Last updated: May 20, 2026 · CP Global Dynamics LLC d/b/a Beverly Hills Growth
The short version. We collect the minimum data needed to deliver your audit, run our chat assistant, and process payments. We never sell or share your personal information for cross-context behavioral advertising. We never run ad-tracking pixels. You can ask us to delete everything we hold on you at any time by emailing audit@beverlyhillsgrowth.com with the subject "Privacy request".
This site is operated by CP Global Dynamics LLC, a California limited liability company doing business as Beverly Hills Growth. Our registered address is 425 N Doheny Dr, Beverly Hills, CA 90210. For any privacy question, write to audit@beverlyhillsgrowth.com.
When you submit the audit form on our homepage, we receive: your name, business name (optional), email address, website URL, business category (optional), and the free-text brief you provide. We also log your IP address and user-agent string at the moment of submission for abuse-prevention and rate-limiting. Lawful basis (GDPR Art. 6(1)(b)): performance of a pre-contractual request you initiated.
When you use the chat widget at the bottom of the homepage, the text you type is sent to Google's Gemini API (model gemini-2.0-flash) for an AI-generated reply. We do not store the transcript on our servers unless you confirm you want a human follow-up. If you confirm, the full transcript plus your business name, website, and email are forwarded to our inbox via FormSubmit for human review. Lawful basis: legitimate interest in providing customer service, plus consent (you choose whether to ask for a human follow-up). We do not use chat content to train any AI model, neither ours nor Google's. Our Gemini API project is on the paid tier, under which Google's published terms confirm that prompts and responses are not used to improve Google products (verified 2026-05-22 via the API's serviceTier: standard response field).
When you purchase a service, payment is processed entirely by Stripe on Stripe's hosted checkout pages. We never see your card number, CVC, or full bank details. Stripe forwards us your name, email, billing country, and a tokenized customer ID so we can fulfill your order and recognize you for renewals. Lawful basis: performance of a contract.
Vercel (our hosting provider) records standard server logs (IP, user-agent, timestamp, requested URL, status code). Sentry captures uncaught browser errors and unhandled promise rejections from our front-end code, so we can fix them. Sentry receives your IP address and a redacted stack trace, but not the contents of any form you've filled in. Lawful basis: legitimate interest in keeping the site reliable and secure.
Cloudflare Turnstile runs on the audit form and the chat-lead form to detect automated abuse. Turnstile is privacy-preserving by design (it does not use tracking cookies and does not fingerprint), but Cloudflare does receive your IP address and a brief interaction signal. Lawful basis: legitimate interest in preventing abuse.
If you receive an unsolicited email from us, we found your business in a public Google Maps listing and identified a public contact email via Hunter.io. We do not buy email lists. Each cold email contains our physical mailing address and a working one-click unsubscribe link; unsubscribing is honored within 10 business days as required by CAN-SPAM § 7704(a)(4). Lawful basis: legitimate interest in business-to-business outreach (GDPR Recital 47); we do not send cold email to identifiable individuals at non-business addresses.
We share the minimum data necessary with the following service providers. Each provider has its own privacy policy; we link directly so you can read it.
| Provider | Purpose | Data shared | Region |
|---|---|---|---|
| Vercel | Site hosting + server logs | IP, user-agent, request URL | USA (Global edge) |
| Stripe | Payment processing | Name, email, billing country, card data (Stripe-held) | USA + EU |
| Resend | Transactional email delivery | Email, name, message content | USA |
| Sentry (Functional Software, Inc.) | Error tracking | IP, stack trace, user-agent | USA |
| Google (Gemini API) | AI chat replies | Chat message text only (no name or email) | USA |
| Google (PageSpeed Insights API + Places API) | Audit data collection | Your website URL + business name | USA |
| Cloudflare Turnstile | Bot protection | IP, interaction signal | USA + Global |
| Telegram | Internal alerts to our team only | Your name, business, email (already submitted to us) | UAE / Global |
| FormSubmit | Chat-lead email forwarding | Chat transcript + email (only on opt-in handoff) | USA |
| Hunter.io | Discover public business email (cold outreach only) | Business domain | EU (France) |
| Apify | Public Google Maps listing discovery (cold outreach only) | None of your data; we query public listings | EU (Czech Republic) |
| Google Fonts | Typography (Inter) | IP only (font CDN) | USA |
| jsDelivr | Static JS libraries (three.js, tsParticles) | IP only (CDN) | Global |
We do not sell or share your personal information for cross-context behavioral advertising, in the sense those terms are defined by the California Privacy Rights Act, the Colorado Privacy Act, or any comparable US state law.
We do not use advertising cookies, retargeting pixels, social-media tracking, or analytics cookies. We do not run Facebook Pixel, Google Ads conversion tracking, LinkedIn Insight Tag, TikTok Pixel, or any comparable tracker. For full detail of what does load on your browser, see our Cookie & Tracking Notice.
The chat assistant on this site is powered by Google's Gemini large-language model. Replies are generated automatically and may be inaccurate or out-of-date. We do not use chat content to train any AI model. Read more on our AI Disclosure page.
We operate a public AI Voice Receptionist demo line at +1 (833) 695-2183, and we deploy the same service for paying clients under our Voice Receptionist subscription tiers (Starter, Pro, Concierge, Enterprise).
When you call +1 (833) 695-2183, the call is answered by an AI agent (named "Olivia") built on Retell AI with voice synthesis by ElevenLabs and language-model inference by OpenAI. We collect: your caller phone number in E.164 format, the call start timestamp and duration, an AI-generated text summary of the call, and any booking metadata you provide (name, email, requested service). Calls to the demo line are recorded for quality and training. Lawful basis (GDPR Art. 6(1)(b)): performance of a pre-contractual request you initiated by calling. California two-party consent (CIPA § 632): notice is provided in the agent's opening greeting and in the disclaimer published on our website next to the demo phone number. If you do not wish to be recorded, hang up and email us at audit@beverlyhillsgrowth.com.
For paying clients on a Voice Receptionist subscription, we provision a similar agent to answer the client's business phone. In that case the client is the data controller for incoming caller PII; Beverly Hills Growth acts as a processor. Each client engagement is governed by the Master Services Agreement and, where required, a Data Processing Addendum. Concierge-tier clients may request a Business Associate Addendum where the data subject relationship involves HIPAA-regulated health information; we do not auto-include a BAA on lower tiers.
| Provider | Purpose | Data shared | Region |
|---|---|---|---|
| Retell AI, Inc. | Voice agent orchestration, call handling, tool calls | Caller phone, transcript, AI summary | USA |
| ElevenLabs, Inc. | Real-time voice synthesis | Generated agent speech (no caller audio) | USA |
| Twilio, Inc. | PSTN bridge, telephony routing | Caller phone, call metadata | USA |
| OpenAI, OpCo, LLC | Language-model inference for agent responses | Transcribed caller text | USA |
The full CCPA / GDPR / PIPEDA rights described in Sections 7-9 apply to voice service data. To request a copy or deletion of any voice recording, transcript, or booking record we hold on you, email audit@beverlyhillsgrowth.com with subject Voice data request and include the phone number from which you called. We respond within the timelines set out in Sections 7-9.
We retain personal data only as long as we need it:
The retention windows above mirror our internal records-retention schedule. A copy is available on written request to audit@beverlyhillsgrowth.com.
If you are a California resident, you have the right to:
To exercise a right, email audit@beverlyhillsgrowth.com with subject CCPA request. We respond within 45 days. We may need to verify your identity by confirming an email match to records we already hold. You may authorize an agent to submit a request on your behalf; the agent must provide written permission signed by you.
If you are in the European Economic Area, United Kingdom, or Switzerland, you have the right to:
To exercise a right, email audit@beverlyhillsgrowth.com with subject GDPR request. We respond within 30 days (extendable by 60 additional days for complex requests, with notice). When we transfer personal data from the EEA, UK, or Switzerland to the United States, the transfer is covered either by the European Commission's Standard Contractual Clauses (Module 2, controller-to-processor) signed with each of our sub-processors, or by the recipient's certification under the EU-US Data Privacy Framework where applicable. A copy of the SCCs we have in place is available on request.
EU representative: not appointed. At our current processing volume we qualify for the GDPR Art. 27(2)(a) exemption ("occasional" processing, not large-scale, no special categories). If our volume increases past this threshold we will appoint a representative under Art. 27 and update this notice.
If you are in Canada, you have the right to access the personal information we hold about you and to request correction. Contact audit@beverlyhillsgrowth.com. If we cannot resolve your concern, you may complain to the Office of the Privacy Commissioner of Canada.
We follow industry-standard practices: TLS 1.2+ for every connection (HSTS preload), server-side input validation on every form, Cloudflare Turnstile bot protection on every public form, HMAC verification on every Stripe webhook, separate secrets per service stored in encrypted environment variables, no production secret ever committed to git, and quarterly review of authorized human and machine identities. We do not store payment card data; Stripe holds it. We do not have a SOC 2 report (we are a sole-operator business); if a SOC 2 report is required by your procurement team, contact us before purchasing.
This site is not directed at children under the age of 16. We do not knowingly collect personal information from anyone under 16. If you believe we have, email audit@beverlyhillsgrowth.com and we will delete it.
If we materially change this policy, we update the "Last updated" date at the top and, for changes that affect how we handle data we already hold, email everyone on our active client list at least 30 days before the change takes effect. Continued use of the site after a change indicates acceptance.
Privacy questions, data-rights requests, or anything else: audit@beverlyhillsgrowth.com. We typically respond within 2 business days. Mailing address: CP Global Dynamics LLC, 425 N Doheny Dr, Beverly Hills, CA 90210, USA.