Allocera Intelligence LLC

Privacy Policy

Effective Date: May 15, 2026  ·  Last Updated: May 15, 2026
Table of Contents
1. Who We Are 2. Information We Collect 3. How We Use Your Information 4. Data Sharing and Disclosure 5. Data Security 6. Data Retention 7. HIPAA and Protected Health Information 8. California Consumer Privacy Act (CCPA / CPRA) 9. Third-Party Integrations 10. High-Spend and Regulated Verticals 11. Cookies and Tracking 12. Children's Privacy 13. Your Rights 14. International Data Transfers 15. Changes to This Policy 16. Contact Us

1. Who We Are

Allocera Intelligence LLC ("Allocera," "we," "us," or "our") is a Florida limited liability company located at 2589 Old Donald Ross Rd., Palm Beach Gardens, FL 33410. We operate the CDAI Engine — a marketing analytics platform that calculates true contribution margin across advertising campaigns and issues data-driven budget directives. Our services are delivered through our client portal at cdai-portal.vercel.app and our API at cdai-engine.onrender.com.

By accessing or using our services, you acknowledge that you have read and understood this Privacy Policy.

2. Information We Collect

2.1 Information You Provide Directly

  • Account information: Name, business email address, company name, job title, and password.
  • Campaign and advertising data: Campaign names, ad spend figures, impressions, clicks, cost-per-lead data, platform identifiers, and budget information transmitted to our API or uploaded via CSV.
  • Lead and sales data: Lead counts, quality scores, conversion data, revenue figures, refund and chargeback data, and compliance costs transmitted via webhook or API integration.
  • Communications: Emails, support requests, and other communications you send us.
  • Billing information: Processed by our third-party payment processor. We do not store full payment card numbers.

2.2 Information Collected Automatically

  • Log data: IP address, browser type, pages accessed, timestamps, and API request metadata.
  • Authentication data: Session tokens managed by Supabase for portal access.
  • Usage data: Feature usage patterns and API call frequency.

2.3 What We Do Not Collect

Our platform is designed to function without consumer personally identifiable information (PII) or protected health information (PHI). We do not require — and clients are contractually obligated to minimize the transmission of — consumer names, Social Security numbers, dates of birth, health records, financial account numbers, or other regulated personal data. Clients must de-identify or anonymize such data prior to transmission where practicable.

3. How We Use Your Information

  • Provide, operate, maintain, and improve the CDAI Engine and related services
  • Calculate contribution margin and issue campaign directives
  • Generate automated weekly email reports and dashboard analytics
  • Authenticate users and maintain account security
  • Respond to inquiries and provide customer support
  • Detect and prevent fraud, abuse, or unauthorized access
  • Comply with legal obligations and enforce our agreements
  • Improve our analytical methodologies using aggregated, anonymized data that cannot identify your organization or any individual

We do not use your campaign data for our own advertising. We do not sell or rent your data.

4. Data Sharing and Disclosure

We do not sell your data. We may share information only as follows:

  • With your consent: When you explicitly authorize disclosure to a specific party.
  • Service providers: Supabase (database), Render (API hosting), Vercel (portal hosting), and Resend (email delivery) operate under confidentiality obligations and may only use your data to provide services to us.
  • Legal requirements: When required by applicable law, court order, or governmental authority, or to protect the rights, property, or safety of Allocera, our clients, or the public.
  • Business transfers: In connection with a merger, acquisition, or asset sale. We will notify you of any material change in data controller.

5. Data Security

We implement industry-standard safeguards including:

  • Encrypted data transmission via HTTPS/TLS for all API and portal communications
  • Row-level security (RLS) in our database ensuring complete organizational data isolation — no client can access another client's data
  • API key authentication for all programmatic access
  • Access controls limiting data access to authorized Allocera personnel
  • Credentials managed via environment variables and never stored in source code or version control

No method of internet transmission is 100% secure. We cannot guarantee absolute security but commit to prompt notification in the event of a confirmed breach affecting your data.

6. Data Retention

We retain your data for the duration of your active service agreement and up to 36 months thereafter for legal and business purposes. Upon termination, portal access is suspended immediately and data will be returned or destroyed upon written request within 30 days. Aggregated, fully anonymized data may be retained indefinitely for platform improvement.

7. HIPAA and Protected Health Information

7.1 Business Associate Status

Allocera operates as a Business Associate under HIPAA where applicable. We execute a Business Associate Agreement (BAA) with any client who may disclose PHI in connection with our services, governing our use and protection of PHI pursuant to 45 C.F.R. §§ 164.502(e) and 164.504(e).

7.2 Minimum Necessary Standard

Our platform is designed to operate without consumer PHI. Clients are contractually required to de-identify or anonymize PHI before transmission. Where incidental PHI is received, we apply the HIPAA minimum necessary standard and use such data only to perform contracted services.

7.3 Breach Notification

In the event of a breach of unsecured PHI, we will notify affected clients without unreasonable delay and in no case later than 30 calendar days after discovery, in accordance with 45 C.F.R. § 164.410.

7.4 Subcontractors

Any subcontractor or service provider who may access PHI on our behalf is required to execute a written agreement providing the same PHI protections required of Allocera under our BAAs.

8. California Consumer Privacy Act (CCPA / CPRA)

If you are a California resident, the CCPA and CPRA provide you with specific rights regarding your personal information.

8.1 Your California Rights

  • Right to Know: Request disclosure of categories and specific pieces of personal information collected, sources, business purpose, and third parties with whom we share it.
  • Right to Delete: Request deletion of personal information we have collected, subject to legal exceptions.
  • Right to Correct: Request correction of inaccurate personal information we maintain.
  • Right to Opt-Out of Sale or Sharing: We do not sell or share personal information for cross-context behavioral advertising.
  • Right to Limit Use of Sensitive Personal Information: We use sensitive personal information only to the extent necessary to provide our services.
  • Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA/CPRA rights.

8.2 How to Submit a California Request

Submit a verifiable consumer request to alloceraintelligence@gmail.com with subject line "CCPA Request." We will respond within 45 days. We may need to verify your identity before processing your request.

8.3 Categories Collected in the Past 12 Months

Identifiers (name, email, IP address), professional information (company, job title), and commercial information (service usage, campaign performance data). We have not sold or shared personal information for cross-context behavioral advertising in the past 12 months.

9. Third-Party Integrations

Our platform integrates with third-party advertising platforms and CRM systems at client direction:

  • Meta (Facebook/Instagram): Advertising campaign spend, impressions, reach, and lead data via the Meta Marketing API. Subject to Meta's Data Policy.
  • Google Ads: Campaign cost and performance data via the Google Ads API. Subject to Google's Privacy Policy.
  • HubSpot and other CRMs: Lead and sales data via client-configured webhook integrations.
  • Microsoft Advertising, LinkedIn, CallRail, Ringba, Boberdoo, Stripe: Additional integrations governed by their respective privacy policies.

We access only the minimum data necessary. Client advertising credentials and access tokens are stored securely and never shared with third parties.

10. High-Spend and Regulated Verticals

  • Insurance marketing (Medicare/Medicaid/ACA): We are aware of CMS Medicare Marketing Guidelines. We do not use consumer health status data for targeting. Our services support compliant marketing measurement only.
  • Legal services (personal injury, mass tort): Client-privileged information disclosed incidentally is treated as confidential and not disclosed to third parties.
  • Clinical trials and pharmaceutical: Patient recruitment and pharmaceutical advertising data is handled with maximum data protection. We execute appropriate data processing agreements and do not use patient-level data beyond contracted services.
  • Home services and high-spend advertisers: Campaign and revenue data is treated as proprietary business information under our confidentiality obligations.

11. Cookies and Tracking

Our client portal uses session-based authentication tokens managed by Supabase. We do not use third-party advertising cookies, tracking pixels, or cross-site behavioral tracking on our portal or API. Our website at alloceraintelligence.com may use standard analytics to measure traffic. You may opt out via your browser settings or a privacy extension.

12. Children's Privacy

Our services are for business use only and are not directed at individuals under 18. We do not knowingly collect personal information from minors. If you believe we have inadvertently collected information from a minor, contact us immediately at alloceraintelligence@gmail.com.

13. Your Rights

Depending on your location and applicable law, you may have the right to access, correct, delete, or restrict our processing of your personal information, the right to data portability, and the right to withdraw consent. Submit requests to alloceraintelligence@gmail.com. We will respond within 30 days.

14. International Data Transfers

Our services are operated from the United States. If you access our services from outside the United States, your information may be transferred to and processed in the United States. By using our services, you consent to this transfer. We take appropriate measures to ensure your information is protected consistent with this Privacy Policy wherever it is processed.

15. Changes to This Policy

We may update this Privacy Policy as our practices, technology, or legal requirements change. We will notify you of material changes by posting an updated policy with a revised effective date and, for significant changes, by emailing your registered address. Continued use of our services after the effective date constitutes acceptance.

16. Contact Us

Allocera Intelligence LLC
2589 Old Donald Ross Rd., Palm Beach Gardens, FL 33410
Email: alloceraintelligence@gmail.com
Phone: 336-508-5033
Website: alloceraintelligence.com

For HIPAA matters, BAA execution, or CCPA requests, please indicate the nature of your request in the subject line for expedited handling.

© 2026 Allocera Intelligence LLC. All rights reserved.
Scroll to Top