Privacy Policy

1. Introduction

Gnome Automation ("we," "us," or "our") operates the website gnomeautomation.com. We are an industrial automation company based in Sacramento, California, United States.

This Privacy Policy explains what information we collect when you visit our website or submit an inquiry through our contact form, how we use that information, and the choices you have. It applies to all visitors of gnomeautomation.com.

By using our website, you acknowledge that you have read and understood this policy. If you have questions, contact us at info@gnomeautomation.com.

2. Information We Collect

2.1 Information You Provide

When you submit our contact form, we collect the following personal information:

• Name (required)
• Email address (required)
• Company name (optional)
• Phone number (optional)
• Message text (optional free-text describing your project or inquiry)

This information is stored in our database and used solely to respond to your inquiry and communicate about potential projects.

2.2 Information Collected Automatically

• Server logs: Our web server records your IP address, browser user-agent string, pages requested, and timestamps. These logs are used for security monitoring and troubleshooting and are retained for up to 90 days.
• Session cookie: We set a single essential cookie to maintain your session while you browse the site (Phoenix session cookie). This cookie is strictly necessary for the website to function and does not track you across other websites. We do not use any advertising, marketing, or third-party tracking cookies.
• Analytics: We do not currently use any third-party analytics service on this website. No tracking pixels, no cookies for analytics, no behavioral profiling.
• Error tracking: We use a self-hosted instance of GlitchTip (an open-source error monitor) running on our own infrastructure. When an application error occurs, technical context — error message, stack trace, browser type, operating system — is recorded for debugging. Error data never leaves servers we operate.

3. How We Use Your Information

We use the information we collect for the following purposes:

• Responding to inquiries: When you submit the contact form, your information is sent via email to our sales team at sales@gnomeautomation.com so we can reply to your message, discuss your project, and provide a quote or proposal.
• Business communications: We may follow up on your inquiry to discuss project scope, timelines, or related services. We will not add you to a marketing mailing list without your explicit consent.
• Website operation and security: Server logs and error data help us keep the site running, detect abuse, and fix technical problems.

4. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA) or the United Kingdom, we process your personal data under the following legal bases:

• Legitimate interest (Article 6(1)(f) GDPR): We process contact form submissions and server logs based on our legitimate interest in responding to business inquiries and maintaining website security. We have assessed that these interests do not override your fundamental rights and freedoms, particularly given the limited scope of data collected and its business-to-business context.
• Consent (Article 6(1)(a) GDPR): If we ever introduce optional marketing communications, we will obtain your prior consent before sending them.
• Legal obligation (Article 6(1)(c) GDPR): We may retain certain information where required by tax, accounting, or other applicable law.

5. Sharing Your Information

We do not sell, rent, or trade your personal information to third parties. We share your data only with the following service providers ("processors") who assist in operating our website and business:

• Hetzner Online GmbH (Gunzenhausen, Germany) — Server hosting. Your data is stored on servers operated by Hetzner. Hetzner is subject to GDPR as a German/EU company.
• Stalwart mail server (self-hosted at mail.gnomeautomation.com on Hetzner infrastructure) — Used to send the SMTP notification email to our sales team when you submit the contact form. This is infrastructure we operate; your data does not leave our hosting provider for email delivery.

We may also disclose your information if required to do so by law, regulation, or legal process, or if we believe disclosure is necessary to protect our rights, safety, or property.

6. Data Retention

• Contact form submissions (lead records): Retained for up to 3 years from the date of submission, or longer if an active business relationship results from the inquiry. You may request earlier deletion at any time.
• Server logs: Retained for up to 90 days, then automatically purged.
• Error tracking data (GlitchTip): Retained for up to 90 days on our own infrastructure, then automatically purged.

7. Your Rights

7.1 Rights Under GDPR (EEA and UK Residents)

If you are in the EEA or UK, you have the following rights regarding your personal data:

• Access: Request a copy of the personal data we hold about you.
• Rectification: Request correction of inaccurate or incomplete data.
• Erasure: Request deletion of your personal data ("right to be forgotten").
• Restriction: Request that we limit how we process your data.
• Data portability: Request your data in a structured, machine-readable format.
• Objection: Object to processing based on legitimate interest.
• Withdraw consent: Where processing is based on consent, you may withdraw it at any time.

You also have the right to lodge a complaint with your local data protection supervisory authority if you believe your rights have been violated.

7.2 Rights Under CCPA (California Residents)

If you are a California resident, the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA) grant you the following rights:

• Right to know: You may request that we disclose what personal information we have collected about you, the sources, the business purpose, and the categories of third parties with whom we share it.
• Right to delete: You may request deletion of your personal information.
• Right to correct: You may request correction of inaccurate personal information.
• Right to opt out of sale or sharing: We do not sell or share your personal information for cross-context behavioral advertising. There is nothing to opt out of.
• Non-discrimination: We will not discriminate against you for exercising your privacy rights.

7.3 How to Exercise Your Rights

To exercise any of the rights described above, contact us at info@gnomeautomation.com. We will respond to your request within 30 days (or within the time period required by applicable law). We may need to verify your identity before processing your request.

8. International Data Transfers

Our servers are hosted by Hetzner in Germany (EU). If you are visiting from outside the EU, your data will be transferred to and stored on servers in the EU. The EU provides a high standard of data protection under GDPR.

We are a US-based company. If you are located outside the United States and submit a contact form inquiry, your information will be accessible to our team in the United States for the purpose of responding to your inquiry.

9. Security

We take reasonable measures to protect your personal information, including:

• All data in transit is encrypted via TLS (HTTPS). Our website enforces HTTPS for all connections.
• Database access is restricted to the application server and is not publicly accessible.
• Server access is limited to authorized personnel using SSH key authentication.
• Email delivery uses TLS encryption between our application and mail server.

While we strive to protect your information, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security.

10. Children's Privacy

Our website and services are directed at businesses and professionals. We do not knowingly collect personal information from anyone under the age of 16. If we learn that we have collected personal data from a child under 16, we will delete it promptly. If you believe a child has provided us with personal information, please contact us at info@gnomeautomation.com.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make changes, we will update the "Last updated" date at the top of this page. We encourage you to review this page periodically. Your continued use of the website after any changes constitutes acceptance of the updated policy.

12. Contact Us

If you have questions about this Privacy Policy or wish to exercise your privacy rights, please contact us:

• Email: info@gnomeautomation.com
• Company: Gnome Automation
• Location: Sacramento, CA, United States
• Website: gnomeautomation.com