Privacy Policy

Last Updated: January 22, 2026

This Privacy Policy for ROMANELLO SYSTEMS ("we," "us," or "our") describes how and why we might access, collect, store, use, and/or share ("process") your personal information when you use our services ("Services"), including when you:

Visit our website at romanellosystems.com, or any website of ours that links to this Privacy Policy

Use Romanello Systems, which provides custom website design and integrated automation systems to help local businesses strengthen their online presence and streamline customer communication. Our Services include, but are not limited to, custom branded website design and development, SEO optimization, automated lead follow-up systems, missed call text-back automation, 2-way SMS chat widgets, Google review management systems, and monthly website maintenance.

Engage with us in other related ways, including any sales, marketing, or events

Questions or concerns? Reading this Privacy Policy will help you understand your privacy rights and choices. We are responsible for making decisions about how your personal information is processed. If you do not agree with our policies and practices, please do not use our Services. If you still have any questions or concerns, please contact us at [email protected]

SUMMARY OF KEY POINTS

This summary provides key points from our Privacy Policy, but you can find out more details about any of these topics below.

In short: we only collect the information we need to run your website, communicate with you (and your customers), and provide our services properly. This includes things like contact details, business information, and message data when you choose to use features like forms, SMS, or review requests. We never sell your personal information, we only share it with trusted service providers when necessary, and we use industry-standard security measures to protect it. You’re always in control—you can access, update, or request deletion of your information at any time.

1. WHAT INFORMATION DO WE COLLECT?

Personal Information You Disclose to Us

We collect personal information that you voluntarily provide to us when you:

Register for an account

Express an interest in obtaining information about us or our Services

Participate in activities on our Services

Contact us

Information we collect includes:

Contact Information: Name, email address, phone number, mailing address, business name

Account Credentials: Username, password, and security questions

Business Information: Company name, industry, website URL, Canadian Business Number (required for A2P messaging registration)

Payment Information: Credit card details, billing address (processed securely through our payment processors)

Communication Data: Information you provide when you contact us or respond to surveys

Domain Information: Domain names, domain registrar account credentials (when you authorize DNS access), DNS configuration data, and domain registration details

Customer Data: Information about your customers that you upload or integrate into our platform, including names, phone numbers, email addresses, text message conversations, lead capture form submissions, missed call logs, and review responses

Information Automatically Collected

We automatically collect certain information when you visit, use, or navigate our Services, including:

Device Information: IP address, browser type and version, operating system, device type

Usage Data: Pages visited, time spent on pages, click data, referring website addresses

Location Data: General geographic location based on IP address

Cookies and Tracking Technologies: We use cookies, web beacons, and similar technologies to collect information (see Section 5)

Information Collected from Third-Party Sources

We may collect information from:

Google Business Profile: Business information, reviews, customer interactions, and analytics data

Domain Registrars: Domain ownership and configuration information (only when you provide authorization)

SMS/A2P Service Providers: Message delivery status, opt-in/opt-out records, and compliance data

Analytics Providers: Usage statistics and demographic information

Publicly Available Sources: Business information from public directories and databases

2. HOW DO WE PROCESS YOUR INFORMATION?

We process your personal information for the following purposes:

To provide and maintain our Services: Creating and managing your account, building and hosting your website, configuring DNS records (with your authorization), processing payments, managing your 2-way SMS chat widget, automating lead and missed call follow-ups, managing Google reviews, performing monthly website revisions, and providing customer support

To improve and optimize our Services: Analyzing usage patterns, conducting research and development, testing new features

To communicate with you: Sending service updates, security alerts, administrative messages, marketing communications (with your consent), and responding to your inquiries

To automate business processes: Managing review collection, sending automated lead follow-up messages, triggering missed call text-backs, routing SMS conversations from your website visitors, syncing customer data

To ensure security and prevent fraud: Monitoring for suspicious activity, verifying identity, protecting against unauthorized access

To comply with legal obligations: Fulfilling regulatory requirements including A2P messaging registration and Canadian Anti-Spam Legislation (CASL), responding to legal requests, enforcing our terms of service

To deliver targeted marketing: Sending promotional materials about products and services that may interest you (you can opt out at any time)

To register and manage A2P messaging on your behalf: Using your Canadian Business Number and business information to obtain A2P verification with telecommunications carriers

3. WHAT LEGAL BASES DO WE RELY ON TO PROCESS YOUR INFORMATION?

For Canadian Users (PIPEDA Compliance):

We process your personal information based on the following legal grounds:

Consent: You have given us express or implied consent to process your personal information for specific purposes, including authorization to access your domain registrar account and to register for A2P messaging services on your behalf

Contractual Necessity: Processing is necessary to fulfill our contract with you (such as building your website, managing DNS records, or providing SMS services) or to take steps at your request before entering into a contract

Legitimate Interests: Processing is necessary for our legitimate business interests, such as improving our Services, preventing fraud, and ensuring security, provided these interests do not override your rights

Legal Obligations: Processing is required to comply with applicable Canadian laws and regulations, including telecommunications regulations and CASL

You have the right to withdraw your consent at any time. However, this will not affect the lawfulness of processing based on consent before its withdrawal, and withdrawal may affect our ability to provide certain Services.

4. WHEN AND WITH WHOM DO WE SHARE YOUR PERSONAL INFORMATION?

We may share your information in the following circumstances:

Service Providers and Business Partners

We share information with third-party vendors who perform services on our behalf:

Payment Processors: To process your transactions securely

Cloud Hosting Providers: To store and manage website data and customer information

Email and SMS Providers: To send communications on your behalf (A2P messaging services)

Analytics Services: To analyze usage and improve our Services

Domain Registrars: To manage domain registration and DNS configuration (only with your explicit authorization)

Google Services: To integrate with Google Business Profile for review management

A2P Messaging Service Providers

To enable SMS functionality, we share the following with telecommunications carriers and A2P verification services:

Your Canadian Business Number

Business name and contact information

Sample message templates

Opt-in and opt-out records

Message content and delivery logs

Platform Integrations

When you authorize us to access third-party services (Google Business Profile, domain registrar accounts), we share relevant data to enable these integrations as authorized by you.

Legal Requirements

We may disclose your information when required by law or in response to:

Court orders or legal processes

Requests from government authorities, law enforcement, or telecommunications regulators

Protection of our rights, property, or safety

Investigation of fraud or security issues

Business Transfers

If we are involved in a merger, acquisition, sale of assets, or bankruptcy, your information may be transferred as part of that transaction. We will notify you of any such change.

With Your Consent

We may share your information for other purposes with your explicit consent.

We do not sell your personal information to third parties. We do not share SMS opt-in consent or customer phone numbers with third parties except as necessary to deliver SMS services (carriers and messaging providers) or when required by law.

5. DO WE USE COOKIES AND OTHER TRACKING TECHNOLOGIES?

Yes, we use cookies and similar tracking technologies to collect and store information.

These include:

Essential Cookies: Required for the Services to function properly

Analytics Cookies: Help us understand how users interact with our Services

Functional Cookies: Remember your preferences and settings

Performance Cookies: Monitor website performance and uptime

You can control cookie preferences through your browser settings. Note that disabling certain cookies may affect the functionality of our Services.

Other tracking technologies we use:

Web beacons and pixel tags

Session replay tools

Local storage objects

6. DO WE USE ARTIFICIAL INTELLIGENCE?

Yes, we use artificial intelligence technologies to:

Optimize website content and SEO elements

Generate automated response suggestions for lead follow-ups

Analyze customer communication patterns to improve automation

Enhance review management processes

AI-generated content is created based on the information you provide and publicly available data. We retain human oversight for critical business decisions and communications.

7. HOW LONG DO WE KEEP YOUR INFORMATION?

We retain your personal information only as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

Retention periods include:

Account Information: For the duration of your active account plus 12 months after account closure

Transaction Records: For 7 years to comply with financial and tax regulations

Marketing Communications: Until you unsubscribe or request deletion

Usage Data: For 24 months from collection

SMS Message Logs: For 12 months to comply with A2P regulations and CASL requirements

Domain Access Credentials: Only for the duration necessary to complete authorized DNS configuration, then securely deleted

Customer Lead Data: As directed by you; you can delete this data at any time through your account settings

A2P Registration Data: For the duration of your active service plus 3 years to comply with telecommunications regulations

When we no longer need your information, we will securely delete or anonymize it.

8. HOW DO WE KEEP YOUR INFORMATION SAFE?

We implement appropriate security measures to protect your personal information, including:

Encryption: Data is encrypted in transit using industry-standard TLS/SSL protocols

Access Controls: Limited team access with role-based permissions and multi-factor authentication

Credential Security: Domain and access credentials are encrypted and stored securely with restricted access

Secure Infrastructure: Your data is hosted on enterprise-grade cloud infrastructure (AWS) with industry-standard security certifications including ISO 27001

Data Minimization: We collect only the information necessary to provide our Services

Regular Monitoring: Ongoing system monitoring and security updates

9. DO WE COLLECT INFORMATION FROM MINORS?

No, we do not knowingly collect personal information from individuals under the age of 18. Our Services are intended for business use by adults. If we become aware that we have collected information from a minor without parental consent, we will take steps to delete that information promptly. If you believe we have collected information from a minor, please contact us immediately.

10. WHAT ARE YOUR PRIVACY RIGHTS?

Canadian Privacy Rights (PIPEDA)

Under Canadian privacy law, you have the following rights:

Right to Access: Request access to the personal information we hold about you

Right to Correction: Request correction of inaccurate or incomplete information

Right to Deletion: Request deletion of your personal information, subject to legal retention requirements

Right to Withdraw Consent: Withdraw your consent to processing at any time, including authorization for domain access or A2P messaging registration

Right to Data Portability: Receive your personal information in a structured, commonly used format

Right to Object: Object to certain types of processing, including direct marketing

Right to Lodge a Complaint: File a complaint with the Office of the Privacy Commissioner of Canada

To exercise these rights:

Email us at [email protected]

Call us at (807) 252-9703

We will respond to your request within 30 days. We may require verification of your identity before processing your request.

Opt-Out Options:

Marketing Communications: Click "unsubscribe" in any marketing email or adjust your communication preferences in your account settings

SMS Messages: Reply "STOP" to any SMS message

Cookies: Adjust your browser settings or use our cookie preference center

Important Note: Opting out of certain services (such as A2P messaging) may limit or prevent the functionality of features that depend on those services (such as the 2-way SMS chat widget and automated follow-ups).

11. INTERNATIONAL DATA TRANSFERS

Your information may be transferred to and processed in countries other than Canada, including the United States, where data protection laws may differ. We ensure appropriate safeguards are in place, including:

Standard contractual clauses approved by privacy authorities

Adequacy decisions by the Privacy Commissioner

Compliance with applicable cross-border data transfer regulations

Service provider agreements requiring equivalent privacy protection

By using our Services, you consent to the transfer of your information to these countries.

12. DATA USAGE & SHARING FOR A2P MESSAGING

As part of our Services, we send Application-to-Person (A2P) text messages on behalf of your business, including:

Automated lead follow-up messages

Missed call text-back notifications

2-way SMS conversations through your website chat widget

Review requests and follow-ups

Appointment reminders (if applicable)

Service notifications and updates

A2P Registration and Compliance:

We use your Canadian Business Number to register for A2P messaging services on your behalf

We obtain proper consent before sending SMS messages to your customers

All messages include clear opt-out instructions (reply "STOP")

We maintain records of consent and opt-outs for regulatory compliance

We comply with Canadian Anti-Spam Legislation (CASL), Canadian Radio-television and Telecommunications Commission (CRTC) regulations, and carrier-specific messaging policies

Message content and frequency are controlled by you and comply with carrier guidelines

Data shared with A2P carriers and verification services:

Your Canadian Business Number

Business name, address, and contact information

Phone numbers of message recipients

Message content and templates

Sending timestamps and delivery status

Opt-in and opt-out records

Use case descriptions for messaging services

We do not sell, rent, or share your customers' SMS consent, opt-in records, or phone numbers with any third parties for their marketing purposes. SMS consent data is shared only with: - Our A2P messaging service providers and telecommunications carriers (required to deliver text messages) - Regulators when required by law or to demonstrate CASL compliance Your customers' consent to receive SMS messages from your business is never used for any other purpose or shared with unrelated third parties.

We work only with compliant A2P service providers who maintain appropriate security and privacy standards and are registered with Canadian telecommunications authorities.

13. DOMAIN ACCESS AND WEBSITE MANAGEMENT

Domain Registrar Access: When you authorize us to configure DNS records or manage your domain:

We access your domain registrar account solely to update DNS settings necessary for your website to function

Access credentials are encrypted and stored securely

Access is limited to authorized personnel only

Credentials are deleted after DNS configuration is complete

We never transfer domain ownership or make unauthorized changes

Domain Ownership:

You retain full ownership of your domain at all times

If we register a new domain on your behalf, it is registered in your legal business name

You maintain complete control and ownership rights, including after service cancellation

We will assist with domain transfer or DNS updates upon request

Website Data:

Website files, content, and customer data remain your property

You can request a complete export of your website data at any time

Upon service cancellation, you may request a backup of all website files and databases

14. DO WE MAKE UPDATES TO THIS NOTICE?

Yes, we may update this Privacy Policy from time to time to reflect:

Changes in our practices or Services

Legal or regulatory requirements

Technological advancements

When we make material changes, we will:

Update the "Last Updated" date at the top of this policy

Notify you by email or through a prominent notice on our website or within your account dashboard

Request your renewed consent where required by law

We encourage you to review this Privacy Policy periodically. Your continued use of our Services after changes are posted constitutes your acceptance of the updated policy.

15. HOW CAN YOU CONTACT US ABOUT THIS NOTICE?

If you have questions, concerns, or complaints about this Privacy Policy or our privacy practices, please contact us:

Email: [email protected]

Phone: (807) 252-9703

We will respond to all inquiries within 30 days.

16. HOW CAN YOU REVIEW, UPDATE, OR DELETE THE DATA WE COLLECT FROM YOU?

You have the right to request access to, correction of, or deletion of your personal information.

To submit a request:

Email Request: Send a detailed request to [email protected]

We may request verification of your identity before processing requests to:

Confirm you are the individual whose information we hold

Protect against fraudulent requests

Ensure we provide information only to authorized parties

Upon receiving a valid request, we will:

Provide access to your personal information within 30 days

Correct inaccurate information

Delete your information, subject to legal retention requirements (such as A2P compliance records)

Explain any reasons we cannot fulfill your request

Revoke domain access credentials immediately upon request

Please note that deleting certain information may limit or prevent your use of our Services, including the inability to send SMS messages or maintain your website if critical business information is removed.

Additional Information for Quebec Residents

If you are a resident of Quebec, you have additional rights under Quebec's Act respecting the protection of personal information in the private sector (formerly Bill 64), including enhanced rights regarding automated decision-making and profiling. Please contact us for more information about these rights.

By using Romanello Systems, you acknowledge that you have read and understood this Privacy Policy and consent to the collection, use, and disclosure of your personal information as described herein, including the use of your Canadian Business Number for A2P messaging registration.