Last updated – 7 August 2025
This Policy applies to Baxtel LLC ("Baxtel," "we," "our," "us") and covers all websites, mobile applications, programs, or other products and services we operate (collectively, the "Services"). It governs how we collect, use, disclose, and protect "Personal Data" (as defined below) of individuals located in the United States, the European Economic Area ("EEA"), the United Kingdom, and any other region where we do business.
The words of which the initial letter is capitalized have meanings defined under Section 2. The following definitions shall have the same meaning regardless of whether they appear in singular or in plural. The headings and captions used in this Privacy Policy are for convenience of reference only and shall not affect the interpretation of the terms. Unless context clearly requires clarification, any typos, omissions, or misused capitalizations shall not waive or alter any such terms to which they apply. If any provision of this Policy is held by a court or other tribunal of competent jurisdiction to be invalid, illegal, or unenforceable, that provision shall be enforced to the maximum extent permissible and the remaining portions of this Policy shall remain in full force and effect.
Controller vs. Processor. For our own websites, subscriptions, and marketing, Baxtel acts as a Controller/Business. For consulting/advisory or sourcing engagements where clients provide data to Baxtel, we act as a Processor/Service Provider/Contractor and process such data only on the client's instructions under a correlating agreement.
Personal Data / Personal Information – any information that identifies, relates to, describes, or could reasonably be linked to an individual. For the purposes for GDPR, Personal Data means any information relating to You such as a name, an identification number, location data, online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity. For the purposes of the CCPA, Personal Data means any information that identifies, relates to, describes or is capable of being associated with, or could reasonably be linked, directly or indirectly, with You.
You - the individual accessing or using the Service, or the company, or other legal entity on behalf of which such individual is accessing or using the Service, as applicable. Under GDPR (General Data Protection Regulation), You can be referred to as the Data Subject or as the User as you are the individual using the Service.
Company - refers to Baxtel LLC located in Lafayette, CO. For the purpose of the GDPR, the Company is the Data Controller.
Affiliate - any entity that controls, is controlled by or is under common control with a party, where "control" means ownership of 50% or more of the shares, equity interest or other securities entitled to vote for election of directors or other managing authority.
Account - a unique account created for You to access our Service or parts of our Service.
Website - Baxtel's domains, such as the main site accessible from baxtel.com
Service - all websites, mobile applications, programs, or other products and services operated or offered by Baxtel.
Service Provider - any natural or legal person who processes the data on behalf of the Company. It refers to third-party companies or individuals employed by the Company to facilitate the Service, to provide the Service on behalf of the Company, to perform services related to the Service or to assist the Company in analyzing how the Service is used. For the purpose of the GDPR, Service Providers are considered Data Processors.
Third-party Social Media Service - any website or any social network website through which a User can log in or create an account to use the Service.
Cookies - small files that are placed on Your computer, mobile device or any other device by a website, containing the details of Your browsing history on that website among its many uses.
Device - any device that can access the Service such as a computer, a cellphone or a digital tablet.
Usage Data - data collected automatically via desktop or mobile browser and device data, either generated by the use of the Service or from the Service infrastructure itself, such as your Device's IP address, browser type, browser version, the pages of our Service that You visit, the time and date of Your visit, the time spent on those pages, unique device identifiers and other diagnostic data.
Data Controller - for the purposes of the GDPR (General Data Protection Regulation), refers to the Company as the legal person which alone or jointly with others determines the purposes and means of the processing of Personal Data.
Business - for the purpose of the CCPA (California Consumer Privacy Act), refers to the Company as the legal entity that collects Consumers' personal information and determines the purposes and means of the processing of Consumers' personal information, or on behalf of which such information is collected and that alone, or jointly with others, determines the purposes and means of the processing of consumers' personal information, that does business in the State of California.
Consumer - for the purpose of the CCPA (California Consumer Privacy Act), means a natural person who is a California resident. A resident, as defined in the law, includes (1) every individual who is in the USA for other than a temporary or transitory purpose, and (2) every individual who is domiciled in the USA who is outside the USA for a temporary or transitory purpose.
Sale - for the purpose of the CCPA (California Consumer Privacy Act), means selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a Consumer's Personal information to another business or a third party for monetary or other valuable consideration.
Sensitive Personal Information – precise geolocation, biometric identifiers, racial or ethnic origin, religious or philosophical beliefs, union membership, genetic data, health data, sexual orientation, information concerning a known child under 13, or financial-account login credentials.
Universal Opt‑Out Mechanism ("UOOM") – browser‑ or device‑based signals (e.g., Global Privacy Control) conveying a consumer's choice to opt out of targeted advertising or data sales/sharing, recognized in applicable jurisdictions (e.g., California, Colorado, and others as their laws take effect).
California Notice at Collection. This Section serves as our "Notice at Collection" for California residents.
Personal Data – While using Our Service, We may ask You to provide Us with certain personally identifiable information that can be used to contact or identify You including email, name, location (approximate), and other Usage Data.
Information from Third‑Party Social Media Services – The Company allows You to create an account and log in to use the Service through Third‑party Media Services including, but not limited to, Google, Facebook, and Twitter. If You decide to register through or otherwise grant us access to a Third‑Party Social Media Service, We may collect Personal data that is already associated with Your Third‑Party Social Media Service's account, such as Your name, Your email address, Your activities or Your contact list associated with that account. You may also have the option of sharing additional information with the Company through Your Third‑Party Social Media Service's push notifications regarding updates or informative communications related to the functionalities, products or contracted services, including the security updates, when necessary or reasonable for their implementation. Your use and opt‑in via these Third‑Party Media Services will allow us to provide You with news, special offers and general information about other goods, services and events which we offer that are similar to those that you have already purchased or enquired about unless You have opted not to receive such information.
| Category | Examples | Purpose | Legal Basis (EEA/UK) | Retention* |
|---|---|---|---|---|
| Identifiers | name, email, postal address, IP address | Account set‑up, authentication, security | Contract; Legitimate interest | Until account deletion + 5 yrs (audit/defense) |
| Commercial data | purchase history, support requests | Fulfill orders, improve services | Contract | 7 yrs (tax/legal) |
| Usage data | pages viewed, session timestamps, logs | Analytics, fraud prevention | Legitimate interest (or consent where required by ePrivacy) | 14 months (GA4 setting) |
| Sensitive PI | We do not collect Sensitive Personal Information as defined by applicable law. If this changes, we will provide a "Limit the Use of My Sensitive Personal Information" choice where required. | N/A | N/A | N/A |
*Baxtel applies CPRA/CPA "storage limitation" – personal data is kept only as long as reasonably necessary for the disclosed purpose, unless a longer period is required by law or contract.
Google Analytics. We use Google Analytics 4 to measure and report website traffic and usage. We have configured GA4 data retention to 14 months and disabled Google Signals and ad personalization/remarketing. You can opt out of Google Analytics by using available browser controls and Google's opt‑out tools. For more information on Google's privacy practices, see: https://policies.google.com/privacy?hl=en
Google AdSense. We use Google AdSense and configure it to serve non‑personalized (contextual) ads in applicable regions; ad personalization is disabled. You may adjust advertising settings via your device/browser and Google Ads settings.
Invisible reCAPTCHA. We use an invisible captcha service named reCAPTCHA, operated by Google. The reCAPTCHA service may collect information from You and from Your Device for security purposes. See Google's Privacy Policy: https://www.google.com/intl/en/policies/privacy/
We may share information with:
We do not "sell" or "share" Personal Information as those terms are defined by the CPRA. We serve non‑personalized ads and have disabled ad personalization/remarketing and Google Signals. Opt‑In and/or Consent will also, where applicable, grant Baxtel permission to share information with other Business Partners for offers on goods and services.
We may send transactional or marketing messages to mobile numbers that you have affirmatively provided and for which you have consented to receive communications. Consent is not a condition of purchase. Message frequency may vary; message and data rates may apply. Reply STOP to cancel (or as otherwise instructed). Mobile information will not be shared with third parties or affiliates for marketing or promotional purposes. All the above categories exclude text‑messaging originator opt‑in data and consent; this information will not be shared with any third parties. Baxtel nor its Carriers are liable for delayed or undelivered messages.
We use cookies, pixels and similar technologies for analytics, personalization and advertising. EEA/UK: we do not set non‑essential (analytics/ads) cookies until you consent, and we provide "Reject All" and "Accept All" choices (with similar ease), plus granular controls. We implement Google Consent Mode v2 so that Google tags respect your consent choices.
Baxtel processes Global Privacy Control (GPC) and other UOOM signals as a valid request to opt out of targeted advertising and data sale/sharing where required by law (e.g., California, Colorado, and other jurisdictions as their laws take effect). When we receive a valid UOOM signal, we will automatically disable targeted advertising and data sale/sharing for that browser or device.
| Jurisdiction | Rights Available | How to Exercise | Response Time |
|---|---|---|---|
| California (CCPA/CPRA) | Access, delete, correct, portability, limit use of Sensitive PI, opt‑out of sale/share, opt‑out via UOOM | Webform or contact us; we honor GPC | 45 days (90 days where reasonable) |
| Colorado, Virginia, Connecticut, Utah, Nevada | Access, delete, correct (CO/VA/CT), portability, opt‑out of targeted ads/sales/profiling; UOOM (CO) | Webform or contact us | 45 days |
| EEA/UK (GDPR) | Access, rectify, erase, restrict, object, portability, lodge complaint, withdraw consent | Webform; DPO contact below | 1 month |
Other U.S. states. Residents of other U.S. states with comprehensive privacy laws (e.g., DE, FL, IN, IA, MT, NJ, OR, TN, TX, UT, VA, and others as they become effective) may have similar rights, including an opt‑out of targeted advertising and recognition of UOOM where required. Use the methods above to exercise your rights.
We accept requests from authorized agents where permitted by law, subject to verification requirements.
If we decline your request, you may appeal by replying "APPEAL" to our decision email; Colorado residents may escalate unresolved appeals to the Colorado Attorney General.
Our Service may contain links to other websites that are not operated by Us. If You click on a third party link, You will be directed to that third party's site. We strongly advise You to review the Privacy Policy of every site You visit. We have no control over and assume no responsibility for the content, privacy policies or practices of any third party sites or services.
The Services are not directed to children under 13. We do not knowingly collect Personal Data from children without appropriate consent consistent with COPPA and, for children located in Virginia, VCDPA amendments effective 1 Jan 2025. We do not knowingly sell or share Personal Information of consumers under 16.
The Company will take all steps reasonably necessary to ensure that Your data is treated securely and in accordance with this Privacy Policy. Your information, including Personal Data, is processed at the Company's operating offices and in any other places where the parties involved in the processing are located. It means that this information may be transferred to — and maintained on — computers located outside of Your state, province, country or other governmental jurisdiction. No transfer of Your Personal Data will take place to an organization or a country unless there are adequate controls in place including the security of Your data and other personal information.
Regarding international Data, we rely on: (a) adequacy decisions (e.g., EU‑U.S. Data Privacy Framework, U.K. Extension, and Swiss‑U.S. DPF); (b) the European Commission's Standard Contractual Clauses and the U.K. Addendum; and (c) derogations under GDPR Art. 49 where applicable. We conduct transfer impact assessments and implement supplementary technical and organizational measures.
Under certain circumstances, the Company may be required to disclose Your Personal Data if required to do so by law or in response to valid requests by public authorities (e.g. a court or a government agency). The Company may disclose Your Personal Data in the good faith belief that such action is necessary to:
For Baxtel's legal bases for processing (EEA/UK), we rely on one or more of the following: consent, contract performance, legitimate interests, legal obligations, and protection of vital interests.
The security of Your Personal Data is important to Us. We strive to use commercially acceptable means to protect Your Personal Data. Data at rest (being stored by Baxtel) will follow appropriate security guidelines and encryption, where applicable; however, transmission of data over the Internet cannot be guaranteed or enforced for security policies out of Our control. We maintain access controls, vendor due diligence, and incident response processes, including legally required notifications.
We keep Personal Data only for the period necessary for the purposes described above, consistent with CPRA storage‑limitation, Colorado CPA, and GDPR Art. 5(1)(c) and (e). The Company will also retain Usage Data for internal analysis purposes, except where otherwise required by law for deletion. When retention is no longer required, data is securely deleted or anonymized.
We do not make decisions producing legal or similarly significant effects based solely on automated processing without human review. Where profiling is used for fraud prevention or personalized content, you may object through the methods described herein.
We will post any changes on this page with a revised "Last updated" date and, where applicable to correlating contracts, notify you via email or prominent notice. Continued use of the Services constitutes acceptance of the updated Policy.
You can opt out of receiving ads that are personalized as served by our Service Providers by following our instructions presented on the Service:
The opt‑out will place a cookie on Your computer that is unique to the browser You use to opt out. If you change browsers or delete the cookies saved by your browser, you will need to opt out again.
For Mobile, Your device may give you the ability to opt out of the use of information about the apps you use in order to serve you ads that are targeted to your interests:
You can also stop the collection of location information from Your mobile device by changing the preferences on your mobile device.
For General Opt‑Out or Compliance Concerns, see Section 19 for our contact information.
Contact: Contact Us
Address: 2770 Arapahoe Rd. Ste 132‑727, Lafayette, CO 80026
EEA/UK contacts (if applicable):
Mitch Lenzi
Contact Us