Privacy Policy

This Privacy Policy ("Policy") describes how Dude Lemon, LLC, located in Los Angeles, California, United States ("Company," "we," "us," and "our"), collects, uses, shares, and protects personal data when you visit or use our website at https://dudelemon.com (the "Website") and any related services we provide (collectively, the "Services").

We are committed to protecting your privacy and handling your data in an open, transparent manner. This Policy applies to all visitors, users, and others who access the Website. By using our Website, you acknowledge that you have read and understood this Policy.

If you have questions or concerns about this Policy, please contact us at [email protected].

2.1 Information you provide

We collect information you voluntarily provide, including:

• Contact information — name, email address, phone number, and company name when you fill out our contact form or reach out to us.
• Project inquiries — details about your project requirements, budget, timeline, and technical preferences that you share through forms or communications.
• Communications — records of correspondence when you contact us via email, phone, or other channels.
• Career applications — resume, portfolio, work history, and related information if you apply for a position.

2.2 Information collected automatically

When you visit our Website, we automatically collect certain information, including:

• Device data — IP address, browser type and version, operating system, device type, screen resolution, and language preferences.
• Usage data — pages visited, time spent on pages, click paths, referring URLs, and interaction patterns.
• Analytics data — aggregated data collected through Google Analytics (GA4) to understand website traffic and user behavior.

2.3 Information from third parties

We may receive information about you from third-party sources, including:

• Social media platforms when you interact with our content or connect your accounts.
• Google reCAPTCHA verification data when you submit our contact form.
• Publicly available business information related to potential client engagements.

We process your personal data for the following purposes:

• Service delivery — to respond to your inquiries, provide project estimates, and deliver our software development services.
• Communication — to correspond with you about projects, updates, and support.
• Website improvement — to analyze usage patterns, diagnose technical issues, and improve the Website experience.
• Security — to detect and prevent fraud, spam, abuse, and security incidents.
• Legal compliance — to comply with applicable laws, regulations, legal processes, or enforceable governmental requests.
• Marketing — with your consent, to send you information about our services, case studies, and company updates.

We will not use your personal data for purposes materially different from those described in this Policy without providing you notice and, where required by law, obtaining your consent.

We process your personal data under the following legal bases as defined by the General Data Protection Regulation (GDPR):

• Consent — where you have given clear consent for us to process your personal data for a specific purpose (e.g., submitting a contact form).
• Legitimate interest — where processing is necessary for our legitimate business interests (e.g., improving our Website, responding to inquiries), provided those interests are not overridden by your rights.
• Contractual necessity — where processing is necessary for the performance of a contract with you or to take pre-contractual steps at your request.
• Legal obligation — where processing is necessary to comply with a legal obligation to which we are subject.

You may withdraw your consent at any time by contacting us at [email protected]. Withdrawal of consent does not affect the lawfulness of processing performed before the withdrawal.

We use the following third-party services that may collect or process your data:

5.1 Google Analytics (GA4)

We use Google Analytics to collect anonymized data about website usage. Google Analytics uses cookies to track visitor interactions. The data collected is aggregated and does not personally identify individual visitors. Google's privacy policy applies to data collected by Google Analytics. You can opt out by installing the Google Analytics Opt-out Browser Add-on.

5.2 Google reCAPTCHA

We use Google reCAPTCHA on our contact form to prevent spam and abuse. reCAPTCHA collects hardware and software information, such as device and application data, and sends it to Google for analysis. Your use of reCAPTCHA is subject to Google's Privacy Policy and Terms of Service.

5.3 Hosting and infrastructure

Our Website and backend services are hosted on third-party infrastructure providers. These providers may process server logs that include IP addresses and request metadata as part of their standard operations.

6.1 What are cookies?

Cookies are small data files stored on your device by a website. We use both session cookies (which expire when you close your browser) and persistent cookies (which remain until deleted) to provide functionality and analyze website usage.

6.2 Types of cookies we use

• Essential cookies — required for the Website to function properly. These cannot be disabled without affecting site functionality.
• Analytics cookies — used by Google Analytics (GA4) to collect anonymized data about how visitors use the Website, including pages visited, session duration, and traffic sources.
• Functionality cookies — remember your preferences and settings to provide a more personalized experience.

6.3 First-party vs. third-party cookies

First-party cookies are set directly by our Website. Third-party cookies are set by services we integrate with (e.g., Google Analytics, reCAPTCHA) and are governed by those services' respective privacy policies.

6.4 Managing cookies

You can control and manage cookies through your browser settings. Most browsers allow you to refuse cookies, delete existing cookies, or be notified when a cookie is set. Please note that disabling cookies may affect the functionality of the Website.

We do not use your personal data for automated decision-making or profiling that produces legal effects or similarly significantly affects you. If this changes in the future, we will update this Policy and provide appropriate notice and safeguards as required by applicable law.

We do not sell your personal data. We may share your information in the following circumstances:

• Service providers — with trusted third-party vendors who assist us in operating the Website and delivering services (e.g., hosting providers, analytics services, email services). These providers are contractually obligated to protect your data and use it only for the purposes we specify.
• Legal requirements — when required by law, regulation, legal process, or governmental request.
• Business transfers — in connection with a merger, acquisition, reorganization, or sale of assets, in which case your personal data may be transferred as part of that transaction. We will notify you of any such change.
• With your consent — in any other circumstances where you have given explicit consent.

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that differ from the laws of your country.

When we transfer personal data from the European Economic Area (EEA), United Kingdom, or Switzerland to countries that have not been deemed to provide an adequate level of data protection, we implement appropriate safeguards, including Standard Contractual Clauses (SCCs) approved by the European Commission, to ensure your data is protected in accordance with this Policy.

By using our Website, you acknowledge that your data may be transferred to our facilities and to those third parties with whom we share it as described in this Policy.

We implement appropriate technical and organizational security measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

• Encryption of data in transit using TLS/SSL.
• Access controls limiting data access to authorized personnel only.
• Regular security assessments and monitoring.
• Secure coding practices in our software development processes.

While we strive to protect your personal data, no method of transmission over the Internet or method of electronic storage is 100% secure. We cannot guarantee absolute security but are committed to maintaining industry-standard protections.

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will:

• Notify the relevant supervisory authority within 72 hours of becoming aware of the breach, as required by the GDPR.
• Notify affected individuals without undue delay when the breach is likely to result in a high risk to their rights and freedoms.
• Document the breach, its effects, and the remedial actions taken.
• Take immediate steps to contain and remediate the breach.

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including to satisfy legal, accounting, or reporting requirements. Specific retention periods include:

• Contact form submissions — retained for the duration of the business relationship and up to 3 years after last contact, unless a longer period is required by law.
• Analytics data — retained in accordance with Google Analytics' data retention settings (currently set to 14 months).
• Career applications — retained for up to 1 year after the position is filled, unless you request earlier deletion.
• Server logs — retained for up to 90 days for security and diagnostic purposes.

When personal data is no longer needed, we will securely delete or anonymize it. You may request deletion of your personal data at any time by contacting us at [email protected].

Depending on your jurisdiction, you may have the following rights regarding your personal data:

• Right of access — request a copy of the personal data we hold about you.
• Right to rectification — request correction of inaccurate or incomplete personal data.
• Right to erasure — request deletion of your personal data, subject to legal retention requirements.
• Right to restrict processing — request that we limit how we use your data.
• Right to data portability — request a copy of your data in a structured, machine-readable format.
• Right to object — object to processing based on legitimate interests or for direct marketing purposes.
• Right to withdraw consent — withdraw consent at any time where processing is based on consent.

To exercise any of these rights, please contact us at [email protected]. We will respond to your request within 30 days. We may ask you to verify your identity before processing your request.

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

• Right to know — request disclosure of the categories and specific pieces of personal information we have collected about you, the sources of collection, the purposes of collection, and the categories of third parties with whom we share your data.
• Right to delete — request deletion of your personal information, subject to certain exceptions.
• Right to correct — request correction of inaccurate personal information.
• Right to opt out of sale or sharing — we do not sell or share your personal information for cross-context behavioral advertising. If this changes, we will provide a "Do Not Sell or Share My Personal Information" link.
• Right to non-discrimination — we will not discriminate against you for exercising any of your CCPA/CPRA rights.

To submit a request, contact us at [email protected]. We will verify your identity and respond within 45 days.

Under California Civil Code Section 1798.83, California residents may request information regarding the disclosure of personal information to third parties for direct marketing purposes. We do not share personal information with third parties for their direct marketing purposes. If you have questions, contact us at [email protected].

Nevada residents may opt out of the sale of certain "covered information" as defined under Nevada SB 220. We do not currently sell covered information, but you may submit an opt-out request to [email protected] and we will respond within 60 days.

Our Website and Services are not directed to individuals under the age of 16. We do not knowingly collect personal data from children under 16. If we become aware that we have collected personal data from a child under 16 without parental consent, we will take steps to delete that information as soon as reasonably practicable. If you believe a child under 16 has provided us with personal data, please contact us at [email protected].

Some browsers include a "Do Not Track" (DNT) feature that signals to websites that you do not want your online activity tracked. There is currently no universally accepted standard for how companies should respond to DNT signals. At this time, we do not respond to DNT signals but will update this Policy if a standard is established.

We may update this Policy from time to time to reflect changes in our practices, legal requirements, or for other operational reasons. When we make material changes, we will update the "Last updated" date at the top of this page. We encourage you to review this Policy periodically.

Your continued use of the Website after any changes to this Policy constitutes your acceptance of the updated Policy.

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

• Email: [email protected]
• Company: Dude Lemon, LLC
• Location: Los Angeles, California, United States

For GDPR-related inquiries, you may contact our designated Data Protection Officer at the email address above with the subject line "DPO Inquiry."

If you are located in the European Economic Area and believe we have not adequately addressed your data protection concerns, you have the right to lodge a complaint with your local data protection supervisory authority. A list of EU data protection authorities is available at the European Data Protection Board website.

If you are located in the United Kingdom, you may contact the Information Commissioner's Office (ICO).