Skip to main content

Privacy Policy

DRAFT — requires attorney review before launch

Effective and last updated: July 12, 2026

This Privacy Policy explains how Origin Creative (“Origin Creative,” “we,” “us,” or “our”) collects, uses, and shares personal information through origincreative.io, our inquiry forms, and related communications. It is written to describe the systems we actually use and the capabilities identified below as planned.

Information we collect

Information you provide

When you submit a form, request an audit, book a call, or communicate with us, we may collect:

  • your name, email address, telephone number, company, job title, and location;
  • the project details, business needs, budget or timing information, and message you choose to provide;
  • your communication preferences and records of consent;
  • appointment details and correspondence; and
  • source page, referral source, and campaign parameters associated with your inquiry.

Please do not submit passwords, financial account details, health information, government identifiers, or other sensitive personal information through a general inquiry form.

Information collected automatically

Our site and service providers may collect IP address, browser and device information, referring page, pages viewed, timestamps, approximate location derived from IP address, analytics identifiers, and security or diagnostic information. The site stores a theme preference in browser local storage. See our Cookie & Analytics Notice for details.

Information from other sources

For legitimate business-to-business lead qualification, we may supplement information you provide with publicly available business and professional information, such as a company website, professional role, industry, and public business contact details. We do not use enrichment to obtain sensitive personal information.

How information moves through our systems

Our current lead pipeline is:

  1. Website and Cloudflare. A form submission passes through a Cloudflare Pages Function. Cloudflare Turnstile and related security checks help detect automated abuse before the submission is forwarded.
  2. n8n intake. Our self-hosted n8n workflow receives, validates, normalizes, and routes the submission.
  3. NexusCore enrichment and scoring. Our self-hosted NexusCore tools may add public business context, classify the inquiry, and calculate a fit or priority score to help us route and respond.
  4. Twenty CRM. Contact details, inquiry content, source data, consent records, scores, and communication history may be synchronized to our self-hosted Twenty CRM.
  5. Gmail communications. If you request a response or consent to follow-up, workflow-assisted messages may be sent through Google Gmail. Marketing email includes an opt-out method, and we honor opt-out requests within 10 business days.
  6. Google Analytics 4. We use GA4 to understand site use and conversion events. Events may be sent from the browser and from our server through Google Analytics Measurement Protocol. Server-side events may include event name, timestamp, source/page/campaign context, and a client or session identifier when available.

Apify is a planned enrichment provider and is not active in this pipeline as of the effective date. If it is enabled, this policy will be updated before personal information is sent to it.

AI call handling is a planned capability and is not active as of the effective date. We do not currently make autonomous outbound AI voice calls. See our AI & Communications Disclosure.

How we use information

We use personal information to:

  • respond to inquiries, schedule calls, and provide requested services;
  • assess needs, qualify and route leads, prepare proposals, and manage client relationships;
  • operate, secure, troubleshoot, and improve the website and pipeline;
  • measure site performance and the effectiveness of campaigns;
  • send requested or consented follow-up communications and maintain opt-out records;
  • prevent fraud, spam, abuse, or security incidents; and
  • comply with law, enforce agreements, and protect our rights.

We do not sell personal information. We do not currently use personal information for cross-context behavioral advertising.

Service providers and subprocessors

The following providers process information for the stated purpose:

ProviderPurposeCurrent status
CloudflareHosting, proxying, security, and Turnstile bot detectionActive
n8n (self-hosted)Form intake and workflow automationActive
NexusCore (self-hosted)Public-data enrichment, classification, and fit scoringActive
Twenty (self-hosted)Customer relationship management and consent/communication recordsActive
Google GmailInquiry responses and consented email follow-upActive
Google Analytics 4Browser and server-side site analytics and conversion measurementActive when analytics is configured
ApifyAdditional public-web enrichmentPlanned; not active
ElevenLabs and a telephony providerAI-assisted call handling, transcription, and routingPlanned; not active

We may also disclose information to professional advisers, authorities when legally required, or a successor in a merger, financing, reorganization, or sale, subject to appropriate protections.

Cookies, analytics, and California Do Not Track disclosures

Google Analytics and Cloudflare may collect information through cookies or similar technologies. Third parties may therefore collect information about your activity on our site. We do not currently allow advertising networks to track you across unrelated websites through our site.

Because there is no consistently implemented industry standard for browser “Do Not Track” signals, the site does not currently change its behavior in response to those signals. You can block or delete cookies through your browser. Where applicable law requires us to recognize a supported opt-out preference signal, we will treat it as a request for the browser or device that sent it. More choices are described in our Cookie & Analytics Notice.

Retention

We keep inquiry and CRM information while an inquiry or client relationship is active and afterward only as reasonably necessary for follow-up, recordkeeping, dispute resolution, security, legal compliance, and enforcement. We periodically review inactive lead records and delete or de-identify information that is no longer needed. Consent and suppression records may be kept longer so that we can honor communication choices. Analytics data is retained according to the retention settings in our GA4 property. Backup copies may remain for a limited period until they are overwritten.

Your choices and requests

You may ask to review, correct, or delete personal information you submitted, or change your communication preferences. Use the form on our Contact page and write “Privacy Request” in the message. We may need to verify your identity and may retain information where required by law or needed to maintain an opt-out record.

Every marketing email will provide an unsubscribe method. Unsubscribing from marketing does not prevent service or transactional messages that you request or that relate to an active engagement.

Security and transfers

We use reasonable administrative, technical, and organizational safeguards. No internet transmission or storage system is completely secure. Providers may process information in the United States or other countries where they operate, and those locations may have different data-protection laws.

Children’s privacy

The site is intended for business users and is not directed to children under 13. We do not knowingly collect personal information from children under 13. Contact us if you believe a child provided information so that we can investigate and delete it where appropriate.

Changes to this policy

We will post changes on this page and update the effective date. If a change materially affects how we use information already collected, we will provide a prominent website notice and, when appropriate, direct notice using available contact information before the change takes effect.

Contact us

For privacy questions or requests, use our Contact page and include “Privacy Request” in your message.

Automated booking assistant

I'm an automated assistant, available any hour. Two quick questions, then pick a real time on the calendar — calls happen during business hours with a human.

Question 1 of 2

What kind of team are you?

Automated assistant — your answers route to a human before the call. No marketing email without your consent.