Privacy Policy

This Privacy Policy explains how Alera Nexus (“Alera Nexus,” “we,” “us,” “our”) collects, uses, shares, and protects personal information when you visit our website, contact us, or use our services.

If you are a customer of one of our clients (for example, you receive a review request SMS, interact with a chatbot on their site, or reply to a missed-call text), see “When We Process Data For Our Clients (Processor Role)” below.

If you have questions, email us at the business email listed on our website.

Who We Are

• Alera Nexus (FBN), based in Santa Rosa, California, USA.

• We provide website design/build services and automation services (missed-call text-back, automated review requests, and lead-capturing/booking chatbots).

Scope

This Policy covers:

• Our public website and contact forms.

• Sales and support communications (email, SMS, chat).

• Service delivery for our direct clients.

It does not replace the privacy notices our clients owe their own customers. When we operate the automations for clients, we act as a service provider/processor to those clients.

Information We Collect

1) Information you provide directly

• Contact details (name, email, phone), company, project info, and messages sent via forms, email, or chat.

• Billing/contact info in order forms, proposals, or invoices.

• Content and brand assets you upload for your project.

2) Information collected automatically (website/communications)

• Basic analytics: device/browser, pages viewed, referral source, approximate location.

• Cookie or similar identifiers (see Cookies & Analytics).

• Email/SMS engagement signals (opens, clicks, replies).

3) Information from third parties

• Tools we use to run our business (e.g., Framer, HubSpot, Google, Zapier) may provide us operational data or analytics.

We do not knowingly collect information from children under 13 and our services are not directed to them.

How We Use Information

• To respond to inquiries, provide quotes, and deliver projects.

• To set up and operate automations you’ve purchased (e.g., SMS flows, chatbot, review requests).

• To send service notices, invoices, and account updates.

• To improve our website and services, and maintain security and fraud prevention.

• To comply with law or enforce agreements.

We do not sell personal information and we do not use it for cross-context behavioral advertising.

Cookies & Analytics

We use essential cookies for site operation and may use analytics tools (for example Framer analytics and/or Google Analytics) to understand aggregate usage. You can adjust browser settings to refuse non-essential cookies; some features may not function properly without them.

When We Process Data For Our Clients (Processor Role)

For client projects—especially Missed-Call → Text-Back, Review Surge, and Chatbot—we may process end-customer data on the client’s behalf.

• Role: The client is the data controller/business; Alera Nexus is the processor/service provider.

• Purpose: We only process data under the client’s instructions (e.g., send a review request after “job completed”).

• Consent: Clients are responsible for obtaining any required consents (e.g., SMS consent under TCPA/CTIA). Our flows include STOP/HELP handling by default.

• Use limits: We do not use client customer data for our own marketing.

• Sub-processors: To run automations we may use: Framer, Twilio (SMS), Botpress (chatbot), Google (e.g., sign-in/analytics/maps), HubSpot (CRM), Zapier/Make (integrations). We use these only to provide the services.

• DPA: A simple Data Processing Addendum is available upon request.

SMS Terms (applies where you provide a phone number)

By giving us (or our client, via a flow we run) your phone number, you consent to receive text messages related to the requested service. Message & data rates may apply. Message frequency varies. You can STOP at any time to opt out, or text HELP for help.

Legal Basis (if you are in the EEA/UK)

Where applicable, we process personal data based on: contract performance (providing services you requested), legitimate interests (site security, service improvement), consent (marketing or certain cookies), and legal obligations.

How We Share Information

We share information with service providers that help us run the business (listed above) under confidentiality and data-protection obligations. We may disclose information to comply with law, protect rights and safety, or in connection with a business transition.

We do not sell personal information.

Data Retention

We keep information as long as reasonably necessary for the purposes above and to meet legal/operational requirements. Typical guidelines:

• Sales inquiries and routine comms: up to 24 months after last activity.

• Project records/deliverables and invoices: contract term + 3–6 years (for tax and recordkeeping).

• SMS/chat logs used for service tuning: up to 24 months unless you ask us (or your client asks us) to delete sooner.

Clients can instruct deletions for their customer data per the DPA.

Security

We use reasonable technical and organizational safeguards (TLS encryption in transit, access controls, least-privilege accounts, MFA where supported). No method of transmission or storage is 100% secure; we cannot guarantee absolute security.

Your Choices & Rights

• Unsubscribe/Opt out: Follow links in emails or reply STOP to SMS.

• Access/Update/Delete: Email us to request a copy, correction, or deletion of your information. If your data was collected on behalf of one of our clients (e.g., you got a review request from them), please contact that business directly; we will support their response.

California (CPRA) Notice

If you are a California resident, you have the right to request access, deletion, correction, and to limit use of sensitive data. We do not sell or share your personal information as defined by CPRA. To exercise rights, email us with “California Privacy Request” and we will verify and respond as required.

International Transfers

Our services and providers may process data in the United States and other countries. Where required, we use appropriate safeguards for international transfers.

Third-Party Links

Our website may link to external sites we don’t operate. Their privacy practices are their own.

Changes to This Policy

We may update this Policy from time to time. The “Last updated” date will reflect the latest version. Material changes will be posted on this page.

Contact

Questions or requests about privacy? Email us at the business email published on our website.