") operates the website at this domain (the "Site"). This Privacy Policy describes how we collect, use, disclose, and protect personal information submitted through this Site. By accessing the Site or submitting an inquiry, you acknowledge that you have read and agree to this Policy.

This Policy applies solely to information collected through this Site. It does not apply to information collected offline, through separate written agreements, or via third-party platforms not operated by us.

2. Data We Collect

We may collect the following categories of personal information:

• —Identity Data: Full name as submitted in an inquiry form.
• —Contact Data: Email address and telephone number.
• —Inquiry Data: Responses to application questions, areas of interest, referral sources, and free-text messages you choose to submit.
• —Video Data: If you voluntarily record and submit a video introduction through our Site, we collect and temporarily store that audiovisual recording solely for the purpose of evaluating your membership application. Video submissions are not retained beyond 30 days unless an engagement commences.
• —Technical Data: IP address, browser type and version, operating system, referring URLs, pages viewed, and timestamps of access, collected automatically via server logs and standard web technologies.
• —Cookie & Tracking Data: See our Cookie Policy for full details. Essential cookies necessary for Site operation are always active. Non-essential cookies require your explicit consent.

3. How We Use Your Information

We use personal information for the following purposes and on the following legal bases:

• —Membership Evaluation: (Legitimate Interest / Consent) To assess whether an applicant is a suitable candidate for our concierge services.
• —Communications: (Legitimate Interest / Contract Performance) To respond to your inquiry and conduct initial consultations.
• —Legal Compliance: (Legal Obligation) To fulfill obligations under applicable law, including tax, anti-money laundering, and fraud-prevention requirements.
• —Security: (Legitimate Interest) To detect, investigate, and prevent fraudulent transactions or abuse of the Site.
• —Service Improvement: (Legitimate Interest) To analyze aggregate, anonymized usage patterns to improve the Site experience. We do not use personal data for this purpose without anonymization.

We do not use your personal information for automated decision-making or profiling that produces legal effects.

4. Disclosure of Your Information

We hold your data in strict confidence. We do not sell, rent, trade, or otherwise transfer personal information to third parties for their independent commercial purposes. We may share data only in the following limited circumstances:

• —Service Providers: Infrastructure and email delivery providers (including Vercel, Inc. for hosting and Resend for transactional email) process data on our behalf under binding confidentiality and data processing agreements consistent with applicable law.
• —Professional Advisors: Attorneys, accountants, and insurers where disclosure is strictly necessary to protect our legal rights or comply with applicable obligations, all of whom are bound by confidentiality obligations.
• —Legal Requirements: If required by court order, subpoena, law enforcement request, or other valid legal process, we will disclose only the minimum information required by law and will use commercially reasonable efforts to notify you prior to any such disclosure, unless prohibited by law.
• —Business Transfers: In the unlikely event of a merger, acquisition, or sale of all or substantially all assets, personal data may be transferred as part of that transaction. We will notify you via prominent Site notice and provide an opt-out opportunity prior to your data being subject to any materially different privacy policy.

5. Confidentiality and Non-Disclosure

Confidentiality is foundational to every client relationship. Upon commencement of a formal engagement, a mutual Non-Disclosure Agreement ("NDA") is executed between the Company and the client. Client identity, personal preferences, travel itineraries, and activities are treated as strictly confidential and are not disclosed to any third party without the client's express written consent, except as required by law.

Inquiry-stage data received prior to execution of an NDA is treated with the same degree of confidentiality as information received under a formal agreement. Submissions through our application form are reviewed solely by authorized personnel.

6. Data Retention

We retain personal data only as long as necessary for the purposes for which it was collected or as required by applicable law:

• —Inquiry Data: Retained for a maximum of 24 months from the date of submission if no engagement commences, then securely deleted.
• —Video Introductions: Deleted within 30 days of receipt unless an engagement commences, in which case retention is governed by the executed NDA and engagement agreement.
• —Client Engagement Records: Retained for the period required by applicable law (generally 7 years for financial and contractual records) following conclusion of the engagement.
• —Technical Logs: Retained for up to 12 months for security and fraud-prevention purposes, then deleted or anonymized.

7. Your Rights

Depending on your jurisdiction, you may have the following rights with respect to your personal data:

• —Access: Request confirmation of whether we process your personal data and obtain a copy.
• —Correction: Request correction of inaccurate or incomplete personal data.
• —Deletion: Request deletion of your personal data, subject to our legal obligations to retain certain records.
• —Restriction: Request that we restrict processing of your data while accuracy or lawfulness is disputed.
• —Portability: Receive your data in a structured, machine-readable format where processing is based on consent or contract performance.
• —Objection: Object to processing based on legitimate interests, including direct marketing.
• —California Residents (CCPA/CPRA): In addition to the rights above, California residents have the right to know the categories of personal information collected and disclosed, the right to opt out of the sale or sharing of personal information (we do not sell or share personal information), and the right to non-discrimination for exercising privacy rights.

To exercise any of these rights, please contact us using the information in Section 10. We will respond within the timeframe required by applicable law (generally 30–45 days). We may require verification of your identity before processing your request.

8. Security

We implement industry-standard technical and organizational measures to protect personal data against unauthorized access, disclosure, alteration, or destruction. These include encrypted data transmission (TLS/SSL), access controls restricted to authorized personnel, and secure hosting infrastructure. However, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security and disclaim liability for breaches that result from circumstances beyond our reasonable control.

9. Children's Privacy

This Site is not directed at individuals under the age of 18. We do not knowingly collect personal information from minors. If we become aware that we have collected personal data from a person under 18 without verifiable parental consent, we will take steps to delete such information promptly. If you believe we may have inadvertently collected data from a minor, please contact us immediately.

10. Contact and Data Requests

For privacy-related inquiries, requests to exercise your rights, or concerns about this Policy, please contact us through the application form on this Site, noting "Privacy Request" in your message. We take all privacy inquiries seriously and will respond promptly.

11. Changes to This Policy

We reserve the right to update this Privacy Policy at any time. Material changes will be indicated by a revised "Last Updated" date at the top of this page. Your continued use of the Site following any update constitutes acceptance of the revised Policy. We encourage you to review this Policy periodically.

12. Governing Law

This Privacy Policy is governed by and construed in accordance with the laws of the State of California, United States, without regard to conflict-of-law principles. For data subjects located in the European Economic Area, the United Kingdom, or other jurisdictions with applicable data protection laws, we comply with those laws to the extent they apply.