Shelton Labs.
AI AuditTradesPlaybookRichmondAboutContactGet an audit

Legal

Privacy Policy

Most privacy policies run four thousand words of legal cover. Ours is shorter because we don’t collect much. This page tells you exactly what we do collect, who has access, what your rights are under US and EU privacy law, and how to reach us.

Last updated · May 14, 2026

What we collect

Almost nothing. This site has no signup forms, no logins, no ad tracking, and no behavioral profiling. The full list of what we collect:

  • Aggregate analytics via Plausible. Plausible is a privacy-friendly analytics tool. It tells us things like “47 people visited the AI Audit page yesterday.” It does not use cookies, does not store full IP addresses, and does not track individuals across sessions or sites. It’s GDPR-, CCPA-, and PECR-compliant by design.
  • Anything you send us. If you email brenden@sheltonlabs.ai or call 804-635-5729, your message and contact details obviously reach us. We use standard email and phone services to handle that — same as any small business.
  • Brief hosting logs. Our web host keeps short-term operational logs that may include IP addresses for a few days for security and abuse prevention. Standard for any website. We don’t access those logs unless we’re investigating something specific.

That’s the whole list.

What we don't collect

  • No tracking cookies
  • No advertising pixels (no Meta, Google Ads, LinkedIn, TikTok, anything)
  • No location tracking
  • No personal data forms (we have no forms at all)
  • No behavioral profiles or marketing automation
  • No biometric, financial, health, or other sensitive personal information

If we ever change this and start collecting more, we’ll update this page and bump the “Last updated” date.

How long we keep things

The honest answer is that there’s very little tied to your identity to keep, but for completeness:

  • Plausible analytics aggregates anonymous visit data — there’s nothing personal to retain. Aggregated counts may stay in our analytics history indefinitely.
  • Hosting logs roll off within 30 days under our hosting provider’s defaults.
  • Email and phone correspondence stays in our inbox for the duration of any active conversation plus a reasonable follow-up period (typically 12 months for sales inquiries, longer if we’re working together). If you’d like it deleted sooner, ask.

We do not back up, archive, or copy any of this to additional systems.

Security

We use modern hosting and email providers with industry-standard security — encryption in transit, encryption at rest, account access controls. The fewer places data exists, the safer it is, which is part of why we keep collection minimal in the first place.

No system is perfectly secure. If we ever experience a security incident involving information tied to you, we’ll notify you within a reasonable timeframe and per any applicable legal requirements.

Where the data is processed

A note on international data transfers, mostly relevant to visitors in the EU and UK:

  • Plausible analytics is processed on servers in the European Union. If you’re visiting from outside the EU, your aggregated visit is processed under GDPR-equivalent protections.
  • Email correspondence sent to brenden@sheltonlabs.aimay be processed by US-based email infrastructure (Google Workspace). If you’re in the EU and uncomfortable with US data processing, let us know and we’ll work out a different communication channel.
  • Web hosting may serve the site from US-based servers. The brief hosting logs mentioned above may therefore be stored in the US.

Who we share data with

Nobody, except:

  • Plausible processes our anonymous analytics. They do not have access to anything tying analytics to your identity because no such data exists.
  • Our email and phone providers handle messages you send us, the same way they would for any small business.
  • Our web hosting provider keeps the brief operational logs mentioned above.

We do not sell personal information. We do not share personal information for cross-context behavioral advertising. We do not rent, lease, or trade contact information.

Cookies and Do Not Track

We do not use cookies — for tracking, advertising, personalization, or anything else. The site does not currently set any cookies at all.

If we ever do (for example, a dark/light mode preference), we’ll update this page and any cookies we set will be essential functional cookies, not tracking.

Some browsers send a “Do Not Track” signal. We honor it implicitly — we don’t track you in the first place, so there’s nothing to opt out of.

Legal basis for processing (GDPR)

For visitors in the EU and UK, the General Data Protection Regulation requires us to identify our legal basis for processing personal data. Our basis is legitimate interest: running a website and responding to inquiries we receive. We do not rely on consent because we do not collect data that requires it (no forms, no cookies, no marketing communications without you initiating contact).

You have the right to object to processing on the basis of legitimate interest. To do so, email us at brenden@sheltonlabs.aiwith subject “GDPR objection.”

Your rights

If you live in the EU/UK (GDPR), or in any US state with privacy legislation (California’s CCPA/CPRA, Virginia’s VCDPA, Colorado, Connecticut, Utah, and others), you have the right to:

  • Know what personal information we have about you
  • Receive a copy of that data in a portable format
  • Correct inaccurate personal information
  • Delete that personal information
  • Stop processing of that personal information
  • Opt out of any sale or sharing for cross-context behavioral advertising (we don’t do either)

In our case the honest answer is almost always “essentially nothing tied to you specifically.” To make a request, email brenden@sheltonlabs.ai with subject Data request and we’ll respond within 30 days (45 days for CCPA requests).

You can also lodge a complaint with your local data protection authority if you believe we’ve mishandled your information.

California residents (CCPA / CPRA)

California residents have specific rights under the California Consumer Privacy Act and the California Privacy Rights Act. To be explicit:

  • We do not sell personal information for money or other valuable consideration.
  • We do not share personal information with third parties for cross-context behavioral advertising.
  • We do not use or disclose sensitive personal information for any purpose other than what’s described in this policy.
  • We do not engage in profiling or automated decision-making about you.

California residents may exercise their CCPA rights by emailing brenden@sheltonlabs.ai with subject CCPA request. We’ll verify your identity (typically by confirming you’re the person who used the email or phone we have on file) and respond within 45 days. We won’t discriminate against you for exercising any of these rights.

Third-party links

Pages on this site may link to other sites — for example, Plausible’s data policy, manufacturer or directory pages referenced in the playbook, or external resources. Once you click through, you’re on someone else’s site and their privacy policy applies, not ours. We don’t control or regularly audit those sites’ data practices.

Children

This site is not directed at children under 13 and we do not knowingly collect data from anyone under 13. If you believe a child has interacted with our site and you’d like that addressed, email us.

If Shelton Labs is ever acquired

If Shelton Labs is sold, merged, or restructured, any data we have at the time may transfer to the acquiring entity. The acquirer would be required to honor this policy with respect to data collected before the transfer, or to notify affected individuals of any material changes before applying them.

If we ever cease operations entirely without an acquirer, we’ll delete or anonymize the limited data we hold.

Changes to this policy

We may update this policy if what we collect changes — for example, if we add a contact form or start sending an email newsletter. Any changes will be reflected here with a new “Last updated” date. Material changes (anything that materially expands what we collect, who we share with, or how long we retain) will also be flagged in a banner on the homepage for at least 30 days.

Contact

Privacy questions, data requests, GDPR objections, CCPA requests, or anything else covered by this policy: email brenden@sheltonlabs.ai or call 804-635-5729.

For general inquiries unrelated to privacy, see the contact page.

Shelton Labs LLC · Midlothian, Virginia, United States