Privacy Policy
Effective date: April 28, 2026 Last updated: April 28, 2026
This Privacy Policy describes how Golden Boy Holdings LLC (“Golden Boy,” “we,” “us”) collects, uses, discloses, and protects information in connection with our marketing intelligence platform for trades businesses (the “Service”), operated under the codename “Routebook” at https://app.huntingthegap.com.
Status note for Huntor: Confirm SC formation and have a SC business attorney review before linking from the live product or any partnership application. This draft is a starting point, not legal advice.
1. Who this applies to
This policy covers two categories of people:
- Customers – owners, employees, and authorized vendors of trades businesses (HVAC, plumbing, roofing, electrical, etc.) who sign in to the Service.
- End consumers – the residential and commercial customers of those trades businesses, whose data is processed by the Service on the trades business’s behalf.
For end-consumer data, the trades business is the data controller and Golden Boy is the data processor. We process that data only on the controller’s documented instructions, as set out in our Data Processing Addendum.
2. Information we collect
2.1 From customers (account holders)
- Name, work email, phone number, role/title.
- Authentication artifacts: hashed passwords, MFA enrollment, session tokens, device fingerprints, IP addresses, user agents.
- Billing details processed by our payment processor; we do not store full card numbers.
- Customer support correspondence.
2.2 From customer-connected systems
When a customer connects a third-party platform (ServiceTitan, Housecall Pro, Jobber, QuickBooks, CSV upload, etc.), the Service ingests the data the customer authorizes, which may include:
- Job records: addresses, service dates, technician assignments, equipment, invoices, lead source, tags.
- Customer records (from the trades business’s perspective): names, contact information, service history.
- Financial summary data: revenue by job, ticket size, channel attribution.
Only the OAuth scopes required for the agreed deliverable are requested.
2.3 From public and licensed sources
- County parcel data, building permits, demographic and housing data.
- Google Places business listings and review counts.
- Mapping basemaps (Mapbox).
2.4 Automatically
- Server logs, request metadata, performance telemetry, audit events (login, data access, integration changes, exports). Retained for 12 months.
3. How we use information
- Operate, secure, and improve the Service.
- Generate dashboards, neighborhood scorecards, and recommendations for the customer’s own use.
- Train and tune internal models on aggregated, de-identified data only. We do not use a customer’s identifiable data to benefit a different customer.
- Authenticate users, prevent abuse, investigate security incidents, comply with legal obligations.
- Send service-related communications (account, security, billing). Marketing emails are opt-in and include unsubscribe.
4. Legal bases (where applicable)
Where data-protection law requires a legal basis, ours is one or more of: contract performance, legitimate interests (security, product improvement), consent (where requested), or legal obligation.
5. How we share information
- Sub-processors (current list maintained at https://app.huntingthegap.com/legal/subprocessors):
- Supabase Inc. (database, auth, file storage)
- Vercel Inc. (web hosting, edge runtime)
- Railway Corp. (data pipeline compute)
- Mapbox Inc. (mapping)
- Email and analytics providers as listed.
- Customer-authorized integrations: ServiceTitan, Housecall Pro, Jobber, QuickBooks, and any others the customer connects.
- Professional advisors and auditors under confidentiality.
- Legal compliance when required by valid legal process. We will notify the customer where permitted.
- Business transfers (merger, acquisition) under equivalent protections.
We do not sell personal information. We do not share customer data for cross-context behavioral advertising.
6. Security
- Encryption at rest (AES-256) and in transit (TLS 1.3).
- Row-Level Security on every database table. All queries are scoped by authenticated organization.
- OAuth tokens encrypted with a separate application key.
- MFA required for Owner and Admin roles. SSO/SAML available for enterprise.
- Append-only audit log of every login, data access, permission change, and integration event, retained for 12 months and reviewable by Owners, Admins, and Auditors.
- SOC 2 Type 1 audit targeted within 6 months of launch; SOC 2 Type 2 within 24 months.
No system is perfectly secure. If we discover a breach affecting your data, we will notify you without undue delay.
7. Data retention
- Customer account data: kept for the life of the account, deleted within 90 days of account closure unless retention is required by law.
- Connected-system data: synced as long as the integration is connected. Disconnecting an integration triggers a full purge of associated data within 24 hours.
- Audit logs: 12 months, then auto-purged.
- Backups: rolling 30-day window.
8. Your rights
Depending on your location, you may have rights to access, correct, delete, port, restrict processing of, or object to processing of your personal information. For end-consumer data held on a customer’s behalf, requests are routed to the customer (controller). Submit customer requests to privacy@goldenboybranding.com.
California residents have rights under the CCPA/CPRA, including the right to know, delete, correct, opt out of “sale” or “sharing,” and limit use of sensitive personal information. We do not sell or share personal information.
9. International transfers
We host primarily in the United States. If you access the Service from outside the US, your information is transferred to and processed in the US under appropriate safeguards.
10. Children
The Service is not directed to children under 16 and we do not knowingly collect their personal information.
11. Changes
Material changes will be posted here with a new effective date and, for customers, notified by email at least 14 days before they take effect.
12. Contact
Golden Boy Holdings LLC Charleston, South Carolina privacy@goldenboybranding.com huntor@goldenboybranding.com ����������������������������������������������������������