Agency 310, a JCLG Holdings brand and Subsidiary Brands
 Effective Date: January 1, 2025 | Last Updated: December 15, 2024

1. Introduction

This Privacy Policy explains how Agency 310, a JCLG Holdings brand (“Company,” “we,” “us,” or “our”) collects, uses, discloses, and protects your personal information when you use our services. This policy applies to all GrowthAgents products and subsidiary brands, including:

• Agency 310 – Parent platform and AI marketing automation hub
• Vellura.ai – AI-powered content creation and automation
• WhiteShadow.ai – SEO intelligence and optimization services
• SmartLeads.ai – Lead intelligence and prospecting platform

By using any of our services, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Information You Provide

We collect information you voluntarily provide when creating an account, subscribing to our services, or communicating with us:

• Account Information: Name, email address, phone number, company name, job title
• Billing Information: Payment card details, billing address (processed securely via Stripe)
• Business Information: Industry, practice areas, target audience, service areas, website URL
• Content Preferences: Brand voice guidelines, content topics, compliance requirements
• Social Media Credentials: OAuth tokens for connected platforms (LinkedIn, Facebook, Google Business Profile)
• Communications: Support tickets, emails, chat messages, and feedback

2.2 Information Collected Automatically

When you use our services, we automatically collect:

• Usage Data: Features accessed, content generated, publishing history, API calls
• Device Information: Browser type, operating system, device identifiers
• Log Data: IP addresses, access times, pages viewed, referring URLs
• Cookies and Tracking: Session data, preferences, analytics (see Cookie Policy)

2.3 Information from Third Parties

We may receive information from:

• OAuth Providers: Profile information from LinkedIn, Facebook, Google when you connect accounts
• Analytics Partners: Aggregated usage and performance data
• Business Partners: Referral information, integration data

3. How We Use Your Information

We use collected information to:

• Provide Services: Generate content, publish to connected platforms, manage your account
• Personalize Experience: Customize content based on your industry, brand voice, and preferences
• Process Payments: Handle subscriptions, billing, and refunds via Stripe
• Improve Services: Analyze usage patterns, optimize performance, develop new features
• Communicate: Send service updates, support responses, and (with consent) marketing communications
• Ensure Compliance: Verify content meets professional standards, detect abuse, prevent fraud
• Legal Obligations: Comply with applicable laws, respond to legal requests

4. AI Content Generation and Data Use

4.1 How AI Uses Your Data

Our AI services (powered by Claude/Anthropic, OpenAI, and Perplexity) use your business information to:

• Generate industry-specific, compliant content tailored to your practice areas
• Apply your brand voice and style preferences to all generated content
• Research trending topics relevant to your target audience
• Create SEO-optimized titles, meta descriptions, and content structure

4.2 Data Retention by AI Providers

Our AI providers have the following data practices:

• Anthropic (Claude): Does not train on customer data; API inputs are not retained beyond processing
• OpenAI (DALL-E): Image prompts processed per OpenAI’s API data usage policy; we do not share client names
• Perplexity: Research queries do not include client-identifying information

We do not share your personal contact information, client lists, or confidential business data with AI providers.

5. Data Storage and Security

5.1 Where We Store Data

Your data is stored using industry-leading cloud infrastructure:

• Primary Database: Supabase PostgreSQL (hosted on AWS)
• File Storage: AWS S3 (US West region)
• Caching: AWS ElastiCache (Redis)
• CDN: AWS CloudFront for optimized delivery
• Secrets Management: AWS Secrets Manager for API keys and credentials

5.2 Security Measures

We implement comprehensive security measures:

• Encryption: TLS 1.3 for data in transit; AES-256 for data at rest
• Access Control: Role-based permissions, multi-factor authentication available
• OAuth Tokens: Social media credentials encrypted before storage
• Payment Security: PCI-DSS compliant payment processing via Stripe
• Monitoring: Automated security scanning, audit logging, intrusion detection

6. Data Sharing and Disclosure

We share your information only in these circumstances:

• Service Providers: Necessary third parties (AWS, Stripe, SendGrid) under data processing agreements
• Connected Platforms: When you authorize publishing to LinkedIn, Facebook, WordPress, etc.
• Legal Requirements: When required by law, court order, or regulatory authority
• Business Transfers: In connection with merger, acquisition, or sale of assets (with notice)
• With Your Consent: Any other sharing you explicitly authorize

We never sell your personal information to third parties for marketing purposes.

7. Your Privacy Rights

Depending on your jurisdiction, you may have the following rights:

• Access: Request a copy of personal data we hold about you
• Correction: Request correction of inaccurate or incomplete data
• Deletion: Request deletion of your personal data (“right to be forgotten”)
• Portability: Receive your data in a machine-readable format
• Objection: Object to processing based on legitimate interests
• Restriction: Request limited processing of your data
• Withdraw Consent: Revoke consent where processing is consent-based

To exercise these rights, contact us at privacy@get310.com. We will respond within 30 days.

7.1 California Privacy Rights (CCPA)

California residents have additional rights under the California Consumer Privacy Act:

• Right to know what personal information is collected, used, shared, or sold
• Right to delete personal information held by businesses
• Right to opt-out of sale of personal information (we do not sell data)
• Right to non-discrimination for exercising privacy rights

8. Data Retention

We retain your data for the following periods:

• Active Account Data: Retained while your account is active
• Generated Content: Retained for the duration of your subscription plus 90 days
• Billing Records: 7 years (legal/tax requirements)
• Analytics Data: Aggregated data retained indefinitely; individual data 24 months
• Support Communications: 3 years from resolution

Upon account deletion request, we remove personal data within 30 days, except where retention is legally required.

9. Children’s Privacy

Our services are not directed to individuals under 18 years of age. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child under 18, we will delete it promptly.

10. International Data Transfers

Your information may be transferred to and processed in the United States, where our servers are located. If you are located outside the United States, your information will be transferred to, stored, and processed in the United States under appropriate safeguards.

11. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes by email and/or prominent notice on our services at least 30 days before changes take effect. Continued use after changes constitutes acceptance.

12. Contact Us

For privacy-related inquiries, contact:

Agency 310, a JCLG Holdings brand

Email: help@get310.com

Address: 1309 Coffeen Ave., Suite 12143 Sheridan, WY 82801

For data protection complaints, you may also contact your local supervisory authority.