Privacy Policy

McEachen & Co. ("we," "us," "our") operates mceachen.co and its subdomains, including headshot.mceachen.co. This policy explains what personal information we collect, how we use it, and how we protect it.

We believe privacy policies should be readable. If anything here is unclear, contact us at [email protected].

Information We Collect

Information you provide

• Contact form: Your name, email address, and message. This information is delivered to us via email and is not stored in a database.
• Resource downloads: Your name and email address when you download a guide or checklist. We store this to deliver the resource and for follow-up communications.
• Demo tools: Your name and email address when you sign up to try a demo tool (such as our AI headshot generator). If you upload content like photos, that content is processed to deliver your result.
• Client portal: If you are a client, we store your email address, display name, an encrypted password, and your service permissions.

Information collected automatically

• Analytics: We use Google Analytics to understand how visitors use our site. This collects data such as pages visited, session duration, device type, browser, and approximate geographic location. Google Analytics does not identify you personally.
• IP address: Your IP address may be temporarily collected for rate limiting on demo tools (automatically deleted within 2 hours). Cloudflare, our hosting provider, also processes IP addresses as part of standard web hosting.
• Cookies: See the Cookies section below.

How We Use Your Information

• Deliver resources and services you request
• Respond to your inquiries
• Send service-related communications
• Monitor and improve our website and services
• Prevent abuse and ensure security

We do not sell your personal information. We do not use your information for targeted advertising.

AI and Automated Technologies

Some of our demo tools use third-party AI services to process content you upload. For example, our headshot generator sends your uploaded photo to the Google Gemini API to create your result.

• Uploaded content is processed only to deliver the result you requested.
• Uploaded content is not retained by AI providers after processing, per their API terms of service.
• Your contact information (name, email) is not shared with AI providers.
• By using a demo tool, you consent to this processing as described here.

Third-Party Services

We use the following third-party services, each of which receives only the data necessary for its function:

• Cloudflare (hosting, CDN, data storage): Privacy Policy
• Google Analytics (website analytics): Privacy Policy
• Resend (email delivery): Privacy Policy
• Google Gemini API (AI processing in demo tools): Privacy Policy

Cookies and Tracking

We use a limited number of cookies:

• Session cookie (__mco_session): Set only when you log in to the client portal. Expires after 24 hours. This cookie is HttpOnly and Secure, meaning it cannot be accessed by scripts and is only transmitted over encrypted connections.
• Google Analytics cookies: Used to distinguish users and sessions. See Google's cookie policy for details.

We do not use advertising cookies or cross-site tracking cookies.

Do-Not-Track Signals

We do not currently respond to Do-Not-Track (DNT) browser signals. Google Analytics may continue to collect usage data regardless of your DNT setting.

Data Security

We take reasonable measures to protect your information:

• All data is transmitted over HTTPS (TLS encryption)
• Passwords are hashed using PBKDF2 with 100,000 iterations and unique salts
• Authentication cookies are HttpOnly and Secure
• Rate limiting and brute-force protections are in place

No method of electronic storage or transmission is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

Data Retention

• Contact form messages: Not stored in our systems (delivered via email only)
• Resource downloads: Your name and email are stored until you request deletion
• Demo tool access: Access credentials expire after 7 days
• Client portal accounts: Stored until the account is deleted
• Analytics data: Retained per Google Analytics' default settings
• Rate limiting data: Automatically deleted within 2 hours

Your Rights

You may:

• Request access to the personal information we hold about you
• Request correction of inaccurate information
• Request deletion of your personal information
• Opt out of marketing communications at any time

To exercise any of these rights, email [email protected]. We will respond within 30 days.

Children's Privacy

This website is intended for business professionals and is not directed toward individuals under 13 years old. We do not knowingly collect personal information from children under 13. If we become aware that a child under 13 has provided us with personal information, we will delete it promptly.

Changes to This Policy

We may update this policy from time to time. Material changes will be communicated through a notice on our website or by email. The "Last updated" date at the top of this page reflects when the policy was most recently revised.

Contact Us

If you have questions about this privacy policy or how we handle your data:

• Email: [email protected]
• Contact form: mceachen.co/contact