• 1. Introduction:

Boston DPA Consulting, LLC (“Company,” “we,” “us,” or “our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use our website (bostondownpayment.org) or interact with us. It also describes your rights and choices regarding your information. By using our site or services, you agree to the practices described in this Policy. If you do not agree, please discontinue use of our site.

• 2. Information We Collect:

Information You Provide Directly: We collect personal information you give us, such as:

• Contact Data: name, email address, phone number, mailing address (for example, when you fill out our consultation form or sign up for updates).

• Intake Data: when you inquire about services, we may ask for details like your homebuying status, income range, credit score range, savings, or other financial info relevant to down payment assistance (as seen in forms on our site). You may also provide information during consultations or via email.

• Account Data: If we offer a client portal or account login, any credentials and profile information associated (currently, our site does not have user accounts for general use, but clients may have an onboarding form).

• Payment Data: If you become a client, we may collect payment-related information (credit card number or bank details) through a secure payment processor. (Note: we use reputable third-party payment services; we do not store full credit card numbers on our servers.)

Information Collected Automatically: When you visit our website, we automatically collect certain data:

• Usage Data: IP address, browser type, operating system, referring URLs, pages viewed, links clicked, and the dates/times of access. This is collected via log files, analytics tools, and cookies.

• Cookies & Similar Technologies: We use cookies (small text files stored on your device) and possibly web beacons to remember your preferences and track website usaggleam.io】. For example, we might use Google Analytics to see how users navigate our site, which helps us improve content.

You can control cookies through your browser settings; however, disabling cookies might affect site functionality (like form submissions).

• Do-Not-Track Signals: Currently, our site does not respond to DNT signals from browsers, because there is no consensus on how to interpret them. We treat all visitors equally, as allowed by law.

Information from Third Parties: We might receive information about you from other sources:

• If you were referred to us by a partner or found us via a social media ad, we may get basic info (like which campaign led you to us).

• If you engage with our social media pages (like Facebook, Instagram), those platforms may share aggregate data with us (e.g., overall demographics of visitors) but not personal details unless you make them public.

• If you become a client and authorize it, we may liaise with third parties (e.g., lenders, program administrators) and in that process receive info about you (like pre-approval status or program eligibility feedback). That information will be treated as part of your client data and protected accordingly.

• 3. How We Use Your Information:

We use personal information for the following purposes:

• Service Delivery: To provide and personalize our consulting services. For example, data about your financial situation helps us identify suitable down payment programbostondownpayment.org】. Contact info is used to schedule calls and send deliverables.

• Communication: To respond to inquiries, send confirmations or updates about your consultation, and provide customer support. We will email or call you as needed to discuss your case or to send newsletters if you subscribed.

• Marketing:

• If you join our mailing list or become a client, we may send you newsletters, promotions, or educational materials about homebuying, down payment assistance, or related services. (E.g., announcement of new programs, or events we host.)

• You can opt out of marketing emails at any time by clicking “unsubscribe” in the email or contacting us. We do not spam; typically, you’ll only hear from us in a marketing context if you gave consent (like checking a box on our form).

• Prize Promotions: If you enter our sweepstakes (as described in our Official Rules), we use your info to administer the promotion – e.g., to draw winners and contact thegleam.io】. If you’re a winner, we may use your info as allowed in the Official Rules (for example, to announce first name/last initial).

• Site Improvement and Analytics: We analyze usage data to improve our website’s content, layout, and performance. For instance, seeing which pages are most visited helps us focus on information users find valuable. We may use third-party analytics (like Google Analytics) which gather info via their own cookies (Google’s ability to use and share information collected by Google Analytics about your visits is governed by their Terms and Privacy Policy).

• Advertising: Currently, we do not host third-party ads on our site that track users. We may in the future run retargeting ads on platforms like Google or Facebook, which could use cookies to show you ads based on your past visits. If we do this, we’ll update this Policy and ensure the appropriate consent (where required).

• Legal and Security: To protect our rights and the security of our site. For example, we may use data to detect and prevent fraud, hacking, or other misuse. If legally required, we might use or disclose information to comply with a subpoena, law, or regulatory request (see “Legal Disclosure” below).

• 4. How We Share Your Information:

We do not sell your personal information to third parties. We share information in the following circumstances:

• With Service Providers: We employ trusted third-party companies to perform functions on our behalf. Examples:

• Hosting providers and cloud storage (where our website or databases are stored).

• Email service (for sending newsletters or appointment reminders).

• Payment processors (to handle transactions securely).

These providers are given only the data necessary to perform their services and are contractually obligated to keep your information confidential and to use it only for providing the service to us.

• With Business Partners (for client services): If you become a client, we may, with your permission, share relevant info with parties directly involved in your down payment assistance process. For instance:

• If a certain non-profit administers a grant you’re applying to, we might coordinate with a representative there and share needed documents or info on your behalf.

• If we refer you to a mortgage lender or real estate professional, and you consent, we may share contact info and relevant background so they can assist you seamlessly.

We do not broadly share your data with partners for their own marketing; any sharing is specific and purposeful for your case.

• Legal Requirements: We may disclose information if required to do so by law or in the good-faith belief that such action is necessary to:

• Comply with applicable laws, legal process (subpoena, court ordergleam.io】.

• Protect and defend our rights or property, or investigate potential violations of our Terms of Service.

• Protect the personal safety of users of our site or the public in urgent circumstances.

• Business Transfers: In the event of a merger, acquisition, reorganization, or sale of all or a portion of our business or assets, personal information may be transferred as part of that deal. We would ensure the new owner continues to protect your information according to standards at least as strict as this policy. You would be notified via a prominent notice on our site or by email of any such change in ownership or control of your personal information.

• With Your Consent: Other than as set out above, you will be notified when personal information about you might be shared with third parties, and you will have the opportunity to consent (e.g., if we ever want to feature your success story with your name and photo, we’d ask permission explicitly).

• 5. Security Measures:

We implement reasonable security procedures and practices appropriate to the nature of the information we maintain. These include:

• Encryption of sensitive data: for example, our site uses HTTPS for secure transmission of data you enter (look for the padlock in your browser).

• Secure storage: personal data is stored on servers with firewalls and regular monitoring. Access to those servers and data is restricted to authorized personnel who need it for their job.

• Employee training and confidentiality: our team is trained on data protection and is bound by confidentiality obligations. Only staff who assist with consultations or website management access your info.

• Regular updates: we keep our systems and software updated to guard against vulnerabilities, and perform backups of critical data.

Despite these precautions, no method of transmission over the Internet or electronic storage is 100% secure. Therefore, while we strive to use commercially acceptable means to protect your personal information, we cannot guarantee absolute security. In the unlikely event of a data breach that affects your personal info, we will notify you and appropriate authorities as required by law.

• 6. Data Retention:

We retain personal information for as long as necessary to fulfill the purposes for which we collected it, and for a reasonable time thereafter for legal or business considerations.

• If you submit an inquiry but do not become a client, we may keep your contact info and inquiry details for a period (e.g., 1-2 years) in case you reach out again or to follow up, unless you request deletion earlier.

• For clients, we retain records of services provided, communications, and transaction history. This may be necessary for our business records, to comply with regulatory requirements (for example, if financial advice was given), or to handle any disputes. Typically, client records may be kept for at least 7 years after service, which aligns with common legal retention requirements.

• We also retain website usage data in aggregated form indefinitely for analytics, but individual user logs or identifiable data are usually kept only for a shorter period (maybe 26 months in Google Analytics, as per their default, unless we change that).

• When personal data is no longer needed, we will securely dispose of it or anonymize it (so it can no longer be associated with you).

• 7. Your Rights and Choices:

You have several rights regarding your personal information:

• Access and Update: You may request access to the personal information we hold about you and ask that we correct or update it if inaccurate. For example, if you change your email or realize we have a typo in your name, contact us and we will correct it.

• Deletion (Right to be Forgotten): You may ask us to delete your personal data. We will do so to the extent we are not required to keep it for legal reasons or legitimate business purposes. For instance, if you were a client, we might need to retain certain records for tax or compliance reasons, but we can delete non-essential data or anonymize it on request.

• Opt-Out of Marketing: As mentioned, you can unsubscribe from marketing emails anytime. Even if you opt out of marketing, we may still send you transactional or service-related communications (e.g., an email with a consultation appointment time, or important account notices if accounts exist).

• Cookies Choices: As described, you can control cookie settings via your browser. Additionally, you can opt out of Google Analytics tracking by installing the Google Analytics opt-out browser add-on. For any interest-based advertising (if we engage in it), we will provide a way to opt out, such as via industry opt-out pages (e.g., the DAA or NAI opt-out sites).

• California Residents: (If applicable) Under the California Consumer Privacy Act (CCPA), California residents have the right to request disclosure of what personal info we collect, use, and share, to request deletion of their personal info, and to opt out of any “sale” of personal info (we do not sell personal info as defined). If you are a California resident and send us a verifiable request regarding these rights, we will respond as required by law. Also, we will not discriminate against you for exercising these rights (e.g., we won’t deny services or charge different prices just because you opted out of sharing data).

• GDPR (EU/UK Users): Our services are primarily targeted to U.S. customers, but if you are in the European Economic Area or UK, you have similar rights under GDPR: access, rectification, erasure, restriction, objection to processing, and data portability, where applicable. Our legal basis for processing your data typically is your consent (when you provide info to request our services) or our legitimate interest in providing consulting and running our business, or contract fulfillment (if you become a client), as well as compliance with laws. If you withdraw consent or object, we’ll honor that in line with GDPR. You also have the right to lodge a complaint with your local data protection authority if you believe we’ve mishandled your data.

• To Exercise Rights: Please contact us at [contact email] or via mail at [mailing address] with your specific request. We may need to verify your identity (to make sure it’s you making the request) by asking for some information. We will respond within the timeframe required by applicable law (for example, within 45 days for CCPA requests, which may be extended once by 45 days with notice).

• 8. Children’s Privacy:

Our website and services are not directed to children under the age of 18. We do not knowingly collect personal information from anyone under 18. If you are under 18, please do not submit any personal info. If we learn we have collected or received personal data from a minor under 18 without verification of parental consent, we will delete that information. If a parent or guardian becomes aware that a child has provided us with information, they should contact us and we will delete it. (Note: Because our services involve financial consulting for home purchases, it’s extremely unlikely minors would seek our services.)

• 9. Third-Party Websites and Links:

Our website may contain links to third-party websites, such as external resources on homebuying or down payment programs, or social media platforms (e.g., a link to our Facebook page or a city program’s site). This Privacy Policy does not apply to those external sites. We have no control over the content or privacy practices of third-party sites. We encourage you to review the privacy policies of any site you visit via links from our site. For example, if you click a link to apply to a state grant program on a state government site, their privacy policy would govern the information you provide there.

• 10. Updates to This Policy:

We may occasionally update this Privacy Policy to reflect changes in our practices or for other operational, legal, or regulatory reasons. When we do, we will revise the “Last Updated” date at the top. If changes are significant, we may also provide a more prominent notice (such as a banner on our site or an email notification). We encourage you to review this Policy periodically to stay informed about how we protect your information. Your continued use of the website after we post any modifications will constitute acknowledgment of the modifications and agreement to abide by the updated Policy.

• 11. Contact Us:

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal information, please contact us at:

Email: [[email protected]]

Mail: Boston DPA Consulting – Privacy Dept., [Address], Boston, MA [ZIP]

We will be happy to assist you and will respond as promptly as we can.

(This Privacy Policy is provided to all site users via a link in our website footer. It covers all required disclosures about data collection and user rights. By following these practices, we comply with applicable privacy laws and build trust with our site visitors.)