SchubertConsulting Book the audit, $100
Legal

Privacy Policy

How Schubert Consulting LLC collects, uses, and protects information across schubertconsulting.io and portal.schubertgrowth.io.

Last updated May 1, 2026
Privacy Policy

Your data, in plain English

We've written this so you can actually understand what happens with your information. If anything below is unclear, email us at [email protected].

This policy explains how Schubert Consulting LLC ("we," "us," or "Schubert") collects, uses, and protects information through our websites at schubertconsulting.io and portal.schubertgrowth.io, and through our consulting services.
Section 01

What we collect

We collect several categories of information depending on how you interact with us:

  • Business contact information — name, email, phone, business name, business address when you become a client or interact with our services
  • Website analytics — pages visited, time on site, referring URLs, browser type, device information
  • Authentication data — Clerk processes login credentials when you create a portal account. We do not store your password directly
  • Public business data — publicly available listings from Google Places and similar sources used to generate client insights
  • Revenue data — clients in our Growth Partner and Market Leader tiers may provide revenue figures voluntarily; this is encrypted at rest
  • Prospect data — publicly available business contact information for outreach to businesses that may benefit from our services
Section 02

How we use it

We use the information we collect to:

  • Deliver consulting services — generate Growth Gap reports, monitor your online presence, track review performance, and provide strategic recommendations
  • Operate the client portal — authenticate your account, display your business data and reports, and manage your subscription
  • Communicate with you — service updates, Growth Gap reports, scheduling communications, and responses to inquiries
  • Improve our services — understand aggregate usage patterns and refine our offerings
  • Conduct business outreach — contact prospective clients using publicly available business information (see Section 3)

We do not sell your information to third parties. We do not use your data for purposes unrelated to our consulting services.

Section 03

Cold outreach

We contact businesses via email using publicly available business information sourced from business directories, public listings, and similar sources. This outreach is commercial in nature and is conducted in compliance with the CAN-SPAM Act:

  • Every outreach email clearly identifies Schubert Consulting as the sender
  • Every email includes a clear and functioning opt-out mechanism
  • Opt-out requests are honored within 10 business days
  • We do not use deceptive subject lines or misleading header information
  • Our physical mailing address is included in each message

If you receive an email from us and do not wish to be contacted, use the unsubscribe link or contact [email protected].

Section 04

SMS and text messages

If you opt in to receive text messages from Schubert Consulting, the following applies:

  • We may send review request messages, appointment reminders, and service-related notifications via SMS
  • Message frequency varies based on your service plan and activity
  • Message and data rates may apply depending on your mobile carrier and plan
  • You can opt out at any time by replying STOP to any message
  • For help, reply HELP to any message or contact us at [email protected]
Mobile information will not be shared with or sold to third parties or affiliates for marketing or promotional purposes. Mobile information of end users opting in to our messaging programs will never be shared or sold to third parties.

We obtain express written consent before sending any text messages. Consent is not a condition of purchasing any goods or services. Consent records are retained for not less than four (4) years to demonstrate compliance with the Telephone Consumer Protection Act (TCPA) statute of limitations. Consent records include timestamp, capture surface (e.g., QR card, table tent, web form), and the opt-in language version presented to the customer.

Section 05

Third-party services

We use the following third-party services to operate our business and platform:

ServicePurpose
ClerkUser authentication and session management for the client portal
CloudflareWebsite hosting (Cloudflare Pages), DNS, content delivery, and security
Google Places APIPublic business data for research and competitive analysis
Google WorkspaceSchubert business email (hello@, eric@, josinee@) — inbound and outbound
StripePayment processing, subscription billing, and Stripe Tax for sales tax computation
MailgunTransactional email delivery (review-request emails on behalf of clients)
TwilioSMS delivery for review requests and service notifications (TCPA-compliant)
EmbedMyReviews (EMR)Review management platform for client reputation campaigns; routes outbound review requests via Mailgun and Twilio

Each service operates under its own privacy policy. We share only the minimum data necessary for each service to function.

Section 06

Data storage and security

Our infrastructure is self-hosted in the United States. We take the following measures to protect your data:

  • Encryption in transit — all data between your browser and our servers is encrypted using TLS
  • Encryption at rest — revenue data and other sensitive business information is encrypted at rest
  • Access controls — client data access is restricted to authorized personnel on a need-to-know basis
  • Security monitoring — we monitor our systems for unauthorized access and unusual activity

No system is perfectly secure. We implement reasonable administrative, technical, and physical safeguards appropriate for the type and volume of data we handle.

Section 07

Data retention

  • Client data — retained for the duration of your active account and for a reasonable period afterward to fulfill legal or operational obligations
  • Prospect data — retained for the lifecycle of the relevant outreach campaign; opt-out preferences are retained indefinitely
  • Consent and opt-out records — retained as long as legally required to demonstrate compliance
  • Analytics data — retained in aggregate form; not linked to individual identities after 24 months

You may request deletion of your data at any time (see Section 8).

Section 08

Your rights

You have the right to:

  • Access the personal information we hold about you
  • Correct inaccurate information
  • Request deletion of your data, subject to any legal retention obligations
  • Opt out of marketing communications at any time

Texas residents: The Texas Data Privacy and Security Act (TDPSA) provides additional rights — the right to know what personal data is collected, to delete personal data, to correct inaccuracies, to obtain a portable copy, and to opt out of the sale of personal data or use for targeted advertising or profiling. We do not sell personal data.

To make a request, email [email protected] with the subject line "Privacy Request." We will respond within 45 days and may need to verify your identity before processing.

Section 09

HIPAA and protected health information (PHI)

For healthcare clients, Schubert is a HIPAA Business Associate under an executed Business Associate Agreement (BAA). For all other clients, we are not a Business Associate and do not handle PHI.

Schubert is not a HIPAA-covered entity. Our role under HIPAA depends on the client we are serving:

  • Healthcare clients (dental practices, medical clinics, and other HIPAA-covered entities) — Schubert acts as a Business Associate under an executed Business Associate Agreement (BAA), incorporated as Exhibit B of the Master Services Agreement. PHI handling is governed by the BAA and 45 C.F.R. § 164.502 et seq. Schubert maintains administrative, physical, and technical safeguards consistent with HIPAA Security Rule requirements.
  • Non-healthcare clients — Schubert is not a Business Associate. Our services for non-healthcare clients are limited to business marketing data (review counts, star averages, search visibility, GBP analytics). We do not knowingly collect, store, process, or have access to PHI for non-healthcare engagements.

If you are a healthcare provider engaging Schubert without a BAA on file, do not share PHI with us. Reach out to [email protected] to put a BAA in place before any PHI is exchanged.

Section 10

Children's privacy

Our services are designed for businesses, not individual consumers or children. We do not knowingly collect information from anyone under 18 years of age. If we learn that we have inadvertently collected data from a minor, we will delete it promptly.

Section 11

Changes to this policy

We may update this Privacy Policy from time to time. If we make material changes — meaning changes that affect what data we collect, how we use it, or who we share it with — we will notify active clients via email before the changes take effect.

Non-material changes (clarifications, formatting, updated contact information) may be made without notice. The "Last updated" date at the top of this page reflects the most recent revision.

Section 12

Contact us

For questions about this Privacy Policy or to exercise your data rights:

Schubert Consulting LLC
1468 Sierra Springs Drive, Apt. 326
Bedford, TX 76021
[email protected]

Questions about this policy?

We respond to privacy requests within 45 days.

Email us