Legal
Privacy policy
Last updated: May 23, 2026
In short.
Cardimal Products LLC operates Integraticus (integraticus.com), Voice AI Bootcamp (voiceaibootcamp.com). We collect only what we need to run these sites and deliver our services. We don't sell personal data. We don't load marketing or analytics scripts unless you opt in. Calls we host are recorded by default for note-taking; you can opt out at any point. Privacy questions go through the contact form.
This policy explains how Cardimal Products LLC ("we", "us", "our"), the data controller, collects, uses, and protects information when you visit any of our websites, contact us, or engage our services.
1. Who we are and what this policy covers
Integraticus is a trading name of Cardimal Products LLC, registered in Wyoming, USA. Voice AI Bootcamp is also operated by Cardimal Products LLC. This privacy policy applies to all websites, applications, and services operated by Cardimal Products LLC, including but not limited to:
- Integraticus — integraticus.com
- Voice AI Bootcamp — voiceaibootcamp.com
For privacy questions or to exercise any of the rights described below, use the contact form. We'll route the message to the right person internally.
2. Information we collect
We collect only what we need to operate our sites and deliver services to you:
- Contact form submissions: the fields you fill in (name, email, company, message, anything else on the form). Submitted via Tally.
- Booking details: when you schedule a call, the booking provider (Calendly) collects the data shown on its scheduling page (name, email, time slot, optional answers).
- CRM records: contact details, communication history, and pipeline notes for prospects and clients are stored in our CRM (HighLevel / GoHighLevel) once you book a call, submit a form, or enter a sales conversation with us.
- Meeting recordings, transcripts, and summaries: calls we host (discovery calls, strategy calls, working sessions) are recorded and transcribed by default using Fireflies.ai for note-taking and follow-up. Recordings include audio and may include video, plus the names and email addresses of attendees. We'll tell you on the call that recording is on; if you don't want your participation recorded, tell us and we'll stop the recording or remove you from it on request. See §10 below for details.
- Engagement communications: messages and files you share with us during an engagement, including content posted in shared Slack channels, email threads, and short-link click data (Dub.co) on links we send you.
- Payment information: billing name, company, address, and payment method tokens collected by our payment processor (Stripe). We never see or store full card numbers.
- Server logs: IP address, user agent, requested URL, referrer, and timestamps. Used for security and abuse prevention.
- Cookies you opt into: see our cookie policy. We do not load marketing or analytics scripts unless you accept them.
We do not knowingly collect data from children under 16. We do not process special-category data. We do not buy or sell personal data.
3. How we use it
- To respond to your inquiry and qualify the engagement fit.
- To deliver the services you engaged us for.
- To take notes, generate action items, and provide written recaps of calls we host with you.
- To bill and collect for services rendered.
- To operate, secure, and improve our sites.
- To comply with legal, tax, and accounting obligations.
We do not use your personal data to train generalized AI or large language models. Our vendors are contractually prohibited from doing the same with data they process on our behalf.
4. Legal bases (GDPR / UK GDPR)
- Contract: when we're delivering services to you, taking payment, or working toward an agreement.
- Legitimate interests: running the sites, securing them, preventing fraud, responding to inbound contact, taking internal notes on conversations we're party to, and improving our services. We've assessed these against your rights and believe the impact is proportionate.
- Consent: for marketing or analytics cookies, for any third-party embeds loaded on the sites, and for continuing to record a call after you've been notified recording is on.
- Legal obligation: for tax, accounting, and regulatory recordkeeping.
5. Sub-processors
We use a small, vetted set of vendors to operate. Each processes personal data only on our instructions and under written contract (Data Processing Agreement or equivalent). Every vendor below has a public privacy policy and a defined GDPR transfer mechanism.
| Vendor | Purpose | Data | Location | Transfer mechanism | Links |
|---|---|---|---|---|---|
| Render | Static site hosting and CDN delivery. | Server logs (IP, user agent, URLs requested). | United States | SCCs | Privacy · DPA |
| Tally | Contact form intake. | Form fields you submit. | Belgium (EU) | None required (EU controller) | Privacy · DPA |
| Calendly | Discovery-call scheduling. | Name, email, time slot, optional answers. | United States | EU-U.S. DPF + SCCs | Privacy · DPA |
| Fireflies.ai | Meeting recording, transcription, and AI-generated summaries. | Audio (and video, where applicable), transcripts, summaries, attendee names and emails, meeting metadata. | United States | EU-U.S. DPF + SCCs | Privacy · DPA · Sub-processors |
| HighLevel (GoHighLevel) | CRM, sales pipeline, email and SMS communication with prospects and clients. | Contact details, communication content, call notes, pipeline stage. | United States and India | EU-U.S. DPF + SCCs | Privacy · DPA |
| Slack (Salesforce) | Shared engagement channels with clients during active retainers. | Messages, files, and any content you choose to share with us in-channel. | United States | EU-U.S. DPF + SCCs | Privacy · Sub-processors |
| Google Workspace | Business email and document collaboration with prospects and clients. | Email content, attachments, calendar invites, and any documents you share with us. | United States and globally | EU-U.S. DPF + SCCs | Privacy · DPA |
| Stripe | Payment processing and invoicing. | Billing name, company, address, email, and payment method tokens. Full card numbers are handled by Stripe directly under PCI DSS. | United States and globally | EU-U.S. DPF + SCCs | Privacy · DPA |
| Dub.co | Branded short links and click attribution for marketing and outbound communication. | Click events, referrer, browser and device info. IP addresses are not collected for visitors in the EU. | United States | SCCs | Privacy · Sub-processors |
| Google Fonts | Typography. | None — fonts are self-hosted via next/font so no third-party request is made from your browser. | n/a | n/a | Privacy |
We update this list when our vendor stack changes. If you have a material concern about a specific sub-processor on the list above, tell us before signing — we'll discuss accommodations where practical.
6. International transfers
Cardimal Products LLC is based in the United States. If you're in the EEA, the UK, or Switzerland, your personal data will be transferred to the United States (and, in some cases, other countries where our sub-processors operate, such as India for our CRM provider).
We rely on the following transfer mechanisms, applied per vendor as listed in §5:
- EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF, for vendors who are certified under those frameworks.
- Standard Contractual Clauses (Module 2 or Module 3, as applicable) where the vendor is not DPF-certified or where we need additional safeguards.
You can request a copy of the relevant transfer mechanism for any listed sub-processor through the contact form.
7. How long we keep it
- Contact form submissions: up to 24 months.
- Active client records (CRM): for the duration of the engagement plus 7 years (US tax recordkeeping).
- Meeting recordings and transcripts of internal/engagement calls: up to 24 months from the date of the call, then permanently deleted unless retained on your written request.
- Meeting recordings of discovery / pre-sale calls that do not convert into an engagement: deleted within 90 days.
- Server logs: up to 90 days.
- Stripe billing records: 7 years (US tax recordkeeping).
8. Your rights
Depending on where you live, you may have the right to access, correct, delete, port, or restrict processing of your personal data, and to withdraw consent. EEA and UK residents may also lodge a complaint with their local supervisory authority. Swiss residents may contact the FDPIC. California residents have rights under the CCPA, including the right to know, delete, and opt out of any sale or sharing of personal information. We do not sell personal information and do not share it for cross-context behavioral advertising.
To exercise any right, use the contact form. We respond within 30 days.
9. Security
We use access controls, encryption in transit (TLS) and at rest where the platform supports it, principle-of-least-privilege for staff accounts, hardware-backed device authentication, and an incident response procedure. No system is perfectly secure; if we ever experience a breach affecting your data, we'll notify you within 72 hours of becoming aware of it, as required by GDPR Art. 33-34.
10. Call recording notice
Calls we host — including discovery calls, sales calls, strategy calls, and working sessions during an engagement — are recorded and transcribed by default using Fireflies.ai. The recording captures audio (and video, where the call is on video) and produces a transcript and an AI-generated summary. The host will confirm verbally at the start of the call that recording is on. By staying on the call after that notice, you consent to being recorded.
You can opt out at any point:
- Tell the host before or during the call that you don't want your participation recorded. We'll stop the recording or remove you from the meeting and rejoin once it's off.
- Use the contact form after the call to request deletion of a recording or transcript that includes you. We'll confirm deletion within 14 days.
Recordings are accessible only to the operators on your account and the limited Fireflies.ai infrastructure that processes them. Fireflies.ai contractually applies a Zero Data Retention policy with its downstream LLM vendors, meaning meeting content is not retained by those vendors after processing and is not used to train AI models.
11. Changes
We may update this policy. The "Last updated" date at the top reflects the most recent change. Material changes (such as adding a new sub-processor or a new processing purpose) will be highlighted on the affected sites and, where required, notified by email to active clients.
12. Contact
The data controller is Cardimal Products LLC, a Wyoming LLC. All privacy, legal, and general inquiries go through the contact form. We'll route the message internally.