// Legal
Privacy Policy
How we collect, use, and protect your information on yourcaio.co.
Last Updated: March 20261. Who We Are
This website, yourcaio.co, is operated by David Cartolano, an independent AI strategy consultant based in New York City, New York, USA. David Cartolano is the data controller responsible for personal information collected through this site.
For privacy-related questions or requests, please use the contact form.
2. Information We Collect
We collect the following categories of information when you visit this site:
- Analytics data — IP addresses (anonymized), browser type, operating system, pages visited, session duration, and referral URLs. Collected via Google Analytics 4 and Microsoft Clarity.
- Behavioral & session data — Mouse movements, click patterns, heatmaps, and scroll depth. Collected by Microsoft Clarity solely to improve user experience.
- Company identification data— RB2B may identify the company associated with a visitor's IP address to provide context for B2B outreach. RB2B does not collect or share individual personally identifiable information.
- Contact form submissions — Your name, email address, and message content when you voluntarily submit the contact form.
We do not collect sensitive categories of personal data such as health, financial, or government identification information.
3. How We Use Your Data
- Analyzing website traffic and improving site performance (Google Analytics 4, Microsoft Clarity)
- Understanding visitor behavior to optimize user experience (Microsoft Clarity heatmaps and session recordings)
- Identifying companies visiting the site to inform B2B outreach strategy (RB2B)
- Responding to inquiries submitted through the contact form
- Sending commercial emails where you have provided your contact information or consented to outreach (see Section 8)
We do not sell, rent, trade, or broker your personal data to any third party.
4. Third-Party Services & Cookies
This site uses the following third-party tracking services. All three scripts are loaded only after you accept the cookie consent banner. Declining consent prevents any of these scripts from running.
| Service | Provider | Purpose | Opt-Out |
|---|---|---|---|
| Google Analytics 4 | Google LLC | Aggregate traffic analytics and audience insights | GA Opt-out Add-on |
| Microsoft Clarity | Microsoft Corporation | Session recordings and heatmaps for UX analysis | Clarity Opt-out |
| RB2B | RB2B, Inc. | B2B company identification via IP address | RB2B Opt-out |
Each provider operates under its own privacy policy and data processing terms. We encourage you to review their policies for full details on how they handle data.
5. Cookie Consent
When you first visit this site, a cookie consent banner is displayed. Accepting consent loads Google Analytics 4, Microsoft Clarity, and RB2B. Declining consent blocks all three services — no tracking scripts run on your session.
Your consent preference is stored locally in your browser under the key cookie-consent-v1 using localStorage. No data is sent to our servers to record this preference.
You may withdraw consent at any time by clearing your browser's site data for yourcaio.co (Settings → Privacy → Clear browsing data, or the equivalent in your browser). After clearing, the consent banner will reappear on your next visit. Withdrawing consent does not affect your ability to use the site.
6. Data Retention
- Google Analytics 4— Data is retained for up to 26 months, per Google's default retention settings. This can be configured within Google Analytics.
- Microsoft Clarity— Session recordings and heatmap data are retained for up to 90 days per Microsoft's data retention policy.
- RB2B— Data is processed in real time. RB2B's own data retention policy governs how long it stores company identification data.
- Contact form submissions — Retained only as long as necessary to respond to your inquiry. No contact form data is stored in a database on this website.
7. Your Rights
New York SHIELD Act (N.Y. Gen. Bus. Law § 899-aa)
As a business operating in New York, we implement reasonable administrative, technical, and physical safeguards to protect private information of New York residents. In the event of a security breach affecting private information of New York residents, we will provide notification in accordance with the timeframes required by the NY SHIELD Act.
California Consumer Privacy Act (CCPA)
Although this business is based in New York, visitors from California may have rights under the CCPA, including the right to:
- Know what categories and specific pieces of personal information we have collected about you
- Request deletion of personal information we hold
- Opt out of the “sale” of personal information — we do not sell personal information
- Non-discrimination for exercising your CCPA rights
California residents may submit requests via the contact form.
General Rights
Any visitor may request access to, correction of, or deletion of personal data submitted through the contact form. Submit requests via the contact formand include “Privacy Request” in your message.
8. Commercial Email & CAN-SPAM Compliance
Commercial emails may be sent from this business, including outreach, newsletters, and follow-up communications. All commercial email communications comply with the CAN-SPAM Act:
- The sender's identity is accurately identified in the “From” field
- Subject lines accurately reflect the content of the message
- Each email includes a valid physical postal address
- Each email includes a clear and conspicuous opt-out mechanism
- Opt-out requests are honored promptly, within 10 business days
- Third parties are not used to send emails on our behalf without ensuring CAN-SPAM compliance
9. Data Security
This website is served over HTTPS. We do not store sensitive credentials, payment information, or government identification on this site. Reasonable technical safeguards are in place to protect data transmitted through the contact form.
No method of transmission over the internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee absolute security.
10. Children's Privacy
This website is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided personal information through this site, please contact us via the contact form and we will promptly delete it.
11. Changes to This Policy
This Privacy Policy is reviewed monthly to ensure it remains current with applicable law and our data practices. The “Last Updated” date at the top of this page reflects the most recent review. Material changes will be noted here.
Continued use of yourcaio.co after any changes to this policy constitutes your acceptance of the updated terms.
12. Contact
For privacy-related questions, requests, or concerns, please reach out via the contact form. This website is operated from New York City, New York, USA, which serves as the jurisdiction for data controller purposes.