Services Work Pricing About FAQ (281) 250-4335 Get a free quote →
← Back to home

Privacy Policy

Last updated: June 8, 2026

This Privacy Policy ("Policy") explains how MM Web Solutions LLP, a Texas limited liability partnership ("MM Web Solutions," "we," "us," or "our"), collects, uses, discloses, retains, transfers, and protects Personal Information when you visit our website at mmwebsolutions.org (the "Site"), submit our contact form, request a quote, engage our services, or otherwise interact with us. By using the Site or providing information to us, you acknowledge that you have read and understood this Policy.

This Policy is designed to comply with applicable privacy laws, including the EU General Data Protection Regulation ("GDPR"), the UK GDPR, the California Consumer Privacy Act as amended by the California Privacy Rights Act ("CCPA/CPRA"), the Virginia Consumer Data Protection Act ("VCDPA"), the Colorado Privacy Act ("CPA"), the Connecticut Data Privacy Act ("CTDPA"), the Utah Consumer Privacy Act ("UCPA"), the Texas Data Privacy and Security Act ("TDPSA"), and the Children's Online Privacy Protection Act ("COPPA"), to the extent each applies to us.

1. Definitions

"Personal Information" or "Personal Data" means any information that identifies, relates to, describes, or could reasonably be linked to you or your household. "Process" or "Processing" means any operation performed on Personal Information, including collection, recording, storage, use, disclosure, or deletion. "Services" means the website design, development, SEO, consulting, and related professional services we provide. "Cookies" means small text files stored on your device by your browser. Capitalized terms not defined here have the meanings given in our Terms of Service.

2. Scope and Application

2.1 This Policy applies to: (a) visitors to the Site; (b) prospective clients who submit inquiries or request quotes; (c) active and former clients receiving Services; and (d) anyone who otherwise interacts with us by email, phone, or other channels.

2.2 This Policy does NOT apply to: (a) third-party websites or services that link to or from our Site (their own privacy policies govern); (b) Personal Information collected by our clients on their own websites — where we may act as a processor on the client's behalf, the client's own privacy policy governs that data; (c) information you choose to share publicly (e.g., on social media).

3. Information We Collect

3.1 Information You Provide Directly. When you contact us, request a quote, or engage our Services, we may collect: (a) identity information (name, business name, job title); (b) contact information (email, phone, mailing address); (c) project information (business details, goals, budget, timeline, technical requirements, and any other information you share); (d) communications (emails, messages, support requests); (e) payment information (we do not store full payment-card numbers — payments are processed by third-party processors under their own privacy policies); (f) credentials (login credentials, API keys, or other account access necessary to perform Services — treated as Confidential Information under our Terms of Service); (g) content you share for use in the Services (text, images, logos, files).

3.2 Information Collected Automatically. When you visit the Site, we and our service providers may automatically collect: (a) technical information (IP address, browser type and version, device type, operating system, language preferences); (b) usage information (pages visited, time on page, referring URL, click events); (c) server logs (HTTP requests, response codes, timestamps — used for security, debugging, abuse prevention, and rate limiting on our contact form); (d) data collected via Cookies and similar technologies as described in Section 6.

3.3 Information from Third Parties. We may receive information about you from: (a) referrals (clients or partners who refer you to us); (b) publicly available sources (business directories, public-record information about your business); (c) service providers (analytics, payment processors, anti-spam services); (d) social media platforms (if you interact with us there).

3.4 Sensitive Personal Information. We do not knowingly collect Sensitive Personal Information (such as government identifiers, health data, biometrics, racial or ethnic origin, religious beliefs, sexual orientation, precise geolocation, or financial account credentials beyond what payment processors require). Please do not transmit such information to us unless absolutely necessary.

4. How We Use Information

We Process Personal Information for the following purposes:

4.1 To provide and deliver Services — responding to inquiries, preparing quotes and SOWs, delivering Services, managing projects, handling invoicing and payment, providing client support.

4.2 To communicate with you — sending service-related communications, project updates, invoices, important notices, and responses to your inquiries.

4.3 To improve our Site and Services — analyzing usage patterns, debugging issues, developing new features, conducting internal research.

4.4 For security and fraud prevention — preventing fraud, abuse, spam, denial-of-service attacks, and unauthorized access; investigating violations of our Terms of Service; rate-limiting form submissions.

4.5 For legal compliance — meeting tax, accounting, regulatory, and legal requirements; responding to lawful requests, subpoenas, and government investigations; enforcing our agreements; establishing or defending legal claims.

4.6 For marketing (limited) — sending occasional updates about our Services to existing clients and individuals who have affirmatively engaged with us. You may opt out at any time. We do not send unsolicited bulk marketing email.

4.7 For business operations — bookkeeping, audits, due diligence, legal counsel review.

4.8 For other purposes with your consent — any other purpose disclosed at collection or with your express consent.

5. Legal Bases for Processing (GDPR / UK GDPR)

If you are located in the European Economic Area, the United Kingdom, or Switzerland, our legal bases for Processing Personal Information are:

5.1 Contract performance — Processing necessary to provide Services or to take steps at your request before entering into a contract (e.g., quoting a project).

5.2 Consent — where you have given clear consent for a specific purpose (e.g., optional marketing communications). You may withdraw consent at any time without affecting the lawfulness of prior Processing.

5.3 Legitimate interests — where Processing is necessary for our legitimate business interests (Site security, fraud prevention, improving Services, basic analytics, defending legal claims, internal administration) and is not overridden by your interests, rights, or freedoms.

5.4 Legal obligation — where Processing is required by applicable law.

6. Cookies and Similar Technologies

6.1 What we use. Our Site uses minimal cookies and similar technologies:

(a) Strictly necessary technologies are required for the Site to function (e.g., security tokens; brief IP-based rate-limit tracking on the contact form, purged within one hour). These cannot be disabled.

(b) Analytics (only if enabled): we may use privacy-friendly analytics such as Plausible Analytics, which does not use cookies and does not collect personal identifiers. If we add cookie-based analytics (e.g., Google Analytics 4) in the future, this Policy will be updated and consent obtained where required by law.

(c) Third-party services embedded in or linked from the Site (such as Calendly for scheduling, hCaptcha for spam prevention, or social-media widgets) may set their own cookies governed by their own privacy policies when you interact with them.

6.2 Managing cookies. You can control cookies through your browser settings. Most browsers let you block all cookies, block third-party cookies, or delete cookies. Disabling cookies may affect Site functionality.

6.3 Global Privacy Control. We honor the Global Privacy Control ("GPC") browser signal where required by applicable law. We do not respond to legacy "Do Not Track" signals as there is no industry consensus on their interpretation.

7. How We Share Information

We do not sell your Personal Information for monetary or other valuable consideration, and we do not "share" Personal Information for cross-context behavioral advertising as those terms are defined under California law.

7.1 Service Providers (Processors / Subprocessors). We share information with trusted third-party vendors who help us operate, including: (a) email and communications providers (e.g., Google Workspace; Resend, which delivers our transactional and contact-form emails; Discord, which we use to receive internal notifications when a new inquiry is submitted); (b) hosting, cloud, and content-delivery providers; (c) analytics services (e.g., Plausible); (d) payment processors (e.g., Stripe — we do not receive or store full payment card numbers); (e) scheduling and meeting tools (e.g., Calendly); (f) spam and abuse prevention (e.g., hCaptcha, which helps us verify that contact-form submissions are made by a human and not an automated bot); (g) project management and file storage tools; (h) professional advisors (attorneys, accountants, auditors, insurers). These providers are contractually obligated to use Personal Information only as needed to provide services to us and to protect it appropriately.

7.2 Legal Requirements. We may disclose information when we believe in good faith that disclosure is: (a) required by law, court order, subpoena, warrant, or government request; (b) necessary to enforce our Terms of Service or other agreements; (c) necessary to protect the rights, property, or safety of MM Web Solutions LLP, our clients, or others; (d) necessary to investigate fraud, security incidents, or potential violations.

7.3 Business Transfers. If we are involved in a merger, acquisition, financing, reorganization, sale of assets, bankruptcy, or similar transaction, Personal Information may be transferred as part of that transaction. We will give notice (where required) before your information becomes subject to a different privacy policy.

7.4 With Your Consent. We may share information for any other purpose with your specific consent.

7.5 Aggregated or De-Identified Data. We may share aggregated or de-identified information (which cannot reasonably identify you) for any lawful purpose.

8. Data Retention

8.1 We retain Personal Information only as long as necessary to fulfill the purposes for which it was collected, including to satisfy legal, tax, accounting, contractual, and reporting requirements, or to resolve disputes and enforce our agreements.

8.2 General retention guidelines:

(a) Inquiries that do not result in engagement: typically up to 24 months, then deleted or anonymized;

(b) Active client records and project files: duration of the engagement plus seven (7) years, to meet tax and legal retention requirements;

(c) Financial records (invoices, payment records): seven (7) years (per IRS and Texas requirements);

(d) Server logs: typically 30–90 days;

(e) Marketing contacts: until you unsubscribe, plus a short period sufficient to honor and document the opt-out.

8.3 When information is no longer needed, we securely delete, anonymize, or archive it in accordance with applicable law.

9. Data Security

9.1 We implement reasonable and appropriate administrative, technical, and physical safeguards to protect Personal Information, including: HTTPS/TLS encryption for data in transit; access controls and authentication for our systems; the principle of least privilege; vendor due diligence; secure deletion procedures; and incident-response planning.

9.2 However, no method of transmission over the internet or storage is one hundred percent (100%) secure. We cannot and do not guarantee absolute security. To the maximum extent permitted by law, we disclaim all liability for unauthorized access, disclosure, or loss of information that is not directly caused by our gross negligence or willful misconduct. You acknowledge that any transmission of information to us is at your own risk. If you become aware of a security incident affecting your information, please contact us immediately.

10. International Data Transfers

10.1 We are based in the United States. If you access the Site or provide information from outside the United States, your information will be transferred to, stored, and Processed in the United States, which may have data protection laws different from those of your country.

10.2 For transfers from the European Economic Area, the United Kingdom, or Switzerland to the United States or other jurisdictions without an adequacy decision, we rely on appropriate safeguards such as the Standard Contractual Clauses approved by the European Commission (or UK equivalent), supplementary measures where appropriate, or your explicit consent. Copies of applicable transfer mechanisms are available upon request.

11. Your Privacy Rights — General

Depending on your jurisdiction and applicable law, you may have the following rights regarding your Personal Information:

(a) Access — request a copy of Personal Information we hold about you;

(b) Correction — request correction of inaccurate or incomplete information;

(c) Deletion — request deletion of your Personal Information, subject to legal exceptions;

(d) Portability — request your Personal Information in a portable, machine-readable format;

(e) Object or Restrict — object to or restrict certain Processing;

(f) Withdraw Consent — where Processing is based on consent, withdraw it at any time;

(g) Opt out of Marketing — unsubscribe from marketing communications at any time;

(h) Opt out of Sale, Sharing, Targeted Advertising, or Profiling — not applicable to us, as we do not engage in these activities;

(i) Lodge a Complaint with the relevant supervisory authority.

To exercise any of these rights, email [email protected] with the subject line "Privacy Rights Request" and describe the right you wish to exercise. We will respond within the time required by applicable law (generally 30–45 days). We may need to verify your identity before responding. We will not discriminate against you for exercising your rights.

12. California Privacy Rights (CCPA / CPRA)

12.1 Categories of Personal Information collected in the past 12 months:

(a) Identifiers (name, email, phone, IP address);

(b) Customer records information (contact form submissions, business information);

(c) Internet or other electronic network activity (Site usage, browser, device);

(d) Commercial information (Services purchased, transaction history);

(e) Professional or employment information (job title, company);

(f) Inferences drawn from the above (limited; primarily project-relevance scoring).

12.2 Sources: directly from you; automatically from your device; from referral sources and public records; from service providers.

12.3 Business or commercial purposes for collecting this information are described in Section 4.

12.4 Sale or Sharing. WE DO NOT SELL PERSONAL INFORMATION AND WE DO NOT SHARE PERSONAL INFORMATION FOR CROSS-CONTEXT BEHAVIORAL ADVERTISING.

12.5 Sensitive Personal Information. We do not collect or process Sensitive Personal Information as defined by CPRA.

12.6 Your California rights include: (a) right to know; (b) right to delete; (c) right to correct; (d) right to opt out of sale/sharing (not applicable as we do neither); (e) right to limit use of Sensitive Personal Information (not applicable); (f) right of non-discrimination; (g) right to data portability. To exercise, email [email protected] with subject line "California Privacy Request."

12.7 Authorized Agent. You may designate an authorized agent to submit requests on your behalf, with written authorization.

12.8 "Shine the Light" (Cal. Civ. Code § 1798.83). California residents may request a list of third parties to which we disclosed Personal Information for those third parties' direct marketing. We do not share Personal Information with third parties for their own direct marketing.

13. EU / UK Privacy Rights (GDPR / UK GDPR)

13.1 If you are in the EEA, UK, or Switzerland, you have the following rights: (a) right of access; (b) right to rectification; (c) right to erasure ("right to be forgotten"); (d) right to restriction of Processing; (e) right to data portability; (f) right to object; (g) right not to be subject to automated decision-making producing legal or similarly significant effects (we do not engage in such automated decision-making); (h) right to withdraw consent; (i) right to lodge a complaint with your local data protection supervisory authority.

13.2 We have not appointed a Data Protection Officer (not required for our size and Processing activities). We have not appointed a representative in the EU or UK under Article 27 of the GDPR/UK GDPR. For privacy inquiries, contact us directly at [email protected].

14. Other U.S. State Privacy Rights

14.1 Residents of certain U.S. states have rights similar to those described above under their state privacy laws. As of the "Last updated" date of this Policy, these include:

(a) Texas (TDPSA) — effective July 1, 2024;

(b) Virginia (VCDPA);

(c) Colorado (CPA);

(d) Connecticut (CTDPA);

(e) Utah (UCPA);

(f) Oregon, Montana, Iowa, Delaware, Indiana, Tennessee, New Hampshire, New Jersey, Kentucky, Minnesota, Maryland, Rhode Island, and similar laws as they take effect.

14.2 These rights generally include access, deletion, correction, portability, opt-out of targeted advertising/sale/certain profiling (where applicable to us), and an appeals process if a request is denied. To exercise, email [email protected] with your state of residence and the right(s) you wish to exercise.

14.3 Texas residents (TDPSA). As a Texas-based business, we comply with the TDPSA. You have rights to access, correct, delete, port, and opt out of targeted advertising, sale of Personal Data, or certain profiling. We do not engage in sale of Personal Data or targeted advertising.

15. Children's Privacy

15.1 Our Site and Services are not directed to individuals under 18, and we do not knowingly collect Personal Information from children under 13 (or under 16 in the EEA/UK where applicable). If you are under 18, please do not provide Personal Information to us. If you believe we have inadvertently collected information from a child, please contact us at [email protected] and we will promptly delete it.

15.2 We comply with the Children's Online Privacy Protection Act (COPPA) in the United States.

16. Third-Party Links and Services

16.1 The Site may contain links to third-party websites or services (e.g., Calendly, social media, our clients' websites). This Policy does not apply to such third parties. We are not responsible for the content, accuracy, or privacy practices of third-party sites. We encourage you to review their privacy policies before providing them with information.

17. Marketing Communications

17.1 We may send occasional marketing communications to existing clients and individuals who have affirmatively engaged with us or opted in. You may unsubscribe at any time by: (a) clicking the "unsubscribe" link in any marketing email; or (b) emailing [email protected] with "unsubscribe" in the subject line.

17.2 Even if you opt out of marketing communications, we may still send transactional or service-related communications (e.g., invoices, project updates, security alerts).

17.3 We comply with the CAN-SPAM Act and similar applicable laws. We do not send unsolicited bulk marketing email.

18. Automated Decision-Making and Profiling

18.1 We do not engage in automated decision-making (including profiling) that produces legal or similarly significant effects concerning you.

19. Changes to This Policy

19.1 We may update this Policy from time to time to reflect changes in our practices, legal requirements, technology, or for other operational reasons. The "Last updated" date at the top reflects the most recent revision.

19.2 For material changes that significantly affect your rights, we will provide notice (where required by law) — for example, by sending an email to your last-known address or posting a prominent notice on the Site for at least 30 days before changes take effect.

19.3 Continued use of the Site after the effective date of an updated Policy constitutes acceptance of the changes.

20. Contact Us

For questions, concerns, or to exercise any privacy rights, contact us:

MM Web Solutions LLP
Houston, Texas
Email: [email protected]
Phone: (281) 250-4335
Website: mmwebsolutions.org

For privacy-specific inquiries, please include "Privacy Request" in your subject line so we can route your message appropriately.