1. Who We Are

This Privacy Policy applies to all websites, services, and platforms operated by Hershell Hudson LLC (doing business as “Suture & Co”), including but not limited to:

• hershellhudson.com — corporate site and service verticals
• sutureleads.com — patient acquisition platform for aesthetic surgeons
• Associated Skool communities (Cosmetic Doctors & Surgeons, Ads for Spa & Salon Owners, The Property Boardroom, and others)
• GoHighLevel (GHL) sub-accounts and CRM systems managed on behalf of clients
• Social media advertising campaigns managed through Meta (Facebook/Instagram) and Google Ads

Throughout this policy, “we,” “us,” and “our” refer to Hershell Hudson LLC and its operating brands. “You” and “your” refer to users of our websites, services, and platforms.

2. Information We Collect

Information You Provide Directly

• Contact information: name, email address, phone number, business name, and mailing address
• Account credentials: username and password for community access or client portals
• Business information: practice type, specialty, location, advertising budget, and business goals
• Payment information: credit card details, billing address (processed securely through third-party payment processors — we do not store full card numbers)
• Communications: messages, support requests, and feedback you send us
• Advertising access: Facebook Business Manager access, Google Ads account access, and other platform credentials you grant us for campaign management

Information Collected Automatically

• Device & browser data: IP address, browser type, operating system, device identifiers
• Usage data: pages visited, time spent, click patterns, referring URLs
• Location data: approximate geographic location based on IP address
• Cookie & pixel data: as described in Section 6 below

Information from Third Parties

• Advertising platforms: campaign performance data, audience insights, and conversion data from Meta and Google
• CRM systems: lead information, appointment data, and communication history from GoHighLevel
• Community platforms: engagement data and membership information from Skool

3. How We Use Your Information

We use collected information for the following purposes:

• Service delivery: building, launching, and managing advertising campaigns on your behalf
• Account management: maintaining your membership, processing payments, and providing support
• Communication: sending service updates, campaign reports, community notifications, and responding to inquiries
• Optimization: analyzing campaign performance, improving targeting, and maximizing return on ad spend
• AI-powered automation: using artificial intelligence tools (including Viktor AI) to manage campaigns, generate reports, and optimize performance
• Community management: facilitating engagement within our Skool communities and events
• Marketing: sending promotional materials about our services, events, and new offerings (with your consent or where permitted by law)
• Legal compliance: meeting legal obligations, resolving disputes, and enforcing agreements

4. Health & Medical Information

When providing services to cosmetic surgeons, plastic surgeons, med spa owners, and other aesthetic medicine professionals through Suture & Co:

• We may process lead information generated through advertising campaigns, which may include a prospective patient’s name, contact information, and interest in specific cosmetic procedures
• We do not collect, store, or process Protected Health Information (PHI) as defined by HIPAA
• We do not access patient medical records, treatment histories, or clinical data
• Lead data collected through our campaigns is used solely for connecting prospective patients with our client practices
• Our client practices are responsible for their own HIPAA compliance once a lead becomes a patient

If you are a prospective patient who submitted information through one of our advertising campaigns, your data is shared with the specific practice whose ad you responded to. Please refer to that practice’s privacy policy for information about how they handle your data.

5. Advertising & Marketing Data

As a digital marketing agency managing campaigns across multiple platforms, we handle advertising data as follows:

Meta (Facebook & Instagram)

• We access your Facebook Business Manager as an authorized advertiser
• We create, manage, and optimize ad campaigns using Meta’s advertising tools
• Campaign data (impressions, clicks, conversions, audience insights) is used for optimization and reporting
• We comply with Meta’s Business Tools Terms and Advertising Policies

Google Ads

• We manage Google Ads campaigns including Search, Display, Performance Max, and YouTube
• We may use Google Analytics, conversion tracking, and remarketing pixels
• We comply with Google’s Advertising Policies and Terms of Service

GoHighLevel (GHL)

• We use GoHighLevel as our CRM and automation platform
• Client data within GHL sub-accounts is managed on behalf of our clients
• Automated workflows may include SMS, email, and voice communications
• We comply with TCPA and CAN-SPAM requirements for all automated communications

6. Cookies & Tracking Technologies

Our websites use the following tracking technologies:

• Essential cookies: required for site functionality, login sessions, and security
• Analytics cookies: Google Analytics to understand site usage and improve user experience
• Advertising pixels: Meta Pixel and Google Ads conversion tracking to measure campaign effectiveness
• Remarketing cookies: to show relevant ads to previous visitors across the web

You can manage cookie preferences through your browser settings. Disabling cookies may limit certain site functionality.

7. Third-Party Services

We use the following third-party services that may process your data:

• Meta Platforms (Facebook/Instagram): advertising, audience targeting, and conversion tracking
• Google: advertising, analytics, Google Business Profile management, and YouTube
• GoHighLevel: CRM, automation, appointment booking, and communication workflows
• Skool: community hosting and course delivery
• Stripe / payment processors: secure payment processing
• Twilio: SMS and voice communication services
• VAPI: AI voice assistant services
• HeyGen: AI video generation
• Viktor AI (getviktor.com): AI-powered campaign management and automation
• Cloudflare: website security and CDN
• WordPress: website hosting and content management

Each third-party service has its own privacy policy governing their use of your data. We encourage you to review those policies.

8. Data Sharing & Disclosure

We do not sell your personal information to third parties. We may share your information in the following circumstances:

• Service delivery: with advertising platforms (Meta, Google) to run your campaigns
• Client fulfillment: lead data generated through campaigns is shared with the respective client whose services were advertised
• Service providers: with trusted partners who assist in operating our business (hosting, payment processing, communication tools)
• Legal requirements: when required by law, subpoena, or government request
• Business transfers: in connection with a merger, acquisition, or sale of assets
• With your consent: when you have given explicit permission

9. Data Retention

• Client account data: retained for the duration of the business relationship plus 3 years
• Lead data: retained for 24 months after collection unless the associated client requests earlier deletion
• Campaign performance data: retained for up to 5 years for historical analysis and reporting
• Communication records: retained for 3 years for quality and compliance purposes
• Payment records: retained as required by tax and financial regulations

You may request deletion of your personal data at any time by contacting us (see Section 16).

10. Your Rights & Choices

Depending on your jurisdiction, you may have the following rights:

• Access: request a copy of the personal data we hold about you
• Correction: request correction of inaccurate or incomplete data
• Deletion: request deletion of your personal data (subject to legal retention requirements)
• Portability: request your data in a machine-readable format
• Opt-out: unsubscribe from marketing communications at any time via the unsubscribe link in our emails or by contacting us
• Restrict processing: request that we limit how we use your data
• Withdraw consent: where processing is based on consent, you may withdraw it at any time

To exercise any of these rights, contact us at the information provided in Section 16. We will respond within 30 days.

11. Children’s Privacy

Our services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us immediately and we will delete it.

12. Security Measures

We implement industry-standard security measures to protect your information, including:

• SSL/TLS encryption on all websites and data transfers
• Secure access controls and authentication for all platforms
• Regular security audits and monitoring
• Cloudflare WAF protection against unauthorized access
• Encrypted storage for sensitive credentials and API keys

While we take reasonable precautions, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.

13. International Data Transfers

Our services are primarily operated from the United States. If you access our services from outside the U.S., your data may be transferred to and processed in the United States. By using our services, you consent to this transfer.

14. California Residents (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

• Right to know: what personal information we collect and how it is used
• Right to delete: request deletion of your personal information
• Right to opt-out: of the sale or sharing of personal information (we do not sell personal information)
• Right to non-discrimination: for exercising your privacy rights
• Right to correct: inaccurate personal information
• Right to limit: use of sensitive personal information

To exercise these rights, contact us using the information in Section 16. We will verify your identity before fulfilling any request.

15. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated “Last Updated” date. For material changes, we will provide prominent notice on our websites or via email. Your continued use of our services after changes constitutes acceptance of the updated policy.

16. Contact Us

For privacy inquiries, data requests, or questions about this policy:

• Business: Hershell Hudson LLC / Suture & Co
• Email: hershellsolar@gmail.com
• Website: hershellhudson.com
• Location: Valrico, Florida, United States

We aim to respond to all privacy-related inquiries within 30 business days.