Corebizy

Privacy Policy

Last updated: 2026-04-23

This Privacy Policy explains how Corebizy collects, uses, stores, and protects the information you share with us. We aim to keep this plain-spoken. If anything is unclear, email us at [email protected].

Note: This policy has been drafted by Corebizy’s research-level legal team, not by a licensed attorney. We recommend consulting a qualified attorney if you have specific legal questions about your rights. We intend to refine this policy with outside counsel before the service becomes generally available.

1. Who We Are

Corebizy is a product of LaFollett Labs LLC, a Florida limited liability company. References to “Corebizy,” “we,” “us,” or “our” in this policy mean LaFollett Labs LLC operating the Corebizy product and the website at corebizy.ai.

2. What We Collect

We collect information in the following categories:

2a. Information You Provide Directly

  • Contact information — your name, email address, phone number (optional), company name, and any message or business details you choose to include when submitting our contact form or reaching out to us.
  • Email correspondence — if you email us, we keep that correspondence so we can respond and follow up.

2b. Information We Collect Automatically

  • Site usage data — we use Cloudflare Web Analytics, which measures visits in aggregate without using cookies and without tracking you across other websites. No personal identifiers are collected through analytics.

2c. Information Generated Through the Service

When you interact with Corebizy’s services, our systems generate and store additional data tied to your inquiry. This includes:

  • Lead submission records — when you submit a contact form, we store a record of the submission including the form contents, the source URL, a timestamp, and an event identifier. Your name and email address are stored as cryptographic hashes (one-way transformations that cannot be reversed to recover the original values) in certain internal records, while the original values are retained only in the submission payload where needed to respond to you.
  • AI interaction records — when our AI processes your submission (for example, to draft an acknowledgment email), we store a record of that processing. This includes which AI model was used, the number of tokens processed, the processing time, and records of the prompts and responses. AI interaction records are linked to the submission that triggered them.
  • Outbound message records — when we send you an email, SMS, or other communication, we store a record of that message. This includes the communication channel used (email, SMS), the delivery provider, a hash of the recipient address, the message subject and body, delivery status, and timestamps. Outbound message records may be linked to the submission and AI interaction that generated them.

We do not knowingly collect information from children under 13.

3. How We Use Your Information

We use the information we collect to:

  • Respond to your inquiry and any follow-up questions.
  • Generate AI-assisted responses to your contact form submissions.
  • Send you communications about your inquiry, your account, or the Corebizy service.
  • Onboard you if you decide to use the service.
  • Maintain operational records for service delivery, debugging, audit, and compliance purposes.
  • Improve our service based on aggregated, non-identifying usage patterns.

We do not sell your personal information. We do not share it with third parties for their own marketing purposes.

We may share information with service providers who help us operate the business (for example, email delivery via Amazon SES, hosting via AWS, and analytics via Cloudflare). Those providers are bound by their own confidentiality and data handling obligations. We may also disclose information if required by law or to protect our legal rights.

3a. AI-Assisted Processing of Contact Form Submissions

When you submit our contact form, the information you provide — including your name, the nature of your business, and the message you write — may be processed by an AI to generate an automated acknowledgment email sent to you. The AI reads your message and drafts a brief, personalized acknowledgment in the language you wrote in. The acknowledgment email you receive will include a clear notice that it was drafted by an AI.

What we send to the AI: your name, business type, and the full text of your message. We do not separately send your email address, phone number, or IP address — but anything you include in the message field itself will be sent as part of that message. Avoid including sensitive personal information (such as a Social Security number or financial account details) in your message text.

What we store about AI processing: we store a record of each AI interaction, including which AI model was used, the number of tokens processed, the processing time, whether any content safety guardrails were triggered, and records of the prompts and responses exchanged with the AI. These records are linked to your original submission and are stored in the same secure, access-controlled environment as other service data.

Data retention by AI providers: the third-party AI providers we use (currently Amazon Bedrock) do not use your message content to train their AI models under their commercial terms. Message content is not retained by those providers beyond the duration of the API call.

If you prefer not to have your submission processed this way, contact us directly at [email protected] instead of using the contact form, and a team member will respond personally.

4. SMS and Phone Numbers

If you provide a phone number, we may send you SMS messages related to your inquiry or account. For example, we may text you to confirm receipt of a form submission, share onboarding information, or follow up on a conversation you started with us.

  • We do not share phone numbers with third parties for marketing purposes.
  • Message frequency varies depending on your conversation with us.
  • Message and data rates may apply from your mobile carrier.
  • Reply STOP to any message to unsubscribe from further SMS messages.
  • Reply HELP for assistance, or email us at [email protected].

Opting out of SMS does not affect your ability to email us or use any non-SMS part of the service.

5. Cookies and Tracking

Our site uses Cloudflare Web Analytics, which is privacy-respecting and does not set cookies or fingerprint visitors. We do not use third-party advertising trackers, retargeting pixels, or cross-site tracking tools.

If we add any new tracking technology in the future, we will update this policy and note the change at the top.

6. How We Store and Protect Information

We take the security of your information seriously. Here is how we protect the data described in this policy:

  • Encryption in transit: all data transmitted to and from our services is encrypted using TLS (HTTPS).
  • Encryption at rest: data stored in our databases is encrypted at rest using AES-256 encryption provided by Amazon Aurora (AWS).
  • Access controls: your data is isolated by tenant using database-level row-level security (RLS). Each client’s data is logically separated so that one client cannot access another’s records. Internal access is limited to authorized personnel and is logged.
  • Hashing of identifiers: where possible, personally identifiable fields (such as email addresses and names) are stored as irreversible cryptographic hashes in internal records, reducing the risk of exposure in the event of a breach.
  • Infrastructure: our services run on Amazon Web Services (AWS) infrastructure, which maintains SOC 2, ISO 27001, and other industry certifications.

No online service is perfectly secure, and we cannot guarantee absolute security. But we apply reasonable administrative and technical safeguards and treat your information with care.

7. Data Retention

We retain your data only as long as reasonably necessary for the purposes described in this policy or as required by law. Specifically:

  • Contact form submissions and related records (including AI interaction records and outbound message records) are retained for the duration of your business relationship with us and for a reasonable period afterward to support operational, audit, and legal needs.
  • Email correspondence is retained as long as reasonably necessary for follow-up and record-keeping.
  • Site analytics data is aggregated and does not contain personally identifiable information.

We do not currently enforce automated deletion schedules on durable capture records. If you request deletion of your data (see “Your Rights” below), we will delete or anonymize your personal information within 30 days, except where retention is required by law.

8. Your Rights

You can ask us to:

  • Access: tell you what personal information we have about you.
  • Correction: correct information that is inaccurate.
  • Deletion: delete personal information we hold about you, subject to any legal or operational record-keeping requirements.
  • Opt out: stop sending you SMS or email communications.
  • Data portability: provide your data to you in a commonly used format, where technically feasible.

Send any of these requests to [email protected]. We will acknowledge your request within 10 business days and complete it within 30 days. If we need more time, we will tell you why and provide a timeline.

Depending on where you live, you may have additional rights under state or national privacy laws (for example, the California Consumer Privacy Act, the Virginia Consumer Data Protection Act, or the EU General Data Protection Regulation). We honor those rights where they apply.

9. Third-Party Services

We use the following categories of third-party services to operate Corebizy:

CategoryProvider(s)Purpose
Cloud infrastructureAmazon Web Services (AWS)Hosting, database, compute
AI processingAmazon BedrockAI-assisted response generation
Email deliveryAmazon SESSending transactional emails
SMS deliveryTwilioSending SMS messages
AnalyticsCloudflarePrivacy-respecting site analytics

Each of these providers operates under their own privacy policies and data handling agreements. We select providers who maintain industry-standard security practices and whose terms prohibit use of your data for their own marketing or AI training purposes.

10. Changes to This Policy

We may update this policy from time to time. When we do, we will revise the “Last updated” date above and, for material changes, provide additional notice where appropriate (for example, by email to active clients).

11. Contact

Questions, requests, or concerns about this Privacy Policy:

  • Email: [email protected]
  • General inquiries: [email protected]
  • Registered entity: LaFollett Labs LLC, St. Petersburg, Florida — registered with the Florida Department of State (entity address on public record via sunbiz.org)
← Back to home