Privacy Policy
Journey to Legacy LLC | Effective: March 27, 2026 | Last Updated: March 27, 2026
Applies to: MyDigitalNPO.com | JourneyToLegacy.org
IMPORTANT: Please read this Privacy Policy carefully. By accessing or using our websites or services, you acknowledge that you have read and understood this policy. This document constitutes a legally binding agreement between you and Journey to Legacy LLC.
1. About Journey to Legacy LLC
Journey to Legacy LLC ("Company," "we," "us," or "our") is a Virginia limited liability company that operates the following digital properties:
MyDigitalNPO.com — A digital marketing consulting and coaching platform serving nonprofit organizations.
JourneyToLegacy.org — A personal and professional development education, training, and coaching platform.
Business Address: 4933 Grape Tree Lane, Roanoke, Virginia 24018, United States
Privacy Contact: [email protected]
Governing State: Commonwealth of Virginia, United States
2. Our Role: Data Controller
Journey to Legacy LLC acts as the Data Controller for all personal information collected directly through our websites, opt-in forms, and communications with our users and customers. As the Data Controller, we determine the purposes and means of processing your personal information and are responsible for ensuring that processing complies with applicable law.
We engage third-party service providers (including GoHighLevel Inc., Google LLC, Meta Platforms Inc., and others described in Section 8) to process data on our behalf. These providers act as Data Processors and may only process your personal information in accordance with our documented instructions. We maintain data processing agreements with our processors where required by law.
NOTE: If you have provided your personal information to us through a form, landing page, or campaign hosted on the GoHighLevel platform, Journey to Legacy LLC remains your Data Controller. GoHighLevel processes that data as our service provider and processor, not as an independent data controller. GoHighLevel's own Privacy Policy (https://www.gohighlevel.com/privacy-policy) governs HighLevel's use of data about its own customers (us), not about our contacts.
3. Dual-Jurisdiction Notice — United States & South Africa
Journey to Legacy LLC operates across the United States and the Republic of South Africa. This Privacy Policy is designed to comply with applicable law in both jurisdictions:
3.1 United States
Virginia Consumer Data Protection Act (VCDPA) — primary governing law for our registered state
California Consumer Privacy Act (CCPA/CPRA) — rights for California residents outlined in Section 13
Telephone Consumer Protection Act (TCPA), 47 U.S.C. § 227 — governs all automated calls, SMS/MMS messages, and robocalls to US residents
CAN-SPAM Act of 2003 — governs commercial email marketing
CTIA Messaging Principles and Best Practices — carrier-enforced industry standards for SMS/MMS consent and opt-in
FTC Act Section 5 — including disclosure obligations for AI-powered and automated communications
Children's Online Privacy Protection Act (COPPA) — our services are not directed at children under 13
3.2 South Africa
Protection of Personal Information Act, 4 of 2013 (POPIA) — governs the collection, processing, storage, and transfer of personal information of South African data subjects
Journey to Legacy LLC acts as the "Responsible Party" as defined under POPIA for all South African user data
Electronic Communications and Transactions Act, 25 of 2002 (ECTA) — governs direct electronic marketing to South African recipients
South African age of consent for data processing is 18 years — see Section 16 (Children's Privacy)
Your POPIA rights are detailed in Section 12
3.3 GDPR — Best Practice Alignment
While our primary regulatory obligations are under US and South African law, we apply GDPR-aligned data minimization, transparency, and purpose-limitation principles as best practice for all users globally.
4. Information We Collect
4.1 Information You Provide Directly
Full name and email address via contact, opt-in, or inquiry forms
Mobile phone number, where provided for SMS marketing, transactional messages, or calls
Billing name, address, and payment card details (processed via Stripe or PayPal — we do not store raw card data)
Account credentials if you create a user account
Coaching intake, questionnaire, or survey responses
Communications submitted via email, contact forms, or scheduling tools
Webinar, podcast, or event registration details
4.2 Information Collected Automatically
IP address and approximate geographic location derived from IP
Browser type, operating system, and device type
Pages visited, time on site, scroll depth, clicks, and navigation paths
Session recordings and heatmaps (Hotjar — see Section 8.8)
Cookie identifiers and tracking pixel data (see Section 6 — Cookies & Tracking)
4.3 Information from Third Parties
Payment processors (Stripe, PayPal) — transaction confirmation and fraud-prevention signals
Social media platforms (Meta, LinkedIn) — interaction data from ads, pages, or lead-gen forms
Email and SMS platforms (Mailchimp, GoHighLevel) — open rates, click rates, and opt-out events
Call analytics — duration, timestamps, and outcome data from outbound calls made through our systems
5. How We Use Your Information
Service Delivery: To provide consulting, coaching, education, podcast content, and related services you have requested.
Account Management: To create and maintain your account and manage access to paid content.
Payment Processing: To process transactions securely through PCI DSS-compliant third-party processors.
Email Marketing: To send newsletters, program updates, and promotional content to which you have opted in. You may unsubscribe at any time.
SMS & MMS Marketing: To send text-based marketing and transactional messages for which you have provided separate prior express written consent (Section 9).
Outbound Phone Calls: To contact you by telephone for sales, follow-up, or service purposes, subject to applicable consent requirements (Section 10).
AI-Powered Communications: To conduct automated outreach using AI voice agents and automated workflow tools, where you have provided prior express written consent (Section 11).
Analytics & Improvement: To understand website usage, identify issues, and improve user experience.
Targeted Advertising: To deliver relevant ads through Meta and LinkedIn based on expressed interests and browsing behavior.
Legal Compliance: To comply with applicable laws, regulations, and lawful government requests.
OPT-IN DATA: We do not sell your personal information. We do not share your phone number, email address, or opt-in consent data with third parties for their own independent marketing purposes without your separate express written consent.
6. Legal Basis for Processing
Contract Performance: Processing necessary to deliver services you have purchased or enrolled in.
Legitimate Interests: Analytics, website improvement, fraud prevention, and internal business operations, where not overridden by your rights.
Consent: Email marketing, SMS marketing, outbound calls, AI-powered automated communications, advertising cookies, and tracking pixels. You may withdraw consent at any time without affecting the lawfulness of prior processing.
Legal Obligation: Processing required to comply with applicable US or South African law.
7. Cookies & Tracking Technologies
Our websites use cookies, pixels, tags, and similar tracking technologies. By continuing to use our websites, you consent to the use of these technologies as described below.
7.1 Types of Cookies We Use
Essential Cookies: Required for website function. Cannot be disabled.
Analytics Cookies: Measure traffic and user behavior. Used by Google Analytics and Hotjar.
Marketing Cookies: Deliver and measure targeted advertising. Used by Meta Pixel and LinkedIn Insight Tag.
Functional Cookies: Remember preferences and settings between visits.
7.2 Managing Your Cookie Preferences
You may manage or disable cookies through your browser settings at any time. Note that disabling certain cookies may impair website functionality. You may also opt out of interest-based advertising directly through:
Google Ads Settings: https://adssettings.google.com
Meta Ad Preferences: https://www.facebook.com/adpreferences
LinkedIn Opt-Out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out
To request that your data not be used for targeted advertising, email: [email protected]
8. Third-Party Services & Data Processors
We share personal information with the following third-party processors to deliver our services. We maintain data processing agreements with each processor where required by law. We do not authorize processors to use your personal data for their own independent marketing purposes.
8.1 Google Analytics (Google LLC)
Purpose: Website traffic analysis and user behavior measurement. Data collected: anonymized IP address, pages visited, session duration, device and browser data. Privacy Policy: https://policies.google.com/privacy
8.2 Meta Pixel (Meta Platforms, Inc.)
Purpose: Conversion tracking and retargeted advertising across Facebook and Instagram. Data collected: browsing behavior, form submissions, and purchase events. Privacy Policy: https://www.facebook.com/privacy/policy/
8.3 LinkedIn Insight Tag (LinkedIn Corporation)
Purpose: B2B retargeted advertising and campaign analytics. Data collected: LinkedIn member status, page views, and conversion events. Privacy Policy: https://www.linkedin.com/legal/privacy-policy
8.4 Mailchimp (The Rocket Science Group LLC)
Purpose: Email newsletter and marketing campaign delivery. Data collected: name, email address, open rates, click rates, and unsubscribe events. Privacy Policy: https://mailchimp.com/legal/privacy/
8.5 GoHighLevel / HighLevel Inc.
Purpose: CRM platform, SMS and email marketing automation, AI-powered workflow automation, landing pages, and outbound call management. Data collected: contact details, phone numbers, form submissions, email and SMS engagement data, call records, and AI interaction logs. Role: GoHighLevel processes data as our Data Processor, not as an independent data controller for our contacts. Privacy Policy: https://www.gohighlevel.com/privacy-policy
8.6 Stripe, Inc.
Purpose: Payment card processing. PCI DSS Service Provider Level 1 certified. We do not store raw payment card numbers. Data collected: name, billing address, and transaction data processed directly by Stripe. Privacy Policy: https://stripe.com/privacy
8.7 PayPal Holdings, Inc.
Purpose: Alternative payment processing. Data is processed directly by PayPal under their privacy policy. Privacy Policy: https://www.paypal.com/us/legalhub/privacy-full
8.8 Hotjar Ltd.
Purpose: Session recordings, heatmaps, and user experience analysis. Data collected: mouse movements, clicks, scroll behavior, and anonymized session recordings. Hotjar does not collect payment card numbers or sensitive personal identifiers. Privacy Policy: https://www.hotjar.com/legal/policies/privacy/
8.9 Calendly LLC
Purpose: Meeting and appointment scheduling. Data collected: name, email address, time zone, and meeting preferences. Privacy Policy: https://calendly.com/privacy
9. SMS & MMS Marketing — TCPA & CTIA Compliance
IMPORTANT: We send SMS and MMS messages only to individuals who have provided prior express written consent as required by the Telephone Consumer Protection Act (TCPA), 47 U.S.C. § 227, and in accordance with CTIA Messaging Principles and Best Practices. Consent to receive SMS/MMS is never required as a condition of purchasing any product or service.
9.1 Separate Consent for Each Message Type
We collect separate, explicit, uncombined opt-in consent for each of the following message categories through clearly labeled, unchecked checkboxes on our opt-in forms. Consent for one category does not imply consent for another.
Transactional Messages opt-in language (exact text used on our forms):
☐ By checking this box, I consent to receive transactional messages related to the services I have requested. These messages may include reminders, confirmations, and notifications among others. Message frequency may vary. Message & Data rates may apply. Reply HELP for help or STOP to opt-out.
Marketing & Promotional Messages opt-in language (exact text used on our forms):
☐ By checking this box, I consent to receive marketing and promotional messages, including special offers, discounts, new product updates among others. Message frequency may vary. Message & Data rates may apply. Reply HELP for help or STOP to opt-out.
9.2 CTIA Compliance Requirements We Maintain
Opt-in consent is obtained separately for each message program and message type
No pre-checked boxes — all opt-ins require an affirmative, voluntary action by the user
Opt-in consent is not shared with any third party for their independent use
All opt-in forms display a clear link to this Privacy Policy and our Terms & Conditions
All opt-in methods are documented and retained as required by CTIA guidelines
9.3 How to Opt Out of SMS
You may opt out of SMS communications at any time by replying STOP to any message we send. You will receive a one-time confirmation of your opt-out. After that, no further marketing SMS messages will be sent to your number unless you opt in again. For assistance, reply HELP to any of our messages or contact [email protected].
9.4 Message Frequency & Costs
Message frequency varies by program and your level of engagement with our services. Standard message and data rates from your mobile carrier may apply. Journey to Legacy LLC is not responsible for any charges applied by your mobile carrier.
10. Outbound Telephone Calls — TCPA Compliance
When we contact you by telephone for sales, follow-up, or service purposes using automated dialing technology or a prerecorded voice message, we do so only with your prior express written consent as required by the TCPA. Manual calls placed by our team to numbers on the national Do Not Call (DNC) registry are also subject to applicable restrictions.
We maintain an internal Do Not Call list and honor opt-out requests promptly
Prior express written consent for automated calls is obtained separately from SMS and email consent
You may revoke consent for automated calls at any time by notifying us at [email protected] or by verbally requesting removal during any call
We honor all federal and applicable state-level calling restrictions
11. AI-Powered Communications & Automated Systems
DISCLOSURE: Journey to Legacy LLC uses artificial intelligence tools and automated systems in our outreach and service delivery. We are committed to transparency about when and how AI is used in communications with you.
11.1 AI Voice Agents
We may use AI-powered voice agents to conduct outbound calls for the purposes of lead follow-up, appointment setting, program outreach, and service delivery. When an AI voice agent is used to contact you:
You will be informed at the beginning of the call that you are speaking with an AI-powered system
You will have the option to request to speak with a human representative at any time
Call content may be recorded and logged for quality assurance and compliance purposes
AI voice agent calls are only made to individuals who have provided prior express written consent for such communications
11.2 Automated Marketing Workflows
We use GoHighLevel's automated workflow and AI tools to send sequences of emails, SMS messages, and follow-up communications triggered by your actions (e.g., downloading a resource, booking a call, or submitting a form). These workflows:
Are triggered by your actions and based on consent you have already provided
Include clear opt-out mechanisms in every automated message
Do not make decisions that produce significant legal or similarly significant effects on you without human review
11.3 AI Data Usage Policy
We do not use your personal information to train generalized, publicly available AI models. Where we use third-party AI subprocessors (such as tools within GoHighLevel), their use of your data is limited to providing the specific service you are receiving. Our agreements with AI subprocessors restrict them from using your data for their own model training or independent purposes.
12. Your Rights — South African Users (POPIA)
If you are a resident of the Republic of South Africa, you have the following rights under the Protection of Personal Information Act, 4 of 2013 (POPIA):
Right of Access: You may request a copy of all personal information we hold about you.
Right to Correction: You may request correction of inaccurate, incomplete, or out-of-date personal information.
Right to Deletion: You may request deletion of your personal information where we no longer have a lawful basis to process it.
Right to Object: You may object to the processing of your personal information, particularly for direct electronic marketing purposes under Section 69 of POPIA.
Right to Withdraw Consent: Where processing is based on your consent, you may withdraw it at any time without affecting the lawfulness of prior processing.
Right to Complain: You may lodge a complaint with the Information Regulator of South Africa: [email protected] | +27 (0)12 406 4818 | www.justice.gov.za/inforeg
To exercise any of these rights, contact us at [email protected]. We will respond within 30 days and may require identity verification before processing your request.
13. Your Rights — California Residents (CCPA/CPRA)
If you are a California resident, the CCPA and CPRA grant you the following rights:
Right to Know: Request disclosure of the categories and specific pieces of personal information we have collected, the sources, purposes, and third parties with whom it is shared.
Right to Delete: Request deletion of your personal information, subject to certain legal exceptions.
Right to Correct: Request correction of inaccurate personal information.
Right to Opt Out: We do not sell personal information for monetary consideration. We do share certain data with advertising partners (Meta, LinkedIn) for targeted advertising, which may constitute "sharing" under California law. To opt out, email [email protected] with the subject line "Do Not Sell or Share My Information."
Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA/CPRA rights.
Right to Appeal: If we have not responded to your request or you are unsatisfied with our response, you have the right to appeal by contacting us at [email protected].
To submit a verifiable consumer request, contact [email protected]. We will respond within 45 days.
14. Your Rights — All US State Privacy Laws
Residents of Virginia, Colorado, Connecticut, Texas, and other states with enacted consumer privacy laws have rights similar to those described in Section 13, including rights to access, correct, delete, and opt out of certain data sharing. To exercise these rights, contact [email protected]. We will not discriminate against you for exercising your rights under applicable state law.
15. Email Marketing — CAN-SPAM & ECTA Compliance
Our email marketing is conducted in compliance with the CAN-SPAM Act of 2003 (US) and the Electronic Communications and Transactions Act, 25 of 2002 (South Africa):
Every marketing email identifies Journey to Legacy LLC by name and includes our physical mailing address
Every marketing email includes a clearly labeled, functional unsubscribe link
Unsubscribe requests are honored within 10 business days
We do not use deceptive subject lines or sender information
Transactional emails (service confirmations, receipts, account notices) are distinguished from marketing emails and are not subject to marketing opt-out
To unsubscribe from email marketing, click the unsubscribe link in any marketing email or contact [email protected].
16. Children's Privacy
Our websites and services are not directed at children. We apply the following age thresholds:
United States (COPPA): We do not knowingly collect personal information from children under 13.
South Africa (POPIA): We do not knowingly collect personal information from persons under 18 without the consent of a parent or competent guardian, as required by POPIA.
General: Users of our paid services must be at least 18 years of age.
If you believe that a child has provided us with personal information without appropriate consent, please contact us immediately at [email protected] and we will delete such information promptly.
17. Data Retention
Account Data: Retained for the duration of your account plus 3 years after closure.
Transaction Records: Retained for 7 years to comply with US tax and accounting requirements.
SMS & Call Records: Retained for a minimum of 4 years as required for TCPA compliance documentation.
Email Marketing Records: Retained until you unsubscribe and for 4 years thereafter for compliance purposes.
AI Interaction Logs: Retained for 12 months, then deleted unless required for an active legal matter.
Analytics Data: Aggregated, anonymized analytics data may be retained indefinitely. Identifiable session data is subject to the retention defaults of each third-party platform (typically 14 months for Google Analytics).
Legal Claims: Data relevant to active legal disputes or compliance investigations may be retained until the matter is fully resolved.
18. Data Security
We implement reasonable and appropriate technical and organizational security measures to protect your personal information against unauthorized access, loss, destruction, or alteration. These measures include:
SSL/TLS encryption for all data transmitted between your browser and our websites
Access controls limiting personnel access to personal information on a need-to-know basis
Use of PCI DSS-certified processors (Stripe, PayPal) for all payment card processing
Data processing agreements with all third-party processors
Regular review of subprocessor security certifications and privacy practices
No method of electronic transmission or storage is 100% secure. In the event of a data breach that is likely to result in harm to your rights and freedoms, we will notify affected individuals and relevant regulatory authorities as required by applicable law.
19. International Data Transfers
Journey to Legacy LLC is headquartered in the United States. Our servers and third-party processors are primarily located in the United States. If you access our websites from outside the United States — including from South Africa — your personal information will be transferred to, stored, and processed in the United States.
We ensure that cross-border data transfers comply with applicable law, including POPIA's requirements for transfers of personal information outside of South Africa. By using our websites or services from outside the United States, you acknowledge and consent to this international transfer.
20. Changes to This Privacy Policy
We reserve the right to update this Privacy Policy at any time. When material changes are made, we will update the "Last Updated" date at the top of this document, post the revised policy on our websites, and where required by law or where the change is material, notify you by email to the address on file. Your continued use of our websites following the posting of changes constitutes your acceptance of the revised policy.
21. Governing Law & Contact
This Privacy Policy is governed by the laws of the Commonwealth of Virginia, United States. For all privacy-related inquiries, requests, or complaints:
Company: Journey to Legacy LLC
Address: 4933 Grape Tree Lane, Roanoke, Virginia 24018, United States
Email: [email protected]
Websites: MyDigitalNPO.com | JourneyToLegacy.org
We aim to respond to all privacy-related inquiries within 5 business days and to complete all formal data subject requests within 30 days (45 days for CCPA requests).
This Privacy Policy was last updated on March 27, 2026 and is effective as of March 27, 2026.