Privacy Policy

Last updated: May 5, 2026

This site is operated by JCC 10, LLC (“TenHours.ai,” “we,” “us”), a California limited liability company. This policy explains what we collect, why, and what choices you have. Plain English first; legal terms only where they actually matter.

1. What we collect

Information you give us

  • Lead form submissions: name, email address, business type, what you’re looking for, and the notes you write. If you submit through the calculator, we also store the inputs and results you generated.
  • Email correspondence: if you email us directly, we keep that thread.

Information collected automatically

  • Attribution data attached to lead submissions: the URL you submitted from, the referring URL (if any), UTM/click-ID parameters in the link you arrived through, your browser user-agent string, and your viewport size. This helps us understand which pages and channels are working.
  • Analytics: we use Google Analytics 4 to measure aggregate site usage (pages viewed, approximate location at country/region level, device type). GA4 sets cookies. In jurisdictions that require prior consent (EEA, UK, Switzerland), analytics cookies do not load until you accept them.
  • Server logs: our hosting provider (Netlify) and our database provider (Supabase) log standard request metadata including IP address. We do not use these logs for marketing.

What we do not collect

We do not run advertising pixels, do not sell or share personal information for cross-context behavioral advertising, and do not use third-party trackers beyond Google Analytics. We do not knowingly collect information from children under 16.

2. Why we use it

  • To reply to you when you submit the contact form — this is the primary purpose.
  • To send transactional follow-ups (audit confirmations, scheduling links, answers to your questions).
  • To send occasional educational emails if you opt in. You can unsubscribe at any time using the link in any such email.
  • To understand which pages and traffic sources convert so we can improve the site.
  • To meet legal obligations (tax records, responding to lawful requests).

Legal basis (GDPR/UK-GDPR): performance of pre-contractual steps you requested (replying to your inquiry); consent (analytics cookies, marketing emails); legitimate interests (basic security logging, measuring site usage in non-consent regions); legal obligation (tax/accounting).

3. Who we share it with

We share data only with the service providers we need to run the site, and only for the purposes above:

  • Netlify — site hosting (US).
  • Supabase — database for lead submissions (US).
  • Resend — transactional and opt-in email delivery (US).
  • Google Analytics 4 — aggregate site analytics (US/global; subject to your consent where required).
  • Calendly — scheduling, only if you click through to book a call (US).
  • Cloudflare Turnstile — bot protection on the lead form (US/global).

We do not sell or rent personal information. We do not share it with advertisers.

4. International transfers

We are based in the United States and our service providers are primarily US-based. If you submit from outside the US, your information will be transferred to and processed in the US under the relevant standard contractual clauses or equivalent safeguards offered by those providers.

5. How long we keep it

  • Lead submissions: retained while we may reasonably re-engage with you, typically up to 24 months from last contact, then deleted or anonymized.
  • Email threads: retained as long as the relationship is active, plus a reasonable archival period.
  • Analytics: GA4 retention is set to the platform default (currently 14 months) for user-level and event-level data.
  • Server logs: retained per provider defaults (typically 30–90 days).

6. Your rights

Depending on where you live, you have the right to:

  • Access the personal information we hold about you.
  • Correct inaccurate information.
  • Delete your information (subject to legal retention requirements).
  • Object to or restrict processing.
  • Withdraw consent for analytics or marketing emails at any time.
  • Port your data to another service.
  • Lodge a complaint with your local data protection authority.

California residents — Your Privacy Choices: Under the CCPA/CPRA you have the right to know, delete, correct, and limit the use of sensitive personal information, and to not be discriminated against for exercising those rights. We do not sell or share personal information for cross-context behavioral advertising. To exercise any of these rights, email jake@tenhours.ai with the subject line “Privacy Request.” You can also reject analytics cookies at any time using the consent banner (look for “Cookie settings” in the footer once enabled, or clear cookies for this site to re-trigger the banner).

7. Cookies and similar technologies

We use a small number of cookies:

  • Strictly necessary: a localStorage flag that remembers you already submitted the lead form so you don’t see the form again on return.
  • Analytics (with consent where required): Google Analytics cookies (_ga, _ga_*) for aggregate measurement.
  • Bot protection: Cloudflare Turnstile may set short-lived cookies when you submit the form.

You can clear cookies in your browser at any time. In regions that require it, our consent banner lets you accept or reject analytics before any non-essential cookies load.

8. Security

We use HTTPS everywhere, restrict database writes via Supabase row-level security, and apply standard security headers (CSP, HSTS, X-Frame-Options). No system is perfectly secure; if you believe your information has been compromised, contact us immediately.

9. Changes to this policy

We may update this policy as the site and our practices evolve. The “Last updated” date at the top reflects the most recent change. Material changes will be highlighted on the site for a reasonable period.

10. Contact

Questions, complaints, or privacy requests:
JCC 10, LLCjake@tenhours.ai