FALM Logo
First and LastMarketing
Data Protection Protocol

Privacy Policy

Your data is a liability, not an asset to be traded. We treat your information with the same architectural rigor we apply to our own code.

Last Updated: January 2025

1. Introduction

First and Last Marketing ("we," "our," or "us") provides this policy to explain how we handle your data. Unlike traditional agencies, we operate as a software engineering firm. We prioritize data minimization, collecting only what is strictly necessary to secure your project or optimize platform performance.

2. Information We Collect

A. Voluntary Information

When you interact with our digital infrastructure (e.g., Request a Quote, Audit, or Gated Resource), you voluntarily provide: name, email address, phone number, and project specifications. This data is stored encrypted at rest.

B. Automated Telemetry

We use privacy-focused analytics (Google Analytics 4 via Server-Side Verification) to measure platform performance. We employ Cloudflare Turnstile to distinguish human users from bots without tracking your history across the web.

3. Security Architecture

We treat security as an engineering problem, not a compliance checkbox. We do not use vulnerable CMS platforms like WordPress.

Defense-in-Depth ProtocolAll data is encrypted in transit (TLS 1.3). Our API endpoints are protected by Edge-based Rate Limiting and AI-driven Bot Detection. Database access is restricted via Row Level Security (RLS) policies.

4. Usage of Information

We process your data for three legitimate business purposes:

  • Service Delivery: To generate accurate project quotes and deliver digital audits.
  • Communication: To send the technical resources (PDFs, Blueprints) you explicitly requested.
  • Optimization: To analyze traffic patterns and improve load times (LCP) and UX.

5. Infrastructure Partners

We do not sell data. We share data only with the specific infrastructure providers required to operate this application.

Supabase (Database)
Secure, encrypted storage of form submissions.
SMTP2GO (Transport)
Reliable delivery of transactional emails.
Cloudflare (Security)
DDoS protection and bot verification.
Google (Analytics)
Aggregated measurement (IP Anonymized).

6. Your Rights (CCPA/CPRA)

Residents of California and other jurisdictions have specific rights regarding their personal information.

  • Right to Know: You may request details on what data we hold about you.
  • Right to Delete: You may request complete erasure of your data.
  • Right to Opt-Out: You may opt-out of analytics tracking via the "Do Not Sell My Info" link in our footer.
  • Non-Discrimination: We will not deny services for exercising these rights.

7. Contact & Erasure Requests

To request a data export or deletion, please contact our privacy team directly.

Contact Privacy Team