GM Associates
Services About Pricing Get Started

Privacy Policy

Effective Date: January 19, 2026 | Last Updated: January 19, 2026

Introduction

GM Associates ("we," "our," or "us") is a technology consulting firm based in Buffalo, New York. This Privacy Policy explains how we collect, use, disclose, and protect your information when you use our website (gmassociates.tech), services, and applications.

By using our services, you agree to the collection and use of information in accordance with this policy.

Information We Collect

Information You Provide

  • Contact Information: Name, email address, phone number when you contact us or request services
  • Business Information: Company name, project details, and requirements you share with us
  • Communications: Emails, messages, and correspondence with our team

Information Collected Automatically

  • Usage Data: Pages visited, time spent, referring URLs
  • Device Information: Browser type, operating system, IP address
  • Cookies: We use essential cookies for website functionality

Information from Third-Party Services

When you authorize our applications to access third-party services (such as YouTube, Google Drive, or other platforms), we may access:

  • Account identifiers and profile information
  • Content metadata (titles, descriptions, dates)
  • Content you specifically authorize us to manage

We only access what is necessary to provide the service you requested.

How We Use Your Information

We use your information to:

  • Provide Services: Deliver consulting, development, and technology services you request
  • Communicate: Respond to inquiries, send project updates, and provide support
  • Improve: Analyze usage to improve our website and services
  • Comply: Meet legal obligations and protect our rights

We do NOT:

  • Sell your personal information
  • Share your data with third parties for their marketing purposes
  • Use your data for purposes unrelated to our services

Third-Party API Services

YouTube API Services

Our applications that use YouTube API Services access your YouTube data only with your explicit OAuth consent. When using these tools:

  • Data is processed in real-time and not stored beyond your session
  • We access only the specific data needed (playlist names, video titles, metadata)
  • We do not download, store, or cache video content
  • You can revoke access anytime at Google Account Permissions

By using our YouTube-integrated tools, you also agree to the Google Privacy Policy.

Google Drive and Gmail

For services using Google Drive or Gmail APIs:

  • We access only files and messages you explicitly authorize
  • Data is processed to complete your requested task
  • We do not store copies of your Google data on our servers

Data Storage and Retention

Data Type Retention Period Storage Location
Contact information Duration of business relationship + 3 years Secure cloud storage
Project files As agreed per project Client-specified or secure cloud
API session data Session duration only Local memory (not persisted)
Website analytics 26 months Google Analytics
Communications 7 years (business records) Email servers

API Data: When using our applications that connect to third-party APIs (YouTube, Google, etc.), your data from those services is processed in-memory only and is NOT stored after your session ends.

Data Sharing

We may share your information with:

  • Service Providers: Cloud hosting, email services, and tools necessary to deliver our services (under confidentiality agreements)
  • Legal Requirements: When required by law, court order, or government request
  • Business Protection: To protect our rights, safety, or property

We do NOT share your information with:

  • Advertisers or marketing companies
  • Data brokers
  • Any third party for their own commercial purposes

Your Rights

You have the right to:

  • Access: Request a copy of the personal information we hold about you
  • Correction: Request correction of inaccurate information
  • Deletion: Request deletion of your personal information (subject to legal retention requirements)
  • Revoke API Access: Remove our access to third-party services via those platforms' settings
  • Opt Out: Unsubscribe from marketing communications

To exercise these rights, contact us at [email protected].

Data Security

We implement appropriate security measures in compliance with the New York SHIELD Act (Stop Hacks and Improve Electronic Data Security Act), including:

  • HTTPS/TLS encryption for all data transmission
  • Secure authentication for all services
  • Limited access to personal information on a need-to-know basis
  • Regular review and assessment of security practices
  • Reasonable administrative, technical, and physical safeguards for private information

While we strive to protect your information, no method of transmission over the internet is 100% secure.

Data Breach Notification

In the event of a security breach involving your private information, we will:

  • Notify affected New York residents in compliance with NY General Business Law Section 899-aa
  • Provide notification without unreasonable delay, consistent with legitimate law enforcement needs and measures necessary to determine the scope of the breach
  • Include in the notification: a description of the incident, the types of information involved, contact information for our company, and contact information for relevant government agencies
  • Notify the New York Attorney General, Department of State, and Division of State Police if more than 500 New York residents are affected

Healthcare and Sensitive Client Data

When handling protected health information (PHI) or other sensitive client data, we adhere to applicable regulatory requirements including:

  • HIPAA: For clients in healthcare, we follow Health Insurance Portability and Accountability Act guidelines for protecting patient information
  • Business Associate Agreements: We execute BAAs with healthcare clients as required
  • HIPAA-Compliant Storage: For clients requiring HIPAA-compliant cloud storage, we will work with your organization to use a compliant cloud platform that you provide or approve. We do not store PHI on general-purpose consumer cloud services.
  • Industry-Specific Protocols: We adapt our security practices to meet the compliance requirements of your industry

If your organization requires specific compliance certifications or data handling agreements, please contact us to discuss your requirements before engaging our services.

Cookies and Tracking

Our website uses:

  • Essential Cookies: Required for website functionality
  • Analytics Cookies: To understand how visitors use our site (Google Analytics)

You can control cookies through your browser settings.

Do Not Track Disclosure

Some web browsers have a "Do Not Track" (DNT) feature that sends a signal to websites requesting that your browsing behavior not be tracked. Our website does not currently respond to DNT signals. However, you can opt out of Google Analytics tracking by installing the Google Analytics Opt-out Browser Add-on.

Children's Privacy

Our services are not directed to individuals under 13 years of age. We do not knowingly collect personal information from children under 13.

California Privacy Rights

California residents have additional rights under the CCPA:

  • Right to know what personal information is collected
  • Right to delete personal information
  • Right to opt-out of sale of personal information (we do not sell personal information)
  • Right to non-discrimination for exercising privacy rights

International Users

Our services are based in the United States. If you access our services from outside the US, your information may be transferred to and processed in the United States.

Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of significant changes by posting the new policy on our website with an updated effective date.

Contact Us

For questions about this Privacy Policy or our privacy practices:

GM Associates
George Davis
Buffalo, New York

Email: [email protected]
Website: gmassociates.tech

This policy applies to all GM Associates services, websites, and applications. Our use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

GM Associates
Services About Privacy Policy Terms of Service
© 2026 GM Associates. Buffalo, NY. Serving clients nationwide.