Plain-English summary: We collect only what we need to respond to enquiries and improve our site. We don't sell your data. We use standard B2B analytics tools. If you're in the EU/UK, GDPR applies. If you're in California, CCPA applies. You can always email hello@weflair.co to access, correct, or delete your data.
WeFlair LLC ("WeFlair", "we", "us", "our") is a B2B growth marketing agency. Our registered address is 131 Continental Dr, Suite 305, Newark, DE 19713, United States. We are headquartered in Valencia, Spain, and operate as a remote-first team with a distributed workforce. We serve clients primarily in the B2B SaaS, B2B tech, e-commerce, and professional services sectors globally.
For the purposes of applicable data protection law (including the EU General Data Protection Regulation 2016/679 ("GDPR"), UK GDPR, and the California Consumer Privacy Act ("CCPA") as amended by the CPRA), WeFlair LLC is the data controller of the personal data described in this policy.
Our primary contact for privacy matters: hello@weflair.co
| Collection point | What is collected | When |
|---|---|---|
| Contact form (contact.html) | Name, email, company, challenges, message | When you submit the form |
| Newsletter sign-up (blog, resource pages) | Email address | When you subscribe |
| Gated content / case study gate | Email address | When you request a download |
| Cal.com booking | Name, email, meeting details | When you book a call |
| Google Tag Manager | Behavioural / analytics data | On every page load |
| Factors.ai | Company-level intent data | On every page load |
| Sortlist Radar | Session, form, click tracking | On every page load |
We only process personal data where we have a lawful basis. Under GDPR/UK GDPR, those bases are:
| Purpose | Legal basis (GDPR) |
|---|---|
| Responding to your enquiry or booking request | Performance of a contract / pre-contractual steps (Art. 6(1)(b)) |
| Sending marketing emails or newsletters you signed up for | Consent (Art. 6(1)(a)) — you may unsubscribe at any time |
| Analytics and site performance monitoring | Legitimate interests (Art. 6(1)(f)) — understanding how our site is used to improve it |
| B2B intent data / firmographic enrichment via Factors.ai | Legitimate interests (Art. 6(1)(f)) — identifying potential B2B clients |
| Fraud prevention and website security | Legitimate interests (Art. 6(1)(f)) |
| Compliance with legal obligations | Legal obligation (Art. 6(1)(c)) |
For California residents, the above purposes correspond to the CCPA categories of "business purposes" and do not constitute "selling" or "sharing" personal information for cross-context behavioural advertising beyond what is described in Section 6.
We use the following sub-processors and third-party services. Each processes data only on our behalf and under contractual obligations consistent with applicable data protection law:
| Service | Purpose | Data shared | Privacy policy |
|---|---|---|---|
| Netlify | Website hosting; form submission storage | Form data (name, email, company, message), IP address | netlify.com/privacy |
| Google Tag Manager / Google Analytics | Tag management; website analytics | Anonymised usage data, cookies | policies.google.com/privacy |
| Factors.ai | B2B visitor intent data; company identification | IP address, page behaviour (company-level, not individual-level) | factors.ai/privacy-policy |
| Sortlist Radar | Session and interaction tracking; Sortlist profile attribution | Session data, clicks, form interactions | sortlist.com/privacy-policy |
| Cal.com | Meeting scheduling | Name, email, calendar availability | cal.com/privacy |
| Google Ads / Meta Ads / LinkedIn Ads | Paid advertising; conversion tracking | Anonymised conversion events via pixels/tags | Google, Meta, LinkedIn privacy policies |
We do not sell, rent, or trade your personal data to any third party for their own marketing purposes.
We use cookies and similar tracking technologies on our website. Below is a summary of the cookie categories we use:
| Category | Purpose | Examples | Duration |
|---|---|---|---|
| Strictly necessary | Required for the site to function (form CSRF tokens, session management) | Netlify session | Session |
| Analytics | Understanding how visitors use our site (pages viewed, time on site, traffic sources) | _ga, _gid (Google Analytics via GTM) | Up to 2 years |
| Intent / identification | Identifying the company of anonymous visitors for B2B outreach | Factors.ai cookies, Sortlist Radar cookies | Up to 1 year |
| Marketing / retargeting | Measuring ad performance and enabling retargeting on Google, Meta, and LinkedIn | _fbp, li_sugr, Google Ads conversion cookie | Up to 90 days |
You can control or disable cookies through your browser settings. Disabling analytics or marketing cookies will not prevent you from using the website. For EU/UK residents, non-essential cookies are only activated following your consent where a consent mechanism is deployed.
To opt out of Google Analytics across the web, you can install the Google Analytics Opt-out Browser Add-on.
We retain personal data only for as long as necessary for the purpose for which it was collected, or as required by law:
When data is no longer required, it is securely deleted or anonymised.
You have the following rights regarding your personal data:
To exercise any of these rights, email hello@weflair.co with the subject line "Data Subject Request". We will respond within 30 days (extendable by 2 further months for complex requests). We may need to verify your identity before actioning your request.
You also have the right to lodge a complaint with your local supervisory authority. In the EU, this is your national data protection authority. In the UK, this is the Information Commissioner's Office (ICO).
If you are a California resident, you have the following additional rights:
To submit a CCPA request, email hello@weflair.co with "CCPA Request" in the subject line. We will respond within 45 days (extendable by an additional 45 days where reasonably necessary).
WeFlair LLC is based in the United States. If you are located in the European Economic Area (EEA), the United Kingdom, or another jurisdiction with data transfer restrictions, your personal data will be transferred to and processed in the United States.
We rely on the following safeguards for such transfers:
All major processors listed in Section 5 (Google, Meta, LinkedIn, Netlify, Cal.com) are either DPF-certified or operate under SCCs.
We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, accidental loss, destruction, or disclosure. These include:
No method of internet transmission or electronic storage is 100% secure. In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify relevant supervisory authorities and affected individuals in accordance with applicable law.
Our website and services are directed exclusively at business professionals and are not intended for, nor do we knowingly collect personal data from, children under the age of 16 (or 13 in the United States). If you believe we have inadvertently collected data from a minor, please contact us at hello@weflair.co and we will delete it promptly.
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons. When we do, we will update the "Last updated" date at the top of this page.
We encourage you to review this policy periodically. For material changes, we will make reasonable efforts to notify you (for example, by posting a prominent notice on our website or, where we hold your email address, by sending you a notification).
Your continued use of our website after any changes constitutes acceptance of the updated policy.
If you have any questions, requests, or complaints regarding this Privacy Policy or our data practices, please contact us:
WeFlair LLC
131 Continental Dr, Suite 305
Newark, DE 19713, United States
Email: hello@weflair.co
For data subject requests (GDPR / CCPA): include "Privacy Request" in your subject line and describe your request.
We aim to respond to all privacy-related enquiries within 10 business days and to complete data subject requests within the applicable statutory timeframe (30 days for GDPR, 45 days for CCPA).