Privacy Policy

1. Introduction

Meanwhile Solutions, Inc., doing business as Meanwhile Lake Tahoe ("Meanwhile Lake Tahoe," "we," "us," or "our"), is committed to protecting your privacy and being transparent about how we collect, use, and protect your information. This Privacy Policy explains our data practices for our website at meanwhilelaketahoe.com, our client portal, and the custom-build and digital-operations services we provide to small-business clients (collectively, "Services").

This policy applies to information we collect from prospective clients, current clients, visitors to our website, and individuals whose information we process on behalf of our clients in the course of providing Services. It does not apply to information collected by third-party websites, platforms, or services that may be linked from our site.

By using our website or engaging our Services, you agree to the collection and use of information as described in this Privacy Policy. If you are a California resident, please see Section 9 for information about your additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA). If you are in the European Economic Area, the United Kingdom, or Switzerland, please see Section 10 for information about your rights under the General Data Protection Regulation (GDPR) and equivalent UK and Swiss law.

2. Information We Collect

We collect information in the following categories:

• Contact Information: Name, email address, phone number, job title, and business name provided when you contact us, request information, complete a form on our website, or engage our Services.
• Account and Portal Information: If you create an account in our client portal, we collect your name, email address, an authenticated credential (handled through a password hash or magic-link flow), and account metadata such as account creation date, email verification status, and role.
• Session and Technical Data: When you sign in, we record session identifiers, session tokens, IP addresses, user-agent strings, and the time of access, solely to operate the authentication system, protect against fraud, and maintain security logs.
• Business Information: Details about your business operations, goals, existing technology stack, vendor relationships, and any other information you share with us to help us deliver our Services effectively.
• CRM and POS Data: When we provide CRM or POS integration and management services, we may access, process, and work with data stored in your business systems on your behalf. This may include customer contact records, transaction histories, and operational data belonging to your customers. We process this data solely as directed by you and in accordance with our Service Agreement.
• Website Analytics: We collect standard website usage information, including pages visited, time spent on pages, referring URLs, browser type, device type, and general geographic location derived from IP address. We use this information in aggregate to improve our website and understand how visitors use it.
• Marketing Content: If we manage your marketing operations, we may create, review, or store marketing materials, campaign data, audience lists, and performance metrics on your behalf.
• Communications: When you communicate with us by email, phone, or other means, we retain records of those communications for service delivery and quality assurance purposes.

We collect information directly from you, automatically through your use of our website and portal, and from third-party platforms that you authorize us to access as part of our Services.

3. How We Use Information

We use the information we collect for the following purposes:

• Service Delivery: To perform the digital operations services described in your Service Agreement, including custom-build delivery, website management, marketing execution, CRM/POS integration, and AI-assisted workflow support.
• Client Communication: To respond to your inquiries, send service-related notifications, provide project updates, and communicate about your account.
• Authentication and Security: To operate the client-portal login, verify your identity, maintain sessions, detect fraud or unauthorized access, and protect the integrity of our Services.
• System Integrations: To connect, configure, and maintain integrations between your business platforms, including CRM systems, POS systems, marketing tools, and website infrastructure.
• Marketing Operations: To manage your marketing campaigns, including scheduling, distributing, and reporting on content across authorized channels.
• Website Improvement: To analyze how visitors interact with our website and improve our content, design, and user experience.
• Legal Compliance: To comply with applicable laws, regulations, legal process, or enforceable governmental requests, and to enforce our Terms of Service.
• Business Operations: For internal purposes such as invoicing, recordkeeping, fraud prevention, and ensuring the security and integrity of our Services.

We do not use your information for automated decision-making that produces legal or similarly significant effects without human review. We do not sell your personal information to third parties for their own marketing purposes.

4. Payment Information

We do not directly collect, store, process, or have access to your complete credit card numbers, bank account numbers, or other sensitive payment instrument details. All payment transactions are processed through our third-party payment processors. Our preferred processor is Stripe, Inc.; for clients who already use Square (for example, a retail or restaurant client whose POS we are integrating), we also support Square, Inc.

When you provide payment information through our invoicing or checkout processes, that information is transmitted directly and securely to our payment processors. These processors are PCI-DSS compliant and operate under their own privacy policies and security programs. We encourage you to review Stripe's privacy policy at stripe.com/privacy and Square's privacy policy at squareup.com/legal/privacy to understand how they handle your payment data.

We may receive and retain limited payment-related information from our processors, such as the last four digits of your card, card brand, billing postal code, and transaction confirmation status, solely for accounting, customer service, and fraud prevention purposes.

5. Information Sharing and Third-Party Services

We do not sell, rent, or trade your personal information. We share information only as described below:

• Hosting and Infrastructure: Our website, client portal, and back-end systems are hosted on infrastructure provided by Cloudflare, Inc., including Cloudflare Workers, R2 object storage, D1 databases, KV stores, and Queues. Cloudflare processes data as our service provider under its own security and data protection program.
• Payment Processors: Stripe, Inc. and (where applicable) Square, Inc., to facilitate billing and payment for our Services.
• Email Service Providers: We use Resend, Inc. (resend.com) to send transactional and service-related emails, including portal sign-in emails, password-reset emails, and project notifications. Your contact information is shared with Resend solely for this purpose.
• Authentication Providers: We use the open-source better-auth library to operate account, session, and credential storage. Authentication data is stored within our Cloudflare-hosted database and is not shared with any third party beyond our hosting infrastructure.
• CRM and POS Platforms: When providing integration services, we interact with third-party CRM and POS systems on your behalf. The data involved is your business data, and our access is governed by your Service Agreement and the terms of those platforms.
• AI Model Providers: When AI assistants or AI-assisted workflows are part of your Services, we may transmit portions of Client Content or session data to one or more AI model providers identified in your Service Agreement. We use reputable providers and contract for enterprise-grade data handling (including no-training and data-retention controls) where available.
• Professional Advisors: We may share information with our attorneys, accountants, and other professional advisors under obligations of confidentiality when necessary for our business operations.
• Legal Requirements: We may disclose information if required to do so by law, court order, or governmental authority, or if we reasonably believe that disclosure is necessary to protect our rights, protect your safety or the safety of others, or investigate fraud.
• Business Transfers: If Meanwhile Solutions, Inc. or Meanwhile Lake Tahoe is involved in a merger, acquisition, asset sale, or reorganization, your information may be transferred as part of that transaction. We will provide notice before your information becomes subject to a materially different privacy policy.

6. Cookies and Tracking

Our website and client portal use a minimal set of cookies and similar tracking technologies, limited to what is necessary to operate the site and the portal. We use session cookies to keep you signed in, and analytics cookies to understand aggregate website usage patterns — such as which pages are most visited and where visitors come from. We do not use third-party advertising cookies, advertising pixels, or build behavioral profiles for advertising purposes.

You can control cookies through your browser settings. Most browsers allow you to refuse cookies or delete existing cookies. Disabling cookies may affect the functionality of our website and portal. We do not currently respond to browser "Do Not Track" signals, as no uniform standard for honoring such signals has been adopted.

We do not engage in cross-site behavioral tracking for advertising.

7. Data Security

We take data security seriously and implement industry-standard technical and organizational measures to protect the information we collect and process. These measures include encrypted data transmission (TLS/HTTPS), encryption at rest via our hosting infrastructure, hashed password storage, access controls limiting who can access client data, regular software updates, and use of reputable, security-certified infrastructure providers.

However, no method of transmission over the Internet or method of electronic storage is 100% secure. We cannot guarantee the absolute security of your information. In the event of a data breach affecting your personal information, we will notify affected individuals and regulators as required by applicable law.

You are responsible for maintaining the confidentiality of any login credentials or access tokens you share with us. Please notify us immediately at hello@meanwhilesolutions.com if you suspect any unauthorized access to your accounts or data.

8. Data Retention

We retain your information for as long as necessary to fulfill the purposes described in this Privacy Policy, to perform our Services under an active agreement, and to comply with our legal obligations. After our engagement ends, we generally retain business records for a period of seven (7) years as required for tax and accounting purposes, unless a longer or shorter retention period is required by law.

When we access client CRM, POS, or other business system data as part of our Services, we do not retain copies of that data beyond what is necessary to perform the Services. Copies of that data are deleted or returned to you upon termination of the relevant service, subject to applicable legal hold obligations.

Analytics data collected through our website is retained in aggregate, anonymized form indefinitely. Individually identifiable usage data is retained for no more than twenty-four (24) months.

9. California Privacy Rights (CCPA / CPRA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

• Right to Know: You have the right to request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources from which it was collected, the business or commercial purposes for collecting it, and the categories of third parties with whom we share it.
• Right to Delete: You have the right to request that we delete personal information we have collected from you, subject to certain exceptions (such as information necessary to complete a transaction, detect security incidents, comply with legal obligations, or exercise free speech).
• Right to Correct: You have the right to request correction of inaccurate personal information we maintain about you.
• Right to Opt-Out of Sale or Sharing: We do not sell your personal information to third parties, and we do not share your personal information with third parties for cross-context behavioral advertising. You therefore do not need to opt out of a sale or sharing that does not occur.
• Right to Limit Use of Sensitive Personal Information: To the extent we collect sensitive personal information (as defined by CPRA), you may have the right to limit our use of such information.
• Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA/CPRA rights. We will not deny you services, charge you different prices, or provide a different level of quality of service because you exercised a privacy right.

To exercise any of these rights, please submit a verifiable consumer request to hello@meanwhilesolutions.com. We will respond within the time periods required by applicable law (generally 45 days, with the ability to extend by an additional 45 days with notice). We may need to verify your identity before processing your request.

10. European, UK, and Swiss Privacy Rights (GDPR)

If you are located in the European Economic Area, the United Kingdom, or Switzerland, the General Data Protection Regulation (GDPR) and equivalent UK and Swiss law give you specific rights regarding your personal data. The data controller for personal data we collect directly from you is Meanwhile Solutions, Inc., doing business as Meanwhile Lake Tahoe.

Where we process personal data on behalf of a client (for example, end-customer records inside a client's CRM or POS), the client is the data controller and Meanwhile Lake Tahoe acts as a data processor. Please direct rights requests for that data to the client.

Subject to the limits permitted by law, you have the right to: (a) access the personal data we hold about you; (b) request correction of inaccurate data; (c) request deletion of your data; (d) request restriction of processing; (e) object to processing based on legitimate interests; (f) request portability of your data in a structured, commonly used, machine-readable format; and (g) lodge a complaint with your local supervisory authority.

Our legal bases for processing personal data are: (i) contract — to provide the Services you have engaged us to perform; (ii) legitimate interest — to operate, secure, and improve our Services and to communicate with prospective clients who have contacted us; (iii) legal obligation — to comply with applicable law (for example, tax recordkeeping); and (iv) consent — where we have specifically asked for it (for example, certain marketing communications), which you may withdraw at any time.

To exercise any of these rights, please contact us at hello@meanwhilesolutions.com. We will respond within the time periods required by applicable law.

11. Children's Privacy

Our Services are not directed to children under the age of 13, and we do not knowingly collect personal information from children under 13. Our website and marketing materials are intended solely for adults operating or employed by small businesses.

If we learn that we have inadvertently collected personal information from a child under 13 without verified parental consent, we will delete that information as quickly as practicable. If you believe we have collected information from a child under 13, please contact us immediately at hello@meanwhilesolutions.com so we can address the situation.

12. International Data Transfers

Meanwhile Lake Tahoe operates primarily from the United States, and our infrastructure providers (including Cloudflare) may process data across a global network of servers for performance, reliability, and security purposes. If you access our website or Services from outside the United States, your information may be transferred to, stored, and processed in the United States and in other countries where our service providers operate. By using our Services, you consent to such transfers, subject to the protections described in this Privacy Policy and any applicable legal safeguards (including, where required, Standard Contractual Clauses for transfers from the EEA, UK, or Switzerland).

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons. We will post any changes to this page with an updated effective date and version, and where material we will re-prompt acceptance through the client portal. Where changes are material, we will also make reasonable efforts to notify active clients by email at least 30 days before the changes take effect.

Your continued use of our website or Services after the effective date of any changes constitutes your acceptance of the updated Privacy Policy. We encourage you to review this policy periodically.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

• Email: hello@meanwhilesolutions.com
• Website: meanwhilelaketahoe.com
• Legal Entity: Meanwhile Solutions, Inc., doing business as Meanwhile Lake Tahoe
• Entity Type: Corporation

We will respond to all privacy-related inquiries within a reasonable time and within any timeframes required by applicable law.