DRAFT: pending legal review.This document is a working draft. It has not been reviewed by legal counsel and should not be relied upon until published.

Privacy Policy

Last updated: April 18, 2026

1. Who we are

BoldPath Mavericks LLC ("BoldPath," "we," "us") is an AI strategy and consulting firm based in Bentonville, Arkansas. This Privacy Policy covers both the BoldPath Mavericks marketing website and the Ask Benton subscription product, which share the boldmavericks.com domain.

2. Information we collect

We collect the following categories:

  • Contact form submissions. Name, email, company, and message content you submit through the contact form.
  • Account information (Ask Benton). Email address, name, and authentication identifiers managed by Clerk, our identity provider. Passwords are never stored by BoldPath.
  • Payment information. Billing details are collected and processed by Stripe. BoldPath receives transaction identifiers, subscription status, and last four digits of the card for reference. We do not store full card numbers.
  • Chat and session data (Ask Benton). Messages you submit, responses generated, timestamps, and session metadata. Chat sessions are processed through Microsoft Copilot Studio and logged to our infrastructure for product improvement and troubleshooting.
  • Usage and device data. IP address, browser type, operating system, referring URL, pages viewed, and interaction events collected by Vercel Analytics and Vercel Speed Insights.
  • Security signals. Cloudflare Turnstile tokens to verify human submission on public forms.

3. How we use information

  • Respond to inquiries and deliver services you request.
  • Operate the Ask Benton product: authenticate users, route messages to the Copilot Studio agent, return responses, and maintain conversation continuity.
  • Process payments and manage subscription state through Stripe and Clerk Billing.
  • Send transactional email (welcome, password reset, subscription changes, contact replies) through Resend.
  • Monitor performance, diagnose errors, and improve the product.
  • Detect and prevent fraud, abuse, and unauthorized access.
  • Comply with legal obligations.

4. Service providers we use

We share information with the following processors, each bound by contract to protect your data:

  • Clerk: authentication and account management.
  • Stripe: payment processing and subscription billing.
  • Microsoft (Azure and Copilot Studio): the AI agent that powers Ask Benton responses. Your chat messages pass through Microsoft infrastructure.
  • Vercel: website hosting, analytics, and session log storage.
  • Resend: transactional email delivery.
  • Cloudflare: bot protection on public forms.
  • Google Workspace: business email and calendar.

We do not sell personal information. We do not share personal information with third parties for their own marketing purposes.

5. AI and Ask Benton chat content

Ask Benton relies on Microsoft Copilot Studio. Your messages are transmitted to Microsoft for inference and response generation. Microsoft's handling of that data is governed by its enterprise data protection commitments. We retain chat logs to troubleshoot, improve accuracy, and provide conversation history features. We do not use your chat content to train third-party foundation models.

6. Cookies and tracking

We use first-party cookies required for authentication (Clerk), payment flow (Stripe), and basic performance analytics (Vercel). We do not use third-party advertising cookies or cross-site tracking pixels. You can disable cookies in your browser, though some features (such as signing in to Ask Benton) will not work.

7. Data retention

  • Contact form submissions: up to 24 months.
  • Account and subscription records: for the life of the account plus 7 years to satisfy tax and accounting obligations.
  • Chat logs: up to 24 months, unless you delete your account, in which case we delete or de-identify them within 30 days.
  • Analytics and performance data: aggregated and retained per the retention defaults of the respective processor.

8. Your rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal information we hold about you.
  • Correct inaccurate information.
  • Request deletion of your account and associated data.
  • Export your data in a portable format.
  • Opt out of certain processing, such as non-essential analytics.
  • Lodge a complaint with your local data protection authority.

To exercise these rights, email privacy@boldmavericks.com. We will verify your identity before acting on the request and respond within 30 days.

9. Security

We use industry-standard controls including TLS in transit, encrypted storage at rest, least-privilege access, and signed webhook verification. No system is perfectly secure. If we discover a breach affecting your data, we will notify you consistent with applicable law.

10. International transfers

BoldPath is based in the United States. If you access our services from outside the U.S., your information will be transferred to and processed in the U.S. by us and by our processors. By using our services you consent to that transfer.

11. Children

Our services are not directed to individuals under 16. We do not knowingly collect personal information from children. If you believe a child has provided us personal information, contact us and we will delete it.

12. California, Colorado, Virginia, and other state rights

Residents of U.S. states that provide additional privacy rights (including but not limited to CCPA and CPRA in California) may exercise those rights by contacting us at the address in Section 8. We do not sell personal information as that term is defined by applicable state law.

13. Changes to this policy

We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date above. Material changes will be announced through the product or by email to account holders.

14. Contact

BoldPath Mavericks LLC
Bentonville, Arkansas, United States
Email: privacy@boldmavericks.com