Legal
Privacy Policy
Last updated: March 2026
The short version: We collect what we need to deliver the service, we don't sell your data, and we use analytics to understand how this site performs — because that's literally what we do for a living.
1. Who we are
Conversion Clinic is operated by Fernando Baliño. When this policy says “we,” “us,” or “our,” it refers to Conversion Clinic and its operator.
2. What we collect
When you visit the site: Standard analytics data — pages viewed, time on site, device type, browser, approximate location (city-level), and referral source. This is collected through Google Analytics (GA4) and Microsoft Clarity.
When you book a Quick Audit: Your name, email address, website URL, and brief details about your business and primary CTA.
When you submit a fit check: Your name, email, website URL, business context, current conversion concerns, and selected package.
When you purchase a package: Payment is processed through a third-party payment processor. We do not store your credit card number, CVV, or full payment details on our servers.
During an engagement: We may access your website analytics (GA4, Clarity), CMS, or other tools you provide temporary access to. This access is used solely to deliver the service and is revoked or discontinued after the engagement ends.
3. How we use your information
- To deliver the service you purchased
- To communicate about your project (status updates, clarifications, delivery)
- To process payments
- To improve this site's own conversion performance (yes, we eat our own cooking)
- To send follow-up communication about your project or related services — you can opt out at any time
4. What we don't do
- We don't sell your personal information to anyone
- We don't share your business data with other clients
- We don't use your analytics data for any purpose beyond delivering your engagement
- We don't retain access to your tools after the engagement ends
5. Third-party services
We use the following third-party services that may process your data:
- PostHog: Site analytics and visitor behavior
- Google Analytics (GA4): Client analytics data (pulled with client consent during audits)
- Stripe: Payment processing
- Resend: Transactional email delivery (report notifications, confirmations)
- Loom: Video recording delivery for audits
- Google Workspace: Email communication
Each of these services has its own privacy policy. We choose tools with strong privacy practices, but we encourage you to review their policies independently.
6. Cookies
This site uses cookies for analytics (GA4, Clarity) and basic site functionality. These are standard analytics cookies that help us understand how the site is used — page views, session duration, and interaction patterns.
You can disable cookies in your browser settings. The site will still function without them, but we won't be able to track anonymous usage patterns.
7. Data retention
Project files and communication are retained for 12 months after delivery to support any follow-up questions or future work. After that, they're deleted unless you request otherwise.
Analytics data is retained according to the default retention settings of each analytics platform (typically 14 months for GA4).
If you want your data deleted sooner, contact us and we'll handle it within 7 business days.
8. Your rights
You can:
- Request a copy of any personal data we hold about you
- Request correction of inaccurate information
- Request deletion of your data
- Opt out of any marketing communication
To exercise any of these, contact us.
9. Security
We use reasonable technical and organizational measures to protect your data — encrypted connections (HTTPS), secure authentication, and limited access to project files. No system is perfectly secure, but we take this seriously.
10. International data transfers
Conversion Clinic is based in the United States. If you access our services from outside the US, your information may be transferred to, stored, and processed in the United States or other countries where our service providers operate. By using our services, you consent to the transfer of your information to these countries, which may have different data protection rules than your country of residence.
11. European privacy rights (GDPR)
If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR):
- Legal basis: We process your data based on your consent (analytics), contractual necessity (delivering services you purchased), and legitimate interest (improving our service and communicating about your project).
- Right to portability: You can request a machine-readable copy of your personal data.
- Right to restrict processing: You can ask us to temporarily stop processing your data while we address a concern.
- Right to object: You can object to processing based on legitimate interest at any time.
- Supervisory authority: You have the right to lodge a complaint with your local data protection authority.
To exercise any of these rights, contact us.
12. California privacy rights (CCPA)
If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with specific rights:
- Right to know: You can request details about the categories and specific pieces of personal information we have collected about you.
- Right to delete: You can request deletion of your personal information, subject to certain exceptions.
- Right to non-discrimination: We will not discriminate against you for exercising your privacy rights.
- No sale of personal information: We do not sell your personal information to third parties.
13. Data breach notification
In the unlikely event of a data breach that affects your personal information, we will notify affected individuals within 72 hours of becoming aware of the breach, as required by applicable law. We will also notify relevant supervisory authorities where required.
14. Children's privacy
Our services are not directed at individuals under the age of 16. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child under 16, we will take steps to delete it promptly.
15. Changes to this policy
If we make material changes, we'll update the “last updated” date at the top. For active clients, we'll notify you directly of significant changes.
16. Contact
Questions about how we handle your data? Get in touch.