Last updated: April 14, 2026

Privacy Policy

This policy explains what Cloud9 Lab collects, why we collect it, and how you stay in control. Cloud9 Lab, Inc. is a marketing and web agency based in Norwalk, California. If any of this is unclear, email [email protected] and a real person will answer.

Information we collect

You give us most of the information we hold. When you book a call, sign a contract, or send over a brief, you share details about you and your business. We only keep what the work requires.

  • Account info you give us (name, email, phone)
  • Project briefs and creative materials you share with us
  • Forms you fill out (contact, audit request, newsletter signup)
  • Calls and meetings — call notes if you opt in to recording

Automatically collected

Your browser tells our site a few things by default — which page you loaded, what device you are on, where you came from. This is how every site on the internet works. You can shut most of it off in Privacy Settings.

  • Device and browser info
  • IP address (truncated for analytics)
  • Pages visited and time on page
  • Cookies and similar tracking technologies — see the Cookies section

Third-party services and analytics

We run a small stack. Here is every tool that touches your data, what it does, and whether it waits for your consent.

  • Google Analytics 4 — site traffic, page views, conversion events. Consent-gated.
  • Microsoft Clarity — session replay and heatmaps. Consent-gated. Clarity is the only tool that records sessions.
  • PostHog — product analytics and feature flags. Consent-gated. Session replay is disabled.
  • Sentry — error monitoring. Always-on. No PII sent by default.
  • Cloudflare — bot protection (Turnstile) and CDN.
  • Sanity — content management for case studies and blog. No visitor data.

AI and automated processing

We test how AI search engines describe brands — ChatGPT, Perplexity, Gemini, Google AI Overview. When we run those tests, we send the prompt plus your public-facing brand information. No PII. No unpublished work. The AI providers we use have data-not-used-for-training settings enforced on the accounts we run queries from.

How we use your information

We use what you give us to do the work you hired us for and to keep the site running. That is the short version. The long version:

  • Deliver the work you hired us for
  • Reply to inbound forms and email
  • Improve site performance and content
  • Send the occasional newsletter — only if you opt in
  • Comply with legal obligations and prevent fraud

Who we share with

We share your data only with the tools that make the work happen. Categories: payment processors (Stripe), email service providers (AWS SES, Postmark), analytics providers (Google, Microsoft, PostHog), error monitoring (Sentry), content and hosting infrastructure (Sanity, Vercel), and advertising platforms only if you opt into marketing cookies. We never sell personal information.

Cookie consent and management

Four categories. Necessary cookies keep the site working — they cannot be turned off. Functional cookies remember your language and preferences. Analytics cookies let us see what pages work and what pages bomb. Marketing cookies power ad measurement if you opt in. A banner at the bottom of every page lets you accept, reject, or customize. Change your mind later? Open the Privacy Settings link in the footer and hit Reset choices — the banner comes back.

Your California privacy rights (CCPA / CPRA)

If you live in California, the CCPA and CPRA give you a specific set of rights over the personal information we hold. You can exercise any of them without giving up service or paying more.

  • Right to know what personal information we hold
  • Right to delete your information
  • Right to opt out of the sale or sharing of personal information (we do not sell)
  • Right to non-discrimination — same service whether you exercise rights or not
  • Right to correct inaccurate personal information
  • Right to limit use of sensitive personal information

Submit a request to [email protected]. We respond within 45 days.

How long we keep your information

Different data lives on different clocks. Here is what stays, and for how long.

  • Project files: 7 years after project end (industry standard for marketing deliverables)
  • Contact form submissions: 2 years
  • Analytics data: per provider — Google Analytics 14 months, Clarity 30 days for replays, PostHog 7 years for events
  • Sentry error logs: 90 days

Children's privacy

We do not target our services to anyone under 16 and do not knowingly collect information from children under 16. If you believe we have, contact us and we will delete it.

Data security

Traffic runs over TLS 1.2 or newer. Data at rest is encrypted by our infrastructure providers — Vercel, Sanity, AWS. Sentry handles error monitoring. Staff access runs on the principle of least privilege — people only see the accounts they need to do their job. No system is perfectly secure. If something feels off, contact us.

Changes to this policy

We may update this policy as the services or law change. Material changes get announced at the top of the page for 30 days. The 'last updated' date at the top reflects the most recent change.

Contact us

Questions, requests, or concerns:

  • Email: [email protected]
  • Mail: Cloud9 Lab, Inc., 13330 Bloomfield Ave, Unit 208, Norwalk, CA 90650, United States
  • Phone: (714) 869-7077