McCrossen Marketing & Consulting Logo 2026
Portal access

PRIVACY POLICY

McCrossen Marketing & Consulting

mccrossenmarketing.com

Effective Date: February 21, 2026

Last Updated: February 21, 2026

 

 

1. Introduction

McCrossen Marketing & Consulting (“McCrossen,” “we,” “us,” or “our”) operates the website mccrossenmarketing.com and the McCrossen Marketing Platform (collectively, the “Platform”). This Privacy Policy describes how we collect, use, disclose, and protect your personal information when you visit our website, use our customer portal, interact with our AI-powered tools, or purchase our products and services.

This Privacy Policy applies to all users of our Platform, including website visitors, registered portal users, chatbot users, and customers who have purchased services or software licenses.

By using our Platform, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with the practices described herein, please do not use our Platform.

2. Information We Collect

2.1 Information You Provide Directly

We collect information you voluntarily provide when you interact with our Platform:

  • Account Registration: Name, email address, phone number, business name, business website URL, and password when you create an account through our customer portal or AI Advisor chatbot.
  • Payment Information: Credit card or payment method details processed through Stripe. We do not store full credit card numbers on our servers; these are handled entirely by Stripe’s PCI-compliant infrastructure.
  • AI Advisor Conversations: Messages, questions, and content you submit to our AI Advisor chatbot, including marketing strategy discussions, business information shared during conversations, and documents generated through the chatbot.
  • Support Tickets: Information submitted through our support ticketing system, including descriptions of issues and any attachments.
  • Service Catalog Purchases: Service selections, subscription preferences, billing frequency, and coupon codes.
  • Review Submissions: Feedback and reviews submitted through our review solicitation system.

2.2 Information Collected Automatically

When you access our Platform, we automatically collect certain technical and behavioral information:

  • Device and Browser Information: IP address, browser type and version, operating system, device type, screen resolution, and language preferences.
  • Usage Data: Pages visited, time spent on pages, click patterns, portal navigation behavior, chatbot interaction patterns, and catalog browsing activity.
  • Security Data: Login attempts (successful and failed), IP addresses associated with authentication events, user-agent headers, geolocation data derived from IP addresses, and threat scores calculated by our security system.
  • Session Data: Authentication tokens, cross-tab session synchronization data via BroadcastChannel API, and two-factor authentication status.

2.3 Information from Connected Services

If you choose to connect third-party services through our Dashboard, we access data from those services on your behalf:

  • Google Analytics 4 (GA4): Website traffic data, session metrics, bounce rates, top pages, and audience demographics for your connected properties.
  • Google Search Console (GSC): Keyword rankings, click-through rates, search impressions, and indexing status for your connected properties.
  • Google Business Profile (GBP): Reviews, views, direction requests, phone calls, and Q&A data for your connected business listings.

Access to these services is authorized through Google OAuth 2.0, and we only access data for the specific properties you authorize. You may disconnect these services at any time through your portal Dashboard.

2.4 Information from Third-Party Data Providers

We use third-party services to enhance our Platform’s SEO intelligence capabilities. We submit domain names and keywords to our vendor’s API to retrieve domain authority scores, backlink data, SERP position tracking, and competitive analysis data. This data is associated with your customer account.

3. How We Use Your Information

We use the information we collect for the following purposes:

3.1 Service Delivery

  • Providing AI-powered marketing advice and strategy recommendations through our AI Advisor chatbot
  • Processing payments and managing subscriptions through Stripe
  • Delivering SEO intelligence, analytics dashboards, and performance tracking
  • Managing your customer portal account, services, invoices, and support tickets
  • Generating and distributing software licenses for purchased plugins

3.2 Platform Improvement and AI Training

We analyze aggregated and anonymized data from chatbot conversations and platform interactions to improve the quality of our AI recommendations and platform features. This includes:

  • Classifying conversations using AI to identify knowledge gaps, new use cases, service opportunities, and website issues (our Novel Insights system)
  • Using aggregate patterns across all customers to refine scoring models and recommendation algorithms
  • Tracking recommendation outcomes to measure and improve the effectiveness of our guidance

3.3 Security

  • Detecting and preventing unauthorized access, fraud, and security threats
  • Logging security events, including IP addresses, user agents, and geolocation data for forensic analysis
  • Implementing rate limiting and automated threat blocking
  • Calculating threat scores for login attempts and blocking malicious actors via various security files synchronization

3.4 Communications

  • Sending transactional emails (account verification, password resets, invoice receipts, subscription confirmations)
  • Sending service-related notifications (renewal reminders, system announcements, support ticket updates)
  • Review solicitation emails requesting feedback on services received

3.5 Sales Tax Compliance

We calculate and collect applicable sales taxes using automated tax calculation services. Transaction amounts and customer addresses are shared with our tax calculation provider to determine the correct tax rates. In Texas, SaaS products are classified as data processing services with 80% of the charge being taxable.

4. How We Share Your Information

We do not sell your personal information to third parties. We share your information only in the following circumstances:

4.1 Third-Party Service Providers

We use third-party processors to operate our Platform. Each receives only the minimum data necessary for their function. The third-party service providers are classified as:

Payment Processors. (Payments) — Processes credit card payments, manages subscriptions, stores payment methods, handles invoicing and webhook events. Receives: customer name, email, payment details, transaction amounts.

Data Processors. Powers a substantial amount of the Platform, conversation classification in, and content generation features. Provides domain authority scores, backlink analysis, SERP position tracking, and keyword research data. Receives: domain names and keyword queries associated with customer accounts.

Google APIs (Analytics & Business Data) — We access Google Analytics 4, Google Search Console, and Google Business Profile data through OAuth-authorized API connections. We access only the properties you explicitly authorize. Google’s privacy policy: https://policies.google.com/privacy

Cloudflare, Inc. (CDN, Security & DNS) — Provides content delivery, DDoS protection, Web Application Firewall, DNS management, and Turnstile CAPTCHA verification. Cloudflare processes all web traffic to our Platform. Cloudflare’s privacy policy: https://www.cloudflare.com/privacypolicy/

ip-api.com (Geolocation) — Receives IP addresses for geolocation lookup during security event logging. Used to determine geographic origin of login attempts and potential threats.

TaxJar (Stripe subsidiary) (Tax Calculation) — Calculates sales tax rates based on customer location and product classification. Receives: transaction amounts, customer addresses, and product tax category codes.

Hosting — Provides managed hosting infrastructure.

 

4.2 Legal Requirements

We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., a court order or government agency request).

4.3 Business Transfers

If McCrossen Marketing & Consulting is involved in a merger, acquisition, or sale of assets, your personal information may be transferred as part of that transaction. We will notify you of any such change in ownership or control of your personal information.

5. Data Storage and Security

5.1 Data Location

All Platform data is stored on servers located in the United States. We do not transfer data outside the United States except through the third-party processors described in Section 4.1 (which may process data in various locations according to their own policies).

5.2 Security Measures

We implement the following security measures to protect your information:

  • SSL/TLS encryption for all data transmitted between your browser and our servers (Let’s Encrypt certificates)
  • Cloudflare Web Application Firewall (WAF) and DDoS protection
  • Automated threat detection with scoring and IP blocking for malicious activity
  • Rate limiting on authentication endpoints
  • Two-factor authentication (2FA) available for portal accounts
  • Password hashing
  • Cloudflare Turnstile CAPTCHA
  • Protected upload directories and blocked direct web access to development files and user content

5.3 Data Retention

We retain your information for as long as your account is active or as needed to provide services. Specific retention periods:

  • Account Data: Retained for the duration of your account. Upon account deletion, core account information is removed, but certain financial records may be retained as required by law.
  • AI Advisor Conversations: Stored indefinitely unless you request deletion or manually purge your chat history.
  • Security Logs: Retained according to configurable retention periods set by the Platform administrator. Includes IP addresses and user-agent headers.
  • Telemetry Events: Stored in our database with no external transmission.
  • Financial Records: Transaction records, invoices, and subscription data retained for a minimum of 7 years for tax and legal compliance.
  • Support Tickets: Retained for the duration of your account plus 1 year after closure.

6. Cookies and Tracking Technologies

Our Platform uses the following cookies and tracking technologies:

  • Authentication Session Cookies: Essential cookies that maintain your logged-in state across the Platform. These are required for the portal and chatbot to function.
  • Cloudflare Cookies: Performance and security cookies set by Cloudflare for CDN optimization, bot detection, and DDoS protection.
  • Cloudflare Turnstile: Challenge cookies used by our CAPTCHA system to verify human users during login and registration.
  • WordPress Cookies: Standard WordPress session and preference cookies for administrative functions.
  • BroadcastChannel API: We use the browser’s BroadcastChannel API (not a cookie) to synchronize login state across browser tabs. This data is local to your browser and is not transmitted to our servers.
  • We use advertising cookies and third-party tracking pixels. We participate in cross-site tracking and behavioral advertising networks.

7. Your Rights and Choices

7.1 Account Management

You may access, update, or delete your account information at any time through the customer portal. You may also contact us directly to request changes to your personal information.

7.2 Communication Preferences

You may opt out of non-essential communications by contacting us. Transactional communications related to your account, payments, and active services cannot be opted out of while your account is active.

7.3 Connected Service Disconnection

You may disconnect Google Analytics, Google Search Console, and Google Business Profile integrations at any time through your portal Dashboard. Upon disconnection, we will cease accessing data from those services, though previously cached data may remain in our system until the next scheduled refresh cycle clears it.

7.4 Data Deletion

You may request deletion of your account and associated personal data by contacting us at the address provided below. Upon receiving a verified deletion request, we will:

  • Delete your account credentials and profile information
  • Retain financial records (invoices, transactions) as required by law
  • Retain anonymized aggregate data that cannot be linked back to you

7.5 California Residents (CCPA)

If you are a California resident, you have the right to: (a) know what personal information we collect, use, and disclose; (b) request deletion of your personal information; (c) opt out of the sale of your personal information (we do not sell personal information); and (d) not be discriminated against for exercising your privacy rights. To exercise these rights, contact us using the information in Section 11.

7.6 European Users (GDPR)

If you are located in the European Economic Area, you have additional rights including: the right to access, rectification, erasure, restriction of processing, data portability, and the right to object to processing. Our lawful basis for processing is either your consent, performance of a contract, or our legitimate interests in operating and improving our Platform.

8. Software Plugins Distributed to Customer Websites

McCrossen Marketing distributes WordPress plugins (including McCrossenSEO™ and McCrossen Security Shield™) that operate on customer-owned websites. These plugins may collect and transmit data as follows:

8.1 McCrossenSEO™ Plugin

  • Connects to the McCrossen Gateway for enhanced-powered writing assistance, content optimization, and keyword analysis. User prompts and page content are transmitted to our servers and processed through our data vendors.
  • License Validation: The plugin periodically contacts our license server to verify license validity. Domain name and license key are transmitted during validation.

8.2 McCrossen Security Shield Plugin

  • Anonymized threat data (IP addresses, attack patterns, threat types) may be transmitted to McCrossen’s central threat intelligence database to power the crowdsourced blocklist feature.
  • License validation contacts our server with domain name and license key.

9. Children’s Privacy

Our Platform is not directed to individuals under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that a child under 13 has provided us with personal information, we will take steps to delete such information promptly. If you believe a child under 13 has provided us with personal information, please contact us at the address below.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify registered users of material changes by email and/or by posting a prominent notice on our Platform. The “Last Updated” date at the top of this policy indicates when it was most recently revised. Your continued use of the Platform after any changes constitutes your acceptance of the updated policy.

11. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

McCrossen Marketing & Consulting
11844 Bandera Rd
#300
San Antonio, Texas 78023
Email: support@mccrossenmarketing.com
Website: https://mccrossenmarketing.com