Privacy Policy

IMPORTANT — PLEASE READ THIS PRIVACY POLICY CAREFULLY. By providing your personal information to us, submitting a form on any of our websites or landing pages, calling a number associated with our services, or interacting with any system operated by ProspectMiner, LLC d/b/a TotalAutomation.ai, you acknowledge that you have read, understood, and agreed to the practices described in this Privacy Policy.

Primary Method of Contact

ProspectMiner, LLC communicates with individuals regarding privacy matters exclusively by postal mail. This is our primary and preferred method of communication for all privacy-related requests, inquiries, opt-outs, and correspondence. Electronic communications are not guaranteed to be received or processed.

To exercise any right described in this Privacy Policy, to submit a complaint, or to make any inquiry, please write to us at:

Allow a minimum of 30 calendar days for a response to any postal correspondence. We are not obligated to respond to requests submitted through channels other than postal mail unless required by applicable law.

1. About This Policy and Our Company

ProspectMiner, LLC ("Company," "we," "us," or "our") is a Nevada limited liability company with its principal mailing address at PO Box 10547, Zephyr Cove, NV 89448. We operate websites, landing pages, lead generation systems, automated workflow platforms, and managed automation infrastructure services under the trade name TotalAutomation.ai and other trade names as may be used from time to time.

This Privacy Policy describes how we collect, use, disclose, store, protect, and dispose of personal information in connection with:

• Our websites, landing pages, and online surveys
• Our automated lead intake and qualification systems
• Our managed automation infrastructure services provided to business clients
• Our AI-powered voice calling systems
• Our SMS and email communication systems
• Our compliance infrastructure and monitoring services
• Our document generation and intelligence services
• Any other service, product, or system we operate or provide

This Policy also addresses our obligations under: Nevada Revised Statutes Chapter 603A; Nevada SB 220 (2019); the TCPA (47 U.S.C. § 227) and FCC implementing regulations; the Telemarketing Sales Rule (16 C.F.R. Part 310); CAN-SPAM; COPPA; CCPA/CPRA; the Florida and Oklahoma Telephone Solicitation Acts; the Washington Privacy Act; FTC Act § 5; the Gramm-Leach-Bliley Act; the Driver's Privacy Protection Act; the E-SIGN Act; FCC Reassigned Numbers Database rules; and CTIA Messaging Principles and Best Practices.

2. Information We Collect

2.1 Information You Provide Directly

We collect personal information that you voluntarily provide, including when you complete a survey, fill out a contact form, call a number associated with our services, respond to an advertisement, or submit information through any landing page or intake form. This may include:

• Full legal name; date of birth and age
• Mailing address, city, state, and ZIP code; email address
• Telephone numbers (mobile, home, work)
• Financial information, including IRA balances, home equity estimates, income ranges, and asset information
• Insurance status and coverage details; mortgage balance and property information
• Employment status and occupation
• Consent declarations, electronic signatures, and TrustedForm certificate data
• Responses to qualification questionnaires
• Preferences and communication opt-in/opt-out elections

2.2 Information Collected Automatically

• IP address and approximate geolocation derived from IP address
• Browser type and version; operating system; device identifiers
• Referring URL and exit URL; pages viewed, time on page, and click behavior
• Timestamps of all interactions; cookies and similar tracking technologies
• TrustedForm session replay data and certificate URL
• User agent string; screen resolution and device type

2.3 Information Collected from Third Parties

• Lead generation partners and affiliate networks
• Data enrichment providers (including PeopleDataLabs and similar services)
• Phone validation services (including Trestle Real Contact API)
• Do-Not-Call registry and DNC.com scrubbing services
• FCC Reassigned Numbers Database queries
• TCPA litigator screening services
• Credit and consumer reporting agencies where permitted by law
• Public records databases; social media platforms where you have authorized sharing

2.4 Information from Business Clients

If your information has been provided to us by a business client as part of a managed lead distribution, CRM management, or automation service, your information may be processed by our systems on behalf of that business client. In such cases, the business client is the primary data controller, and we process the information as a service provider on their behalf.

2.5 Voice Call Recordings

Calls made to or from our AI-powered calling systems (including Bland.ai integrated systems) may be recorded for quality assurance, compliance verification, training, and legal documentation. Where required by applicable law (including two-party consent states), you will be notified that the call is being recorded at the beginning of the call.

3. How We Use Your Information

3.1 Providing and Operating Our Services

• Processing and qualifying leads through automated intake systems
• Routing qualified leads to licensed professionals and subscribers
• Scheduling and confirming appointments via automated calendar systems
• Operating AI-powered outbound calling about services you have expressed interest in
• Sending appointment confirmation and reminder messages via SMS
• Managing customer relationship records on behalf of our business clients
• Generating compliance documentation and audit records

3.2 Compliance and Legal Obligations

• Verifying consent records and TrustedForm certificates
• Maintaining Do-Not-Call compliance, including internal DNC list management
• Conducting TCPA litigator screening before initiating contact
• Processing STOP opt-out requests with propagation in under five seconds
• Maintaining 18-month consent freshness tracking
• Querying the FCC Reassigned Numbers Database before calling any number
• Generating compliance audit logs as required by law or for litigation defense
• Responding to regulatory inquiries from the FTC, FCC, state attorneys general, or other authorities

3.3 Improving Our Services

• Analyzing call outcomes, lead quality, and workflow performance
• Training and refining AI models used in our calling and qualification systems
• Improving fraud detection and lead quality scoring
• Conducting internal analytics on pipeline health and conversion rates

3.4 Marketing and Advertising Attribution

• Sending conversion event data to Meta Conversions API (CAPI) with all PII SHA-256 hashed before transmission (Lead, CompleteRegistration, Schedule, Purchase events)
• Attributing leads to originating advertising campaigns for billing and reporting
• Optimizing advertising spend across platforms

3.5 Communications

• Contacting you by telephone, automated dialing, or text message where you have provided prior express written consent
• Sending transactional SMS messages regarding appointments you have requested
• Responding to inquiries submitted to us by postal mail

4. Lawful Basis for Processing

• Consent — TCPA-defined prior express written consent, documented via TrustedForm certification (court-admissible, time-stamped, session-replayed).
• Legitimate Interests — operating, improving, and promoting our services, subject to your rights to object.
• Legal Obligation — compliance with federal and state law, including TCPA, FTC regulations, and Nevada privacy law.
• Contract — performing services under our agreements with business clients.

Consent may be withdrawn at any time by writing to us at the address above. Withdrawal does not affect the lawfulness of processing based on consent before withdrawal.

5. TCPA and Calling Compliance

5.1 Prior Express Written Consent

Before placing any autodialed, prerecorded, or artificial voice call, or sending any marketing text message to a mobile number, we obtain prior express written consent as required by 47 C.F.R. § 64.1200, captured through TCPA-compliant disclosure language certified by TrustedForm or comparable provider. Disclosures include the name of the company, the telephone number to which consent applies, that automated technology will be used, that consent is not a condition of purchase, and the purpose of contact.

5.2 Do-Not-Call Compliance

Internal DNC list updated within five (5) seconds of any opt-out. We also scrub against the National DNC Registry, state-specific DNC registries, DNC.com federal and state services, and internal subscriber-specific DNC lists.

5.3 TCPA Litigator Screening

Prior to initiating contact, we screen for known or suspected TCPA plaintiffs, their attorneys, and associated parties. Identified numbers are added to a permanent suppression list.

5.4 FCC Reassigned Numbers Database

We query the FCC Reassigned Numbers Database before placing calls. Reassigned numbers are not called.

5.5 Opt-Out Handling

STOP, QUIT, CANCEL, UNSUBSCRIBE, or END text messages — or verbal opt-out during a call — trigger:

• Addition to internal DNC list within five (5) seconds
• Confirmation transactional text message where required
• Immediate propagation to all relevant subscriber systems
• Immutable compliance audit log entry with timestamp and source record

UNSTOP or START re-subscribes you at any time.

5.6 Calling Hours

Outbound calls placed only between 8:00 AM and 8:00 PM in the local time zone of the called party, consistent with 47 C.F.R. § 64.1200(c)(1) and applicable (more restrictive) state law.

5.7 State-Specific TCPA Analogues

• Florida Telephone Solicitation Act (FTSA), Fla. Stat. § 501.059
• Oklahoma Telephone Solicitation Act, 15 Okla. Stat. § 775A et seq.
• Washington Privacy Act, RCW 19.190
• Maryland Telephone Consumer Protection Act
• Texas Business and Commerce Code § 305
• Nevada Revised Statutes § 228.500 et seq.

6. Consent Records and TrustedForm Certification

We use TrustedForm by ActiveProspect (or a comparable third-party service) to independently document and certify every consumer consent event. Each record includes a unique certificate URL, timestamped session replay, IP address, full URL of the consent page, user agent string, and the exact disclosure language displayed at the time of consent. Records retained for a minimum of five (5) years.

7. How We Share Your Information

We do not sell your personal information to third parties for their own independent marketing purposes. We may share information as follows:

7.1 Licensed Professionals and Service Subscribers

Where you have expressed interest in financial services, insurance, mortgage, or other regulated services, we may share your information with licensed professionals in our subscriber network who have agreed to our compliance standards.

7.2 Service Providers

• n8n (workflow automation)
• Supabase (database infrastructure)
• GoHighLevel (CRM)
• Bland.ai (AI voice calling)
• Twilio (SMS and phone services)
• TrustedForm / ActiveProspect (consent certification)
• Trestle (phone validation and litigator screening)
• PeopleDataLabs (data enrichment)
• DNC.com (DNC scrubbing)
• Meta Platforms (advertising attribution via CAPI — all PII SHA-256 hashed)
• LeadsHook (survey and qualification)
• Stripe (payment processing for business clients)
• Anthropic (AI analysis services)

7.3 Advertising Platforms

Hashed conversion event data is transmitted to Meta's Conversions API on behalf of advertising clients. SHA-256 hashing is performed server-side; transmission is encrypted.

7.4 Legal Disclosures

We may disclose information when required by law, including in response to a valid subpoena, court order, regulatory demand, or law enforcement request.

7.5 Business Transfers

In a merger, acquisition, asset sale, reorganization, or bankruptcy, your information may be transferred. We will notify you through this Policy or by postal mail where required.

7.6 Nevada's Definition of Sale

Under NRS § 603A.340, we do not engage in the sale of covered information. Nevada residents may submit a verified opt-out by writing to us.

8. Cookies and Tracking Technologies

We use essential, analytics, advertising (including Meta Pixel and server-side CAPI), and consent cookies. TrustedForm's JavaScript snippet is embedded in consent-bearing pages and is governed by ActiveProspect's privacy policy in addition to this Policy. You may control cookies through your browser settings; opt out of advertising-related tracking via optout.aboutads.info or optout.networkadvertising.org.

9. Data Retention

• Lead and contact records: minimum five (5) years (TCPA statute of limitations)
• Consent records and TrustedForm certificates: minimum five (5) years
• Call recordings: minimum three (3) years (longer where litigation is pending)
• DNC and opt-out records: retained indefinitely
• Compliance audit logs: minimum five (5) years
• Business client data: per client agreement
• Financial records: seven (7) years

10. Security of Your Information

• Row-Level Security (RLS) on Supabase PostgreSQL database
• TLS 1.2 or higher encryption in transit; encryption at rest for sensitive data
• Separation of service role and anonymous key credentials
• Access controls; API key management and rotation
• Real-time error monitoring and anomaly alerting
• Multi-tenant architecture with logical data isolation

No method of electronic storage or transmission is 100% secure. We will provide breach notification as required by NRS § 603A.220 and other applicable law.

11. Children's Privacy

Our services are not directed to individuals under 18, and we do not knowingly collect personal information from children under 18. Lead qualification systems include age-verification questions; under-18 leads are disqualified and not retained. We do not knowingly collect personal information from children under 13 (COPPA).

12. Your Privacy Rights

12.1 Nevada Residents

Under NRS Chapter 603A, Nevada residents may know what personal information we collect, opt out of any sale, and not be discriminated against. To submit a verified request, write to us; we will respond within 60 days (with a possible 30-day extension).

12.2 California Residents (CCPA/CPRA)

• Right to Know — categories, specific pieces, sources, purposes, and recipients
• Right to Delete — subject to applicable exceptions
• Right to Correct inaccurate information
• Right to Opt Out of Sale or Sharing — we do not sell or share for cross-context behavioral advertising
• Right to Limit Use of Sensitive Personal Information
• Right to Non-Discrimination

We respond within 45 days, with a possible 45-day extension.

12.3 Other State Privacy Rights

Residents of Washington, Virginia, Colorado, Connecticut, Texas, Florida, and other states with applicable privacy laws may have similar rights. Write to us to submit a verified request.

12.4 Do Not Track

Our websites do not currently respond to browser Do Not Track signals.

12.5 Verifying Your Identity

We will verify your identity before processing any privacy request. We may request a copy of a government-issued identification document.

13. Third-Party Links and Services

Our websites and landing pages may contain links to third-party websites not operated by us. This Privacy Policy does not apply to third-party websites.

14. AI-Powered Services and Automated Decision-Making

We use AI systems, including LLMs and AI voice agents (Bland.ai), to conduct outbound calls, qualify leads, analyze pipeline health, generate compliance and business documents, and route follow-up. AI voice calls are disclosed as automated where required. Automated qualification decisions may be appealed by writing to us.

15. Nevada-Specific Disclosures

ProspectMiner, LLC is organized under Nevada law and this Policy is governed by Nevada law. Nevada residents may opt out of sale under NRS § 603A.340 by writing to us. We comply with Nevada data broker requirements where applicable, and provide breach notification under NRS § 603A.220.

16. Financial Information and GLBA

To the extent we process nonpublic personal financial information for services provided to or through licensed financial services professionals, we comply with the Gramm-Leach-Bliley Act and the FTC Safeguards Rule (16 C.F.R. Part 314). Financial data is used solely to qualify and connect individuals with appropriate financial services professionals.

17. Employee and Contractor Privacy

Separate privacy notices govern employees, contractors, and job applicants of ProspectMiner, LLC, provided at the time of collection.

18. Changes to This Privacy Policy

We may update this Policy from time to time. Material changes update the Effective Date and are posted on our websites. Your continued use after the effective date constitutes acceptance.

19. Contact — Privacy Inquiries

All privacy inquiries, opt-out requests, consumer rights requests, and complaints must be submitted by postal mail to:

Include your full name, current mailing address, and a clear description of your request. Allow a minimum of 30 calendar days for a written response.

20. Effective Date and Entire Agreement

This Privacy Policy is effective as of May 14, 2026 and supersedes all prior privacy policies of ProspectMiner, LLC and TotalAutomation.ai. Together with our Terms of Use and any applicable service agreement, it constitutes the entire agreement between you and ProspectMiner, LLC with respect to its subject matter.