We Respect Your Privacy

Slip 19’s Privacy Policy

Updated: November 1, 2025
Applies to: slip19.com and related pages that link to this policy

1) Who we are

This Privacy Policy describes how Slip 19, (“we,” “us,” or “our”), a brand research and strategy consultancy, collects, uses, shares, and protects Personal Information when you visit slip19.com, contact us, download content, or engage our services.

Contact: Slip 19, 47R Parker Street, Gloucester, MA 01930, USA • Email: chris@slip19.com

2) Scope & key definitions

  • Personal Information / Personal Data: Information that identifies or can reasonably be linked to an individual or household.

  • Sensitive Personal Information: For example, government IDs, precise geolocation, financial account numbers, health data, union membership, etc.

  • Controller / Business: We decide how and why Personal Information is processed for our website and marketing.

  • Processor / Service Provider: Vendors that process Personal Information on our behalf under binding contracts.

This policy covers our website and marketing operations. For work done under a client contract, our Data Processing Addendum (DPA) governs; it is available upon request.

3) Information we collect

a) You provide:

  • Contact details (name, email, phone, company, title), inquiry content, meeting notes.

  • Project files you choose to upload or share.

b) Automatic data (online activity):

  • Device/browser type, pages viewed, timestamps, IP address (truncated or full, depending on your settings), approximate location, referrer/UTM tags, and cookie IDs.

  • We may use analytics tools (e.g., privacy-mode Google Analytics or equivalent) to understand site performance.

c) From third parties:

  • Business contact data from partners, event registrations, or public professional profiles (B2B context only).

We do not knowingly collect Sensitive Personal Information via the website and we ask you not to submit it through contact forms.

4) How we use Personal Information (purposes)

  • Provide and improve the website, content, and services.

  • Respond to inquiries, schedule consultations, and deliver requested materials.

  • Sales & marketing to relevant business contacts (you can opt out anytime).

  • Security and fraud prevention, debugging, and to comply with legal obligations.

  • Contractual performance when you are a client or vendor contact.

Legal bases (GDPR/UK GDPR): legitimate interests (B2B outreach, site analytics, security), contract, consent (where required), and compliance with law.

5) Cookies & similar technologies

We use essential cookies and, with your consent where required, analytics and performance cookies. We do not use cookies for interest-based advertising by default. You can manage preferences through our cookie banner or your browser settings. We honor Global Privacy Control (GPC) signals as an opt-out of “sale/share” where applicable.

6) Disclosures to third parties

We share Personal Information with:

  • Service providers / processors: hosting, security, analytics, CRM, email tools, file transfer/storage, and professional advisers.

  • Business transfers: in a merger, acquisition, or asset sale.

  • Legal compliance: to satisfy applicable law, regulation, legal process, or enforceable governmental request.

We do not sell Personal Information for money. We also do not “share” Personal Information for cross-context behavioral advertising as defined by the California Consumer Privacy Act as amended (CPRA). If this changes, we will update this policy and provide opt-out controls.

7) International transfers

We may process data in the United States and other countries. Where required, we use appropriate safeguards, such as EU Standard Contractual Clauses (SCCs) and the UK Addendum/IDTA, plus supplemental measures.

8) Retention

We keep Personal Information only as long as needed for the purposes stated above, to comply with legal/contractual obligations, or to resolve disputes. Typical retention for website inquiries and marketing contacts is up to 36 months from last interaction unless a longer period is required or permitted by law.

9) Security

We employ reasonable administrative, technical, and physical safeguards (e.g., encryption in transit, access controls, least-privilege, vulnerability patching). No method is 100% secure, and we cannot guarantee absolute security. If we learn of a breach affecting your data, we will notify you consistent with applicable laws.

10) Your privacy choices & rights

Email marketing: Click unsubscribe in any email or contact chris@slip19.com.
Cookies: Use our banner or your browser to manage cookies; we honor GPC signals.

Depending on where you live (e.g., EU/EEA/UK, California, Colorado, Connecticut, Virginia, Quebec), you may have rights to:

  • Access, correct, delete, or obtain a copy of your Personal Information.

  • Opt out of certain processing (e.g., targeted advertising, sale/share—though we don’t do these), or restrict/ object to processing.

  • Withdraw consent where processing is based on consent.

  • Appeal a decision regarding your rights request (US state laws).

  • Lodge a complaint with a supervisory authority (e.g., ICO in the UK, your local DPA in the EU).

To exercise rights, email chris@slip19.com with “Privacy Request” and your country/state. We will verify your identity and respond within the timelines required by law. Authorized agent requests are honored where applicable.

11) Children’s privacy

Our site and services are not directed to children under 16. We do not knowingly collect children’s data. If you believe a child has provided Personal Information, contact us to delete it.

12) Enterprise/Client data & confidentiality

When we perform services for clients, we process data under contract and follow client instructions. We:

  • Use data only to deliver contracted services;

  • Maintain confidentiality and restrict access to authorized personnel;

  • Sub-process only with written agreements that impose equivalent protections;

  • Support client compliance (e.g., SCCs/UK IDTA, data-subject requests that a client forwards to us, deletion/return at end of engagement);

  • Offer a Data Processing Addendum (DPA) upon request;

  • Do not use client-provided data to train public AI models.

13) AI & automated decision-making

We may use trustworthy AI-assisted tools (e.g., for drafting, synthesis, or quality checks) under confidentiality, with outputs reviewed by humans. We do not use fully automated decision-making that produces legal or similarly significant effects on individuals via this website.

14) Third-party links & social media

Our site may link to third-party sites or social platforms. We are not responsible for their practices. Review their privacy notices before providing Personal Information.

15) Notice at Collection (California)

We collect the following categories of Personal Information for the business purposes listed in Section 4: Identifiers(name, email, phone, IP), Commercial Information (inquiry types), Internet/Network Activity (analytics), and Professional/Employment Information (B2B context). We do not collect Sensitive Personal Information via the site and do not sell or share Personal Information as defined by CPRA. We retain data as described in Section 8. You have the rights in Section 10, and we honor GPC signals.

16) Changes to this policy

We may update this policy from time to time. If changes are material, we will post a clear notice on the site and update the “Effective date” above. Your continued use after changes means you accept the updated policy.

17) How to contact us

Questions or requests about this policy? Contact chris@slip19.com or write to: Slip 19, 47R Parker Street, Gloucester, MA, 01930, USA.