Privacy Policy

Effective Date: January 1, 2025

Texas-Only Service Notice: Our services are exclusively available within the State of Texas. This website is not intended for users outside of Texas, and we do not advertise, market, or process data from individuals residing outside of the United States.

1. Introduction and Scope

Hill Country Tree Company ("Company," "we," "our," or "us") is committed to maintaining the highest standards of privacy protection and data security in accordance with applicable state and federal regulations. This Privacy Policy ("Policy") governs the collection, processing, storage, utilization, and disclosure of personal information obtained through our website, digital platforms, mobile applications, and all related business operations conducted within our service territories.

This Policy applies comprehensively to all users, customers, prospective clients, vendors, and visitors who access, interact with, or utilize our services, whether through our primary website, administrative platforms, mobile interfaces, or any other digital touchpoints operated, maintained, or controlled by Hill Country Tree Company.

2. Categories of Information We Collect

2.1 Personal Information Provided Directly

We collect personal information that you voluntarily provide to us through various interaction points, including but not limited to:

  • Identity Information: Full legal name, preferred name, title, and any professional designations
  • Contact Information: Primary and secondary email addresses, telephone numbers (mobile, home, business), and emergency contact details
  • Geographic Information: Physical addresses (property, billing, mailing), including street address, city, state, ZIP code, and geographic coordinates
  • Project Information: Detailed project descriptions, specifications, timeline requirements, budget parameters, and special accommodation requests
  • Media Content: Property photographs, site documentation, architectural plans, and related visual materials uploaded by users
  • Communication Preferences: Preferred contact methods, optimal contact times, and notification settings
  • Service History: Previous interactions, service requests, and ongoing project documentation

2.2 Automatically Collected Technical and Usage Data

Our systems automatically collect certain technical and behavioral information to ensure optimal service delivery and security:

  • Network Information: Internet Protocol (IP) addresses, Internet Service Provider (ISP) details, and approximate geographic location data
  • Device Information: Browser type and version, operating system, device model, screen resolution, and hardware specifications
  • Usage Analytics: Website navigation patterns, page view sequences, session duration, bounce rates, and user interaction data
  • Search Behavior: Plant catalog queries, filter selections, search terms, and browsing preferences
  • Performance Data: Website load times, error occurrences, and system performance metrics
  • Referral Information: Source of website visits, marketing campaign effectiveness, and conversion pathway analysis

2.3 Business and Transactional Data

  • Commercial Transactions: Quote requests, pricing calculations, project specifications, and service agreements
  • Financial Records: Purchase history, payment records, billing information, and accounts receivable data
  • Customer Service Data: Support interactions, complaint resolutions, and service quality assessments
  • Inventory Interactions: Plant selections, delivery preferences, installation requirements, and customization requests

3. Legal Basis and Purposes of Data Processing

3.1 Legitimate Business Operations and Service Provision

We process your personal information based on legitimate business interests and contractual necessity for the following purposes:

  • Quote Generation and Project Planning: Creation of personalized estimates, project timelines, and service proposals
  • Customer Service Excellence: Response to inquiries, technical support provision, and ongoing customer relationship management
  • Operational Efficiency: Management of internal workflows, scheduling optimization, and resource allocation
  • Quality Assurance: Service delivery monitoring, customer satisfaction assessment, and continuous improvement initiatives
  • Legal Compliance: Fulfillment of regulatory obligations, tax reporting, and business licensing requirements
  • Risk Management: Fraud prevention, security monitoring, and business continuity planning

3.2 Analytics and Business Intelligence

We utilize sophisticated analytics systems to monitor website performance, analyze user engagement patterns, optimize conversion funnels, and generate actionable business intelligence for strategic decision-making and service enhancement purposes.

4. Third-Party Service Providers and Data Processing Arrangements

We engage carefully vetted third-party service providers who maintain industry-standard privacy certifications and security protocols. These partnerships are governed by comprehensive Data Processing Agreements (DPAs) that ensure appropriate safeguards for personal information:

Service ProviderPurpose and FunctionData SharedPrivacy Policy
Google Analytics
(ID: G-M7GQPLTV0E)		Website behavior analysis, conversion tracking, user experience optimization, and business intelligencePage views, user interactions, device info, geographic dataGoogle Privacy Policy
Google Maps APIAddress validation, autocomplete services, delivery zone calculations, and geographic optimizationAddresses, location data, search queriesGoogle Privacy Policy
Google reCAPTCHA v3Automated spam detection, bot prevention, and security threat mitigation (threshold score: 0.5)Browser behavior, interaction patterns, device fingerprintsGoogle Privacy Policy
SupabaseSecure database hosting, user authentication systems, and encrypted file storage infrastructureCustomer data, project files, authentication credentialsSupabase Privacy Policy
Resend Email ServiceTransactional email delivery, notification systems, and automated communication workflowsEmail addresses, message content, delivery metricsResend Privacy Policy
Meta Pixel (Facebook)
(ID: 1231698729002340)		Advertising performance measurement, conversion tracking for inventory purchases, remarketing campaign optimization, and audience building for Facebook/Instagram advertisingPage views, product views, add-to-quote events, quote submissions, device info, hashed customer information (email, phone) for advanced matchingMeta Privacy Policy

Important Disclosure Regarding Data Monetization:

We do not sell, lease, rent, license, or otherwise monetize your personal information with third-party advertisers, data brokers, marketing companies, or affiliate networks. All third-party integrations serve specific operational functions that are essential to our legitimate business operations and service delivery obligations.

5. Payment Processing and Financial Data Handling

Financial Data Protection Protocol

Hill Country Tree Company maintains the following strict protocols regarding financial information:

  • We collect and maintain billing addresses and project-related financial records exclusively for accounting, tax compliance, and business record-keeping purposes
  • Critical Security Notice: We do not collect, store, transmit, or process credit card data, debit card information, banking credentials, or any payment card industry (PCI) sensitive data on our website, servers, or internal systems
  • All monetary transactions are processed through secure, PCI DSS compliant third-party payment processors with end-to-end encryption and tokenization
  • Payment method preferences and transaction histories are maintained exclusively for customer service enhancement and financial dispute resolution
  • Financial records are subject to extended retention periods as required by applicable accounting standards and tax regulations

6. Comprehensive Cookie Policy and Browser Storage Technologies

6.1 Classification and Implementation of Storage Technologies

Our website employs various browser storage technologies, tracking mechanisms, and persistent identifiers for operational, analytical, and security purposes. These technologies are categorized and implemented as follows:

Essential Functional Cookies (Strictly Necessary)

  • hillCountryQuote: Shopping cart persistence and quote state management (30-day retention period with SameSite=Lax security policy)
  • sessionAuth: Administrative session management with HTTP-only flags and 7-day expiration
  • csrfToken: Cross-site request forgery protection tokens for form submission security

Analytics and Performance Cookies

  • _ga, _ga_*: Google Analytics tracking identifiers for user behavior analysis and website optimization
  • performanceMonitor: Website performance monitoring and error tracking systems
  • userPreferences: Filter settings, search preferences, and user interface customization data

Security and Fraud Prevention Cookies

  • _grecaptcha: Google reCAPTCHA validation tokens for automated threat detection and spam prevention
  • rateLimitToken: Request throttling and abuse prevention mechanisms
  • securityAlert: Suspicious activity detection and incident response triggers

Advertising and Marketing Cookies

  • _fbp, _fbc: Meta Pixel (Facebook) cookies for conversion tracking, advertising attribution, and remarketing campaigns. These cookies track inventory item views, add-to-quote actions, and quote submissions to measure advertising effectiveness
  • Advanced Matching: Meta Pixel automatically hashes and sends customer information (email, phone, name) you provide during quote submission to improve ad targeting and conversion measurement while protecting privacy
  • Opt-Out Options: You can opt out of personalized advertising from Meta by visiting Facebook Ad Preferences

6.2 User Control and Cookie Management

Users maintain comprehensive control over cookie preferences through browser configuration settings. However, we advise that disabling essential functional cookies may significantly impair website functionality, including but not limited to quote generation capabilities, form submission processes, and security protection mechanisms.

Technical Note: To manage cookies in major browsers, please refer to:Chrome,Firefox,Safari

7. Email Communications and Digital Marketing Practices

7.1 Transactional Communications (Essential Business Operations)

You will receive essential transactional emails that are necessary for service delivery and account management:

  • Quote Delivery Systems: Professional project proposals, pricing confirmations, and service agreement documentation
  • Customer Service Communications: Contact form acknowledgments, inquiry responses, and ongoing project correspondence
  • Security and Administrative Alerts: Password reset instructions, account security notifications, and system maintenance announcements
  • Service Coordination: Appointment confirmations, project timeline updates, and delivery scheduling communications
  • Financial Communications: Payment confirmations, invoice delivery, and account status notifications

7.2 Promotional and Marketing Communications

Explicit Opt-In Policy:

We maintain a strict opt-in policy for all promotional communications, newsletters, marketing campaigns, and non-essential business correspondence. Marketing emails are sent only after explicit consent is provided through verified opt-in mechanisms. You may withdraw consent at any time through unsubscribe links or by contacting our privacy team directly.

8. Data Retention and Storage Policies

8.1 Retention Schedule and Legal Requirements

We maintain personal information according to the following comprehensive retention schedule, designed to balance operational needs with privacy protection:

Permanent Retention (Business Continuity)

  • Customer Master Records: Indefinite retention for ongoing service support, warranty obligations, and business relationship continuity
  • Project Documentation: Permanent archival for reference, liability protection, and future service enhancement
  • Financial Records: Maintained permanently for accounting compliance, tax obligations, and audit requirements under applicable business regulations

Time-Limited Retention

  • Website Analytics Data: Processed according to Google Analytics standard retention periods (14-26 months depending on data type)
  • Security and Access Logs: Maintained for 7 years for fraud investigation and security incident analysis
  • Communication Records: Email correspondence and customer service interactions retained for 5 years for quality assurance
  • Temporary Files and Cache: Automatically purged within 30-90 days based on system optimization requirements

8.2 Data Deletion Request Processing

Customers may submit formal requests for personal data deletion by contacting hillcountrytreeco@gmail.com. We will evaluate such requests considering the following factors:

  • Legal Retention Obligations: Requirements under Texas business law, federal regulations, and industry standards
  • Legitimate Business Interests: Ongoing warranty support, customer service capabilities, and project documentation needs
  • Technical Feasibility Assessment: System architecture limitations, database dependencies, and operational constraints
  • Active Contractual Obligations: Ongoing projects, service agreements, and legal commitments

Processing Timeline: Data deletion requests will be acknowledged within 5 business days and completed within 30 business days, subject to legal and technical constraints. Partial deletion may occur where complete removal would compromise essential business operations or legal compliance.

9. Advanced Information Security and Protection Framework

9.1 Multi-Layered Technical Safeguards

Hill Country Tree Company implements enterprise-grade security measures designed to protect against unauthorized access, data breaches, and security incidents:

Encryption and Data Protection

  • Transport Layer Security: TLS 1.3 encryption for all data transmission
  • Database Encryption: AES-256 encryption at rest for sensitive data storage
  • File Storage Security: Encrypted file storage with controlled access permissions and audit trails
  • API Security: OAuth 2.0 authentication and JWT token-based access controls

Access Controls and Monitoring

  • Row-Level Security (RLS): Database-level access controls with user-specific data isolation
  • Multi-Factor Authentication: Required for all administrative and sensitive system access
  • Activity Monitoring: Real-time surveillance for suspicious activity and unauthorized access attempts
  • Rate Limiting: Automated protection against denial-of-service attacks and abuse patterns

9.2 Administrative and Organizational Safeguards

  • Security Audits: Quarterly vulnerability assessments and penetration testing by certified security professionals
  • Employee Training: Comprehensive privacy and security training programs with annual certification requirements
  • Incident Response: Documented breach notification procedures and emergency response protocols
  • Business Continuity: Secure backup systems, disaster recovery procedures, and data redundancy measures
  • Vendor Management: Third-party security assessments and ongoing compliance monitoring

10. Privacy Rights and Data Subject Protections

10.1 Enumeration of Individual Rights

As a Texas-based service provider operating under U.S. jurisdiction, Hill Country Tree Company provides customers with comprehensive rights regarding their personal information, including:

Information Access Rights

  • Request comprehensive copies of all personal data maintained in our systems
  • Obtain detailed processing activity reports and data usage summaries
  • Access historical communication records and service interaction logs

Data Correction and Rectification

  • Update or correct inaccurate personal information and contact details
  • Modify project preferences and service requirements
  • Amend communication preferences and notification settings

Data Portability and Transfer

  • Obtain personal data in structured, machine-readable formats (CSV, JSON)
  • Transfer data to other service providers (where technically feasible)
  • Receive comprehensive data export reports with full transaction histories

Communication and Marketing Controls

  • Opt-out of non-essential communications and promotional materials
  • Modify notification frequency and delivery preferences
  • Request exclusion from marketing analytics and behavioral targeting

10.2 Rights Exercise Procedures and Verification Protocols

To exercise any of these rights, submit detailed requests to hillcountrytreeco@gmail.com including:

  • Identity Verification: Clear identification documentation and account verification information
  • Specific Request Details: Precise description of requested actions, data categories, and processing limitations
  • Supporting Documentation: Relevant account information, reference numbers, or project identifiers
  • Preferred Response Method: Secure communication channel preferences for response delivery

Response Timeline and Processing

We commit to acknowledging privacy rights requests within five (5) business days and providing substantive responses within thirty (30) calendar days. Complex requests requiring extensive data analysis or legal review may require additional processing time, with regular status updates provided to requestors.

11. Children's Privacy Protection and Age Verification

COPPA Compliance and Minor Protection Protocol

Hill Country Tree Company maintains strict policies regarding the collection of information from minors:

  • Our website and services are designed exclusively for adult customers (18+ years) and property owners
  • We do not knowingly collect, process, store, or maintain personal information from individuals under thirteen (13) years of age
  • Any inadvertent collection of children's data will result in immediate deletion from all systems upon discovery
  • Parents or guardians who believe we have collected their child's information should contact us immediately for expedited removal

12. Geographic Limitations and Jurisdictional Scope

Texas-Exclusive Service Territory

Hill Country Tree Company operates exclusively within the State of Texas under applicable Texas state laws, regulations, and jurisdictional authority. Our operational limitations include:

  • We do not advertise, market, or actively solicit customers from jurisdictions outside the State of Texas
  • Service delivery is limited to our designated Texas Hill Country service areas
  • We do not accept orders, process payments, or provide services beyond our established geographic boundaries
  • This website is not intended for residents of international jurisdictions or other U.S. states
  • We do not process personal data subject to European GDPR, California CCPA, or other state-specific privacy regulations

International User Notice: If you are accessing this website from outside Texas or the United States, please be aware that our services may not be available in your jurisdiction, and your personal information may be subject to different privacy protections than those described in this Policy.

13. Policy Updates, Modifications, and Version Control

Hill Country Tree Company reserves the right to modify, update, supplement, or revise this Privacy Policy at any time in response to:

  • Business Operations Evolution: Changes in service offerings, technology implementations, or operational procedures
  • Regulatory Updates: New or modified privacy laws, industry regulations, or compliance requirements
  • Security Enhancements: Implementation of advanced security measures, threat response capabilities, or protection technologies
  • Third-Party Relationships: Modifications to service provider agreements, integration partnerships, or vendor relationships

13.1 Change Notification Procedures

Material changes affecting data collection, processing, or user rights will be communicated through multiple channels:

  • Website Notification: Prominent notice displayed on our website homepage for minimum 30-day period
  • Email Communication: Direct notification to registered customers with active email preferences
  • Policy Versioning: Updated "Effective Date" and version number notation for change tracking
  • Archive Maintenance: Previous policy versions maintained for historical reference and legal documentation

We strongly recommend periodic review of this Policy to maintain awareness of our current privacy practices and any modifications that may affect your personal information.

14. Contact Information and Privacy Inquiry Procedures

For questions, concerns, complaints, or formal requests related to this Privacy Policy or our data protection practices, please contact our designated privacy team:

Hill Country Tree Company - Privacy Department

Primary Contact Information

Privacy Officer: Data Protection Team

Email: hillcountrytreeco@gmail.com

Phone: +1 (210) 556-7089

Business Hours: Monday-Friday, 8:00 AM - 5:00 PM CST

Mailing Address

Hill Country Tree Company

Attn: Privacy Department

464 Rodeo Drive

Spring Branch, TX 78070

United States of America

14.1 Privacy Inquiry Response Commitment

Service Level Agreement for Privacy Inquiries:

  • Initial Response: All privacy inquiries acknowledged within 2 business days of receipt
  • Standard Resolution: Most privacy questions and requests resolved within 14 business days
  • Complex Investigations: Comprehensive privacy assessments completed within 30 business days with interim status updates
  • Escalation Process: Unresolved concerns escalated to senior management and legal counsel as appropriate

We are committed to maintaining transparent, responsive, and professional communication regarding all privacy-related matters and will work diligently to resolve any concerns regarding our data handling practices in accordance with applicable laws and industry best practices.

Legal Disclaimer and Professional Consultation Advisory

This Privacy Policy constitutes a legally binding agreement between Hill Country Tree Company and users of our services and digital platforms. While this document has been prepared with considerable care and attention to comply with applicable privacy laws, regulations, and industry standards, it serves as a comprehensive template based on current legal requirements and best practices.

Professional Legal Consultation Recommended: For specific legal advice regarding privacy compliance obligations, data protection requirements, regulatory adherence, or individual rights under applicable state and federal law, we strongly recommend consulting with qualified legal counsel who maintains expertise in Texas state law, federal privacy regulations, and relevant industry-specific requirements.

This Policy should not be construed as legal advice and does not create an attorney-client relationship or substitute for professional legal guidance tailored to specific circumstances, business operations, or regulatory environments.

Document Information: Last Updated: January 2025 | Version: 2.0 | Review Period: Annual | Next Scheduled Review: January 2026