Privacy Policy

Overview

Blue Sage Data Systems ("Blue Sage," "we," "our") operates this website at bluesagedata.com. This policy describes what information we collect when you visit the site, how we use it, and your rights regarding that information. We keep things simple: this is a small consulting practice, not a data platform, and we have no interest in collecting more than what's necessary to respond to your inquiry.

Information We Collect

The only information we collect is what you voluntarily submit through the contact form: your name, company name, and the message you write. That's it. We do not purchase data, enrich it with third-party sources, or combine it with information from other services.

We do not collect payment information, employment history, or any sensitive personal data through this site.

How We Use Contact Form Submissions

When you submit the contact form, your name, company, and message are sent to Jim Jones via email (ActionMailer). The submission is used solely to respond to your inquiry. We do not add you to any mailing list, share your information with marketing platforms, or use it for any purpose other than replying to your message.

To limit abuse, the contact form is rate-limited to five submissions per IP address per hour. No submission content is stored in a database beyond what the email record retains.

Cookies and Tracking

This site sets only the Rails session cookie required for CSRF protection — a standard security mechanism that prevents cross-site request forgery. This cookie does not track you across other websites, does not contain personally identifying information, and expires at the end of your browser session.

We do not use advertising cookies, persistent tracking cookies, or any third-party cookie for analytics or marketing purposes.

Analytics and Third-Party Trackers

At launch, this site does not use Google Analytics, Meta Pixel, LinkedIn Insight Tag, Apollo.io, or any other third-party analytics or advertising tracker. We do not load any tracking pixel from any vendor.

In the future we may add a privacy-respecting, cookieless analytics tool (such as Plausible Analytics) that does not use fingerprinting or cross-site tracking. If we do, we will update this policy before enabling it.

Server Logs

Like most web servers, our hosting provider retains standard server access logs (IP address, requested URL, timestamp, HTTP status code, browser type). These logs are used for security monitoring and diagnosing technical problems. We do not use them to build visitor profiles. Log retention is governed by our hosting provider's standard policy.

Data Sharing

We do not sell, rent, or trade your personal information. We do not share contact form submissions with any third party, except to the extent necessary to operate our email delivery infrastructure (e.g., a transactional email provider used to route the form notification to Jim's inbox). That provider processes the message only for delivery and retains it under their own privacy terms.

Your Rights — Nebraska, California, and EU Residents

Depending on where you live, you may have rights regarding personal data we hold about you, including the right to access, correct, or request deletion of information you submitted through the contact form.

Nebraska residents: Nebraska's consumer data privacy law (LB 1074, effective January 1, 2025) gives you the right to know what personal data we hold and to request its deletion. Because we retain contact form content only in email and do not operate a consumer-facing database, the practical scope here is narrow — but the right applies.

California residents: Under the CCPA/CPRA you have rights to know, delete, and opt out of sale. We do not sell personal data. To exercise your rights, contact us directly.

EU/UK residents: We are a Nebraska-based sole consultancy, not subject to GDPR as a data controller in most interpretations, but we will respond to data subject requests in good faith. If you have concerns, contact us.

Children's Privacy

This site is not directed at children under 13, and we do not knowingly collect personal information from children.

Contact Us About Privacy

Questions or requests about this policy — including requests to access or delete information you've submitted — can be directed to Jim Jones:

• Text: +1 (415) 481-2629
• Contact form: bluesagedata.com/contact

We will respond to data requests within 30 days.

Changes to This Policy

If we make material changes to this policy, we will update the "Last updated" date at the top of this page. We will not retroactively reduce protections for data already collected without providing notice.