Privacy Policy

How we collect, use, and protect your information.

Effective Date: February 21, 2026

Last Updated: March 9, 2026

Lake Forest Computer Company ("we," "us," or "our") respects your privacy and is committed to transparency about our data practices. This Privacy Policy describes how we collect, use, disclose, and protect information when you visit our website at lakeforestcomputer.com ("the Site") or engage our services. Please read this policy carefully. By using our Site, you acknowledge that you have read and understood this Privacy Policy.

1. Information We Collect

1.1 Information You Provide Directly

We collect personal information that you voluntarily provide to us through the following interactions:

Contact Form Submissions

When you submit our contact form, we collect:

  • Full name
  • Email address
  • Phone number (if provided)
  • Service interest (selected from a dropdown menu)
  • Message content

Contact form submissions are logged to a secure server-side file for record-keeping purposes. Your submission data is transmitted via email to our team through MXRoute (heracles.mxrouting.net), our third-party email delivery service. Your IP address is recorded at the time of submission for rate-limiting purposes (limited to 5 submissions per IP address per hour). A hidden honeypot form field is used for automated bot detection; this field is not visible to users and no additional data is collected through it.

Testimonial Submissions

If you choose to submit a testimonial through our website, we collect:

  • Your name
  • Email address (required for verification)
  • Company name (optional)
  • Star rating (1–5)
  • Review text

Testimonial submissions require email verification. We send a verification email containing a unique token link that expires after 24 hours. Once you verify your submission, your name, company name (if provided), star rating, and review text are published publicly on our website. Your email address is stripped from the public data and is never displayed on the Site. Email addresses associated with testimonials are used solely for the one-time verification process.

Other Direct Communications

When you contact us by email, phone, or other means, we may collect your name, contact details, business information, and any other information you voluntarily provide.

1.2 Information Collected Automatically

Web Server Access Logs

When you visit our Site, our web server (Caddy) automatically collects standard access log data, including:

  • IP address
  • Browser type and version (User-Agent string)
  • Pages requested and HTTP status codes
  • Referring URL
  • Date and time of each request

Website Analytics (Umami)

We use Umami, a privacy-focused, open-source web analytics platform that we self-host at analytics.ai-signed.com. Umami collects the following aggregated and anonymized data:

  • Pages viewed and navigation paths
  • Referring URLs and UTM parameters
  • Browser type and version
  • Operating system
  • Screen resolution
  • Country-level geolocation (derived from IP address)

Umami is designed to be privacy-respecting. It does not use cookies, does not store your IP address long-term, does not track you across websites, and does not collect personally identifiable information. All analytics data is aggregated and cannot be used to identify individual users. Umami is compliant with GDPR, CCPA, and PECR without requiring a cookie consent banner.

Google Fonts

Our Site loads the Inter typeface from Google Fonts (fonts.googleapis.com and fonts.gstatic.com). When your browser requests these font files, your IP address and browser information (User-Agent string) are transmitted to Google's servers. Google's use of this data is governed by the Google Privacy Policy (opens in new tab). We do not control or have access to the data Google collects through this service.

2. How We Use Your Information

We use the information we collect for the following purposes:

  • Responding to inquiries: To reply to your contact form submissions and provide requested information about our services
  • Service delivery: To communicate with you about projects, services, support, and billing
  • Testimonial publication: To verify and publish your testimonial on our Site (with your consent via email verification)
  • Website improvement: To understand how visitors use our Site through aggregated analytics, enabling us to improve content and user experience
  • Security and abuse prevention: To monitor for malicious activity, enforce rate limits, detect automated bots, and maintain the security of our infrastructure
  • Legal compliance: To comply with applicable laws, regulations, and legal processes

3. Cookies and Tracking Technologies

Our Site does not set any first-party or third-party cookies. We do not use tracking pixels, web beacons, or fingerprinting techniques. We do not engage in cross-site tracking or behavioral advertising.

Our analytics platform (Umami) is fully cookieless and does not use any client-side storage mechanisms (cookies, localStorage, or sessionStorage) to identify or track visitors.

The only external requests made by our Site are to Google Fonts servers (for typeface loading) and to our self-hosted Umami analytics endpoint. Neither of these sets cookies on our domain.

Do Not Track Disclosure

We respect browser Do Not Track (DNT) signals. Our analytics system (Umami) is cookieless and does not track users across websites, meaning that the privacy protections associated with DNT are already built into our Site by default, regardless of your browser settings.

4. Information Sharing and Third-Party Processors

We do not sell, rent, lease, or trade your personal information to any third party. We do not share personal information for advertising or marketing purposes.

We may share or transmit information in the following limited circumstances:

4.1 Service Processors

  • MXRoute (heracles.mxrouting.net) — Our email delivery service. Contact form submissions and testimonial verification emails are transmitted through MXRoute's SMTP servers. MXRoute processes email content, sender/recipient addresses, and associated metadata in order to deliver messages on our behalf.
  • Google Fonts (fonts.googleapis.com) — Provides typeface files to your browser. Your IP address and User-Agent string are transmitted to Google when font files are loaded. See Section 1.2 above.

4.2 Other Disclosures

  • Legal requirements: When required by law, subpoena, court order, or governmental regulation
  • Safety and protection: To protect the rights, property, or safety of Lake Forest Computer Company, our clients, or the public
  • Business transfers: In connection with a merger, acquisition, or sale of all or a portion of our assets, in which case you will be notified of any change in data practices
  • Service partners: With trusted subcontractors who assist in delivering our IT services, under written confidentiality and data protection agreements

5. Data Security

We implement appropriate technical and organizational measures to protect your information, including:

  • Encrypted connections (TLS/SSL) for all website traffic
  • Secure server infrastructure hosted on our own managed Proxmox VE cluster
  • Firewall rules restricting inbound access to essential services only
  • SMTP transmission over encrypted SSL connections (port 465)
  • Server-side environment files protected with restricted file permissions (chmod 600)
  • Access controls limiting who can view personal information
  • Regular security updates and monitoring
  • Security headers (Content-Security-Policy, X-Frame-Options, X-Content-Type-Options, Referrer-Policy) enforced on all responses

While we take reasonable measures to protect your data, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security.

6. Data Retention

We retain personal information only as long as necessary for the purposes described in this policy. Specific retention periods are as follows:

  • Contact form submissions: Retained for 2 years from the date of submission, then permanently purged
  • Testimonials: Published testimonials (name, company, rating, review text) are retained indefinitely for as long as they remain published on the Site. You may request removal at any time by contacting us.
  • Testimonial email addresses: Used only for the one-time verification process and are not stored in the public testimonial data
  • Web server access logs: Retained for 90 days, then automatically purged
  • Analytics data (Umami): Aggregated and anonymized; no individual user data is stored. Aggregate statistics are retained indefinitely.
  • Rate-limiting records (IP addresses): Held in server memory temporarily and not persisted to long-term storage

7. Your Rights

Regardless of your location, you have the following rights with respect to your personal information:

  • Access: Request a copy of the personal information we hold about you
  • Correction: Request that we correct inaccurate or incomplete personal information
  • Deletion: Request that we delete your personal information, subject to legal retention requirements
  • Withdrawal of consent: Where processing is based on your consent, you may withdraw that consent at any time
  • Testimonial removal: Request removal of your published testimonial at any time

To exercise any of these rights, please contact us at contact@lakeforestcomputer.com or call (661) 903-9050. We will respond to your request within 30 days.

8. California Privacy Rights (CCPA/CPRA)

If you are a California resident, the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), provides you with specific rights regarding your personal information. This section describes those rights and how to exercise them.

8.1 Right to Know

You have the right to request that we disclose the following information covering the 12 months preceding your request:

  • The categories of personal information we have collected about you
  • The categories of sources from which the personal information was collected
  • The business or commercial purpose for collecting the personal information
  • The categories of third parties with whom we share personal information
  • The specific pieces of personal information we have collected about you

8.2 Right to Delete

You have the right to request that we delete the personal information we have collected about you, subject to certain exceptions permitted by law (for example, if the information is necessary to complete a transaction, detect security incidents, or comply with a legal obligation). We will respond to verified deletion requests within 45 days. If we require additional time (up to an additional 45 days), we will notify you of the extension and the reason for it.

8.3 Right to Correct

Under the CPRA, you have the right to request that we correct inaccurate personal information that we maintain about you. Upon receiving a verified request, we will use commercially reasonable efforts to correct the information.

8.4 Right to Opt-Out of Sale or Sharing

We do not sell your personal information. We do not share your personal information for cross-context behavioral advertising. Because we do not engage in these activities, there is no need to opt out. However, if our practices change in the future, we will update this policy and provide an opt-out mechanism as required by law.

8.5 Right to Limit Use of Sensitive Personal Information

We do not collect or process sensitive personal information (as defined by the CPRA) beyond what is necessary to provide our services. If we collect sensitive personal information in the future, we will provide a mechanism to limit its use as required by law.

8.6 Non-Discrimination

We will not discriminate against you for exercising any of your CCPA/CPRA rights. We will not deny you goods or services, charge you different prices, provide a different level or quality of service, or suggest that you will receive any of the above as a result of exercising your privacy rights.

8.7 Verification Process

To protect your privacy, we must verify your identity before fulfilling a rights request. We will ask you to confirm your identity by matching information you provide (such as your name and email address) against information we already have on file. If we cannot verify your identity, we may be unable to fulfill your request.

8.8 Authorized Agents

You may designate an authorized agent to submit a request on your behalf. To do so, you must provide the agent with signed written permission and we may require you to verify your own identity directly with us and confirm that you authorized the agent to act on your behalf. Alternatively, an authorized agent with a valid power of attorney under California Probate Code sections 4000–4465 may submit a request on your behalf.

8.9 How to Submit a Request

To submit a CCPA/CPRA request, contact us at:

  • Email: contact@lakeforestcomputer.com
  • Phone: (661) 903-9050

We will acknowledge your request within 10 business days and provide a substantive response within 45 days.

9. European Privacy Rights (GDPR)

If you are located in the European Economic Area (EEA), the United Kingdom (UK), or Switzerland, the General Data Protection Regulation (GDPR) and applicable local data protection laws provide you with additional rights. This section describes our practices as they relate to the GDPR.

9.1 Data Controller

Lake Forest Computer Company is the data controller responsible for your personal information. As a small business, we have not appointed a Data Protection Officer (DPO). For any data protection inquiries, please contact us at contact@lakeforestcomputer.com.

9.2 Lawful Basis for Processing

We process personal information under the following lawful bases:

  • Legitimate interest (Article 6(1)(f)): For website analytics (aggregated, anonymized via Umami), server access logging, security monitoring, and rate limiting. Our legitimate interest is to maintain and improve our website, ensure security, and understand aggregate usage patterns. These interests do not override your fundamental rights, especially given that our analytics are cookieless and anonymized.
  • Contract performance (Article 6(1)(b)): For processing contact form submissions in order to respond to your inquiry and provide requested services.
  • Consent (Article 6(1)(a)): For publishing testimonials on our website. You provide consent by voluntarily submitting a testimonial and completing the email verification process. You may withdraw this consent at any time by requesting removal of your testimonial.

9.3 Data Subject Rights

Under the GDPR, you have the following rights:

  • Right of access (Article 15): Request a copy of the personal information we process about you
  • Right to rectification (Article 16): Request correction of inaccurate or incomplete personal information
  • Right to erasure (Article 17): Request deletion of your personal information where there is no compelling reason for its continued processing
  • Right to restriction of processing (Article 18): Request that we restrict processing of your data in certain circumstances, such as while we verify the accuracy of contested information
  • Right to data portability (Article 20): Request your personal information in a structured, commonly used, machine-readable format
  • Right to object (Article 21): Object to processing based on legitimate interests; we will cease processing unless we demonstrate compelling legitimate grounds
  • Right to withdraw consent: Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing
  • Right to lodge a complaint: You have the right to lodge a complaint with a supervisory authority in the EU/EEA member state of your residence, place of work, or where the alleged infringement occurred

To exercise any of these rights, contact us at contact@lakeforestcomputer.com. We will respond within 30 days.

9.4 International Data Transfers

Our servers and business operations are located in the United States. If you are accessing our Site from outside the United States, please be aware that your information will be transferred to, stored, and processed in the United States, where data protection laws may differ from those in your country. By using our Site or submitting information to us, you acknowledge this transfer. We take reasonable measures to ensure that your data is treated securely and in accordance with this Privacy Policy.

10. Categories of Personal Information Collected

In the preceding 12 months, we have collected the following categories of personal information as defined by the CCPA:

  • Identifiers: Name, email address, phone number, IP address (via server logs and rate limiting)
  • Commercial information: Records of services inquired about (contact form service interest selections)
  • Internet or network activity: Browsing history on our Site, referring URLs, browser type, screen resolution, operating system, country (via Umami analytics and server logs)
  • Professional or employment-related information: Company name (if provided in testimonials or contact forms)

We do not collect: Social Security numbers, financial information, biometric data, geolocation data beyond country-level, protected classification characteristics, education information, or sensory data.

11. Children's Privacy

Our services are directed to businesses and professionals. Our Site is not intended for individuals under the age of 16. We do not knowingly collect personal information from children under 16. If you believe we have inadvertently collected information from a child under 16, please contact us immediately at contact@lakeforestcomputer.com and we will promptly delete the information.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or for other operational reasons. When we make material changes, we will update the "Last Updated" date at the top of this page. We encourage you to review this page periodically. Your continued use of the Site after any changes constitutes your acceptance of the updated policy.

13. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

Lake Forest Computer Company
Lake Forest, California 92630
Email: contact@lakeforestcomputer.com
Phone: (661) 903-9050

We aim to respond to all privacy-related inquiries within 30 days.