Privacy Policy | Lynn M. Matson

Lynn M. Matson (“we,” “us,” or “our”) operates the website lynnmmatson.com (the “Site”). This Privacy Policy explains what personal information we collect, why we collect it, how we use and protect it, and what rights you have regarding your data.

By using the Site, you agree to the collection and use of information as described in this policy. If you do not agree, please do not use the Site.

1. Information We Collect

Information You Provide Directly

We collect personal information when you voluntarily submit it through our Site:

Contact Form: Name, email address, subject, and message content.
Diagnostic Booking Form: Name, email address, business name, employee range, primary business challenge, and preferred meeting date.
Vital Signs Quiz: Your quiz responses (answers to 10 assessment questions). If you choose to receive your results report, we also collect your name and email address.
Business Vitals Assessment™: If you are invited to complete a full Business Vitals Assessment, we collect your assessment responses, name, email, and business name.

Information Collected Automatically

Server Logs: Our hosting provider (Vercel) automatically collects standard server log information, including your IP address, browser type, referring page, and pages visited. This is standard for all websites.
Cookies: We use a single essential cookie for administrative authentication purposes only. We do not use advertising, analytics, or tracking cookies. See Cookie Policy for details.

Information We Do Not Collect

We do not use third-party analytics services (such as Google Analytics), advertising pixels, or social media tracking scripts on this Site. We do not purchase or obtain personal information from third-party data brokers.

2. How We Use Your Information

We use the personal information we collect for the following purposes:

To respond to your contact form inquiries
To schedule and prepare for diagnostic sessions
To generate and deliver your Vital Signs Quiz results or Business Vitals Assessment report
To send you the results report you requested (when email delivery is active)
To send you follow-up emails related to your quiz results or assessment, where you have opted in to receive marketing communications
To improve our services and Site functionality
To comply with legal obligations

We will not use your personal information for purposes materially different from those described here without first obtaining your consent.

3. How We Store and Protect Your Information

Your personal information is stored securely using Supabase, a cloud database platform with encryption at rest and in transit. PDF reports generated from your assessment responses are stored in Supabase secure file storage and are accessible only via authenticated, time-limited links. Our Site is hosted on Vercel, which provides HTTPS encryption for all connections.

We implement reasonable technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. However, no method of electronic storage or transmission is 100% secure, and we cannot guarantee absolute security.

4. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes described in this policy:

Contact and booking submissions: Retained for up to 12 months after your inquiry, then deleted unless an ongoing business relationship exists.
Quiz and assessment data: Retained for up to 24 months to allow you to reference your results, then deleted.
Business Vitals Assessment data: Retained for the duration of the consulting engagement plus 12 months, then deleted.

You may request earlier deletion of your data at any time (see “Your Rights” below).

5. Third-Party Services

We use the following third-party services that may process your data:

Supabase — Database hosting and file storage. Your form submissions, quiz responses, and assessment data are stored here.
Vercel — Website hosting. Processes standard server logs including IP addresses.
Resend — Email delivery service. Used to send you requested reports and notifications. Your email address and name are shared with Resend when we send you an email.
Bento — Email marketing platform. If you opt in to receive marketing communications, your name, email address, and quiz or assessment results are shared with Bento to deliver follow-up emails and personalized content. You may unsubscribe at any time using the link included in every email.

We do not sell, rent, or trade your personal information to any third party. Third-party services listed above process your data only as necessary to provide their services to us.

6. Your Rights

Depending on your location, you may have the following rights regarding your personal information:

All Users

Access: Request a copy of the personal information we hold about you.
Correction: Request that we correct any inaccurate personal information.
Deletion: Request that we delete your personal information.
Withdrawal of Consent: Withdraw your consent for us to process your data at any time.

Canadian Residents (PIPEDA / BC PIPA)

As a Canadian business operating in British Columbia, we comply with the Personal Information Protection and Electronic Documents Act (PIPEDA) and British Columbia's Personal Information Protection Act (PIPA). You have the right to:

Know what personal information we hold about you
Challenge the accuracy and completeness of your information
Request that your information be amended or deleted
Complain to the Office of the Privacy Commissioner of Canada or the Office of the Information and Privacy Commissioner for BC if you believe your privacy rights have been violated

European Economic Area Residents (GDPR)

If you are located in the EEA, you additionally have the right to data portability (receiving your data in a structured, commonly used format), the right to restrict processing, and the right to lodge a complaint with your local data protection authority.

California Residents (CCPA/CPRA)

If you are a California resident, you have the right to know what personal information is collected, to request deletion, and to opt out of the sale of personal information. We do not sell your personal information.

To exercise any of these rights, please contact us at lynn@lynnmmatson.com. We will respond to your request within 30 days.

7. Children's Privacy

Our Site and services are intended for business professionals and are not directed at individuals under the age of 18. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us and we will delete it promptly.

8. International Data Transfers

Our third-party service providers (Supabase, Vercel, Resend, and Bento) may store and process data in the United States or other countries outside of Canada. By using the Site and submitting your information, you consent to this transfer. These providers maintain appropriate safeguards to protect your information.

9. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the “Last updated” date at the top of this page. We encourage you to review this page periodically. Continued use of the Site after changes constitutes acceptance of the updated policy.

10. Privacy Officer

As required under applicable Canadian privacy legislation, including British Columbia's Personal Information Protection Act (PIPA) and Quebec's Law 25, we have designated a Privacy Officer responsible for our compliance with these laws and for handling privacy-related inquiries and complaints.

Privacy Officer: Lynn M. Matson
Email: lynn@lynnmmatson.com

To submit a privacy complaint or inquiry, please contact the Privacy Officer directly. We will acknowledge receipt within 10 business days and respond fully within 30 days.

11. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights, please contact:

Lynn M. Matson
Email: lynn@lynnmmatson.com
Website: lynnmmatson.com
Mailing Address: [INSERT MAILING ADDRESS]