1. Introduction and Scope
This Privacy Policy describes how Baothebarber LLC, a computer systems design and integration firm organized under the laws of the State of Utah with its principal place of business at 6497 S Luminous Way, West Jordan, UT 84081-4949, United States, collects, uses, stores, and protects information obtained from visitors to our website located at www.baothebarber.autos and from individuals and organizations who engage our professional services. This policy applies to all interactions with Baothebarber LLC through our website, email communications, telephone consultations, and in-person engagements.
By accessing our website or using our services, you acknowledge that you have read and understood the practices described in this Privacy Policy. If you do not agree with any provision of this policy, you should discontinue use of our website and refrain from submitting personal information through any channel associated with Baothebarber LLC.
Baothebarber LLC acts as a data controller for the personal information we collect directly from you. For information processed on behalf of our clients during the course of providing computer integrated systems design and related professional services, we act as a data processor in accordance with the terms of our client agreements. This policy primarily addresses our role as a data controller.
2. Information We Collect
We collect several categories of information in connection with our business operations and the delivery of our professional services. The types of information we gather depend on the nature of your interaction with Baothebarber LLC and are limited to what is reasonably necessary for the purposes described in this policy.
2.1 Information You Provide Directly
When you contact us through our website, send us an email at office@baothebarber.autos, call our office at +1 (318) 718-6795, or engage us for consulting and systems design services, you may provide us with personal and business information including your full name, job title, company name, email address, telephone number, physical mailing address, and details about your project requirements, technical infrastructure, system specifications, and business objectives. If you enter into a professional services agreement with Baothebarber LLC, we may also collect billing information, payment details, tax identification numbers, and other information necessary to fulfill our contractual obligations and comply with applicable legal requirements.
2.2 Information Collected Automatically
When you visit our website, our servers automatically log certain technical information transmitted by your browser. This includes your Internet Protocol address, browser type and version, operating system, referring URL, pages visited on our site, the date and time of your visit, the duration of your browsing session, and general geographic region derived from your IP address. This information is collected through standard web server logs and is used solely for operational purposes, security monitoring, diagnostic troubleshooting, and aggregate analytics to improve our website performance and user experience.
We do not use third-party advertising cookies, tracking pixels from advertising networks, cross-site tracking technologies, or behavioral profiling mechanisms on our website. Any analytics we employ are limited to first-party, privacy-respecting tools that do not share your data with external advertising platforms, social media networks, or data brokers. We do not engage in the sale of personal information or the use of personal data for targeted advertising purposes.
2.3 Information From Third Parties
In the course of business development and professional networking, we may receive limited professional contact information from publicly available sources such as corporate websites, professional networking platforms, industry conference attendee lists, and business directories. Any such information is used exclusively for legitimate business outreach relevant to our computer systems design and integration services and is handled in accordance with applicable data protection laws and professional standards of conduct.
We may also receive information from technology partners, service providers, and referral sources who have obtained your consent to share your contact details with us for the purpose of exploring potential business relationships. In such cases, we rely on the representations of those third parties regarding the lawfulness of the data sharing.
3. How We Use Your Information
Baothebarber LLC uses the information we collect for specific, legitimate business purposes. We do not sell, rent, trade, or otherwise monetize your personal information by disclosing it to third parties for their own commercial purposes. The purposes for which we process your information include:
- Service Delivery: To provide the computer integrated systems design, systems integration, infrastructure engineering, cybersecurity architecture, DevOps engineering, technical consulting, and related professional advisory services you have requested, including project planning, technical assessment, architecture design, implementation, quality assurance, and ongoing operational support.
- Communication: To respond to your inquiries, provide information about our service offerings and capabilities, deliver project status updates and milestone notifications, present technical proposals and statements of work, schedule meetings and consultations, and maintain productive ongoing client relationships.
- Contract Administration: To negotiate, execute, amend, and manage professional services agreements, master service agreements, and statements of work; to process invoices, track payments, manage accounts receivable, and fulfill our legal, regulatory, and contractual obligations to clients, vendors, and government authorities.
- Website Operations: To monitor, maintain, and enhance the security, availability, performance, and functionality of our website and associated infrastructure; to diagnose and resolve technical issues; to detect, prevent, and respond to unauthorized access attempts, security incidents, fraudulent activities, and other malicious conduct.
- Business Development: To identify organizations that may benefit from our specialized computer systems design and integration services; to conduct market research relevant to the professional, scientific, and technical services sector; to measure the effectiveness of our business development initiatives; and to participate in industry events, conferences, and professional forums.
- Legal Compliance and Risk Management: To comply with applicable federal, state, and local laws, regulations, judicial orders, administrative proceedings, and enforceable governmental requests; to exercise, establish, or defend our legal rights; to enforce our terms of service and contractual agreements; and to protect the rights, property, privacy, and safety of Baothebarber LLC, our clients, our personnel, and the general public.
- Quality Improvement: To analyze service delivery patterns, client feedback, and project outcomes for the purpose of continuously improving our methodologies, technical frameworks, service quality, and overall client experience.
4. Legal Basis for Processing
For individuals located in jurisdictions that require a specified legal basis for processing personal data, including the European Economic Area, the United Kingdom, Switzerland, and certain U.S. states with comprehensive privacy legislation such as California, Colorado, Connecticut, Virginia, and Utah, Baothebarber LLC relies on the following recognized legal grounds for processing:
- Contractual Necessity: Processing is necessary for the performance of a contract to which you are a party, including our professional services agreements, or to take steps at your request prior to entering into such a contract, such as providing proposals, conducting preliminary technical assessments, and engaging in pre-engagement consultations.
- Legitimate Interests: Processing is necessary for the legitimate business interests pursued by Baothebarber LLC in operating, improving, protecting, and promoting our computer systems design and integration services, conducting business development activities, maintaining the security of our systems and premises, and managing our client and vendor relationships. We have carefully assessed that these interests are not overridden by your data protection rights and freedoms, taking into account the reasonable expectations of our clients and website visitors.
- Legal Obligation: Processing is necessary to comply with applicable legal and regulatory requirements to which Baothebarber LLC is subject, including but not limited to tax reporting obligations, financial record-keeping requirements under applicable commercial and accounting standards, employment and labor laws, professional licensing regulations, court orders, and lawful requests from public and governmental authorities with jurisdiction over our operations.
- Consent: In limited circumstances where neither contractual necessity nor legitimate interest nor legal obligation provides a valid legal basis, we will obtain your explicit, freely-given, specific, and informed consent before processing your personal information for a particular purpose. You have the right to withdraw your consent at any time by contacting us using the information provided in Section 11 of this policy. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
- Protection of Vital Interests: In rare circumstances, processing may be necessary to protect the vital interests of you or another natural person, such as in emergency situations involving health or safety.
5. Data Sharing and Disclosure
Baothebarber LLC maintains strict controls over how your information is shared, both within our organization and with external parties. We do not disclose personal information to third parties except in the following carefully limited circumstances, and we require all recipients to provide contractual commitments regarding data protection that are consistent with this Privacy Policy:
- Service Providers and Subprocessors: We may engage carefully vetted third-party vendors and service providers to perform specific business functions on our behalf and under our documented instructions. These functions include website hosting and content delivery, cloud infrastructure and data storage services, email communication and calendaring platforms, payment processing and invoicing systems, customer relationship management tools, project management and collaboration platforms, and IT security monitoring services. Each service provider is contractually bound through a data processing agreement to process personal data only in accordance with our documented instructions, to implement and maintain appropriate technical and organizational security measures, to notify us of any data breaches without undue delay, and to delete or return all personal data upon completion of the services. They are strictly prohibited from using your personal data for their own independent business purposes, including any form of secondary processing, monetization, or disclosure to additional third parties.
- Professional Advisors: We may share information on a need-to-know basis with our external legal counsel, certified public accountants, auditors, tax advisors, insurance brokers and underwriters, and risk management consultants as reasonably necessary for the prudent operation of our business, the protection and enforcement of our legal rights, the maintenance of appropriate insurance coverage, and the fulfillment of our fiduciary and compliance obligations.
- Business Transfers: In the event of a proposed or actual merger, acquisition, reorganization, consolidation, divestiture, financing, or sale of all or a material portion of our assets or equity interests, your personal information may be disclosed, transferred, or assigned as part of that transaction to the acquiring entity, successor organization, or financing counterparty, subject to appropriate confidentiality commitments and data protection safeguards. We will use reasonable efforts to notify you of any such material change in ownership or control of your personal information through our website, by email to the address you have provided, or by other means as required by applicable law.
- Legal and Regulatory Disclosures: We may disclose information if we have a good-faith belief that doing so is reasonably necessary to: comply with any applicable law, regulation, legal process, or enforceable governmental request; enforce our Terms of Service, contractual agreements, or other applicable policies; detect, prevent, investigate, or otherwise address fraud, security breaches, or technical issues; protect against imminent harm to the rights, property, privacy, or safety of Baothebarber LLC, our clients, our personnel, or the public as required or permitted by law; or respond to duly authorized subpoenas, court orders, search warrants, or other valid legal process issued by a court or governmental authority of competent jurisdiction.
- With Your Consent: In situations not covered by the categories above, we will obtain your explicit consent before sharing your personal information with any third party for a purpose not described in this Privacy Policy. You have the right to decline such sharing or to withdraw previously given consent at any time.
6. Data Retention
We retain personal information only for as long as is reasonably necessary to fulfill the legitimate business purposes for which it was originally collected, to satisfy our contractual commitments, or as required to comply with applicable legal, regulatory, tax, accounting, and evidentiary obligations. The specific retention period applied to each category of personal information depends on the nature of the information, the purposes of processing, and the applicable legal framework.
Our retention criteria and default retention periods are as follows:
- Client engagement records, including signed professional services agreements, statements of work, change orders, project specifications, architecture documentation, integration plans, system blueprints, technical deliverables, correspondence related to the engagement, and meeting notes, are retained for the duration of the active client relationship and for a period of seven years following the completion or termination of the engagement. This retention period enables us to address any post-engagement technical questions, handle warranty claims or professional liability matters, comply with applicable statutes of limitations for contract and tort claims, and satisfy our obligations under professional standards and insurance requirements.
- Business correspondence, including emails, letters, consultation notes, and records of telephone communications with prospective clients, vendors, and business partners, is retained for a period of five years from the date of the last substantive communication, unless a longer retention period is required for specific contractual, regulatory, or litigation-related reasons.
- Website server logs and access records are retained for a maximum of ninety days from the date of collection before being automatically purged through our log rotation and deletion processes. In the event of a security incident, ongoing investigation, or litigation hold, specific log data may be preserved beyond this period for forensic analysis and evidentiary purposes, after which it will be securely deleted.
- Billing, invoicing, and financial transaction records are retained in accordance with applicable tax laws under the Internal Revenue Code, generally accepted accounting principles, and relevant commercial record-keeping standards, typically for a period of seven years from the date of the transaction or the filing of the associated tax return, whichever is later.
- Marketing and business development records, including prospect lists, outreach communications, event registration data, and campaign analytics, are retained for a period of three years from the date of collection or the last interaction, whichever is more recent. You may request earlier deletion of your information from our marketing databases at any time by contacting us.
- Job applicant and recruitment data, including resumes, cover letters, interview notes, and assessment results, is retained for the duration of the active recruitment process and for a period of two years thereafter for consideration for future opportunities, unless you request earlier deletion of your application materials.
When the applicable retention period expires, we securely delete, anonymize, or irreversibly de-identify the relevant personal information using industry-standard data destruction and sanitization methods, including cryptographic erasure where applicable, secure file deletion protocols, and physical destruction of storage media when decommissioned. Archived system backups may retain residual copies of personal data for an additional limited period, not exceeding twelve months, as necessary for disaster recovery and business continuity purposes, after which such data is permanently and irretrievably destroyed in accordance with our backup retention and destruction schedule.
7. Data Security
Baothebarber LLC implements and continuously maintains a comprehensive program of administrative, technical, and physical safeguards designed to protect the confidentiality, integrity, availability, and resilience of personal information under our control against unauthorized access, disclosure, alteration, destruction, or loss. Our security program is informed by recognized industry frameworks, including the National Institute of Standards and Technology Cybersecurity Framework and relevant ISO standards, and is subject to periodic review and enhancement as technologies, threats, and best practices evolve.
The specific security measures we have implemented include, but are not limited to:
- Transport Layer Security encryption for all data transmitted between your browser and our web servers, enforced through HTTPS with modern cipher suites and secure certificate management practices. We also support and encourage the use of encrypted email communication channels, including opportunistic TLS for email in transit and support for end-to-end encryption solutions where the recipient infrastructure is compatible.
- Encryption of sensitive data at rest using industry-standard encryption algorithms, including AES-256, applied to client project files, contractual documents, financial records, and any other information designated as requiring elevated protection under our data classification policy. Encryption keys are managed through a dedicated key management infrastructure with strict access controls, separation of duties, and regular key rotation.
- Multi-factor authentication, role-based access controls, and the principle of least privilege applied across all systems, applications, and data repositories that process, store, or transmit personal information. Access to personal data is restricted to authorized personnel who have a demonstrable and documented business need for such access and who are subject to binding confidentiality obligations, whether through employment agreements, contractor agreements, or professional codes of conduct.
- Regular, independently conducted security assessments, including vulnerability scanning, penetration testing of our public-facing and internal systems, configuration audits, and code reviews. Identified vulnerabilities are tracked through a formal remediation process with defined severity-based timelines for resolution.
- A comprehensive incident response plan with clearly defined roles, responsibilities, escalation procedures, and communication protocols, tested through periodic tabletop exercises and updated to reflect lessons learned from drills and actual incidents. We maintain cyber insurance coverage appropriate to our risk profile and the nature of the data we process.
- Secure development and change management practices, including code review, pre-deployment security testing, and separation of development, testing, and production environments to minimize the risk of introducing vulnerabilities through software or configuration changes.
- Regular, mandatory security awareness and data protection training for all employees and contractors with access to personal information, covering topics including phishing detection, password hygiene, secure remote work practices, incident reporting procedures, and the proper handling of sensitive data in accordance with this Privacy Policy and our internal data handling standards.
While we implement these commercially reasonable and industry-aligned safeguards, it is important to understand that no method of electronic storage, processing, or transmission over the Internet or any wireless network can be guaranteed to be absolutely secure against all possible threats. The security of your information also depends on you maintaining the confidentiality of any account credentials we may provide and exercising appropriate caution in your use of communication channels. We cannot and do not warrant or guarantee the absolute security of any information you transmit to us. In the unfortunate event of a data breach affecting your personal information, we will notify you and any relevant supervisory authorities without undue delay and in accordance with the timelines and procedures prescribed by applicable data breach notification laws and regulations.
8. Your Privacy Rights and Choices
Depending on your place of residence and the legal regime applicable to your relationship with Baothebarber LLC, you may be entitled to exercise certain rights regarding the personal information we hold about you. We are committed to honoring these rights to the full extent required by applicable law and will not discriminate against you for exercising any privacy right to which you are legally entitled.
8.1 Right to Know and Access
You have the right to request confirmation of whether we process personal information about you and, if so, to request access to that information. Upon verifiable request, we will provide you with a copy of the categories and specific pieces of personal information we hold about you, the categories of sources from which the information was collected, the business or commercial purposes for which the information is collected and processed, and the categories of third parties with whom we have shared the information. If you request multiple copies of your data, we may charge a reasonable fee based on our administrative costs for producing additional copies.
8.2 Right to Data Portability
Where technically feasible and required by applicable law, you have the right to receive certain personal information you have provided to us in a structured, commonly used, and machine-readable format, and to request that we transmit this data directly to another data controller designated by you, where such direct transmission is technically practicable. This right applies to personal data processed by automated means where the legal basis for processing is your consent or the performance of a contract.
8.3 Right to Correction
You have the right to request that we correct, update, or complete any inaccurate, incomplete, or outdated personal information we hold about you. If we have disclosed the inaccurate information to any third party, we will take reasonable steps to notify those third parties of the correction, where appropriate and where required by law. We encourage you to promptly notify us of any changes to your personal information so that we can keep our records accurate and current.
8.4 Right to Deletion
Subject to certain exceptions enumerated in applicable law, you have the right to request that we delete personal information we have collected from you or that we maintain about you. Grounds for deletion include situations where the personal information is no longer necessary in relation to the purposes for which it was collected or otherwise processed, where you withdraw consent on which the processing is based and there is no other legal ground for the processing, where the personal information has been unlawfully processed, or where deletion is required to comply with a legal obligation.
We may decline a deletion request where retention of the information is reasonably necessary for us to: complete the transaction for which the information was collected; provide a service requested by you; perform under a contract with you; detect, prevent, or investigate security incidents or fraud; debug and repair errors that impair existing intended functionality; exercise our right to free speech or ensure the right of another consumer to exercise their free speech rights; comply with a legal obligation; engage in internal uses aligned with your reasonable expectations based on your relationship with us; or otherwise use the information internally in a lawful manner compatible with the context in which you provided it.
8.5 Right to Restrict Processing
You have the right, under certain circumstances, to request that we restrict or limit the processing of your personal information. These circumstances include situations where you contest the accuracy of the personal data and we need time to verify its accuracy, where the processing is unlawful and you oppose erasure and request restriction instead, where we no longer need the personal data for the purposes of processing but you require the data for the establishment, exercise, or defense of legal claims, or where you have objected to processing pending verification of whether our legitimate grounds override your rights.
8.6 Right to Object
You have the right to object, on grounds relating to your particular situation, to the processing of your personal information that is based on our legitimate interests or those of a third party. Upon receiving such an objection, we will cease processing the personal information unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or unless the processing is necessary for the establishment, exercise, or defense of legal claims. You have an absolute and unconditional right to object at any time to the processing of your personal information for direct marketing purposes, and we will honor such objections promptly and without exception.
8.7 Right to Non-Discrimination
We will not discriminate against you for exercising any of the privacy rights described in this policy. Discrimination prohibited by applicable law includes denying you goods or services, charging you different prices or rates for goods or services including through the use of discounts or other benefits or imposing penalties, providing you with a different level or quality of goods or services, or suggesting that you will receive a different price or rate for goods or services or a different level or quality of goods or services. However, we may offer certain financial incentives permitted by law that may result in different prices, rates, or quality levels, provided that any such incentive is reasonably related to the value of your data.
8.8 Exercising Your Rights
To exercise any of the rights described in this section, please submit a verifiable request to us using the contact information provided in Section 11 of this Privacy Policy. You may also designate an authorized agent to submit a request on your behalf, provided that the authorized agent demonstrates written authorization from you to act on your behalf, and that you verify your own identity directly with us unless applicable law provides otherwise.
We will acknowledge receipt of your request within ten business days and will respond substantively within the timeframes prescribed by applicable law, typically within thirty to forty-five calendar days, depending on your jurisdiction and the complexity of your request. If we require an extension of time, we will inform you of the reason for the extension within the initial response period. We may need to verify your identity before processing your request; this verification may require you to provide additional information sufficient to allow us to reasonably confirm that you are the person about whom we collected the personal information or an authorized representative of that person.
If we decline to take action on your request, we will inform you of our decision, the reasons for our refusal, and provide instructions for how you may appeal our decision, if applicable under the laws of your jurisdiction. There is generally no fee for making a verifiable request. However, if your requests are manifestly unfounded, repetitive, or excessive in nature, we may either charge a reasonable fee taking into account the administrative costs of providing the information or communication or taking the action requested, or we may decline to act on the request.
9. International Data Transfers
Baothebarber LLC is headquartered in the United States of America, and our primary servers, data centers, and operational facilities are located within the continental United States. If you are accessing our website or engaging our services from outside the United States, including from the European Economic Area, the United Kingdom, Switzerland, Canada, Australia, the Asia-Pacific region, or any other jurisdiction, please be aware that your personal information will be transferred to, stored, and processed in the United States.
The data protection and privacy laws of the United States may not provide the same level of protection as the laws of your country of residence. However, we take appropriate steps to ensure that your personal information receives an adequate and comparable level of protection regardless of where it is processed. Where required by applicable law, we implement appropriate transfer mechanisms, including:
- Standard contractual clauses approved by the European Commission and the United Kingdom Information Commissioner's Office, as applicable, for transfers of personal data from the European Economic Area, the United Kingdom, and Switzerland to the United States.
- Adherence to recognized international data transfer frameworks, certifications, and codes of conduct, where available and applicable to our processing activities.
- Contractual provisions in our agreements with clients, service providers, and data recipients that impose data protection obligations equivalent to those set forth in this Privacy Policy.
- Technical measures such as pseudonymization, encryption, and access controls that reduce the risks associated with cross-border data transfers.
By submitting your personal information to Baothebarber LLC through any channel, you acknowledge and consent to the transfer, storage, and processing of your information in the United States as described in this Privacy Policy. If you do not consent to such transfers, you should not provide us with personal information or use our website or services.
10. Children's Privacy
Our website and professional services are designed for and directed exclusively at businesses, organizations, and adult professionals. We do not knowingly collect, solicit, or maintain personal information from individuals under the age of eighteen, and our services are not intended for use by children. If we become aware that a child under the age of eighteen has provided us with personal information without verifiable parental consent, we will take prompt and commercially reasonable steps to delete such information from our active systems and records.
If you are a parent or legal guardian and believe that your child has provided us with personal information without your consent, please contact us immediately using the contact details provided in Section 11 so that we can take appropriate remedial action. We also encourage parents and guardians to monitor their children's online activities and to instruct their children never to provide personal information through websites or online services without parental permission.
11. Contact Information
If you have any questions, concerns, complaints, or requests regarding this Privacy Policy, our data protection practices, or the manner in which we handle your personal information, please do not hesitate to contact us. We take all privacy inquiries seriously and maintain a dedicated process for the prompt investigation and resolution of privacy-related matters. You may reach us through any of the following channels:
Baothebarber LLC
6497 S Luminous Way
West Jordan, UT 84081-4949
United States
Email: office@baothebarber.autos
Phone: +1 (318) 718-6795
Website: www.baothebarber.autos
We will endeavor to acknowledge receipt of your communication within five business days and to provide a substantive response within fifteen business days. If you are located in a jurisdiction that provides for the right to lodge a complaint with a data protection supervisory authority, you may do so if you believe that our processing of your personal information violates applicable law. However, we encourage you to contact us first, as we are committed to working with you to obtain a fair and satisfactory resolution of any privacy concern you may have. We value your trust and are dedicated to maintaining the highest standards of data protection and transparency in all of our operations.
This website and the associated Privacy Policy were developed by Bao The Barber, the developer responsible for this website. For questions specifically regarding the technical implementation of this website or the presentation of this Privacy Policy online, you may also direct inquiries to the developer through the contact channels listed above.
12. Changes to This Privacy Policy
Baothebarber LLC reserves the right to update, amend, or modify this Privacy Policy at any time to reflect changes in our business practices, operational procedures, legal and regulatory requirements, technological developments, or industry standards. When we make material changes to this policy, we will:
- Post the updated version prominently on our website with a clearly indicated revised effective date.
- Provide a summary of the material changes at the top of the updated policy or through a separate notice on our website.
- For clients with whom we have an active ongoing relationship, send an email notification to the primary contact email address we have on file, describing the nature of the changes and the date on which they become effective.
- Where required by applicable law, obtain your renewed consent to the updated processing practices before the changes become effective with respect to your personal information.
We encourage you to review this Privacy Policy periodically, and particularly before providing new personal information or engaging us for new services, to stay informed about our current data protection practices. The date of the most recent revision is always indicated at the top of this policy. Your continued use of our website or services after the effective date of any updated Privacy Policy constitutes your acknowledgment of the changes and your agreement to be bound by the revised terms. If you do not agree with the updated policy, you should discontinue use of our website and services and, where applicable, contact us regarding the closure or transfer of your account.
13. Governing Law and Jurisdiction
This Privacy Policy and any disputes, claims, or controversies arising from or relating to it, whether based in contract, tort, statute, or any other legal theory, shall be governed by and construed in accordance with the laws of the State of Utah and the applicable federal laws of the United States of America, without giving effect to any choice-of-law or conflict-of-law principles that would result in the application of the laws of any other jurisdiction.
Any legal suit, action, or proceeding arising out of or relating to this Privacy Policy shall be instituted exclusively in the federal or state courts of competent jurisdiction located in Salt Lake County, State of Utah. You waive any and all objections to the exercise of personal jurisdiction over you by such courts and to venue in such courts. You agree that regardless of any statute or law to the contrary, any claim or cause of action arising under or related to this Privacy Policy must be filed within one year after such claim or cause of action arose, or it shall be permanently barred.