A V
Get a website Try VertaFlow
Legal

Privacy Policy

Effective 2026-05-28 · Version 1.0

Who we are

ANTHONY × VertaFlow is the umbrella brand for a sole proprietorship operated by Anthony Jones in Rome, NY, USA. The umbrella spans two operating brands:

  • Designed by Anthony (designedbyanthony.com) — custom websites, local SEO, and managed hosting for service businesses.
  • VertaFlow (vertaflow.io) — the CRM half: lead capture, review automation, client portal, contract signing, payments.

For privacy questions across either brand, email anthony@designedbyanthony.com. We respond personally within one business day.

Geographic scope

We serve clients in the United States and Canada. Visitors from the European Union, United Kingdom, European Economic Area, and Switzerland are blocked before they reach our site, so we never collect any data from them. If you reached this page despite that, please let us know — something is set up wrong.

What this policy covers

This policy describes what personal information we collect when you:

  • Visit designedbyanthony.online, designedbyanthony.com, or vertaflow.io
  • Submit a contact, site checkup, or vault form
  • Sign a contract through our e-signing flow
  • Run a Google speed score on the free site checkup tool
  • Become a VertaFlow customer (free or paid)
  • Receive an email from us

It does not cover sites we link out to. It does not cover what your own browser or operating system sends to others — that's between you and your software vendor.

What we collect, why, and how long we keep it

  • Contact submissions (name, email, phone, message) — to respond and track follow-up. Retained 24 months.
  • Free site checkup requests (URL checked, email, business name, place ID) — to make the speed report and email the PDF. Kept 90 days, then deleted for good.
  • Contract / signing data (legal name, email, business name, signature image, IP, user-agent, timestamps, geo country/region) — to comply with ESIGN Act audit-trail requirements. Retained 7 years (NY statute of limitations + 1-year buffer).
  • Payment metadata (Stripe customer ID, subscription ID, plan, last 4 of card from Stripe) — to process payments and reconcile webhooks. Retained 7 years (matches tax retention).
  • VertaFlow account profile (account email, plan, lead records you import) — to authenticate you and run the workspace. Retained until account deletion + 30-day grace.
  • Page views (URL, referrer, country, IP hash — never raw IP — timestamp) — aggregate dashboard metrics. Raw rows purged after 30 days; daily aggregates kept.

These time limits are enforced by automatic cleanup jobs that run on a schedule — not just a promise on paper.

We do not collect:

  • Government identifiers (SSN, driver's license, passport)
  • Health, biometric, or genetic data
  • Children's data — our services are not directed at users under 18
  • Precise geolocation beyond country/region (derived from IP, never GPS)

Where data is stored

All data is stored in US data centers operated by:

  • Cloudflare — Workers compute, KV cache, R2 file storage, Workers Access (admin auth), Turnstile (anti-spam)
  • Neon — Postgres database (primary)
  • Sentry — error stack traces; PII scrubbed before transmission
  • Resend — transactional email delivery
  • Stripe — payment records
  • VertaFlow — our own privacy-friendly, cookieless analytics (first-party; no third-party trackers like PostHog or Google Analytics)
  • Anthropic — the page address and page content are sent to Claude to write AI tips. Anthropic does not use what we send to train its AI.

If you require a Data Processing Agreement (DPA) for a B2B engagement, email anthony@designedbyanthony.com.

How we use it

We use the data above to:

  • Deliver the service you asked for (the site checkup, the PDF, the call back, the CRM workspace)
  • Operate the business (invoice, send receipts, debug errors)
  • Improve the site (anonymized analytics — declinable via the cookie banner)
  • Comply with legal obligations (tax records, ESIGN audit trails)

We do not:

  • Sell your data
  • Share your data with brokers
  • Run programmatic advertising profiles on you
  • Use your data to train AI models we deploy elsewhere

Your rights

Everyone, always:

  • Request a copy of what we hold about you
  • Request correction of inaccurate data
  • Request deletion (subject to legal retention windows above — we cannot delete a signed contract before its 7-year window expires)

California residents (voluntary CCPA/CPRA compliance): we are below the CCPA revenue and visitor thresholds, but we voluntarily honor the same rights — right to know, delete, correct, and opt-out of any sale of personal information (we don't sell any).

To exercise any right, email anthony@designedbyanthony.com. We respond within 30 days. Identity verification may be required for deletion requests.

Security

  • All data in transit uses HTTPS / TLS 1.3
  • Only our own server can reach the database — it is never open to the public
  • Admin access is gated by Cloudflare Access (verified email + one-time PIN)
  • Secrets are managed in Cloudflare Secrets Store; no secret values are ever committed to source control
  • Errors reported to Sentry are scrubbed of PII before transmission

No system is 100% secure. If we discover a breach affecting your personal data, we notify affected users by email as soon as practicable and no later than 72 hours after discovery.

Children

Our services are not directed at children under 18. We do not knowingly collect personal data from children. If you believe a child has provided data, email us and we will delete it.

Changes to this policy

Material changes are announced via the cookie banner on next visit and an email to active customers if the change affects them. The effective date and version at the top of this page are the source of truth.

Contact

anthony@designedbyanthony.com
ANTHONY × VertaFlow · Rome, NY · USA

Tools I'm building

Get notified when the next free tool drops. ~1 email/month.