GHL·RADAR
Legal

Privacy Policy

Effective 2026-05-20

This Privacy Policy describes how Red Letter Investment Group LLC ("RLIG," "we," "us") collects, uses, and shares information in connection with the GHL Radar service (the "Service"), including the website at www.ghl-radar.com and the GoHighLevel Marketplace application listed as "Agency Radar" (collectively, the "Service").

1. What we collect

From your HighLevel agency (via SSO). When you install the Service from the HighLevel Marketplace and sign in, HighLevel transmits an encrypted SSO payload that includes your companyId, userId, user role/type, email address, and display name. We do not request, store, or have any means of accessing your sub-account contacts, conversations, opportunities, calendars, or other client-facing data.

That you provide directly. When you create niche profiles inside the Service, configure preferences, or contact support, we store the content you submit (niche descriptions, watchlist items, message text, etc.).

Operational data we generate. Tier and billing state synced from the HighLevel Marketplace, authentication tokens (encrypted at rest), per-user view state (seen markers, saved filters), and server logs associated with your session (HTTP status, latency, anonymized IP for abuse prevention).

Marketing site interactions. When you visit www.ghl-radar.com, our hosting provider may collect standard request metadata (IP, user agent, referrer) for performance and abuse prevention. We do not run third-party advertising trackers.

2. What we don't collect

  • Your clients' contacts, opportunities, or conversations.
  • Sub-account funnel data, automations, or media.
  • Payment card numbers (HighLevel handles all billing).
  • Behavioral advertising profiles.
  • Data from minors under 13.

3. How we use information

  • To authenticate you via HighLevel SSO and grant tier-appropriate access.
  • To compute per-niche relevance scores for features in our shared registry.
  • To deliver the Service, respond to support requests, and improve product quality.
  • To enforce our Terms of Service and prevent abuse.
  • To send transactional emails (install confirmations, billing notices, security alerts).

We do not sell, rent, or trade personal information. We do not use your data to train third-party AI models.

4. The shared registry

The Service's feature registry is derived exclusively from publicly available HighLevel announcements, product surfaces, and community channels we have lawful access to. Your account, your sub-accounts, and your clients are not inputs to the registry — the registry is the same for every tenant.

5. Who we share with

We share information only with:

  • HighLevel — for billing, SSO, and Marketplace lifecycle webhooks.
  • Infrastructure providers — Vercel (hosting + CDN), Neon (Postgres database), the model providers we use to power the scoring engine (Anthropic, OpenAI). Each is bound by a written data-processing agreement.
  • Authorities — when required by valid legal process. We'll notify affected users unless prohibited by law.
  • Successors — if RLIG is acquired, merged, or sold, your data may transfer to the successor under equivalent obligations.

6. Where data lives

Data is processed and stored in the United States. By using the Service from outside the US, you consent to transfer of your information to the US, which may have different data protection rules than your jurisdiction.

7. Retention

  • Account data — kept while your agency has the app installed and for up to 90 days after uninstall, to allow restoration on reinstall.
  • Niche profiles & watchlist — same retention as account data.
  • Server logs — 30 days for operational logs; 12 months for billing-related events.
  • Support correspondence — up to 24 months.

8. Your rights

Depending on where you live (GDPR / UK GDPR / CCPA / CPRA / similar), you may have the right to access, correct, delete, port, or restrict our processing of your personal data, and to object to certain processing. To exercise any of these rights, email legal@ghl-radar.com. We'll respond within 30 days. We do not discriminate against users who exercise these rights.

California residents: we do not "sell" or "share" personal information as those terms are defined under the CCPA / CPRA.

9. Security

We use industry-standard practices: encryption in transit (TLS 1.2+), encryption at rest, principle-of-least-privilege access controls, row-level security on tenant tables, and ongoing dependency monitoring. No system is perfectly secure; if you suspect a vulnerability, please contact security@ghl-radar.com.

10. Children

The Service is not directed to children under 13, and we do not knowingly collect their information. If you believe a minor has provided us data, contact us and we'll delete it.

11. Cookies

The marketing site uses a single first-party session cookie for routing and abuse prevention. The Marketplace app sets a single first-party authentication cookie scoped to the decrypted SSO payload. We do not use third-party advertising cookies. Where required by law, a cookie banner will be shown before any non-essential cookie is set.

12. Changes

We may update this policy as the Service evolves. Material changes will be announced at least 14 days in advance via in-app notice or email. Continued use after the effective date constitutes acceptance.

13. Contact

Red Letter Investment Group LLC
Florida, USA
legal@ghl-radar.com