Skip to main content
Shepherd

Privacy Policy

Last updated: April 26, 2026

This Privacy Policy describes how Shepherd Technologies (“Shepherd,” “we,” “us,” or “our”) collects, uses, shares, and protects information in connection with our website at shepherd.tech, our marketing funnel domains (including ai-playbook.pro and other domains operated by Shepherd from time to time), our software platform, and related services (collectively, the “Services”).

By using the Services, you agree to this Privacy Policy. If you do not agree, please do not use the Services.

1. Information We Collect

Information you provide directly:

  • Name, email address, and phone number when you opt in to a lead magnet, request a consultation, or create an account
  • Business information you share when using our platform or completing intake forms
  • Payment details processed securely through Stripe (we receive only the last four digits, billing zip, and country — full card data never touches our systems)
  • Any content you submit to us (form responses, support requests, survey replies)

Information collected automatically:

  • IP address, browser type, device identifiers, and operating system
  • Pages visited, scroll depth, clicks, time on page, and form interactions (via Google Analytics, PostHog, and Meta Pixel)
  • Referral URLs and ad-campaign parameters (UTM tags, gclid, fbclid) used for attribution
  • Cookies and similar technologies (see Section 6)

2. SMS Communications

By providing your phone number and consenting on our website, you agree to receive SMS text messages from Shepherd, including:

  • Order confirmations and receipts
  • Appointment booking confirmations and reminders
  • Platform alerts and notifications (for platform users)

Message and data rates may apply. Message frequency varies based on your activity (typically 1–5 messages per transaction or booking).

To opt out at any time, reply STOP to any message. For help, reply HELP. We do not sell or share your phone number with third parties for their marketing purposes.

3. How We Use Your Information

We process information for the following purposes, on the lawful bases noted:

  • Service delivery (contractual necessity): Deliver requested lead magnets, schedule consultations, process payments, provide platform access, and respond to support requests.
  • Marketing communications (consent / legitimate interest): Send marketing emails and SMS to people who have opted in or transacted with us. You can unsubscribe at any time using the link in any marketing email or by replying STOP to SMS.
  • Analytics and ad measurement (legitimate interest): Measure how visitors use our funnels, optimize ad campaigns, attribute conversions to ad sources, and improve user experience.
  • Platform security and fraud prevention (legitimate interest): Detect, prevent, and address security incidents, fraud, abuse, and policy violations.
  • Legal compliance and accounting (legal obligation): Comply with tax, accounting, anti-fraud, and other legal obligations.

4. Service Providers and Third-Party Recipients

We share information with the following service providers, each of whom processes data on our behalf under contractual obligations of confidentiality and security. We do not sell your personal information to anyone.

ProviderPurposePrivacy Policy
Meta Platforms, Inc.Conversion tracking via Meta Pixel and Conversions API; ad targetingfacebook.com/privacy/policy
Google LLCGoogle Analytics, Google Ads measurement, Google Tag Managerpolicies.google.com/privacy
PostHog Inc.Product analytics and session replay (with input masking)posthog.com/privacy
Cloudflare, Inc.DNS, content delivery, DDoS protection, edge functionscloudflare.com/privacypolicy
Stripe, Inc.Payment processingstripe.com/privacy
Resend, Inc.Transactional and marketing email deliveryresend.com/legal/privacy-policy
Telnyx LLCSMS message deliverytelnyx.com/legal-center/privacy-policy
Cal.com, Inc.Booking calendar and meeting schedulingcal.com/privacy
Supabase, Inc.Application database and authenticationsupabase.com/privacy
Sentry (Functional Software, Inc.)Application error monitoringsentry.io/privacy

We may also disclose information when required by law, in response to valid legal process, to protect our rights or the rights of others, in connection with a merger or acquisition, or with your consent. We may share aggregated or de-identified information that does not identify you for any business purpose.

5. Advertising

We use Meta Pixel, Google Ads, and Google Analytics to measure ad performance and to deliver advertisements that are more relevant to you on third-party websites and platforms (including Facebook, Instagram, Google Search, and YouTube). We may build custom audiences from website visitors and our customer lists for retargeting.

You can opt out of interest-based advertising via your Google Ad Settings, Meta Ad Preferences, or industry tools such as the NAI opt-out and DAA opt-out.

6. Cookies and Tracking Technologies

We and our service providers use cookies, pixels, local storage, and similar technologies to operate the Services and measure ad performance. Categories include:

  • Strictly necessary: session, security, and load balancing
  • Analytics: Google Analytics (_ga, _ga_*), PostHog (ph_*)
  • Advertising and attribution: Meta Pixel (_fbp, _fbc), Google Ads (_gcl_*)

You can control cookies through your browser settings or block them entirely; some Services may not function correctly without them. Where required by law, we will request your consent before setting non-essential cookies.

7. Data Retention

We retain personal information only as long as necessary for the purposes described in this Policy:

  • Lead and contact data: until you request deletion or your account is closed
  • Marketing preferences: indefinitely, until you unsubscribe
  • Analytics data (Google Analytics): 14 months
  • Session replays (PostHog): up to 30 days
  • Server logs: 30–90 days
  • Transaction and tax records: up to 7 years (legal/accounting obligation)
  • Records related to legal claims, fraud, or security incidents: for the period required to investigate, resolve, or defend against the matter

8. Your Rights and Choices

Depending on where you live, you may have the right to:

  • Request access to or a copy of personal information we hold about you
  • Request correction of inaccurate information
  • Request deletion of your information (see Section 9)
  • Withdraw consent or object to certain processing
  • Opt out of marketing communications at any time (unsubscribe link in every email; reply STOP to SMS)
  • Lodge a complaint with your local data protection authority

California residents (CCPA/CPRA): California residents have the right to know what personal information we collect, to request deletion, and to opt out of the “sale” or “sharing” of personal information. We do not sell personal information for monetary consideration. We may share personal information with advertising partners (such as Meta and Google) for cross-context behavioral advertising, which may be considered “sharing” under California law. To opt out of this sharing, email privacy@shepherd.tech with the subject line “Do Not Sell or Share My Personal Information.”

To exercise any of these rights, email us at privacy@shepherd.tech. We will respond within 30 days. We may need to verify your identity before fulfilling certain requests.

9. Data Deletion

To request deletion of your personal data, see our Data Deletion page or email privacy@shepherd.tech with the subject “Data Deletion Request.” We will confirm completion within 30 days, subject to records we are required or permitted to retain (e.g., transaction records for tax compliance).

10. International Transfers

Shepherd is based in the United States. If you access the Services from outside the United States, your information may be transferred to, stored, and processed in the United States, where data protection laws may differ from your country. By using the Services, you consent to such transfer. Our service providers may also process information in other jurisdictions; where required, we rely on Standard Contractual Clauses or equivalent safeguards.

11. Data Security

We implement reasonable technical, administrative, and physical safeguards designed to protect personal information against unauthorized access, alteration, disclosure, or destruction. No system is completely secure, however, and we cannot guarantee the absolute security of any information you provide.

12. Children's Privacy

The Services are not directed to children under the age of 13 (or under 16 in the European Economic Area), and we do not knowingly collect personal information from such children. If you believe a child has provided us with personal information, please contact us and we will take steps to delete it.

13. Changes to This Policy

We may update this Privacy Policy from time to time. The “Last updated” date at the top reflects the latest revision. For material changes, we will provide reasonable notice (such as a banner on the site or an email to registered users) before the change takes effect. Your continued use of the Services after the effective date constitutes acceptance of the updated Policy.

14. Contact Us

For privacy questions, requests, or complaints, contact us at:

Shepherd Technologies
privacy@shepherd.tech
General inquiries: support@shepherd.tech
shepherd.tech