▌ §99 / PRIVACY

Privacy

▌ Last updated 2026-05-17 · Read it once. We'll tell you when it changes.

The short version: We collect what you give us in the intake form, what's needed to deliver the service you hired us for, and the analytics any modern site reports. We do not sell, rent, or trade your data. We do not run third-party advertising trackers on this site.

01 Who we are

Ultra-Good is a marketing-systems operator based in the United States. The legal entity contracting clients is Ultra-Good (full registration details on request). All data inquiries: [email protected].

02 What we collect

Intake submissions: name, email, company, website, the message you write. Required to evaluate fit and reply.
Account data (clients only): name, email, role, hashed password, login history, files and comments you upload to the portal.
Operational data: for paying clients, the analytics, ad accounts, CRM exports, and similar that you authorize us to access to run your campaigns. We never log into anything you haven't connected.
Server logs: IP, user-agent, request path, timestamp. Standard web-server hygiene. Retained 30 days.
Cookies: a session cookie when you log in. No third-party advertising cookies on this site.

03 What we do with it

Reply to your intake.
Deliver the services you hired us for.
Bill you (Stripe — see §07).
Improve our own systems, in aggregate, without disclosing your specifics to anyone.

That's the whole list. We do not build profiles, retarget you, or feed your data into model training.

04 What we don't do

We do not sell your data.
We do not share it with advertising networks.
We do not enroll you in marketing email nurture sequences without your explicit opt-in.
We do not use client data to train public AI models.

05 Sub-processors

To run the service, we use a small set of vendors. Each receives only the data needed to do its job.

DigitalOcean — application hosting (US).
Amazon SES — transactional email.
Stripe — billing and payments.
Cloudflare — DNS, edge, WAF.
Anthropic / OpenAI — language-model inference for content production, using the most privacy-preserving account settings available for the engagement and avoiding raw PII unless the work explicitly requires it.
Google — Search Console + Analytics integrations you authorize.

We add or remove sub-processors as the stack evolves. Material changes will be announced on this page.

06 Your rights

If you live somewhere with privacy law (GDPR, CCPA, UK, Canada, etc.) you have the right to access, correct, delete, port, or restrict the data we hold about you. Email [email protected]. We will respond within 30 days. For deletion: account and portal data is purged within 30 days; cold backups roll out within 90.

07 Payments

Stripe processes all payments. We do not store your card number — Stripe does, under PCI-DSS Level 1. We store only the last 4 digits, brand, and expiry so you can recognize your card in your billing dashboard.

08 Security

HTTPS everywhere. Passwords hashed with bcrypt. Production access limited to named operators using key-based SSH. We use standard hosting, database, backup, and access controls appropriate to the engagement. No security posture is perfect — if you find something, email [email protected].

09 Children

This is a B2B service. We do not knowingly collect data from anyone under 16.

10 Changes

If we change this policy materially, we'll post the new version here with a fresh "Last updated" date and email active clients. Continued use after a change means you accept it.

Contact: [email protected]