Privacy Policy

Last updated: 2026-04-19

1. Who we are

This site is operated by RB Solutions (“rbsolutions.works”, “we”, “us”), a sole-proprietor services business based in Metro Manila, Philippines. Contact: hello@rbsolutions.works.

2. What we collect

• Intake form submissions — name, work email, company, website, service requested, budget, project details, and your consent to be contacted.
• Outreach context — if you are a prospect we have scraped from a public source (e.g. a company website, Apollo export, Google Maps listing), we may hold your business name, job title, and work email for the purpose of a one-time outreach message.
• Email correspondence — the content of messages you send us.
• Site analytics — aggregate counts of page views via self-hosted analytics. We do not set advertising cookies and do not use third-party trackers.

3. Legal basis (GDPR)

• Consent — intake form submissions.
• Legitimate interest — initial B2B outreach to publicly-listed work contacts, strictly in line with the ePrivacy soft opt-in and GDPR Recital 47. We honor every opt-out immediately.
• Contract — data processing necessary to deliver a paid engagement.

4. CAN-SPAM compliance (United States)

Every outreach email we send: identifies the sender, identifies itself as a commercial message, includes our physical postal address, and includes a functioning opt-out mechanism honored within 10 business days.

Our physical postal address:

RB Solutions
Unit 4B, 118 Brgy. San Antonio
Pasig City, Metro Manila 1605
Philippines

5. Your rights

Under GDPR and comparable frameworks, you have the right to access, correct, export, or delete personal data we hold about you, and to withdraw consent at any time. Email hello@rbsolutions.works with "privacy request" in the subject, and we'll respond within 30 days.

6. Retention

• Intake form data: retained for the duration of the engagement + 24 months for accounting records.
• Outreach contact records: purged within 90 days if no reply or engagement.
• Pipeline logs: retain metadata (trace IDs, run timestamps); client-identifying data is purged with the record.

7. Sharing

We do not sell data. Subprocessors we rely on (with the data types they touch): Google (Gmail, Sheets, OAuth), Cloudflare (DNS, tunnel, Pages), Anthropic (LLM calls for drafts), Hunter + MillionVerifier (email verification), Stripe / Wise (payments). Each is bound by their own data-processing terms.

8. Security

Credentials are stored in a .env file on a single managed host; the database is behind a Cloudflare tunnel and not publicly exposed. Only the operator has access.

9. Changes

Material changes to this policy are announced in the changelog and dated at the top of this page.

10. Complaints

If you're in the EU, you may lodge a complaint with your local supervisory authority. In the Philippines, with the National Privacy Commission.