Privacy Policy

1. Introduction
This Privacy Policy ("Policy") describes how SoCalsMedia, operating as SoCalsMedia ("we," "us," or "our"), collects, uses, discloses, and protects information obtained through our website (socalsmedia.com), our marketing services, digital advertising campaigns, email and SMS marketing programs, loyalty and retention systems, and all related tools, platforms, and integrations (collectively, the "Services").
By accessing or using any of our Services, you ("you" or "User") consent to the practices described in this Policy. If you do not agree with this Policy, you must discontinue use of all Services immediately.
This Policy applies to all individuals whose data we process, including but not limited to: visitors to our website, subscribers to email or SMS marketing lists managed by us or our clients, customers of businesses we serve, and any person whose information is collected through marketing campaigns, point-of-sale integrations, digital advertising platforms, or lead generation activities operated by or on behalf of SoCalsMedia.
2. Information We Collect
2.1 Information You Provide Directly
Full name (first and last)
Email address
Phone number (including mobile, for SMS marketing)
Business name, title, and role
Mailing address or business address
Date of birth (when voluntarily provided for loyalty programs)
Payment information (processed via Stripe; we do not store card numbers)
Communications you send to us (emails, form submissions, messages)
Survey responses, feedback, and review content
Any custom form field data submitted through our landing pages, opt-in forms, or lead capture mechanisms
2.2 Information Collected Automatically
IP address and approximate geolocation
Browser type, version, and language preferences
Device type, operating system, and screen resolution
Referring URL, pages visited, time on page, and click behavior
Cookie identifiers and tracking pixel data (Meta Pixel, Conversions API)
Email engagement data (opens, clicks, bounces, unsubscribes) via Klaviyo or equivalent ESP
SMS delivery and engagement data (delivered, replied, opted out)
Ad interaction data (impressions, clicks, conversions) via Meta Ads Manager
Hashed identifiers transmitted via Meta Conversions API (CAPI) including hashed email, hashed phone, and browser identifiers
2.3 Information from Third Parties and Integrations
Point-of-sale (POS) transaction data including: ticket amounts, items purchased, coupon/promo code redemptions, visit frequency, customer ID mappings, and average ticket size
Customer data synced from Klaviyo, ManyChat, or equivalent marketing automation platforms
Publicly available business information obtained through lead generation and outreach activities
Data provided by our business clients about their customers for the purpose of executing marketing campaigns
Social media profile information (public) when interacting with our content or campaigns
Attribution data linking ad engagement to in-store visits or online conversions
3. How We Use Your Information
We use the information we collect for the following purposes:
3.1 Service Delivery and Marketing Operations
To deliver, manage, and optimize email and SMS marketing campaigns on behalf of our clients
To create, manage, and optimize digital advertising campaigns on Meta (Facebook and Instagram), Google, and other platforms
To build, segment, and maintain marketing lists in Klaviyo or equivalent platforms
To generate and assign unique promotional codes tied to POS systems for redemption tracking and attribution
To track customer lifetime value, return visit rates, average ticket size, and revenue attribution
To create automated marketing flows including welcome sequences, bounce-back offers, birthday campaigns, win-back sequences, and loyalty programs
To send transactional and promotional communications
3.2 Analytics, Optimization, and Reporting
To analyze campaign performance, conversion rates, and return on ad spend (ROAS)
To create aggregated and anonymized reports for our clients
To improve targeting, creative performance, and audience segmentation
To conduct A/B testing of ad creatives, copy, offers, and landing pages
To monitor deliverability, inbox placement, and sender reputation
3.3 Business Operations
To process payments and manage billing
To communicate with prospects, leads, and clients
To comply with legal obligations including tax reporting and record keeping
To enforce our Terms of Service and protect against fraud, abuse, or unauthorized access
To respond to legal requests, subpoenas, or court orders
4. Data Sharing and Disclosure
We do not sell your personal information. We share data only as described below:
4.1 Service Providers and Platforms
We share data with third-party service providers who process data on our behalf, subject to contractual data protection obligations:
Klaviyo: Email and SMS marketing automation, list management, customer data storage, flow automation, segmentation, and analytics.
Meta (Facebook/Instagram): Advertising delivery, audience targeting, conversion tracking via Meta Pixel and Conversions API (CAPI). Data transmitted includes hashed email addresses, hashed phone numbers, browser identifiers, and conversion event data.
Stripe: Payment processing. Stripe processes payment card data directly; we do not store card numbers.
ManyChat: Instagram and SMS automation, comment-to-DM flows, coupon delivery, and lead capture.
Google (Analytics, Ads): Website analytics, ad delivery, and conversion tracking.
POS System Providers: Transaction data synchronization for coupon tracking, customer ID mapping, and revenue attribution. Specific POS provider varies by client.
Hosting and Infrastructure: Website hosting, cloud storage, and content delivery.
Instantly / Email Outreach Platforms: Business-to-business outreach and lead generation (using business contact information only).
4.2 Our Business Clients
When we operate marketing services on behalf of a business client, data collected through those campaigns (including customer email addresses, phone numbers, engagement data, redemption data, and transaction data) is shared with and may be jointly controlled by that business client. Each business client is independently responsible for their own privacy practices regarding that data.
4.3 Legal and Safety Disclosures
We may disclose information when required by law, in response to valid legal process, to protect the rights or safety of SoCalsMedia or others, to prevent fraud, or to enforce our agreements.
4.4 Business Transfers
In the event of a merger, acquisition, reorganization, bankruptcy, or sale of assets, your information may be transferred as part of that transaction. We will notify affected users of any material change in data handling practices.
5. Cookies, Pixels, and Tracking Technologies
5.1 What We Use
Meta Pixel: A JavaScript snippet placed on websites to track visitor behavior, build retargeting audiences, and measure ad conversions. The Pixel fires when users take specific actions (page views, form submissions, purchases).
Meta Conversions API (CAPI): A server-side integration that sends conversion data directly from the server to Meta. CAPI transmits hashed customer identifiers (email, phone) along with event data to improve attribution accuracy and is not blocked by browser privacy settings.
Klaviyo Tracking: Web tracking snippets and email/SMS engagement tracking (open pixels, click tracking links) to measure campaign performance and trigger automated flows.
Cookies: Small text files stored on your device. We use both first-party cookies (set by us) and third-party cookies (set by Meta, Google, etc.) for analytics, advertising, and functionality.
ManyChat Tracking: Interaction tracking within Instagram DMs and SMS for flow automation and engagement measurement.
5.2 Your Cookie Choices
Most browsers allow you to block or delete cookies through settings. Blocking cookies may impair website functionality and prevent accurate campaign measurement. You can opt out of interest-based advertising through the Digital Advertising Alliance (optout.aboutads.info) or Network Advertising Initiative (optout.networkadvertising.org).
6. SMS and Email Marketing Compliance
6.1 Email (CAN-SPAM Act Compliance)
All marketing emails include a clear and conspicuous unsubscribe mechanism
Unsubscribe requests are honored within 10 business days
All emails accurately identify the sender and include a valid physical address
We do not use deceptive subject lines or misleading header information
Email lists are maintained with proper opt-in records
6.2 SMS (TCPA and CTIA Compliance)
SMS messages are sent only to individuals who have provided express written consent
All SMS programs include clear opt-in language disclosing message frequency and potential carrier charges
Every SMS message includes opt-out instructions (reply STOP to unsubscribe)
Opt-out requests are processed immediately and permanently unless the individual re-subscribes
We maintain records of consent including the method, date, time, and content of the opt-in
We do not send SMS messages to numbers on the National Do Not Call Registry without prior express consent
Message frequency is disclosed at the point of opt-in
6.3 Consent Records
We maintain auditable records of all marketing consent, including the source of opt-in (in-store tablet, website form, Meta lead ad, etc.), the exact language presented at the time of consent, the timestamp of consent, and the IP address or device identifier where available. These records are retained for the duration of the marketing relationship plus three (3) years.
7. California Privacy Rights (CCPA/CPRA)
If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):
7.1 Your Rights
Right to Know: You may request disclosure of the categories and specific pieces of personal information we have collected about you, the sources of that information, the business purposes for collection, and the categories of third parties with whom we share it.
Right to Delete: You may request that we delete personal information we have collected from you, subject to certain exceptions (legal obligations, completing transactions, security, etc.).
Right to Correct: You may request correction of inaccurate personal information.
Right to Opt-Out of Sale/Sharing: We do not sell personal information. However, certain data sharing with advertising platforms (e.g., Meta Pixel data) may constitute 'sharing' under CPRA. You may opt out of this sharing.
Right to Limit Use of Sensitive Information: You may direct us to limit our use and disclosure of sensitive personal information to what is necessary for performing services.
Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.
7.2 How to Exercise Your Rights
To submit a verifiable consumer request, contact us at cal@socalsmedia.com with the subject line "CCPA Request" or mail a written request to our business address. We will verify your identity before processing any request and will respond within 45 days (extendable by an additional 45 days with notice). You may also designate an authorized agent to make requests on your behalf.
7.3 Categories of Information Collected (Past 12 Months)
Category
Examples
Business Purpose
Identifiers
Name, email, phone, IP address
Service delivery, marketing, analytics
Commercial Information
Transaction records, purchase history, coupon redemptions
Attribution, reporting, campaign optimization
Internet/Network Activity
Browsing history, ad interactions, email engagement
Analytics, retargeting, performance measurement
Geolocation Data
Approximate location from IP address
Ad targeting, local business relevance
Professional Information
Job title, business name
B2B outreach, client services
Inferences
Consumer preferences, purchase propensity
Audience segmentation, campaign targeting

8. Data Retention
We retain personal information for as long as necessary to fulfill the purposes described in this Policy, subject to the following guidelines:
Active marketing relationships: Data is retained for the duration of the relationship plus 3 years after last engagement.
Client campaign data: Retained for the term of the client services agreement plus 2 years for reporting and dispute resolution.
Consent records: Retained for the marketing relationship duration plus 3 years to demonstrate compliance.
Financial and tax records: Retained for 7 years as required by law.
Website analytics data: Retained for up to 26 months in aggregated form.
POS integration data: Retained for the client services agreement term plus 1 year.
Upon termination of a client relationship, we will delete or anonymize client customer data within 90 days unless retention is required by law or the client provides written instructions for data transfer.
9. Data Security
We implement commercially reasonable administrative, technical, and physical safeguards to protect personal information, including:
Encryption of data in transit (TLS/SSL) and at rest where supported by our platforms
Access controls limiting data access to authorized personnel on a need-to-know basis
Two-factor authentication on all critical accounts and platforms
Regular review of third-party service provider security practices
Secure payment processing through PCI-compliant providers (Stripe)
Use of hashed identifiers for cross-platform data transmission (Meta CAPI)
No method of electronic transmission or storage is 100% secure. While we strive to use commercially reasonable means to protect your information, we cannot guarantee absolute security. In the event of a data breach affecting your personal information, we will notify you and applicable authorities as required by law.
10. International Data Transfers
Our services are operated from the United States. If you are located outside the United States, please be aware that information you provide may be transferred to, processed, and stored in the United States, where privacy laws may differ from those in your jurisdiction. By using our Services, you consent to such transfer. We work with contractors located in the Philippines; any data accessible to such contractors is limited to business operational data and does not include direct access to end-consumer personal data except as necessary for defined tasks under contractual data protection obligations.
11. Children's Privacy
Our Services are not directed to individuals under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal information from a child under 16, we will take steps to delete such information promptly. If you believe a child under 16 has provided us with personal information, please contact us immediately.
12. Third-Party Links and Services
Our Services may contain links to third-party websites, platforms, or services (including social media platforms, review sites, and client websites). This Policy does not apply to those third-party services. We encourage you to review the privacy policies of any third-party service you access.
13. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will post the updated Policy on our website with a revised effective date. Material changes will be communicated through our website or via email to affected individuals. Your continued use of our Services after any changes constitutes acceptance of the updated Policy.
14. Contact Us
For questions, concerns, or requests regarding this Privacy Policy:

Email: cal@socalsmedia.com
Website: socalsmedia.com
Business: SoCalsMedia
Location: Los Angeles, California