Privacy Policy

Effective: December 11, 2025

This Privacy Policy explains how Scepter Marketing, LLC (“Scepter,” “we,” “us,” “our”) collects, uses, shares, and protects personal information in connection with our websites, SaaS applications (including Alfred and GHL-based applications), and services. By using the Services, you consent to this Policy.

1. What We Collect

• Account & contact data: name, email, phone, company, role.
• Billing data: payment method details processed by third-party processors (we do not store full card numbers).
• Usage & device data: IP, device/browser info, logs, app configurations, feature usage.
• Website analytics & cookies: pixels, tags, analytics (e.g., Google Analytics), advertising cookies (e.g., Google/Meta).
• Lead gen & forms: information you submit voluntarily (including RB2B or similar forms).
• Client content: materials you upload or connect for agency/SaaS purposes.
• Google user data: when you connect a Google account to Alfred, we may access data as described in Section 14 below.

2. How We Use Information

• Provide, operate, maintain, and improve the Services.
• Authenticate users; prevent fraud and abuse.
• Process payments and manage subscriptions.
• Support, training, and service communications.
• Analytics, research, and product development.
• Marketing and outreach (you may opt out at any time).
• Legal compliance and enforcement.

3. Cookies, Pixels & Tracking

We use cookies and similar technologies for functionality, analytics, and advertising. Some third-party partners (e.g., Google, Meta) may set cookies to measure performance and deliver ads. You can manage cookies via your browser settings and the following:

• Google Ads Settings and Google Analytics opt-outs
• Meta ad preferences
• Industry opt-out pages (e.g., NAI/DAA)

Where required, we will display a consent banner and honor your choices.

4. Sharing & Disclosures

• Vendors/Processors: We share data with service providers (e.g., hosting, analytics, payment processors) under contractual safeguards.
• Legal: We may disclose information to comply with law, court orders, or to protect rights, property, or safety.
• Business transfers: In a merger, acquisition, or asset sale, data may transfer as part of the transaction with notice.

We do not sell personal information. We do not share personal information for cross-context behavioral advertising where prohibited without opt-out rights.

5. Data Retention

We retain personal data for as long as necessary to provide the Services and for legitimate business or legal purposes. If your account is closed or inactive, we typically retain personal data for approximately 30 days, unless a shorter or longer period is required by law or for recordkeeping.

6. Security

We implement reasonable technical and organizational measures to protect personal data. However, no method of transmission or storage is completely secure. In the event of a data breach affecting your information, we will notify you in accordance with applicable law.

7. International Data Transfers

If you access the Services from outside the United States, your data will be processed in the United States (and potentially other countries where our vendors operate), which may have different data protection laws than your country of residence.

8. Your Privacy Rights

8.1 California (CCPA/CPRA)
Subject to verification and applicable exceptions, California residents may have the right to: (a) know/access specific pieces and categories of personal information collected; (b) delete personal information; (c) correct inaccuracies; and (d) opt out of sale or sharing of personal information for cross-context behavioral advertising. To exercise rights, contact [email protected]. We will not discriminate for exercising these rights.

8.2 European Economic Area / United Kingdom (GDPR)
If GDPR applies, we process personal data under one or more lawful bases: performance of a contract, legitimate interests, consent, and/or legal obligations. You may have rights to access, rectify, erase, restrict, object to processing, or data portability. You may also lodge a complaint with your local supervisory authority. To exercise rights or withdraw consent, contact [email protected].

9. Children’s Privacy

The Services are not directed to children under 13, and we do not knowingly collect personal information from children. If we learn that a child’s data has been collected, we will delete it.

10. Data Controller/Processor Roles; DPA

When we determine the purposes and means of processing, we act as a controller. When processing personal data on your behalf (e.g., your clients’ data) we act as a processor under your instructions. A Data Processing Addendum (DPA) is available upon request: [email protected].

11. Marketing Communications

We may send service and product updates, newsletters, and promotional messages. You can unsubscribe at any time via the link in the email or by contacting [email protected]. We comply with applicable email laws (e.g., CAN-SPAM).

12. Changes to this Policy

We may update this Privacy Policy from time to time. Material changes will be notified (e.g., email or in-app notice) before they take effect. The “Effective” date above shows the latest revision. Earlier versions are available upon request.

13. Contact

Privacy & Legal Requests: [email protected]

14. Google API Services & Google User Data

Alfred integrates with Google APIs to help users audit, analyze, and manage their Google Business Profile. This section describes specifically how we handle data obtained through those integrations.

What Google data we access: When you connect your Google account to Alfred, we request access to your Google Business Profile data, which may include your business name, address, phone number, categories, services, hours of operation, photos, reviews, and profile performance data. We access only the data necessary to provide Alfred’s features.

How we use Google user data: Google user data accessed through Alfred is used solely to provide the features visible within the Alfred application — specifically, to generate your profile audit, identify optimization opportunities, display ranking and visibility data, and (for users on applicable plans) to suggest or apply profile improvements on your behalf. We do not use Google user data for advertising, marketing profiling, or any purpose unrelated to the features you have requested within Alfred.

Limited Use: Alfred’s access to and use of Google user data complies with the Google API Services User Data Policy, including the Limited Use requirements. Specifically: Google user data is used only to provide or improve user-facing features that are prominent within Alfred’s interface; data is not transferred to third parties except as necessary to operate Alfred (e.g., hosting infrastructure), with your consent, or as required by law; and humans do not access your Google user data except when necessary to provide support you have requested, to investigate security or abuse issues, or as required by applicable law.

Data we do not use Google user data for: We do not use Google user data to serve advertisements. We do not sell Google user data to third parties, data brokers, or information resellers. We do not use Google user data to determine creditworthiness or for lending purposes. We do not use Google user data for any purpose beyond operating and improving Alfred’s features as described in this Policy.

Storage and retention: Google user data accessed by Alfred is processed in order to generate your audit results and profile recommendations. We retain this data only as long as necessary to provide the Services or as required by law. You may disconnect your Google account from Alfred at any time, after which we will cease accessing your Google data and will delete or anonymize any stored Google user data within 30 days.

Revoking access: You may revoke Alfred’s access to your Google account at any time by visiting your Google Account Permissions page and removing Alfred. You may also contact us at [email protected] to request deletion of your data.