Privacy Policy
Effective Date: April 2, 2026
Summary of Key Points
This summary provides key points from our Privacy Policy. You can find more detail by reading the full policy below or by using the table of contents to navigate to the section you need.
What personal information do we process? When you visit our Website, we automatically collect technical data such as your IP address, browser type, and pages visited. We do not require account registration, collect passwords, or process payments on this Website. Learn more.
Do we process any sensitive personal information? No. We do not process sensitive personal information.
Do we collect any information from third parties? No. We do not collect information from third parties.
How do we process your information? We process your information to deliver and secure the Website, measure traffic via analytics (with your consent), respond to inquiries, and comply with law. Learn more.
In what situations and with which parties do we share personal information? We share data with our hosting provider (Cloudflare), analytics provider (Google Analytics via Cloudflare Zaraz), and our internal compliance platform (Codex Titan) for privacy request fulfillment and consent audit logging. We do not sell or share personal information for advertising. Learn more.
How do we keep your information safe? We use TLS encryption, Cloudflare's edge security (WAF, DDoS protection), and restrict access to authorized personnel with multi-factor authentication. Learn more.
What are your rights? Depending on where you are located, you may have rights to access, correct, delete, or port your personal information, and to opt out of sale or sharing. Learn more.
How do you exercise your rights? Email privacy@rbzilla.com or visit https://www.rbzilla.com/privacy/data-request. We will respond within the applicable statutory timeframe.
Table of Contents
- Introduction
- Information We Collect
- How We Collect Information
- How We Use Information
- Information Sharing and Disclosure
- Data Retention
- Your Privacy Rights
- Cookies and Tracking
- Global Privacy Control and Do Not Track
- United States State Privacy Rights
- International Data Transfers
- Children's Privacy
- Security Measures
- Changes to This Policy
- Contact Information
1. Introduction
RB ZILLA LLC ("RB ZILLA," "we," "us," or "our") operates the website located at https://www.rbzilla.com (the "Website"). RB ZILLA is a solutions studio for precision-engineered ventures, built with intent and measured by impact.
This Privacy Policy explains what personal information we collect, why we collect it, how we use and share it, how long we retain it, and what rights you have with respect to your information. It applies to all visitors who access the Website.
Scope. This Privacy Policy covers only the Website at rbzilla.com. RB ZILLA LLC operates other products and services (including mobile applications) that have their own privacy policies. If you use those products, please refer to the privacy policy published within or alongside that product.
Controller Identity. For purposes of applicable privacy law, RB ZILLA LLC is the data controller for personal information collected through the Website. Where we operate products or platforms on behalf of business customers and process personal information on their behalf, we act as a data processor governed by the applicable data processing agreement. This Privacy Policy does not cover processing performed in our capacity as a data processor.
By using the Website, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please discontinue use of the Website and contact us at privacy@rbzilla.com to request deletion of any information we hold about you.
2. Information We Collect
The Website is an informational site. We do not require account registration, collect passwords, process payments, or operate login functionality. We do not process sensitive personal information. The categories of personal information we collect are limited to what is described below.
2.1 Usage and Technical Data
We automatically collect certain technical information when you visit the Website:
- IP address (truncated where supported by our analytics provider)
- Browser type and version
- Operating system and device type
- Pages visited and navigation path
- Referring URLs and exit pages
- Session duration and timestamps
- Country-level location (derived from IP address by Cloudflare; we do not collect precise geolocation)
2.2 Cookies and Tracking Data
We collect data through cookies and similar tracking technologies as described in Section 8. This includes a consent-state cookie and, where you have granted analytics consent, analytics identifiers set by Google Analytics.
2.3 Communication Data
If you contact us by email (e.g., via the contact address displayed on the Website), we collect:
- Your name and email address (as provided in your message)
- The content of your message and any attachments you include
- Communication history and correspondence records
We collect this data only when you voluntarily initiate contact. There are no forms, newsletter signups, or data-collection fields on the Website.
3. How We Collect Information
We collect information through the following methods:
Directly from you. When you send us an email, you provide information directly to us. This is the only way we collect information that you voluntarily submit.
Automatically through your use of the Website. Our hosting infrastructure and third-party analytics tools automatically record technical and usage data when you visit the Website.
Through cookies and similar technologies. We use cookies as described in Section 8 to store your consent preferences and, with your permission, to measure website traffic via analytics.
Through consent action logging. When you interact with our consent banner (accepting, rejecting, or changing your cookie preferences), we log the consent action to our compliance platform (Codex Titan) to maintain a record of valid consent as required by GDPR Art. 7(1). This log includes an anonymized visitor identifier (a SHA-256 hash derived from your IP address and browser user-agent — not the IP address or user-agent themselves), the consent categories you selected, your detected consent region (opt-in or opt-out), whether a Global Privacy Control signal was active, and a timestamp. No directly identifying information (such as your name or email address) is included in consent logs.
We do not collect information from third parties.
4. How We Use Information
We use personal information for the purposes set out in the table below. Where we rely on legitimate interests, we have balanced those interests against your rights and determined that our interests do not override your fundamental privacy rights.
| Purpose | Legal Basis (GDPR Art. 6) |
|---|---|
| Responding to emails and inquiries you send us | Art. 6(1)(f) — Legitimate interests (communication) |
| Measuring website traffic and performance via analytics | Art. 6(1)(a) — Consent (analytics cookies require opt-in in GDPR regions) |
| Delivering website content reliably and protecting against attacks | Art. 6(1)(f) — Legitimate interests (security and availability) |
| Enforcing consent preferences and honoring privacy signals (GPC) | Art. 6(1)(c) — Legal obligation |
| Complying with legal obligations (e.g., law enforcement requests) | Art. 6(1)(c) — Legal obligation |
We do not use your information for marketing, advertising, profiling, or automated decision-making.
5. Information Sharing and Disclosure
We do not sell your personal information. We do not share your personal information for cross-context behavioral advertising. We share personal information only as described in this section.
5.1 Service Provider and Sub-Processor Registry
Every third-party service that receives personal data from us is listed in the table below.
| Service | Role | Data Shared | Why |
|---|---|---|---|
| Cloudflare | Hosting (Cloudflare Pages), DNS, CDN, DDoS protection | Request metadata (IP address, request headers, URLs) | To host and deliver the Website, protect against attacks, and optimize performance |
| Cloudflare Web Analytics | Privacy-focused, cookieless web analytics | Request metadata (page URL, referrer, browser, country) | To measure aggregate website traffic without setting cookies or collecting personal identifiers |
| Cloudflare Zaraz | Server-side tag management, consent routing | Request metadata (IP address, browser signals, consent state) | To manage third-party tags server-side and enforce user consent preferences |
| Google Analytics (via Zaraz) | Website analytics, traffic measurement | Request metadata (IP address, browser, pages visited, session data); analytics cookies (_ga, _gid) |
To measure website traffic and understand how visitors interact with the Website. Loaded only after analytics consent is granted. |
| Codex Titan | Privacy request management and consent audit logging | DSAR requests: email address, name (if provided), request type, jurisdiction. Consent logs: anonymized visitor identifier (SHA-256 hash, not IP address), consent categories, GPC signal state, browser user-agent string. | To fulfill Data Subject Access Requests (DSAR) and maintain consent proof records as required by GDPR Art. 7(1). Codex Titan is an RB ZILLA LLC internal compliance platform; data is not shared with external third parties. |
Note on Google Fonts: The Website uses the Chakra Petch and Rajdhani typefaces. These fonts are downloaded at build time and self-hosted from our own domain via Next.js font optimization. No requests are made to Google's font servers when you visit the Website, and Google does not receive your IP address or any personal data for font delivery.
We have contracts in place with each service provider that require them to protect your personal information and prohibit them from using it for their own commercial purposes.
5.2 Additional Disclosure Circumstances
Legal requirements. We disclose personal information when required to do so by law, court order, subpoena, or other legal process, or when we believe in good faith that disclosure is necessary to comply with applicable law or respond to a valid government request.
Protection of rights. We disclose personal information when we believe it is necessary to protect the rights, property, or safety of RB ZILLA, our visitors, or the public.
Business transfers. If RB ZILLA LLC is involved in a merger, acquisition, asset sale, or other business transaction, personal information may be transferred as part of that transaction. We will notify affected individuals via a prominent notice on the Website before personal information becomes subject to a materially different privacy policy.
Aggregated or de-identified data. We may share aggregated or de-identified information that cannot reasonably be used to identify you for any lawful purpose.
5.3 Categories Disclosed for Business Purposes
We have disclosed the following categories of personal information to service providers for a business purpose in the preceding twelve (12) months:
- Category A (Identifiers): IP address, online identifiers, cookie identifiers — disclosed to Cloudflare and Google Analytics for hosting and analytics. Email address and name (when voluntarily submitted via DSAR form) — disclosed to Codex Titan for privacy request fulfillment.
- Category F (Internet or similar network activity): Browsing history, pages visited, interactions with the Website — disclosed to Cloudflare and Google Analytics. Anonymized consent interaction data — disclosed to Codex Titan for consent audit logging.
We have not sold or shared any personal information to third parties for a business or commercial purpose in the preceding twelve (12) months.
6. Data Retention
We retain personal information for as long as necessary to fulfill the purposes described in this policy and to comply with our legal obligations.
| Data Category | Retention Period |
|---|---|
| Analytics data (Google Analytics) | 14 months (Google Analytics default retention setting) |
| Consent records (cookie consent state) | Duration of the consent cookie (182 days), then re-prompted |
| Consent action logs (Codex Titan) | Retained for the duration required to demonstrate valid consent under applicable law (minimum 3 years) |
| Email correspondence | Retained for as long as necessary to resolve the inquiry, then deleted within 1 year of the last communication unless a legal hold applies |
| Server and CDN logs (Cloudflare) | Retained per Cloudflare's data retention policies (generally 72 hours for detailed logs) |
When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize it. If deletion is not immediately possible (for example, because information has been stored in backup archives), we will securely store it and isolate it from further processing until deletion is possible.
Legal Hold. Notwithstanding the periods above, we retain personal information for longer periods when required by law, regulation, or ongoing legal proceedings, or when necessary to resolve disputes and enforce our agreements.
7. Your Privacy Rights
7.1 Consolidated Rights Table
The following table summarizes the privacy rights available to you under applicable law. Because RB ZILLA LLC is a United States-based company, the rights below primarily reflect US state privacy frameworks. GDPR article citations are included for reference where our processing practices align with those standards.
| Right | Description | Applicable Law |
|---|---|---|
| Right to Know / Access | Request disclosure of the categories and specific pieces of personal information we have collected about you | CCPA; GDPR Art. 15 |
| Right to Deletion | Request deletion of personal information we have collected, subject to certain exceptions | CCPA; GDPR Art. 17 |
| Right to Correction | Request correction of inaccurate personal information | CCPA; GDPR Art. 16 |
| Right to Opt Out of Sale / Sharing | Opt out of the sale of personal information or sharing for cross-context behavioral advertising | CCPA |
| Right to Data Portability | Receive a copy of your personal information in a portable, machine-readable format | CCPA; GDPR Art. 20 |
| Right to Restrict Processing | Request that we limit how we use your personal information in certain circumstances | GDPR Art. 18 |
| Right to Object | Object to our processing of your personal information based on legitimate interests | GDPR Art. 21 |
| Right to Withdraw Consent | Withdraw your consent at any time where we rely on consent as the legal basis for processing | GDPR Art. 7(3) |
| Right to Lodge a Complaint | File a complaint with a supervisory authority in your country of residence | GDPR Art. 77 |
| Right to Non-Discrimination | We will not discriminate against you for exercising any privacy right | CCPA |
| Right to Appeal | Appeal our decision if we deny your privacy request | US state privacy laws |
These rights may be limited in some circumstances by applicable law.
7.2 How to Submit a Request
To exercise any of the rights listed above, you may:
- Email us directly: privacy@rbzilla.com
- Submit a Data Subject Access Request: https://www.rbzilla.com/privacy/data-request
Authorized agents. Under certain US state privacy laws, you may designate an authorized agent to submit a request on your behalf. We may deny a request from an authorized agent who does not submit proof of valid authorization to act on your behalf in accordance with applicable law. The agent will need to provide written, signed permission from you.
7.3 Request Verification
Upon receiving your request, we will verify your identity before processing it. We will only use personal information provided in your request to verify your identity or authority to make the request. Verification may require you to confirm your email address or supply additional identifying information. If we cannot verify your identity from information already maintained by us, we may request additional information for verification and security purposes. We will not fulfill requests we cannot verify.
7.4 Response Timelines
We aim to acknowledge all privacy inquiries within 5 business days.
- GDPR (EEA/UK): We respond to requests within 30 days of receipt. If we require additional time (up to 60 additional days), we will notify you in writing within the initial 30-day period, explaining the reason for the extension, as required by GDPR Art. 12(3).
- US state privacy laws (CCPA/CPRA, VCDPA, etc.): We respond to verifiable requests within 45 days of receipt. If we require additional time (up to 45 additional days), we will notify you in writing within the initial 45-day period, explaining the reason for the extension.
7.5 Appeals
If we decline to take action regarding your request, you may appeal our decision by emailing privacy@rbzilla.com with the subject line "Privacy Appeal." We will inform you in writing of any action taken or not taken in response to the appeal, including a written explanation of the reasons for the decision. If your appeal is denied, you may submit a complaint to your state attorney general or the applicable supervisory authority.
8. Cookies and Tracking
We use cookies on the Website. The table below describes every cookie category.
| Category | Purpose | Cookies | Lifespan |
|---|---|---|---|
| Strictly Necessary | Store your consent preferences so we respect your choices across visits | cc_cookie |
182 days |
| Analytics (consent required) | Measure website traffic, page performance, and visitor behavior via Google Analytics | _ga, _gid, _gat, _ga_<container-id> |
_ga: 2 years; _ga_<container-id>: 2 years; _gid: 24 hours; _gat: 1 minute |
No marketing, advertising, or functional cookies are set by this Website.
You can manage your cookie preferences at any time by clicking "Consent Preferences" in the Website footer. You may also manage cookies through your browser settings; however, deleting the consent cookie (cc_cookie) will cause the consent banner to reappear on your next visit. If you choose to remove or reject cookies, this could affect certain features of the Website.
In GDPR regions (detected via timezone), analytics cookies are off by default and require your explicit opt-in consent. In other regions, analytics cookies follow an opt-out model consistent with applicable US state privacy laws.
Google Analytics. We use Google Analytics to track and analyze use of the Website. Google Analytics data is transmitted via Cloudflare Zaraz (server-side) and is loaded only after you grant analytics consent. To opt out of being tracked by Google Analytics across websites, visit https://tools.google.com/dlpage/gaoptout. For more information on Google's privacy practices, visit the Google Privacy & Terms page.
For additional detail, please refer to our Cookie Policy.
9. Global Privacy Control and Do Not Track
Global Privacy Control (GPC). We honor the Global Privacy Control signal. When we detect a valid GPC signal from your browser, we treat it as a request to opt out of the sale and sharing of your personal information, consistent with the California Consumer Privacy Act (Cal. Civ. Code § 1798.135(d)) and other applicable state laws that recognize GPC as a valid opt-out mechanism.
We detect GPC through two mechanisms: (1) the navigator.globalPrivacyControl JavaScript property in your browser (client-side), and (2) the Sec-GPC HTTP request header on server-side API endpoints (such as our consent logging function). Both mechanisms produce the same result.
When a GPC signal is detected, non-essential cookies are automatically denied and the consent banner is suppressed in all regions, including both opt-out regions (United States) and opt-in regions (EEA/UK). In opt-in regions, analytics cookies are already off by default under the GDPR, so GPC produces the same outcome as the default behavior. Users with GPC enabled can still access the consent preferences panel via the "Consent Preferences" link in the Website footer if they wish to opt in to analytics.
Note on server-side processing. While the Website's pages are statically generated and served without server-side rendering, we operate server-side API functions (hosted on Cloudflare Pages Functions) for two purposes: (1) proxying Data Subject Access Requests to our compliance platform, and (2) logging consent actions for GDPR Art. 7(1) compliance. These functions process request data server-side as described in Section 5.1.
Do Not Track (DNT). We do not respond to the Do Not Track browser signal. At this time, no uniform technology standard for recognizing and implementing DNT signals has been finalized, and the signal has not been adopted into enforceable law. California law requires us to disclose how we respond to DNT signals; as stated, we do not currently respond to them. If you wish to limit data collection, we recommend enabling Global Privacy Control (GPC), which has a defined legal meaning under applicable US state privacy laws.
10. United States State Privacy Rights
If you are a resident of California, Colorado, Connecticut, Delaware, Florida, Indiana, Iowa, Kentucky, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Rhode Island, Tennessee, Texas, Utah, or Virginia, you may have the right to request access to and receive details about the personal information we maintain about you and how we have processed it, correct inaccuracies, get a copy of or delete your personal information, and withdraw your consent to our processing. These rights may be limited in some circumstances by applicable law.
10.1 Categories of Personal Information We Collect
The table below shows the categories of personal information (per Cal. Civ. Code § 1798.140) we have collected in the past twelve (12) months through the Website.
| Category | Examples | Collected |
|---|---|---|
| A. Identifiers | IP address, online identifier, cookie identifiers | YES |
| B. Personal information (Cal. Cust. Records) | Name, contact information, financial information | NO |
| C. Protected classification characteristics | Gender, age, race, ethnicity | NO |
| D. Commercial information | Transaction history, purchase records | NO |
| E. Biometric information | Fingerprints, voiceprints | NO |
| F. Internet or similar network activity | Pages visited, browsing behavior, interactions with the Website | YES |
| G. Geolocation data | Country-level location (derived from IP address) | YES |
| H. Audio, electronic, sensory, or similar information | Audio, video, or call recordings | NO |
| I. Professional or employment-related information | Job title, work history | NO |
| J. Education information | Student records | NO |
| K. Inferences drawn from collected personal information | Preferences, characteristics | NO |
| L. Sensitive personal information | NO |
We will use and retain the collected personal information as described in Section 6:
- Category A — 14 months (analytics) / 72 hours (server logs)
- Category F — 14 months (analytics)
- Category G — 14 months (analytics) / 72 hours (server logs)
10.2 California-Specific Disclosures
CCPA/CPRA. California residents have the rights described in Section 7 under the California Consumer Privacy Act (Cal. Civ. Code § 1798.100 et seq.) as amended by the California Privacy Rights Act. We respond to verifiable consumer requests within 45 days of receipt. If we deny your request, you may appeal by contacting us at privacy@rbzilla.com with the subject line "CCPA Appeal." You may also contact the California Privacy Protection Agency (CPPA) at https://cppa.ca.gov.
Sale and sharing. We have not sold or shared any personal information to third parties for a business or commercial purpose in the preceding twelve (12) months. We do not sell personal information, including the personal information of minors under 16 years of age.
"Shine the Light" (Cal. Civ. Code § 1798.83). California residents may request, once per year and free of charge, information about the categories of personal information (if any) we disclosed to third parties for direct marketing purposes and the names and addresses of those third parties. We do not disclose personal information to third parties for their direct marketing purposes.
Financial incentives. We do not offer financial incentives or price or service differences in exchange for the retention or sale of personal information.
10.3 Virginia (VCDPA)
Virginia residents have rights under the Virginia Consumer Data Protection Act (Va. Code § 59.1-575 et seq.). We respond to requests within 45 days, with a possible 45-day extension upon notice. If we deny your request, you may appeal within a reasonable time by emailing privacy@rbzilla.com. If your appeal is denied, you may contact the Virginia Attorney General at https://www.oag.state.va.us.
10.4 Other US States
Residents of other states with comprehensive privacy laws (including but not limited to Colorado, Connecticut, Delaware, Florida, Indiana, Iowa, Kentucky, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Rhode Island, Tennessee, Texas, and Utah) may have similar rights under their respective state statutes. We honor those rights on the same 45-day response timeline and through the same request channels described in Section 7.2.
11. International Data Transfers
RB ZILLA LLC is headquartered in the United States. If you access the Website from outside the United States, your personal information will be transferred to, stored, and processed in the United States, where data protection laws may differ from those in your country of residence.
Our service providers, including Cloudflare and Google, operate globally, which means your data may transit or be processed in multiple countries. We take steps to ensure that any international transfers of personal information are subject to appropriate safeguards, including:
- Standard Contractual Clauses (SCCs): Where required, we rely on the European Commission's Standard Contractual Clauses or equivalent mechanisms to govern transfers of personal data from the European Economic Area, United Kingdom, or Switzerland to countries not recognized as providing an adequate level of protection.
- Adequacy Decisions: Where the European Commission or another competent authority has issued an adequacy decision for the destination country, we rely on that decision as the transfer mechanism.
- Vendor Data Processing Agreements: We enter into data processing agreements with all sub-processors that impose data protection obligations consistent with applicable law.
By using the Website, you acknowledge that your information may be transferred to and processed in the United States and other countries as described in this section.
12. Children's Privacy
The Website is not directed at children under the age of 16, and we do not knowingly collect personal information from children under 16. We do not knowingly sell or share the personal information of consumers under 16 years of age. If you are a parent or guardian and believe that your child has provided us with personal information, please contact us immediately at privacy@rbzilla.com. We will promptly investigate and, if confirmed, delete the information from our systems.
13. Security Measures
We implement technical and organizational measures designed to protect personal information against unauthorized access, disclosure, alteration, and destruction. All data transmitted between your browser and the Website is encrypted in transit using TLS (Transport Layer Security). The Website is hosted on Cloudflare Pages, which provides DDoS protection, Web Application Firewall (WAF) capabilities, and edge-level security. Access to our Cloudflare and analytics accounts is restricted to authorized personnel and secured with multi-factor authentication.
While no electronic transmission over the internet or information storage technology can be guaranteed to be 100% secure, we are committed to maintaining reasonable and appropriate safeguards and will notify affected individuals and relevant authorities of any confirmed data breach in accordance with applicable law.
14. Changes to This Policy
We update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. The effective date at the top of this document identifies when the current version took effect. Prior versions are available upon request by contacting us at privacy@rbzilla.com.
When we make material changes to this policy — such as changes to the categories of data we collect, the purposes for which we use it, or the third parties with whom we share it — we will display a prominent notice on the Website prior to the change taking effect.
Your continued use of the Website after the effective date of a revised policy constitutes your acceptance of the updated terms. If you do not agree with the changes, you should discontinue use of the Website and submit a deletion request through the channels described in Section 7.
15. Contact Information
If you have questions, concerns, or requests related to this Privacy Policy or our data practices, please contact us:
RB ZILLA LLC General Inquiries: hello@rbzilla.com Legal: legal@rbzilla.com Privacy Inquiries: privacy@rbzilla.com Website: https://www.rbzilla.com Mailing Address: 116 E Main St, Suite 201, Rock Hill, SC 29730, United States
Submit a Privacy Request (DSAR): https://www.rbzilla.com/privacy/data-request or email privacy@rbzilla.com
EU/UK Representative. We have not appointed an EU/UK representative under GDPR Art. 27 at this time. Our processing of personal data of individuals in the EEA/UK is occasional and limited to aggregated analytics data; it does not involve large-scale processing of sensitive data or systematic monitoring. If you are located in the EEA or UK and have a privacy concern, please contact us at privacy@rbzilla.com.
This Privacy Policy was prepared for RB ZILLA LLC and is effective as of April 2, 2026. It covers only the Website at rbzilla.com and does not govern other RB ZILLA LLC products or services. The effective date is the sole document identifier; no version numbers are used. Prior versions are available upon request.