Privacy policy.

How GHL Projects collects, uses, protects, and shares information about agency partners, prospective clients, and visitors to ghlprojects.com.

01 Who we are

GHL Projects ("we," "us," "our") is a white-label agency partner providing GoHighLevel (GHL) build services — websites, funnels, automations, AI agents, integrations, and snapshots — to digital marketing agencies and resellers worldwide.

This privacy policy applies to ghlprojects.com and any related services, communications, or interactions with GHL Projects. By using our website or services, you agree to the practices described below.

For the purposes of GDPR, GHL Projects acts as a data controller for information we collect about agency partners and website visitors, and as a data processor for information we handle inside client GHL sub-accounts on behalf of our agency partners.

02 Information we collect

Information you provide to us

● Contact information — name, business name, email address, phone number, country, and any other details you submit through our consultation booking form, contact form, or onboarding intake.

Project information — brand assets, copy, brand guidelines, target audience descriptions, and any reference materials you share with us during a project.

Account access credentials — limited GHL sub-account access, third-party integration credentials, or API keys that you grant us specifically to complete a project.

Payment information — handled exclusively through our payment processor (Stripe). We do not store full card numbers, CVVs, or bank account numbers on our servers.

● Communications — content of emails, Slack messages, Loom recordings, Miro board comments, and consultation call notes related to your projects.

Information we collect automatically

● Usage data — pages visited, time spent on pages, referral source, browser type, device type, and screen size.

● IP address and approximate location — derived from your IP for analytics and security purposes (city/country level only).

● Cookies and similar technologies — see Section 8 for details.

Information from third parties

  • Referrals from other agency partners (with their consent).

  • Information from social media platforms if you interact with us there (e.g., LinkedIn, Twitter).

  • Publicly available information from your business website, GHL marketplace listings, or LinkedIn profile during prospecting or due diligence.

03 How we use your information

We use the information described above to:

  • Deliver the services you've engaged us for (build websites, automations, snapshots, etc.).

  • Communicate with you about your projects via Slack, email, and scheduled calls.

  • Process payments and issue invoices.

  • Send transactional emails (project updates, scope confirmations, handover documents).

  • Respond to inquiries from our consultation booking form.

  • Improve our services, build process, and website performance.

  • Send occasional service updates or relevant offers — only to existing partners and only if you haven't opted out.

  • Comply with legal obligations, enforce our agreements, and protect against fraud.

What we don't do: we don't sell your personal information, we don't share it with advertisers, and we don't use it to train AI models on your behalf or ours.

04 Legal basis for processing (GDPR)

If you're located in the European Economic Area (EEA), United Kingdom, or Switzerland, we process your personal data under the following legal bases:

● Performance of a contract — processing necessary to deliver the services you've engaged us for.

● Legitimate interests — improving our service quality, securing our website, and pursuing reasonable business operations, balanced against your rights and freedoms.

● Consent — for non-essential cookies, marketing communications, and any other processing where we explicitly ask permission. You can withdraw consent at any time.

● Legal obligation — when required by tax law, financial regulation, or court order.

05 How we share information

We share information only in the following limited circumstances:

● With your authorized agents — team members you've added to a project Slack channel or who have access to the relevant GHL sub-account.

● With service providers and subprocessors who help us operate the business (see Section 7). These parties are bound by confidentiality obligations and may only use the data to provide their service.

● For legal compliance — when required by subpoena, court order, or legal process, or to protect our rights, property, or safety.

● In a business transfer — if GHL Projects is acquired, merged, or undergoes a change of control, your information may be transferred as part of that transaction. You will be notified before this happens.

We do not sell, rent, or trade your personal information to third parties.

06 Your clients' data (when we act as a processor)

When we work inside a GHL sub-account that contains your end clients' data — leads, contacts, conversations, automation records — we act as a data processor on your behalf. You remain the data controller of that information.

  • We access only what's necessary to complete the agreed scope of work.

  • We never export, copy, or store your end clients' data outside the GHL sub-account.

  • We never contact your end clients directly under any circumstances.

  • We sign a Data Processing Addendum (DPA) on request for partners with GDPR or HIPAA obligations.

  • Access is revoked immediately upon project handover.

If your business handles regulated data (healthcare, financial services, or EEA personal data), please request our DPA before kickoff at [email protected].

07 Third-party services we use

We use the following third-party processors to operate our business. Each is bound by their own privacy and security obligations:

  • GoHighLevel — primary build platform for client projects.

  • Stripe — payment processing.

  • Slack — project communication channels.

  • Miro — visual scope and wireframing.

  • Loom — project walkthroughs and handover documentation.

  • Google Workspace — email, document storage, and calendars.

  • Google Analytics — anonymized website usage analytics.

  • Calendly or GHL Calendars — consultation call booking.

If a project requires additional integrations or services, we'll disclose those at scoping and document them in the project agreement.

08 Cookies and tracking technologies

We use a small number of cookies and similar technologies on ghlprojects.com:

● Essential cookies — required for the site to function (e.g., session management, security). These cannot be disabled.

● Analytics cookies — Google Analytics (or equivalent privacy-friendly analytics) to understand which pages perform well. IP addresses are anonymized.

● Functional cookies — remember your preferences (e.g., theme, dismissed banners).

We do not use advertising cookies, retargeting pixels, or third-party social media trackers without your explicit consent. You can control cookie behavior in your browser settings or via any cookie consent banner displayed on the site.

09 Data retention

We retain personal information only as long as necessary for the purposes described in this policy:

● Active project data — retained for the duration of the engagement plus 12 months for warranty, reference, and case study purposes.

● Communication records (Slack, email, Loom) — retained for 24 months from the last interaction.

● Financial and tax records — retained for 7 years to comply with tax and accounting laws.

Marketing data — retained until you unsubscribe or request deletion.

Website analytics — anonymized after 14 months.

● Marketing data — retained until you unsubscribe or request deletion.

● Website analytics — anonymized after 14 months.

You can request earlier deletion of your data at any time (see Section 11), subject to legal retention requirements.

10 Data security

We implement reasonable technical and organizational measures to protect your information:

  • Encrypted transmission (HTTPS/TLS) for all data in transit.

  • Access controls — only team members assigned to your project can access your data.

  • Two-factor authentication required on all internal tools.

  • Credential vault for storing client access (no shared passwords in plaintext).

  • Regular access audits and prompt revocation when team members leave or projects close.

  • Mutual NDAs available on request before any project kickoff.

No system is 100% secure. If we become aware of a breach affecting your personal data, we will notify you and the appropriate authorities within 72 hours where required by law.

11 Your rights

Under GDPR (EEA, UK, Switzerland)

  • Access — request a copy of the personal data we hold about you.

  • Rectification — ask us to correct inaccurate or incomplete data.

  • Erasure — request deletion of your data ("right to be forgotten").

  • Restriction — limit how we process your data.

  • Portability — receive your data in a structured, machine-readable format.

  • Objection — object to processing based on legitimate interests.

  • Withdraw consent — at any time, where processing is based on consent.

  • Lodge a complaint — with your local data protection authority.

Under CCPA / CPRA (California residents)

  • Right to know — what categories of personal information we collect, sources, purposes, and recipients.

  • Right to delete — request deletion of your personal information.

  • Right to correct — inaccurate personal information.

  • Right to opt out — of any sale or sharing of personal information (note: we do not sell personal information).

  • Right to non-discrimination — we will not deny services or charge different prices for exercising your rights.

To exercise any of these rights, email us at [email protected]. We will respond within 30 days (or sooner where required by law). We may need to verify your identity before processing certain requests.

12 International data transfers

We operate globally and may transfer or store personal information in countries outside your country of residence, including in jurisdictions that may have different data protection laws.

For transfers from the EEA, UK, or Switzerland to countries that don't have an adequacy decision, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission, or other appropriate safeguards.

You can request a copy of the safeguards in place for any international transfer by emailing [email protected].

13 Children's privacy

GHL Projects is a B2B service intended for use by businesses and adults aged 18 or older. We do not knowingly collect personal information from anyone under the age of 16. If you believe a minor has provided personal information to us, please contact us at [email protected] and we will delete it promptly.

14 Changes to this policy

We may update this privacy policy periodically to reflect changes in our practices, services, or applicable laws. When we make material changes, we will:

  • Update the "Last updated" date at the top of this page.

  • Notify active partners by email at least 14 days before changes take effect.

  • Post a notice on our website for changes that significantly affect your rights.

Continued use of our services after changes take effect constitutes acceptance of the updated policy.

15 Contact us

For any questions, concerns, or requests related to this privacy policy or your personal data, reach out to us:

Privacy inquiries

We respond to all privacy-related inquiries within 5 business days, and to formal data subject requests within 30 days as required by law.

© 2026 GHL Projects • ghlprojects.com

© 2027 GHL Projects • ghlprojects.com