How We Protect Client Privacy
Quick Answer
Heritage Web protects client privacy through multiple layers: manual review with third-party verification, exclusive one-to-one lead distribution, secure data encryption, 60-day automatic expiration for unpurchased leads, and strict professional agreements. Client contact information is only revealed after purchase, shared with just one professional or business, and never resold or redistributed. We maintain GDPR/CCPA compliance, use PCI-compliant payment processing, and conduct regular security audits to ensure client data remains protected throughout the entire referral process.
Overview
Client privacy forms the foundation of trust in Heritage Web's referral ecosystem. Across our 300+ publications, clients share sensitive personal, legal, medical, and financial information with the expectation of confidentiality and professional handling. Our comprehensive privacy protection system balances client safety with professional access, ensuring that sensitive information reaches only qualified, verified professionals who have committed to ethical use.
Privacy Protection Layers
Layer 1: Initial Submission Security
Secure Collection:
SSL/TLS-encrypted forms
Secure server storage
No third-party trackers on forms
HTTPS-only submissions
Protected databases
Data Minimization:
Collect only necessary information
Optional fields clearly marked
No unnecessary personal data
Purpose-specific questions
Clear data use disclosure
Layer 2: Manual Review Process
Human Verification (Within 24 Hours):
Heritage Web staff review
Third-party verification tools
Spam and fraud detection
Identity confirmation
Quality assurance
What We Verify:
Email address validity
Phone number authenticity
Request legitimacy
No duplicate submissions
Genuine service need
What We Remove:
Spam submissions
Fraudulent requests
Duplicate entries
Test submissions
Bot-generated forms
Layer 3: Controlled Distribution
Exclusive Access Model:
One lead, one buyer
No broadcast distribution
No bidding systems
No shared databases
No resale permitted
Limited Visibility:
Contact info hidden until purchase
Only matched professionals see lead
No public directories
No searchable databases
No indexed content
Layer 4: Professional Obligations
Terms of Service Requirements:
Maintain confidentiality
Use only for stated purpose
No sharing with others
No resale of information
Professional ethics compliance
Industry Compliance:
Attorney-client privilege
HIPAA for healthcare
Financial privacy laws
Real estate regulations
Professional codes of conduct
Information Visibility Controls
Before Purchase - What's Hidden
Protected Information:
Full name
Email address
Phone number
Street address
Identifying details
Why Hidden:
Prevents unsolicited contact
Reduces spam risk
Protects vulnerable clients
Maintains control
Ensures exclusive access
Before Purchase - What's Visible
General Information Shown:
Service category needed
General location (city, state)
Brief description
Urgency indicators
Language preferences
Qualifying responses (non-identifying)
Purpose: Allows evaluation without exposure
After Purchase - Exclusive Access
What Purchaser Receives:
Complete contact information
Full case details
All qualifying responses
Special circumstances
Previous attempts information
Access Restrictions:
Only purchasing professional
Cannot be transferred
Cannot be resold
Must maintain confidentiality
Permanent responsibility
The 60-Day Expiration Protection
Automatic Data Removal
Why We Delete After 60 Days:
Limits data retention
Reduces breach risk
Respects privacy preferences
Prevents stale contact
Encourages fresh submissions
What Happens at Expiration
For Unpurchased Leads:
Automatic system deletion
Removed from all databases
No archive retention
Cannot be recovered
Complete erasure
Privacy Benefit: No indefinite storage
Purchased Lead Retention
Professional Responsibility:
Permanent access granted
Must protect information
Follow industry regulations
Cannot share or resell
Maintain confidentiality forever
Exclusive Distribution Model
One Lead, One Professional
How It Works:
First purchaser gets exclusive access
Lead immediately removed from others
No subsequent sales
No sharing between professionals
Complete exclusivity
Privacy Benefits:
Client contacts only one professional
No multiple solicitations
Reduced spam potential
Clear accountability
Better client experience
No Resale or Redistribution
Strict Prohibitions:
Cannot sell to other professionals
Cannot share with partners (outside firm)
Cannot post publicly
Cannot add to marketing lists
Cannot use for unrelated purposes
Enforcement:
Terms of service violations
Account termination possible
Legal action if necessary
Industry reporting
Permanent ban
Technical Security Measures
Data Encryption
In Transit:
TLS 1.3 encryption
Secure API calls
Encrypted email delivery
Protected payment processing
Secure dashboard access
At Rest:
Encrypted databases
Secure server storage
Protected backups
Isolated environments
Access logging
Access Controls
System Restrictions:
Role-based permissions
Two-factor authentication available
Session management
IP monitoring
Audit trails
Professional Access:
Login required
Account verification
Purchase verification
Limited data export
No bulk downloads
Payment Security
PCI Compliance:
Level 1 certification
No card storage
Tokenized transactions
Stripe processing
Fraud prevention
Client Protection:
No payment info to professionals
Separate payment handling
Secure checkout
No financial data exposure
Compliance Standards
GDPR Compliance
Rights Provided:
Right to access
Right to correction
Right to deletion
Right to portability
Right to object
Implementation:
Clear privacy policy
Explicit consent
Data minimization
Purpose limitation
Retention limits
CCPA Compliance
California Privacy Rights:
Know what's collected
Delete personal information
Opt-out of sale
Non-discrimination
Access and portability
Our Compliance:
No data sales
Clear disclosures
Deletion processes
Consumer rights portal
Regular audits
Industry-Specific Compliance
Industry | Compliance Standard | Implementation |
Legal | Attorney-client privilege | Confidentiality requirements |
Medical | HIPAA | Health information protection |
Financial | GLBA | Financial privacy safeguards |
Real Estate | Fair Housing | Non-discrimination policies |
General | FTC Guidelines | Truthful practices |
Client Rights and Controls
Submission Control
Client Choices:
Optional information fields
Communication preferences
Contact method selection
Urgency designation
Language preferences
Post-Submission Rights
Available Actions:
Request information update
Ask about status
Withdraw request (if unpurchased)
Report misuse
File complaints
Complaint Process
If Privacy Violated:
Contact [email protected]
Provide details of violation
Investigation within 48 hours
Action against violator
Resolution communication
Professional Privacy Responsibilities
Required Practices
Upon Purchase:
Secure storage of information
Limited access within organization
Professional use only
Confidential handling
Regulatory compliance
Prohibited Actions
Never Allowed:
Share with competitors
Sell to third parties
Public posting
Marketing list addition
Unrelated service promotion
Social media sharing
Best Practices
Recommended Security:
CRM encryption
Access controls
Regular audits
Staff training
Incident response plan
Special Privacy Situations
Sensitive Cases
Extra Protection For:
Domestic violence situations
Mental health crises
Financial distress
Immigration matters
Criminal cases
Enhanced Measures:
Priority review
Restricted distribution
Verified professionals only
Additional screening
Monitoring for compliance
Minor Protection
Under 18 Policies:
Parental consent required
Enhanced verification
Limited distribution
Strict professional vetting
Additional monitoring
Vulnerable Populations
Special Handling:
Elderly clients
Disability considerations
Language barriers
Economic disadvantage
Emergency situations
Transparency and Trust
Privacy Policy
Clear Disclosure Of:
What we collect
How we use it
Who sees it
How long we keep it
Client rights
Easy Access:
Website footer
Account dashboard
Email footers
Intake forms
Public availability
Security Audits
Regular Reviews:
Annual third-party audits
Quarterly internal reviews
Penetration testing
Compliance verification
Incident response testing
Breach Response
If Breach Occurs:
Immediate containment
Assessment of impact
Client notification (within 72 hours)
Authority reporting
Remediation measures
Prevention improvements
Verification and Trust
Third-Party Verification
What We Use:
Email verification services
Phone validation tools
Identity confirmation
Fraud detection systems
Address verification
Why It Matters:
Protects real clients
Reduces fraud
Ensures quality
Builds trust
Improves outcomes
Professional Vetting
Before Listing Approval:
License verification
Credential confirmation
Background checks (where applicable)
Professional standing
Ethics compliance
Important Privacy Notes
Client data never sold to third parties
No advertising use of client information
Strict need-to-know basis internally
Regular privacy training for staff
Continuous improvement commitment
Client privacy over profit
FAQs
Q: Can clients see who purchased their information? A: No, we don't disclose purchaser information to clients to protect professional privacy, but we track it internally for accountability.
Q: What happens if a professional misuses client information? A: Immediate investigation, potential account termination, industry reporting, and legal action if warranted.
Q: Can clients request their data be deleted? A: Yes, unpurchased lead data can be deleted on request. Purchased leads remain with the professional under their industry regulations.
Q: Do you share client data with parent company or partners? A: No, client referral data is never shared with third parties, partners, or used for any purpose other than the referral service.
Q: How do you verify professionals won't misuse data? A: Through terms of service agreements, professional licensing requirements, industry regulations, and active monitoring for complaints.
Q: Can clients opt out of certain professionals seeing their request? A: Clients can specify preferences, but cannot individually exclude professionals. They can request publication-exclusive matching.
Next Steps
Review our complete privacy policy
Understand your professional obligations
Implement secure data handling
Train your team on privacy
Report any privacy concerns immediately
Maintain client confidentiality always
Related Articles
Privacy Policy for Professionals
Data Protection and Security
HIPAA Compliance for Healthcare Referrals
Attorney-Client Privilege in Referrals
Protecting Vulnerable Clients
Professional Ethics and Referrals