Privacy Policy
Last updated: July 14, 2026
Fortaleo ("we," "us," or "our") operates the website fortaleo.io. This Privacy Policy explains what information we collect, how we use it, and what choices you have.
We respect your privacy. We do not sell, rent, or trade your personal information to third parties for marketing purposes.
1. Information We Collect
Information You Provide Directly
When you fill out our contact form or book a discovery call, we collect:
- Your name
- Your business email address
- Your industry
- A description of what you are trying to fix or improve about your digital presence
When you book a discovery call through our scheduling tool, we collect:
- Your name and email address
- The date and time you select
- Any additional information you include in the booking form
When you request a Digital Architecture Assessment, we collect:
- Your name and business email address
- The website address you ask us to assess
- Your firm name, if you choose to provide it
To produce the assessment, we also review the publicly accessible page at the address you submit, including its measured loading performance and a screenshot of how it renders on a mobile device. This review looks only at what the page already makes public.
Information Collected Automatically
When you visit fortaleo.io, certain information is collected automatically through cookies and similar technologies:
- Pages visited and time spent on each page
- Browser type and version
- Device type and screen resolution
- Referring website or source
- Approximate geographic location (city/region level, not precise)
- Interactions with page elements such as clicks, scrolls, and form engagement
We do not collect passwords, payment information, or government identification numbers. We do not record keystrokes.
2. How We Use Your Information
We use the information we collect to:
- Respond to your inquiry or schedule a discovery call
- Generate your Digital Architecture Assessment and email you the results
- Understand how visitors navigate our website so we can improve the experience
- Measure the effectiveness of our advertising
- Communicate with you about our services if you have contacted us
- Monitor site performance and resolve technical issues
Assessment results with personal details removed may be aggregated to inform benchmarks and industry insights. We do not use your information for automated decision-making that produces legal or similarly significant effects.
3. Third-Party Services
We use the following third-party services to operate our website and business. Each service has its own privacy policy governing how it handles data.
HubSpot
We use HubSpot as our customer relationship management (CRM) platform and meeting scheduling tool. When you submit our contact form or book a discovery call, your information is stored in HubSpot.
Google Analytics (GA4)
We use Google Analytics to understand how visitors interact with our website. Google Analytics collects anonymized usage data including pages visited, session duration, and traffic sources. We do not use Google Analytics to identify individual visitors.
Google Analytics Property ID: G-9PBWVZ0XV7
Google Ads
We use Google Ads conversion tracking to measure the effectiveness of our advertising campaigns. When you arrive at our site through a Google ad, a conversion cookie is placed on your device. This helps us understand which ads lead to meaningful interactions. No personally identifiable information is shared with Google through this process.
Microsoft Clarity
We use Microsoft Clarity to understand how visitors interact with our website through session recordings and heatmaps. Clarity captures how you navigate, scroll, click, and interact with page elements. Clarity does not collect passwords, payment details, or sensitive form inputs.
Vercel
Our website is hosted on Vercel. Vercel processes server requests necessary to deliver the website to your browser.
Sentry
We use Sentry to monitor technical errors and site performance. Sentry collects error logs and diagnostic data to help us identify and resolve issues. No personal information is intentionally collected through Sentry.
Sanity
We use Sanity as our content platform. If you request a Digital Architecture Assessment, your submission — name, email, the assessed website address, and the generated results, including the mobile screenshot — is stored in Sanity so your results page and email link keep working.
Resend
We use Resend to deliver transactional email — currently the one-time email containing your assessment results. Resend processes your name and email address for that delivery.
Anthropic
We use Anthropic's Claude to draft the written summary of assessment results. Only the assessed website's domain, its scores, and its findings are sent — never your name or email address.
4. Cookies and Tracking Technologies
Cookies are small text files stored on your device when you visit a website. We use cookies and similar technologies for analytics and advertising measurement.
Cookies We Use
| Cookie | Provider | Purpose | Duration |
|---|---|---|---|
| _ga | Google Analytics | Distinguishes unique visitors | 2 years |
| _ga_* | Google Analytics | Maintains session state | 2 years |
| _gcl_au | Google Ads | Stores conversion information | 90 days |
| _gcl_aw | Google Ads | Tracks ad click information | 90 days |
| _clck | Microsoft Clarity | Identifies unique visitors | 1 year |
| _clsk | Microsoft Clarity | Connects page views into a session | 1 day |
| CLID | Microsoft Clarity | Identifies the first visit | 1 year |
| __hstc | HubSpot | Tracks visitor identity | 13 months |
| hubspotutk | HubSpot | Tracks visitor identity for form submissions | 13 months |
| __hssc | HubSpot | Tracks session information | 30 minutes |
| __hssrc | HubSpot | Identifies new sessions | Session |
Managing Cookies
You can control or delete cookies through your browser settings. Most browsers allow you to:
- View what cookies are stored on your device
- Delete cookies individually or in bulk
- Block cookies from specific or all websites
- Set preferences for first-party and third-party cookies
Disabling cookies may affect how our website functions. Analytics and advertising measurement rely on cookies to work correctly.
Do Not Track
Our website does not currently respond to Do Not Track (DNT) browser signals. There is no industry-wide standard for how websites should handle DNT requests.
5. Data Retention
- Contact form submissions and CRM data are retained for as long as the business relationship is active or as long as necessary to respond to your inquiry. If you request deletion, we will remove your data within 30 days.
- Assessment submissions are retained so that your results page and email link remain available, and so de-identified results can inform benchmarks. If you request deletion, we will remove your data within 30 days.
- Analytics datais retained according to each platform's default retention settings. Google Analytics data is retained for 14 months. Microsoft Clarity data is retained for 13 months.
- Cookies expire according to the durations listed in the table above. Session cookies are deleted when you close your browser.
6. Data Security
We take reasonable measures to protect your information from unauthorized access, alteration, or destruction. These measures include:
- Encrypted data transmission (HTTPS) across the entire website
- Access controls limiting who can view contact submissions and CRM data
- Third-party services selected in part for their security standards and compliance certifications
No method of electronic storage or transmission is completely secure. While we work to protect your information, we cannot guarantee absolute security.
7. Your Rights
You have the right to:
- Access the personal information we hold about you
- Correct inaccurate information
- Delete your personal information from our systems
- Opt out of marketing communications at any time
To exercise any of these rights, contact us at hello@fortaleo.io. We will respond to your request within 30 days.
California Residents
If you are a California resident, you may have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information is collected, the right to request deletion, and the right to opt out of the sale of personal information. We do not sell personal information.
8. Children
Our website and services are not directed at individuals under the age of 18. We do not knowingly collect personal information from children. If we learn that we have collected personal information from a child, we will delete it promptly.
9. International Visitors
Fortaleo is based in Colombia and primarily serves businesses in the United States. If you visit our website from outside the United States, your information may be transferred to, stored, and processed in the United States or other countries where our service providers operate. By using our website, you acknowledge this transfer.
10. Changes to This Policy
We may update this Privacy Policy from time to time. When we make changes, we will update the "Last updated" date at the top of this page. We encourage you to review this policy periodically.
If we make material changes to how we handle your personal information, we will notify you through a prominent notice on our website.
11. Contact Us
If you have questions about this Privacy Policy, your personal data, or want to exercise your rights, contact us at:
Email: hello@fortaleo.io
Website: fortaleo.io/contact
Fortaleo
Digital Architecture for Established Businesses