Privacy Policy


Last Updated: July 8 2025

Contact Email: dev@mayfieldconsulting.com

Mayfield Consulting (“we,” “our,” “us”) is committed to safeguarding your privacy. This Privacy Policy explains how we collect, use, disclose, and protect personal data across our digital platforms—including websites, marketing systems, API-based services, and self-hosted automation infrastructure. We comply with the GDPR, CCPA, and other applicable regulations.

1. Scope of This Policy

This policy applies to data collected through:

  • Our public websites

  • Contact forms, chat interfaces, and embedded CRM tools

  • API integrations with social platforms (e.g., Meta, LinkedIn)

  • Workflow automations (n8n)

  • Internal analytics, CRM, and lead-management systems

2. Data We Collect

a. Website & Behavioral Analytics
• IP address, device/browser details
• Referring URLs and UTM parameters
• Session duration, page interactions, navigation paths
• Form completions and call-to-action engagements

b. Contact & CRM Data
• Name, email address, phone number, company name
• Message content and communication preferences
• Email engagement metrics (opens, clicks)
• Lead source and campaign attribution

c. Social & Platform-Linked Data
• Public comments, reactions, and mentions on social networks we monitor
• Direct messages sent to our managed business accounts
• Post-level engagement analytics (via Google Custom Search or platform APIs)

d. LinkedIn Page & Community Data
Collected only for Pages that we administer:
• Page posts (ugcPosts, shares)
• Comments and reactions on those posts
• Aggregated engagement metrics

e. LinkedIn Pages Data Portability API Data
Where explicitly authorized by a LinkedIn Page administrator, we may export:
• Historical Page posts and associated comments/reactions
• Followers/following counts and other Page-level metrics
• Page media (images, videos) and metadata (timestamps, visibility status)

These exports are stored securely, encrypted at rest, and purged after 180 days unless a longer retention period is contractually required.

f. Workflow & Automation Metadata
• Event timestamps, identifiers, and workflow logs
• Webhook interactions and third-party API exchanges
• Internal audit logs for performance optimization and security

3. Legal Basis for Processing

  • Consent – when you opt in or submit forms.

  • Legitimate Interest – analytics, service improvement, brand monitoring.

  • Contractual Obligation – fulfilling a service, support, or consulting agreement.

  • Compliance – meeting legal or regulatory duties.

4. How We Use Data

  • Improve website functionality and user experience

  • Respond to inquiries and maintain business relationships

  • Deliver personalized content and marketing

  • Monitor brand sentiment and community engagement

  • Automate internal processes such as lead routing and reporting

  • Ensure system reliability through proactive monitoring and logging

We never sell personal data to third parties.

5. Third-Party Tools & Integrations

  • HubSpot – CRM, email automation

  • Google Analytics (GA4) – website analytics

  • LinkedIn Community-Management API – Page engagement analytics

  • LinkedIn Pages Data Portability API – export of Page posts and metrics (administrator-authorized)

  • Meta/CrowdTangle APIs – public Facebook/Instagram monitoring

  • n8n (self-hosted) – workflow orchestration

  • PostgreSQL (self-hosted) – relational data storage

All integrations adhere to their own privacy policies and terms of service.

6. Data Retention

Personal data is retained only as long as necessary to achieve stated purposes, satisfy contractual obligations, or meet legal requirements.

  • Website analytics logs: 26 months

  • CRM & client records: active engagement + 3 years

  • LinkedIn Community/Pages data: ≤ 180 days then automatically purged

  • Workflow/audit logs: 12 months

  • Backup snapshots: 30-day rolling window

Data may be deleted sooner upon verified user request or extended under legal hold.

7. Security Measures

  • TLS 1.3 encryption for data in transit

  • Encrypted volumes and nightly backups at rest

  • Firewall, intrusion prevention, and container isolation

  • Role-based access control (RBAC) with MFA for administrators

  • Encrypted secrets vault; API tokens rotated every 90 days

  • Continuous monitoring, logging, and audited access trails

Detailed infrastructure schematics remain confidential but follow industry best practices.

8. Data Subject Rights

Depending on your jurisdiction, you have the right to:

  • Access your personal data

  • Correct inaccuracies

  • Request erasure (“right to be forgotten”)

  • Restrict or object to processing

  • Obtain your data in a portable format

To exercise these rights, email dev@mayfieldconsulting.com. We respond within 30 days. LinkedIn Page administrators may also withdraw our app’s authorization in LinkedIn settings; we delete related data within 48 hours of revocation.

9. International Data Transfers

Data may be processed or stored outside your country. Transfers rely on approved safeguards (e.g., Standard Contractual Clauses) and encryption to protect data in transit and at rest.

10. Updates to This Policy

We may revise this policy from time to time. Changes will be posted here with an updated “Last Updated” date.

11. Contact Us

Mayfield Consulting
Email: dev@mayfieldconsulting.com
Website: https://mayfieldconsulting.com