Privacy Policy

Last Updated: July 16, 2026

Introduction

At Jeff Cait, accessible from https://www.jeffcait.com, the privacy and security of our visitors is a top priority. This Privacy Policy describes what personal data we collect, why we collect it, how we use and protect it, and what rights and choices you have.

This policy applies to information collected through our website only. It does not cover data collected offline or via third-party services that link to or from our site.

By accessing or using Jeff Cait, you acknowledge that you have read and agree to this Privacy Policy. Questions or requests may be sent to info@jeffcait.com.

Definitions

  • Personal Data: Any information relating to an identified or identifiable person, including name, email, IP address, and online identifiers.
  • Processing: Any operation on personal data, including collection, storage, use, transfer, and deletion.
  • Data Controller: Jeff Cait, determining the purposes and means of processing personal data on Jeff Cait.
  • You / User: Any individual accessing or using Jeff Cait.

Information We Collect

1. Information You Provide Directly

  • Contact form submissions: name, email address, and message content
  • Account registration: name, email address, username, and encrypted password
  • Billing details (processed securely via third-party processors; full card numbers are never stored on our servers)
  • Email address and preferences for newsletter or mailing list subscriptions

2. Automatically Collected Data

  • IP address, browser type and version, operating system, and device type
  • Pages visited, time and date of visit, duration, and referring URL
  • HTTP request headers and server log data
  • Cookie identifiers, session tokens, and similar tracking data (see Cookies section)
  • Aggregated usage analytics via Google Analytics 4 or similar services

How We Use Your Information

We process personal data for the following purposes:

PurposeExamplesLegal Basis (GDPR)
Service DeliveryOperating the website; responding to support requestsContract / Legitimate Interests
Analytics & ImprovementUnderstanding usage patterns; improving featuresLegitimate Interests
Email MarketingNewsletters, updates, and promotional contentConsent
Transaction ProcessingProcessing orders, payments, and refundsContract
Security & Fraud PreventionDetecting malicious activity; protecting user accountsLegitimate Interests
Legal ComplianceMeeting tax, regulatory, and court-ordered obligationsLegal Obligation

Cookies and Tracking Technologies

Jeff Cait uses cookies, web beacons, and similar technologies. Cookies are small text files placed on your browser to help us deliver and improve our services. We use the following categories:

CategoryPurposeExamplesDuration
Strictly NecessaryCore functionality, security, session management. Cannot be disabled.Session cookies, CSRF tokens, auth tokensSession
Analytics / PerformanceAnonymised visitor behaviour data; site performance improvement.Google Analytics 4 (_ga, _gid, _gat)Up to 2 years
Functional / PreferenceRemembering your settings: language, dark mode, layout.Theme preference, locale cookiesUp to 1 year

Managing Cookies: You can control or delete cookies through your browser settings. Opt-out tools: DAA Opt-Out, Your Online Choices (EU), Google Analytics Opt-Out. Disabling strictly necessary cookies may impair website functionality.

Cookie Consent: Where required by law (e.g. GDPR, ePrivacy Directive), you will be presented with a cookie consent banner on your first visit. Your preference is stored and honoured on subsequent visits.

Analytics

We use Google Analytics 4 (GA4) to measure traffic and usage patterns. GA4 uses first-party cookies and does not use third-party cookies for cross-site tracking. Our privacy configuration includes:

  • IP anonymisation enabled; your full IP address is never stored by Google
  • Data retention configured to a maximum of 14 months
  • We have signed a Data Processing Amendment with Google in accordance with GDPR
  • GA4 data is not shared with Google for its own advertising purposes

You may opt out of Google Analytics tracking at any time via the Google Analytics Opt-Out Browser Add-on.

Payments and Financial Transactions

Payments are processed by PCI-DSS Level 1 compliant third-party processors. We do not store, transmit, or access full payment card numbers. Our payment infrastructure includes:

  • SSL/TLS encryption for all payment data in transit
  • Tokenisation of payment methods to avoid storing raw card data on our servers
  • PCI-DSS compliant environments audited by certified security assessors

Transaction records (excluding card details) are retained for up to 7 years for accounting, tax, and legal compliance.

Email Communications and Newsletter

With your explicit consent, we may send newsletters, product updates, or promotional emails. Every commercial email includes a working one-click unsubscribe link in compliance with the CAN-SPAM Act and, where applicable, CASL. You may also unsubscribe by emailing info@jeffcait.com. Requests are processed within 10 business days. We may retain your address on a suppression list to honour your opt-out preference.

How We Share Your Information

We do not sell your personal information. Data is shared only in these limited circumstances:

  • Service Providers: Trusted processors under contract who help operate our website; they may only process data as instructed by us.
  • Legal Requirements: Where required by law, regulation, subpoena, or court order. We notify you where legally permitted before disclosing.
  • Safety: To protect the rights, property, or safety of Jeff Cait, our users, or the public.
  • Business Transfers: In a merger, acquisition, or asset sale, your data may transfer. You will be notified via a prominent website notice and, where feasible, by email.
  • With Your Consent: For any other purpose with your explicit prior consent.

Data Security

We implement appropriate technical and organisational measures to protect your personal data:

  • HTTPS/TLS 1.2+ encryption for all data in transit
  • Bcrypt or equivalent hashing for stored passwords; plaintext passwords are never stored
  • Role-based access controls limiting data access to authorised personnel
  • Regular security assessments, penetration testing, and vulnerability scanning
  • Real-time monitoring systems for detecting suspicious activity
  • PCI-DSS compliant payment environment

In the event of a personal data breach likely to result in risk to your rights, we will notify affected individuals and relevant supervisory authorities within the legally mandated timeframe (e.g. 72 hours under GDPR).

Data Retention

We retain personal data only as long as necessary to fulfil stated purposes or as required by law:

Data TypeRetention PeriodReason
Server access logs90 daysSecurity monitoring and abuse prevention
Analytics dataUp to 14 monthsTrend analysis (auto-deleted by GA4)
Newsletter subscriptionsUntil unsubscribed + 30 daysSuppression list maintenance
Account dataAccount lifetime + 12 months post-deletionDispute resolution and backups
Transaction records7 yearsTax and legal compliance
Contact form submissions3 yearsCorrespondence records and dispute resolution

Your Privacy Rights

Depending on your location, you may have rights to access, correct, delete, restrict, or transfer your personal data. You may exercise these rights by contacting us at info@jeffcait.com. We will respond within the timeframe required by applicable law. You will never be penalised or discriminated against for exercising your privacy rights.

COPPA - Children's Online Privacy Protection

Jeff Cait is not directed to children under 13 years of age. We do not knowingly collect personal information from children under 13 (or under 16 in jurisdictions where a higher threshold applies, such as certain EU member states under GDPR Art. 8).

If we discover we have inadvertently collected data from a child under the applicable age threshold without verified parental consent, we will delete it immediately. Parents or guardians who believe their child has submitted data on Jeff Cait should contact us at info@jeffcait.com. We will investigate and take corrective action within 72 hours of notification.

PIPEDA - Canadian Privacy Rights

Under Canada's Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial legislation, Canadian residents may: access personal information we hold; challenge its accuracy and request correction; withdraw consent for collection, use, or disclosure; and file a complaint with the Office of the Privacy Commissioner of Canada at priv.gc.ca. Submit requests to info@jeffcait.com. We will respond within 30 days.

CASL - Canada Anti-Spam Legislation

Where applicable, Jeff Cait complies with Canada's Anti-Spam Legislation (CASL, S.C. 2010, c. 23). Our CASL commitments include:

  • We obtain express or implied consent before sending commercial electronic messages (CEMs) to Canadian recipients
  • Every CEM clearly identifies Jeff Cait as the sender and includes our contact information
  • Every CEM includes a functioning unsubscribe mechanism, honoured within 10 business days
  • We maintain records of consent as required by CASL

Links to External Websites

Jeff Cait may contain links to third-party websites. Once you leave our site, this Privacy Policy no longer applies. We have no control over and accept no responsibility for external sites' content, privacy policies, or practices. We recommend reviewing the privacy policy of any third-party site you visit.

Do Not Track (DNT) Signals

Some browsers transmit "Do Not Track" signals to websites. There is currently no universally accepted standard for how websites must respond to DNT signals. At this time, Jeff Cait does not alter its data collection practices in response to DNT browser signals. We will review this position as industry standards evolve.

Changes to This Privacy Policy

We may update this Privacy Policy periodically. When material changes are made, we will update the "Last Updated" date at the top and post a prominent notice on our website, and where feasible notify subscribers via email. Your continued use of Jeff Cait after any modification constitutes acceptance of the revised policy. We encourage you to review this page periodically.

Contact Us

For questions, data subject requests, or privacy complaints, please contact us:

We aim to respond to all enquiries within 5 business days, and within applicable legal deadlines for formal data subject requests.