 1 (866) 274-3650

info@orangepandadigital.com

Privacy Policy

Last updated: May 31, 2026
Effective date: May 31, 2026
Owner: DevelopingRiches Inc., a California C corporation, doing business as OrangePandaDigital (“OrangePandaDigital”, “OPD”, “we”, “us”, or “our”).

This Privacy Policy describes how DevelopingRiches Inc. collects, uses, discloses, and protects personal information across the entire portfolio of products and services marketed under the OrangePandaDigital brand and operated under the King James Empire (“KJE”) family. It applies to every visitor to orangepandadigital.com and to every customer, prospect, end-user, or third party whose information we process in the course of providing those products and services.

1. Products and Services Covered by This Policy

This single umbrella privacy policy governs all of the following products, sites, and services. Charges for any of these products appear on customer bank and card statements with the descriptor ORANGEPANDADIGITAL.COM, regardless of which product or sub-brand was purchased:

  • ReviewBombz — Google review monitoring and reputation protection at reviewbombz.com.
  • KJWidgetz — Embeddable website widgets and conversion tools.
  • DemoBoosterz — Conversion-focused demo and trial overlays for SaaS sites.
  • DemoEnginez — Automated demo orchestration and lead-routing engine.
  • SiteEnginez — Site-build automation and managed hosting workflows.
  • VoiceDropz — Ringless voicemail and pre-recorded outreach delivery.
  • IASY (“I Am Solving You”) — AI-assisted self-service support and triage product.
  • InkHaus Studios — Creative and content production services.
  • FinanceIQ — Consumer and small-business finance education and tools.
  • KJ Loan Modz — Loan modification information and outreach services.
  • UnhideLocal — Local-business visibility and listing repair tooling.
  • KJ Command Deck — Internal operations dashboard and orchestration layer surfaced to qualifying business customers.

References in this Policy to “the Services” mean any one or more of the above, plus any related websites, mobile experiences, APIs, dashboards, support channels, and outbound communications (email, SMS, voice, push) operated by us.

2. Information We Collect

The categories of personal information we collect depend on which Service you use and how you interact with us.

2.1 Information you provide directly

  • Account and contact data — full name, business name, email address, phone number, postal address, password, role, and time zone.
  • Billing data — payment-card last four, expiration, billing ZIP, billing email, tax-ID where required. Full card numbers are processed by Stripe and never stored on our servers.
  • Business and onboarding data — Google Business Profile ID or URL, business hours, service area, industry, website, listing identifiers, and similar fields necessary to deliver the Service you ordered.
  • Communications — messages you send to support, replies to our SMS or email, transcripts of voice conversations with our AI voice agent (“AVA”), tickets, comments, and feedback.
  • Consent records — separate, granular records of your consent to (i) transactional communications, (ii) Prior Express Written Consent (“PEWC”) for marketing calls and texts, and (iii) consent to interact with our AI voice agent and AI chatbots, including the IP address, timestamp, page URL, and exact disclosure text shown at the moment of consent.

2.2 Information collected automatically

  • Device and log data — IP address, user-agent, device identifiers, browser type, operating system, referrer, pages viewed, links clicked, session duration, and timestamps.
  • Cookies and similar technologies — first-party and third-party cookies, local-storage tokens, and pixel tags used for authentication, fraud prevention, analytics, and marketing attribution. See Section 12.
  • Call and message metadata — for any Service involving telephony or messaging (ReviewBombz, VoiceDropz, IASY, KJ Loan Modz, AVA), we and our carriers log the calling and called numbers, call start and end times, duration, disposition, recording URLs (where lawful and disclosed), SMS message bodies, delivery receipts, and carrier error codes.

2.3 Information from third parties

  • Identity and business verification — data from Stripe Identity, A2P 10DLC brand and campaign registration partners, and KYC/AML providers when required to provision telephony or payment services.
  • Public-records and listing aggregators — data from public Google Business Profile listings, Outscraper feeds, and similar sources used for review monitoring, scan reports, listing-health diagnostics, and similar legitimate-interest product functions.
  • Advertising and analytics partners — limited data from ad-platform pixels and analytics providers about how you arrived at our sites.

2A. Non-Customer Data Disclosure

This section is required because several of our Services process information about people who are not our customers. We disclose this expressly so non-customers can understand how we may handle data about them.

2A.1 Reviewers, commenters, and listing visitors

Several Services (notably ReviewBombz and UnhideLocal) ingest publicly available review text, ratings, reviewer display names, profile photos as published by Google, review timestamps, and listing metadata. We process this data on behalf of the local-business customer who owns the listing, on the legal basis of legitimate interest in monitoring publicly published statements about that business. We do not contact reviewers using contact information derived from these scrapes. We retain ingested review data only as long as needed to provide the Service and for a limited audit window.

2A.2 Recipients of customer-initiated outreach

Where a KJE business customer uses one of our outbound Services (for example, VoiceDropz, IASY workflows, KJ Loan Modz outreach, or the ReviewBombz / KJLE win-back SMS and voice flows) to contact their own leads, customers, or prospects, the recipients of that outreach are end-users of our Service even though they are not our paying customers. We process recipient phone numbers, names, consent records supplied by the customer, and our own call and message metadata in order to deliver the message, suppress non-compliant traffic, honor opt-outs, and enforce the empire-wide Do-Not-Contact (“KJLE DNC”) suppression list described in Section 6. Recipients can opt out of any individual customer’s outreach by replying STOP to any SMS, by stating an opt-out request on any call, or by emailing privacy@orangepandadigital.com. STOP and opt-out signals are honored at both the per-customer and empire-wide level.

2A.3 Business-listing principals

Services such as UnhideLocal, SiteEnginez, and KJ Loan Modz may surface information about business owners, principals, or licensed professionals drawn from public records (state corporation filings, NMLS, licensing boards, public Google listings). We treat this information as business-contact data for B2B outreach and apply the same suppression rules and opt-out mechanisms described above.

2A.4 Children

None of the Services are directed to children under 13, and we do not knowingly collect personal information from children under 13. If you believe we have inadvertently collected such information, contact us at privacy@orangepandadigital.com and we will delete it.

3. How We Use Information

We use personal information for the following purposes, each of which has a stated lawful basis where required (contract performance, legitimate interest, legal obligation, or consent):

  • To provide the Services you ordered, including provisioning, configuration, ongoing operation, monitoring, alerting, billing, and customer support (contract).
  • To detect, prevent, and investigate fraud, abuse, security incidents, telephony abuse, payment fraud, and violations of our Terms (legitimate interest, legal obligation).
  • To send transactional communications, including order confirmations, receipts, security alerts, service status, scan results, monthly reports, billing reminders, and similar non-marketing messages (contract; transactional consent).
  • To send marketing communications by email, SMS, or voice, but only where we have your PEWC consent and only until you opt out (PEWC consent).
  • To operate AI features, including our AVA voice agent, AI chatbots, AI-assisted scan reports, and AI-assisted drafting, with appropriate disclosure and consent (consent, legitimate interest, contract).
  • To comply with legal obligations, including TCPA, CAN-SPAM, FCC AI-calling rules, A2P 10DLC requirements, state-law consumer-protection requirements, tax, anti-money-laundering, and lawful requests from regulators or courts (legal obligation).
  • To improve and develop the Services, including measuring feature usage, debugging, model evaluation, and aggregate analytics (legitimate interest).
  • To enforce our Terms of Service and protect the rights, property, and safety of the company, our customers, and the public (legitimate interest, legal obligation).

4. AI Voice Agent (AVA), AI Chatbots, and AI Assistance

Several Services use artificial intelligence. We disclose this expressly because federal and state rules require it and because we believe users should understand when they are interacting with a machine.

4.1 AVA — the AI voice agent

AVA is an AI-powered voice agent used inside ReviewBombz, IASY, KJ Loan Modz, and certain inbound and outbound flows operated for KJE customers. AVA is not a human. AVA discloses at the start of every call that the caller or recipient is speaking with an AI voice agent, in plain language, before any other substantive content. Calls handled by AVA may be recorded for quality, training, model evaluation, compliance, and dispute resolution, with the recording disclosure delivered before the call substantive content begins, consistent with applicable two-party consent jurisdictions. We use recordings and transcripts only for the purposes disclosed at the time of capture.

4.2 AI chatbots

AI chatbots are embedded across orangepandadigital.com, reviewbombz.com, and other product sites. We disclose at the start of a chat that the user is interacting with an AI assistant. Chat transcripts may be retained for quality, debugging, and abuse prevention. Users may request transcript deletion via privacy@orangepandadigital.com.

4.3 Model providers

We use third-party large-language-model providers, including Anthropic (Claude family), to power AVA, AI chatbots, AI scan reports, and AI-assisted drafting. We send only the data necessary to obtain a useful response. Providers process this data under their own data-processing terms and are contractually prohibited from using it to train their own foundational models, where their commercial terms support that prohibition.

4.4 FCC AI calling compliance

For any AI-generated or AI-modified voice calls subject to FCC rules, we deliver the required AI-call disclosure at the start of the call, obtain consent where required, and honor opt-out and Do-Not-Call requests at both the per-customer and empire-wide level.

5. Twilio, A2P 10DLC, and Telephony Compliance

SMS, MMS, and voice traffic for Services including ReviewBombz, VoiceDropz, IASY, KJ Loan Modz, and the ReviewBombz / KJLE outreach flows is delivered through Twilio and its carrier partners under the A2P 10DLC framework. We register the brand, register each campaign with its use case (Customer Care, 2FA, Marketing, etc.), provide sample message content, link this Privacy Policy, and link to our Terms of Service during campaign registration. Mobile-originated opt-outs (STOP, STOPALL, UNSUBSCRIBE, CANCEL, END, QUIT) are honored automatically by Twilio at the carrier level and are also recorded into the empire-wide suppression list described in Section 6.

We do not share mobile-originated opt-out lists or any phone numbers collected for SMS or voice with any third party or affiliate for their independent marketing purposes. This restriction extends to all categories of personal information collected during the opt-in process.

6. KJLE Do-Not-Contact (“DNC”) Empire-Wide Suppression

We operate a single, shared, empire-wide Do-Not-Contact suppression list (the “KJLE DNC”) that applies across every Service listed in Section 1. A phone number, email, or identifier added to the KJLE DNC by any opt-out mechanism is suppressed across every outbound Service and every KJE customer’s outreach. The KJLE DNC ingests:

  • Mobile-originated STOP / UNSUBSCRIBE replies from any campaign;
  • Voice opt-out requests captured by AVA or human agents;
  • Email unsubscribe events;
  • National Do-Not-Call registry matches;
  • Customer-supplied suppression files;
  • Direct opt-out requests received at privacy@orangepandadigital.com.

The KJLE DNC is enforced at the moment of dial or send, not only at campaign-build time, so a number added to the list is suppressed on the very next outbound attempt across every product. We retain DNC entries indefinitely as a compliance record.

7. Third-Party Service Providers

We rely on the following categories of vendors. Each is bound by a written data-processing addendum and processes personal information only on documented instructions:

  • Stripe — payment processing, tax calculation, identity verification, and customer-facing portals. Stripe is the data controller of payment-card data and processor for other billing data.
  • Twilio — voice, SMS, programmable messaging, A2P 10DLC brand and campaign management, and conversational telephony.
  • Anthropic — large-language-model inference for AVA, AI chatbots, AI scan reports, and AI-assisted drafting.
  • Outscraper — public Google Business Profile review ingestion used by ReviewBombz and UnhideLocal.
  • Resend — transactional and marketing email delivery.
  • Cloudflare — DNS, CDN, edge security, bot management, and DDoS mitigation.
  • Supabase — primary application database, authentication, and storage.
  • Railway and Render — managed application hosting for backend services.
  • Vercel and Cloudflare Pages — managed hosting for marketing and dashboard frontends.
  • WordPress.com and managed-WordPress hosts — marketing-site content management.
  • Analytics providers — privacy-respecting analytics for traffic measurement.
  • Customer support tooling — ticketing and helpdesk providers for inbound support.

We do not sell personal information. We do not share personal information with third parties for their own independent marketing purposes. See Section 9 for the formal CCPA description.

8. Data Retention

We retain personal information for as long as necessary to provide the Services, comply with our legal obligations, resolve disputes, and enforce our agreements. Specific retention defaults are:

  • Account data — for the life of the account plus seven years after closure for tax and audit purposes.
  • Billing and tax records — seven years from the date of the transaction.
  • Call recordings and transcripts — twenty-four months by default, longer where required for dispute resolution or regulatory hold.
  • SMS message bodies and metadata — eighteen months by default.
  • KJLE DNC suppression entries — indefinite, as a compliance record.
  • Marketing engagement data — twenty-four months from last engagement.
  • Server access logs — ninety days, then aggregated.

9. California Residents — CCPA / CPRA Disclosures

This section provides the specific disclosures required by the California Consumer Privacy Act, as amended by the California Privacy Rights Act (“CCPA/CPRA”). California residents have rights described below. We process the following categories of personal information about California residents in the twelve months preceding the effective date of this Policy:

  • Identifiers (name, email, phone, IP address, account ID);
  • Customer-records information (billing address, payment information);
  • Commercial information (purchases, plan tier, billing history);
  • Internet and network activity (browsing on our Services, interactions with our sites, ad-engagement metadata);
  • Geolocation data (approximate, derived from IP);
  • Audio and electronic information (recordings of calls with AVA where applicable, chat transcripts);
  • Professional or employment-related information (business role, company);
  • Inferences drawn from any of the above (for example, propensity to churn or upgrade).

We do not sell personal information for monetary consideration. We do not “share” personal information for cross-context behavioral advertising as defined under the CPRA. We do not knowingly process the personal information of consumers under 16 years of age.

California residents have the right to (i) know what categories and specific pieces of personal information we have collected, (ii) request deletion, (iii) request correction of inaccurate information, (iv) opt out of sale or sharing (we do not sell or share, but the right is preserved), (v) limit the use of sensitive personal information, and (vi) be free from discrimination for exercising these rights. To exercise these rights, submit a verifiable consumer request to privacy@orangepandadigital.com. We will respond within forty-five days, with one forty-five-day extension where reasonably necessary. We may need to verify your identity using information already on file.

10. California — CalOPPA Disclosures

Pursuant to the California Online Privacy Protection Act, we disclose: (i) we respond to Global Privacy Control (“GPC”) signals as an opt-out of sale or sharing under CCPA/CPRA; (ii) our default response to browser-level “Do Not Track” signals is to honor the GPC signal where present; (iii) third parties may collect personal information about a consumer’s online activities over time and across different websites when the consumer uses our Services, and those parties’ practices are governed by their own privacy policies.

11. Other State Privacy Laws

Residents of Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, Delaware, Iowa, Indiana, Tennessee, and other states with comprehensive privacy laws have rights substantially similar to those in Section 9, including the right to access, correct, delete, port, and opt out of targeted advertising and sale. To exercise these rights, contact privacy@orangepandadigital.com. We will respond within the timelines required by the applicable state law.

12. Cookies, Pixels, and Similar Technologies

We use first-party and third-party cookies and similar technologies for (i) strictly necessary purposes such as authentication and load balancing; (ii) functional purposes such as remembering preferences; (iii) analytics purposes such as measuring how the Services are used; and (iv) marketing purposes including ad-platform pixels and conversion tracking. Where required by law, we present a cookie banner that allows you to manage non-essential cookies. You can also manage cookies through your browser settings. Disabling strictly necessary cookies will break parts of the Services.

13. International Users and Data Transfers

The Services are operated from the United States. If you access the Services from outside the United States, your information will be transferred to and processed in the United States. We rely on appropriate safeguards for any international transfers and on the legitimate-interest, consent, or contract-performance bases described above. If you are in the European Economic Area, the United Kingdom, or Switzerland, you have rights of access, rectification, erasure, restriction, portability, and objection; to exercise these, contact privacy@orangepandadigital.com.

14. Security

We maintain administrative, technical, and physical safeguards reasonably designed to protect personal information against unauthorized access, alteration, disclosure, or destruction. Safeguards include encryption in transit, encryption at rest for sensitive fields, least-privilege access controls, secrets-vault management, audit logging, vendor risk review, and incident-response procedures. No system is perfectly secure; we will notify affected users and regulators of a breach as required by law.

15. Material Changes

We may update this Policy from time to time. For material changes that adversely affect your rights, we will provide at least thirty (30) days’ advance notice by email to the account contact on file, by in-product notification, and by updating the “Last updated” date at the top of this Policy. Continued use of the Services after the effective date of a material change constitutes acceptance of the updated Policy. Non-material changes (clarifications, typographical fixes, new vendor additions that do not change the categories of data processed) may be made without advance notice.

16. Contact

To exercise any right described in this Policy, ask a question, or submit a complaint, contact:

DevelopingRiches Inc.
Attn: Privacy Office
Email: privacy@orangepandadigital.com
Mail: DevelopingRiches Inc., Privacy Office, c/o the registered agent listed in the California Secretary of State business filings.

For media or legal correspondence: legal@orangepandadigital.com.

This Privacy Policy was last updated on May 31, 2026 and is effective as of May 31, 2026.

Phone Number

+1 (866) 274-3650

Email Address

info@orangepandadigital.com

ABOUT US

We are a team of creative developers and marketers that provides cost-effective websiets and result-oriented marketing campaigns for small businesses.

QUICK LINKS

• Privacy Policy

• Terms & Conditions

• CCPA

• DMCA

• Our Blog

SERVICES

• Website Design

• Landing Page Design

• SEO/PPC

• Content Management

• Video Marketing

• Reputation Management

OFFICE HOURS

Monday-Friday: 9:00 am – 7:00 pm

Saturday: 9:00 am – 4:00 pm

Sunday: By Appointment

Copyright 2022 – OrangePandaDigital.com     All Rights Reserved.