Legal

Privacy Policy

Effective Date: May 24, 2026

This Privacy Policy explains how Wild Thyme Studios & Consulting LLC collects, uses, stores, processes, and shares information when you visit wildthymehudsonvalley.com, submit a form, purchase a report, or otherwise interact with us.

By using the website or services, you acknowledge this Privacy Policy.

1. Who We Are

Wild Thyme Studios & Consulting LLC provides consulting, advisory services, audits, reports, tools, business analysis, technical analysis, creative services, and related professional services.

For purposes of this Privacy Policy, “Wild Thyme,” “we,” “us,” and “our” refer to:

Wild Thyme Studios & Consulting LLC
418 Broadway #8028
Albany, NY 12207
USA
Email: privacy@wildthymehudsonvalley.com
Website: wildthymehudsonvalley.com

2. Public Perception and Public-Facing Business Information

The Blind Spot is designed as a public perception and visibility analysis.

The report is based on information you provide about your business, publicly available information, searchable public-facing materials, and outputs from search, AI, directory, review, website, and other public or semi-public business information sources.

We do not require private customer records, patient information, protected health information, confidential internal documents, passwords, financial account information, government identification numbers, trade secrets, or sensitive personal information to prepare the report. Please do not submit that information.

Information used for a report may include:

  • Business name
  • Website URL
  • Public website content
  • Public business listings
  • Public reviews
  • Public social or profile pages, if relevant
  • Business location
  • Business category
  • Service descriptions
  • Search engine results
  • AI tool outputs based on public-facing signals
  • Your self-assessment responses
  • Your high-level description of your business

3. Information We Collect

We may collect the following categories of information.

Identity and Contact Information

This may include:

  • Name
  • Email address
  • Business name
  • Optional phone number, if you provide it

Business Context

This may include:

  • Business website URL
  • Business location
  • Business category
  • Service descriptions
  • Business goals or concerns you choose to describe
  • High-level information about your business, audience, market, positioning, or public presence

Assessment and Free-Text Information

If you purchase The Blind Spot or complete an intake form, we may collect:

  • Multiple-choice assessment answers
  • Free-text answers
  • Business descriptions
  • Notes, comments, or other information you choose to submit

Please do not include patient information, protected health information, private customer records, passwords, financial account numbers, government identification numbers, confidential internal documents, confidential third party information, trade secrets, or sensitive personal information.

Publicly Available and Searchable Business Information

When preparing reports or reviewing inquiries, we may review publicly available or searchable business information, including:

  • Public website content
  • Public business listings
  • Public reviews
  • Public directory entries
  • Public social or profile pages
  • Search results
  • Public-facing AI outputs
  • Other public or semi-public information relevant to how the business appears from the outside

AI, Research, Formatting, and Automation Processing

When preparing reports or deliverables, we may process customer-submitted business information and publicly available business information using internal tools, automation, third party AI tools, search tools, research tools, formatting tools, drafting tools, self-hosted tools, open-source models, and proprietary internal tools.

These tools may include third party AI providers such as Anthropic Claude, OpenAI ChatGPT, and Perplexity, as well as self-hosted open-source models, internal proprietary models, and other AI, search, research, formatting, drafting, analysis, or automation tools we may adopt, replace, or discontinue from time to time.

These tools may be accessed through business accounts, individual subscriptions, workspaces, APIs, locally hosted systems, self-hosted systems, or other tool accounts used by Wild Thyme to provide the service. Some of these accounts may not be enterprise accounts.

Data handling, retention, model training, account history, deletion, and privacy settings may vary by provider, product, account type, configuration, and tool.

Information processed through these tools may include:

  • Business names
  • Website URLs
  • Public website content
  • Public business listings
  • Public reviews
  • Public social or profile pages
  • Assessment answers
  • Free-text business descriptions
  • Report drafts
  • Formatting instructions
  • Other information you submit for the purpose of receiving a report or service

We do not intentionally submit protected health information, patient information, passwords, financial account numbers, government identification numbers, private customer records, confidential internal documents, confidential third party information, trade secrets, or sensitive personal information to these tools. Please do not include that information in your submissions.

Where available, we use reasonable account settings and operational practices intended to limit unnecessary retention, model training, or exposure of customer information. However, third party providers process information according to their own terms, privacy policies, account settings, and data handling practices, and some tools may not provide Wild Thyme with direct deletion controls for individual report inputs after processing.

Payment Information

Payments are processed by Stripe.

We may receive limited payment-related information, such as:

  • Payment status
  • Transaction ID
  • Amount paid
  • Billing email
  • Order metadata
  • Refund status, if applicable

We do not store full credit card numbers on our servers.

Technical Information

We may collect basic technical information automatically through hosting infrastructure and server logs, such as:

  • IP address
  • Browser type
  • Device information
  • Request metadata
  • Pages requested
  • Date and time of access
  • Error logs
  • Performance logs

We use this information to operate the website, maintain security, debug issues, prevent abuse, and understand basic site performance.

Lead and CRM Information

If you submit an inquiry, purchase a report, or contact us, we may store inquiry, lead, and customer information in internal CRM or business systems for follow-up, relationship management, service communication, and ordinary business recordkeeping.

4. How We Collect Information

We collect information in the following ways:

  • Directly from you when you complete forms, submit assessments, contact us, or purchase a service
  • Automatically through server logs and hosting infrastructure
  • From Stripe or other payment processors when necessary to process payments, refunds, or order status
  • From publicly available or searchable sources when preparing a public perception report
  • From AI, search, directory, review, website, formatting, drafting, research, automation, or other public-facing tools used to analyze how a business appears from the outside

5. How We Use Information

We use information to:

  • Provide the website and services
  • Process orders and payments
  • Prepare and deliver reports
  • Analyze public-facing business information
  • Process submitted information using internal tools, automation, AI tools, research tools, formatting tools, drafting tools, open-source models, self-hosted tools, and proprietary internal tools
  • Respond to consulting inquiries
  • Store and manage lead information for CRM and follow-up purposes
  • Communicate with you about your order, inquiry, or service request
  • Maintain business and tax records
  • Improve our services, systems, and internal processes
  • Prevent fraud, abuse, unauthorized access, and misuse
  • Debug technical issues and maintain website security
  • Comply with legal obligations
  • Enforce our Terms of Service

We do not sell personal information.

We do not share personal information for cross-context behavioral advertising.

We do not use personal information for third party advertising.

6. Legal Bases for Processing

If you are located in the European Economic Area, United Kingdom, Switzerland, or another jurisdiction requiring a legal basis for processing, we rely on the following legal bases where applicable:

  • Performance of a contract: To process your order, prepare and deliver reports, and provide requested services
  • Legitimate interests: To operate the website, prevent abuse, maintain security, manage leads and customer relationships, improve services, analyze public-facing business information, and communicate with potential clients
  • Consent: Where we ask for your consent, such as for optional communications or certain cookies if added in the future
  • Legal obligation: To comply with tax, accounting, regulatory, or legal requirements

7. Third Party Service Providers and Tools

We share information with service providers and tools that help us operate the website, process payments, communicate with customers, prepare reports, and provide services.

These may include:

Stripe

Used for payment processing.

Stripe may collect and process payment information according to its own terms and privacy policy.

Supabase

Used for database hosting and storage.

Current hosting region: United States.

Vercel

Used for website hosting, deployment, infrastructure, and logs.

Private Email / Namecheap

Used for transactional email delivery and business email communication, including order confirmations, report delivery, inquiry responses, and follow-up messages.

Private Email is operated by Namecheap.

AI, Search, Research, Formatting, and Automation Tools

We may use third party AI, search, research, formatting, drafting, analysis, and automation tools to help prepare reports and deliver services.

These tools may include Anthropic Claude, OpenAI ChatGPT, Perplexity, self-hosted open-source models, internal proprietary models, and other tools we may adopt, replace, or discontinue from time to time.

These tools may process customer-submitted business information, publicly available business information, report drafts, formatting instructions, and related report inputs for the purpose of preparing, reviewing, formatting, improving, and delivering reports or services.

These tools may be accessed through business accounts, individual subscriptions, workspaces, APIs, locally hosted systems, self-hosted systems, or other tool accounts used by Wild Thyme to provide the service. Some of these accounts may not be enterprise accounts.

Data handling, retention, model training, account history, deletion, and privacy settings may vary by provider, product, account type, configuration, and tool. Some third party tools may not provide Wild Thyme with direct deletion controls for individual report inputs after processing.

Legal, Compliance, and Safety

We may share information when required by law, subpoena, legal process, court order, government request, or when we believe disclosure is necessary to protect rights, safety, security, or prevent fraud or abuse.

Business Transfers

If Wild Thyme is involved in a merger, acquisition, financing, reorganization, sale of assets, business transfer, or similar transaction, information may be transferred as part of that transaction.

8. Confidentiality and Service Providers

We treat non-public business information you submit as confidential.

However, “confidential” does not mean that information is never processed by service providers or tools. We may process information through the service providers and tools described in this Privacy Policy when reasonably necessary to provide the website, prepare reports, deliver services, communicate with you, maintain records, prevent abuse, or comply with law.

We take reasonable steps to avoid submitting unnecessary sensitive information to third party AI tools or service providers. You should not submit sensitive information unless we specifically request it in writing and appropriate safeguards are in place.

9. AI Tools and Model Training

We may use third party AI, search, research, formatting, drafting, analysis, and automation tools, including Anthropic Claude, OpenAI ChatGPT, Perplexity, self-hosted open-source models, internal proprietary models, and other tools we may adopt, replace, or discontinue from time to time, to help prepare reports and deliver services.

These tools may be accessed through business accounts, individual subscriptions, workspaces, APIs, locally hosted systems, self-hosted systems, or other tool accounts used by Wild Thyme to provide the service. Some of these accounts may not be enterprise accounts.

We do not intentionally use customer submissions to train our own public AI models.

Where available, we use reasonable account settings and operational practices intended to limit unnecessary retention, model training, or exposure of customer information. However, third party providers process information according to their own terms, privacy policies, account settings, and data handling practices, and some tools may not provide Wild Thyme with direct deletion controls for individual report inputs after processing.

Please do not submit protected health information, patient information, private customer records, passwords, financial account numbers, government identification numbers, confidential internal documents, confidential third party information, trade secrets, or sensitive personal information.

10. Cookies, Analytics, and Tracking

We do not currently use third party analytics tools, advertising pixels, behavioral tracking, or retargeting technologies.

We may collect basic technical information through server logs, including IP address, browser type, request metadata, pages requested, timestamps, error logs, and performance logs. We use this information to operate the website, maintain security, debug issues, prevent abuse, and understand basic site performance.

Cookies We Set

We set only strictly necessary first-party cookies required to operate the services you request. We do not use cookies for analytics, advertising, profiling, or cross-site tracking. The cookies we currently use are:

  • blindspot_invite — remembers a valid Blind Spot invite code you have already entered during the current session so you do not have to enter it again on the intake form. First-party, strictly necessary, set only after a successful server-side validation of the code you supplied, lifetime of 30 minutes.

Because these cookies are strictly necessary to deliver the service you requested, they do not require prior consent under the GDPR / ePrivacy Directive or under the CCPA. You can still refuse or delete them at any time through your browser. Doing so may require you to re-enter your invite code.

Stripe and Payment Cookies

When you reach the payment step, Stripe may set cookies in your browser to detect fraud, prevent abuse, and complete the transaction. These are strictly necessary for payment processing and are governed by Stripe’s Privacy Policy.

We do not currently sell personal information or share personal information for cross-context behavioral advertising.

If we add analytics tools in the future, such as Plausible, Vercel Analytics, or another analytics provider, or any cookie that is not strictly necessary, we will update this Privacy Policy to identify the provider, describe what information is collected, explain how that information is used, and, where required, present a cookie consent banner.

11. Data Retention

We retain information for as long as reasonably necessary to provide services, maintain records, comply with legal obligations, resolve disputes, prevent abuse, and enforce agreements.

Retention may include:

  • Order records, invoices, payment metadata, refund records, and report records: retained for up to 7 years for tax, accounting, legal, and ordinary business recordkeeping purposes
  • Lead and inquiry data: retained for CRM, follow-up, relationship management, service communication, and ordinary business purposes until no longer useful for those purposes, or earlier if deletion is requested and no legal or business reason requires retention
  • Server logs: retained according to hosting and infrastructure provider practices, unless exported or retained longer for security, debugging, fraud prevention, legal, or business reasons
  • Email correspondence: retained as ordinary business records for as long as reasonably necessary for communication history, legal, tax, accounting, dispute resolution, or business purposes
  • Public-facing business research and report inputs: retained as reasonably necessary to prepare reports, maintain service records, improve internal processes, respond to disputes, or comply with business and legal obligations
  • AI, research, formatting, and report preparation records: retained according to Wild Thyme’s operational practices and the data handling, retention, account history, and privacy practices of the relevant third party provider or tool. Some third party tools may not provide Wild Thyme with direct deletion controls for individual report inputs after processing.

You may request deletion of your information as described below. We will honor deletion requests where required by law and where reasonably possible.

We may retain certain information where required or permitted by law, including for tax, accounting, legal, dispute resolution, fraud prevention, security, or ordinary business recordkeeping purposes.

We may not be able to delete information already processed by third party tools where those tools do not provide direct deletion controls for individual report inputs.

12. Security

We use reasonable administrative, technical, and organizational safeguards designed to protect information.

These may include encrypted transport, managed hosting, access controls, server-side secrets, role-based database access, and limited access to systems containing customer information.

No system is 100% secure. We cannot guarantee absolute security of information transmitted to or stored by us.

13. International Data Transfers

Wild Thyme is based in the United States. If you access the website or services from outside the United States, your information may be processed in the United States and other jurisdictions where our service providers operate.

Privacy laws in those jurisdictions may differ from those in your location.

Where required, we rely on appropriate safeguards for international transfers, such as contractual protections used by our service providers.

14. Your Privacy Rights

Depending on your location, you may have rights regarding your personal information, including the right to:

  • Access the information we hold about you
  • Request correction of inaccurate information
  • Request deletion of information
  • Request a copy of your information
  • Object to or restrict certain processing
  • Withdraw consent where processing is based on consent
  • Opt out of certain uses of personal information, where applicable

To exercise rights, contact:

privacy@wildthymehudsonvalley.com

We may need to verify your identity before responding to a request.

We will respond to privacy requests as required by applicable law. Some requests may be limited by legal, tax, accounting, security, fraud prevention, dispute resolution, technical, operational, or third party provider constraints.

Where information has already been processed by third party tools, we may not be able to delete individual report inputs from those tools if the provider does not make direct deletion controls available to us.

15. California Privacy Notice

This section applies to California residents where California privacy law applies.

Categories of Personal Information Collected

We may collect the following categories of personal information:

  • Identifiers: Name, email address, business name, optional phone number, IP address
  • Commercial information: Purchase records, payment status, order metadata, refund status, services requested
  • Internet or electronic network activity information: Server logs, browser information, device information, request metadata, pages requested, timestamps, error logs
  • Professional or business information: Business name, website URL, business location, business category, service descriptions, assessment answers, submitted business context
  • Inferences: Report findings, analysis, categorization, prioritization, recommendations, or observations generated from submitted and public-facing business information

We do not intentionally collect sensitive personal information for The Blind Spot. Please do not submit protected health information, patient information, private customer records, passwords, financial account numbers, government identification numbers, confidential internal documents, confidential third party information, trade secrets, or sensitive personal information.

Sources of Personal Information

We collect personal information from:

  • You directly
  • Your use of the website
  • Payment processors
  • Hosting and infrastructure providers
  • Publicly available or searchable business sources
  • AI, search, directory, review, website, formatting, drafting, automation, or other public-facing tools used to analyze how a business appears from the outside

Business Purposes

We use personal information for:

  • Providing services
  • Processing payments
  • Delivering reports
  • Preparing public perception and visibility analysis
  • Responding to inquiries
  • CRM and follow-up communication
  • Maintaining security
  • Preventing abuse
  • Debugging and improving the website
  • Maintaining business records
  • Complying with law
  • Enforcing our Terms of Service

Categories of Recipients

We may disclose personal information to:

  • Payment processors
  • Hosting providers
  • Database providers
  • Email delivery providers
  • AI, search, research, formatting, drafting, analysis, and automation tool providers
  • Legal or compliance recipients where required
  • Parties involved in a business transfer

Sale or Sharing of Personal Information

We do not sell personal information.

We do not share personal information for cross-context behavioral advertising.

We may store lead and inquiry information in internal CRM or business systems for ordinary business follow-up, relationship management, and service communication. This is not a sale of personal information.

California Rights

California residents may have the right to:

  • Know what personal information we collect, use, disclose, or sell
  • Request deletion
  • Request correction
  • Opt out of sale or sharing, if applicable
  • Limit use of sensitive personal information, if applicable
  • Not be discriminated against for exercising privacy rights

To exercise California privacy rights, contact:

privacy@wildthymehudsonvalley.com

We will honor applicable California privacy rights where required by law. Some requests may be limited where information is retained for tax, accounting, legal, security, fraud prevention, dispute resolution, ordinary business, technical, or operational reasons, or where third party tools do not provide direct deletion controls for individual report inputs.

16. European Privacy Rights

If you are located in the European Economic Area, United Kingdom, or Switzerland, you may have additional rights under applicable data protection laws.

Wild Thyme Studios & Consulting LLC is the controller of personal information collected through this website, unless otherwise stated.

You may have the right to:

  • Access your personal information
  • Correct inaccurate personal information
  • Delete personal information
  • Restrict or object to certain processing
  • Receive a copy of your information
  • Withdraw consent where processing is based on consent
  • Lodge a complaint with your local data protection authority

To exercise these rights, contact:

privacy@wildthymehudsonvalley.com

We will honor applicable European privacy rights where required by law. Some requests may be limited where information is retained for tax, accounting, legal, security, fraud prevention, dispute resolution, ordinary business, technical, or operational reasons, or where third party tools do not provide direct deletion controls for individual report inputs.

Before filing a complaint, we encourage you to contact us so we can try to address your concern.

17. Children's Privacy

The website and services are not directed to children under 13.

We do not knowingly collect personal information from children under 13. If we learn that we have collected personal information from a child under 13, we will take reasonable steps to delete it.

The website and services are intended for adults and business users. You must be at least 18 years old to use the website, submit information, or purchase services.

18. Do Not Track and Global Privacy Control

Some browsers send “Do Not Track” signals. There is no universally accepted standard for responding to Do Not Track signals, and the website does not currently respond to them.

If required by applicable law, we will honor legally recognized opt-out preference signals, such as Global Privacy Control, in relation to activities covered by those laws.

At this time, we do not sell personal information or share personal information for cross-context behavioral advertising.

19. Changes to This Privacy Policy

We may update this Privacy Policy from time to time.

When we do, we will update the Effective Date above. The updated policy will apply when posted unless otherwise stated.

If we make material changes, we may provide additional notice, such as by posting a notice on the website or contacting you where appropriate.

20. Contact

For privacy questions or requests, contact:

Wild Thyme Studios & Consulting LLC
418 Broadway #8028
Albany, NY 12207
USA
Email: privacy@wildthymehudsonvalley.com
Website: wildthymehudsonvalley.com