Privacy Policy

Instructor Marketing / Andy Hallinan ("we," "us," or "our") operates the AI business diagnosis tool available at https://firearminstructorai.com (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use the Service. It is designed to comply with the California Consumer Privacy Act (CCPA), the California Online Privacy Protection Act (CalOPPA), and the General Data Protection Regulation (GDPR).

Please read this policy carefully. By creating an account or using the Service, you acknowledge that you have read and understood this Privacy Policy.

1. Information We Collect

1.1 Information You Provide Directly

When you create an account, we collect:

• Full name
• Email address
• Phone number
• Password (stored as a one-way cryptographic hash — we cannot read it)
• Business type (e.g., Firearm Instructor, Shooting Range, Gun Store, or a custom description you provide)

When you use the AI chat, we collect and store:

• All messages you send to the AI assistant
• All responses generated by the AI assistant
• The timestamp of each message

1.2 Information Collected Automatically

When you visit the Service, we automatically collect:

• Page view data (which pages you visit and when)
• UTM parameters (advertising source, medium, and campaign name from the URL)
• Referrer URL (the website that sent you to ours)
• Session cookies used to keep you logged in (see Section 5)

We do not currently collect IP addresses, device fingerprints, or detailed browser information beyond what is described above.

1.3 Information from Third Parties

We use Facebook Pixel (Meta Platforms, Inc.) to track advertising performance. When you visit the Service or complete registration, a pixel event is fired to Facebook. This allows us to measure the effectiveness of our advertising campaigns. Facebook's data practices are governed by Meta's Privacy Policy.

2. How We Use Your Information

We use the information we collect for the following purposes:

3. How We Share Your Information

We do not sell your personal information to third parties. We share your information only in the following circumstances:

3.1 Service Providers

We share data with trusted service providers who help us operate the Service:

• Manus AI — cloud hosting and infrastructure for the Service
• AI Language Model Provider — your chat messages are sent to a third-party AI service to generate responses. Messages are processed in real time and are subject to that provider's data retention policies.
• MomentumHQ (GoHighLevel) — our CRM system. Your name, email, phone, and business type are stored here to enable follow-up communications.
• Meta Platforms (Facebook Pixel) — advertising measurement

All service providers are contractually required to use your data only as directed by us and to maintain appropriate security measures.

3.2 Legal Requirements

We may disclose your information if required to do so by law, court order, or governmental authority, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

3.3 Business Transfers

If we are involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on the Service prior to your data being transferred and becoming subject to a different privacy policy.

4. Data Retention

We retain your account information and conversation history for as long as your account is active or as needed to provide the Service. If you request deletion of your account, we will delete your personal information within 30 days, except where retention is required by law or for legitimate business purposes (such as fraud prevention records).

Conversation data sent to the AI language model provider is subject to that provider's own retention policies, which may differ from ours.

5. Cookies and Session Tokens

We use a single session cookie ("funnel_session") to keep you logged in. This cookie is:

• Cryptographically signed (HMAC-SHA256) and contains only your email address and a timestamp
• Set with HttpOnly and Secure flags to prevent JavaScript access and require HTTPS
• Valid for 30 days from login
• Deleted when you log out

We also use the Facebook Pixel, which sets cookies managed by Meta. You can opt out of Facebook's tracking via Facebook's Ad Preferences.

As required by CalOPPA, this policy discloses our use of cookies. By using the Service, you consent to the use of cookies as described above.

6. Your Rights Under the CCPA (California Residents)

If you are a California resident, you have the following rights under the California Consumer Privacy Act:

• Right to Know: You may request that we disclose the categories and specific pieces of personal information we have collected about you, the sources of that information, the business purposes for collecting it, and the categories of third parties with whom we share it.
• Right to Delete: You may request that we delete the personal information we have collected from you, subject to certain exceptions.
• Right to Opt Out of Sale: We do not sell your personal information. However, if this practice changes, you will have the right to opt out.
• Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights.
• Right to Correct: You may request that we correct inaccurate personal information we hold about you.

To exercise these rights, contact us at [email protected]. We will respond to verifiable requests within 45 days.

7. Your Rights Under the GDPR (EEA/UK Residents)

If you are located in the European Economic Area or United Kingdom, you have the following rights under the General Data Protection Regulation:

• Right of Access: Request a copy of the personal data we hold about you.
• Right to Rectification: Request correction of inaccurate or incomplete data.
• Right to Erasure ("Right to be Forgotten"): Request deletion of your personal data.
• Right to Restrict Processing: Request that we limit how we use your data.
• Right to Data Portability: Receive your data in a structured, machine-readable format.
• Right to Object: Object to processing based on legitimate interests or for direct marketing purposes.
• Right to Withdraw Consent: Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

To exercise these rights, contact us at [email protected]. You also have the right to lodge a complaint with your local data protection authority.

Data Transfers: The Service is hosted in the United States. If you are located outside the United States, your information will be transferred to and processed in the U.S. By using the Service, you consent to this transfer. We implement appropriate safeguards for international data transfers as required by applicable law.

8. Data Security

We implement industry-standard security measures to protect your personal information, including HTTPS encryption for all data in transit, bcrypt hashing (12 rounds) for passwords, HMAC-signed session tokens, and access controls limiting who can view your data. However, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

In the event of a data breach that affects your rights and freedoms, we will notify you and applicable authorities as required by law.

9. Children's Privacy

The Service is intended for adults operating or seeking to operate a firearm-related business. We do not knowingly collect personal information from individuals under the age of 18. If we become aware that we have collected personal information from a minor, we will delete it promptly. If you believe we have inadvertently collected information from a minor, please contact us at [email protected].

10. Third-Party Links

The Service may contain links to third-party websites, including our product pages at instructormarketing.com. This Privacy Policy does not apply to those websites. We encourage you to review the privacy policies of any third-party sites you visit.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last Updated" date at the top of this page and, for material changes, notify you by email or by a prominent notice on the Service. Your continued use of the Service after any changes constitutes your acceptance of the updated policy.

As required by CalOPPA, we will notify users of material changes to this policy by updating the effective date and, where appropriate, by sending an email to the address associated with your account.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: