This Privacy Policy is a legally binding document governing how David Life Group LLC collects, uses, stores, shares, and protects personal information obtained through its website, AI agency services, and software products. Please read it carefully. By using our website or engaging our services, you agree to the terms set forth herein. If you do not agree, please discontinue use of our website and services.
This Privacy Policy describes our data practices using functional service categories rather than specific vendor or platform names. This approach is consistent with best practices under applicable US privacy law and protects our proprietary technology infrastructure while providing you with full transparency about the categories of data processing that occur. Clients and counterparties who require a specific list of named sub-processors for compliance purposes (including under HIPAA, CCPA, or a Business Associate Agreement) may request one in writing at hello@davidlifegroup.com. We will respond within 10 business days.
- 1. Who We Are and What This Policy Covers
- 2. Information We Collect
- 3. How We Use Your Information
- 4. How We Share Your Information
- 5. How Long We Retain Your Information
- 6. How We Protect Your Information
- 7. Your Privacy Rights
- 8. Children's Privacy
- 9. Third-Party Websites and Links
- 10. AI-Specific Privacy Provisions
- 11. International Operations and Data Transfers
- 12. HIPAA Business Associate Agreements
- 13. Updates to This Privacy Policy
- 14. Contact Us
01Who We Are and What This Policy Covers
David Life Group LLC ("DLG," "we," "us," or "our") is an AI consulting and technology company headquartered in Orlando, Florida. We operate an AI Agency Division that deploys AI-powered chatbots, voice agents, marketing automation systems, AI workflow agents, website delivery services, and business intelligence solutions for small and medium-sized businesses primarily across the United States. We also operate Nexus Deal Engine, a proprietary AI-powered real estate investment intelligence SaaS platform.
This Privacy Policy explains what personal information we collect, why we collect it, how we use and protect it, how we share it — described by functional category — and what rights you have with respect to your information. It applies to all visitors to our website, users of our SaaS platform, clients of our agency services, and individuals who interact with AI systems that DLG deploys on behalf of client businesses.
This Policy does not apply to third-party websites or platforms that we link to or that power our services. Those parties maintain their own privacy practices, which we encourage you to review. A list of specific third-party platforms used by DLG is available to clients upon written request.
| Legal Entity | David Life Group LLC |
| Registered State | Florida, United States |
| Principal Office | Orlando, Florida |
| Website | davidlifegroup.com |
| Data Controller | Dr. Victor C. Nkwocha, PhD — Founder & Principal |
| Contact Email | hello@davidlifegroup.com |
| Sub-Processor List | Available upon written request — hello@davidlifegroup.com |
| Policy Version | 2.0 — Effective April 21, 2026 |
| Governing Law | State of Florida, United States of America |
02Information We Collect
2.1 Information You Provide Directly
We collect personal information that you voluntarily provide when interacting with DLG through any of the following:
- Contact and Consultation Forms: Name, email address, company name, phone number, service interest, and message content submitted through our website contact form or scheduling system.
- Account Registration: Email address, name, password (stored in encrypted form by our database provider), company name, and professional role — collected when registering for Nexus Deal Engine or other DLG platforms.
- Payment Information: Billing name and payment method details. All payment card processing is handled entirely by a PCI-DSS compliant third-party payment processor. DLG never stores credit card numbers, CVV codes, or full bank account details on its own systems.
- Client Onboarding Data: Business name, address, service descriptions, staff names, customer FAQs, and other business-specific materials that clients provide for the purpose of configuring AI systems, automation workflows, or other DLG agency deliverables.
- Email Correspondence: Any information you share directly via our published email addresses.
- Scheduling Requests: Name, email, and meeting preferences submitted when booking a consultation through our online scheduling tool.
2.2 Information Collected Automatically
When you visit our website, our infrastructure and analytics tools automatically collect certain technical information including: IP address and approximate geographic location, browser type and version, pages visited and time spent, referring website, device type, and date and time of visit. This data is used in aggregate form to understand website performance and is not used to personally identify individual visitors without their consent.
2.3 Cookies and Tracking Technologies
Our website uses cookies and similar technologies for the following purposes:
- Essential Cookies: Required for basic website functionality. These cannot be disabled without impairing site operation.
- Analytics Cookies: Used to measure aggregate website traffic and user behaviour. You may opt out of analytics tracking through your browser settings or by contacting us.
- Marketing Cookies: If we run paid advertising campaigns, tracking technologies associated with those campaigns may be active. We will update this Policy accordingly when such campaigns are deployed.
Most browsers allow you to control cookies through their settings. DLG does not currently respond to "Do Not Track" signals, but honours all substantive opt-out requests submitted directly to us.
2.4 Information Processed on Behalf of Our Clients (Service Data)
When DLG deploys AI chatbots, marketing automation, workflow agents, or other AI systems on behalf of a client business, end users of those systems may interact with them and submit information such as names, contact details, appointment requests, or service inquiries. In these situations, DLG acts as a data processor on behalf of the client business, which is the data controller. DLG processes this information only as instructed by the client and solely for the purpose of delivering the contracted services.
When DLG provides AI services to HIPAA Covered Entities — including medical practices, clinics, and health plans — DLG may function as a Business Associate as defined under HIPAA. In such cases, DLG will execute a Business Associate Agreement (BAA) with the covered entity prior to any access to or processing of Protected Health Information (PHI). The BAA specifies the categories and identities of sub-processors permitted to handle PHI. No PHI is processed through DLG systems without a signed BAA in place. No PHI is used to train AI models without explicit, documented authorization.
03How We Use Your Information
DLG uses personal information only for the purposes described in the table below, each grounded in a legitimate legal basis. We do not sell, rent, or trade your personal information to third parties for their marketing purposes. We do not use your data to build advertising profiles. We do not allow third-party advertisers to deploy tracking technologies on our website for their own commercial benefit.
| Purpose of Processing | Categories of Data Used | Legal Basis |
|---|---|---|
| Respond to consultation inquiries and service requests | Contact details, company name, service interest, message content | Legitimate interest / Pre-contractual steps |
| Deliver contracted AI agency services to clients | Client business data, configuration data, client instructions | Contractual performance |
| Operate and maintain SaaS platform accounts | Account credentials, subscription status, deal analysis records | Contractual performance |
| Process payments for services and subscriptions | Billing confirmation data (payment processing handled by third-party provider) | Contractual performance |
| Send service updates, invoices, and support communications | Email address, name, service details | Contractual performance |
| Send marketing communications (newsletter, blog updates) | Email address, name — opt-in only | Consent (withdrawable at any time) |
| Improve website performance and user experience | Aggregated, anonymised analytics data | Legitimate interest |
| Comply with applicable legal obligations | As required by law, regulation, or court order | Legal obligation |
| Protect against fraud, abuse, and security threats | IP address, access logs, usage patterns | Legitimate interest / Legal obligation |
| Process PHI under a Business Associate Agreement (healthcare clients only) | Protected health information as defined in the applicable BAA | Contractual performance / Legal obligation under HIPAA |
04How We Share Your Information
DLG shares personal information only in the limited circumstances described below. We do not sell personal data under any circumstances.
4.1 Technology Service Providers (Sub-Processors)
To deliver our services, DLG uses a carefully selected set of third-party technology platforms that process personal data on DLG's behalf as sub-processors. Each provider is engaged under contractual terms that restrict their use of data to the specific purposes for which it is shared, prohibit them from using it for their own commercial purposes, and require appropriate security safeguards.
The table below describes the functional categories of service providers DLG uses, the data each category processes, and the purpose and scope of that processing. DLG does not publicly identify the specific platforms within each category in order to protect proprietary business infrastructure. A named sub-processor list is available to clients, counterparties, and regulators upon written request at hello@davidlifegroup.com.
| Service Category | Data Processed | Purpose & Scope |
|---|---|---|
| AI Conversation Platform | Conversation logs, user queries, lead contact data | Powers AI chatbot and voice agent services deployed on client websites and communication channels. Operates under data processing terms limiting use to service delivery only. |
| CRM & Marketing Automation Platform | Contact names, email addresses, phone numbers, campaign engagement data | Manages client contact pipelines, automated email and SMS sequences, lead follow-up workflows, and appointment scheduling systems on behalf of client businesses. |
| AI Language Model Provider | Text content of chatbot conversations and automation workflows | Processes natural language inputs to generate AI responses within DLG-configured systems. Enterprise API terms prohibit use of transmitted data for general model training. |
| Workflow Automation Platform | Business process data as configured per client engagement | Executes automated business process workflows including document routing, data processing, notification delivery, and system integration tasks. |
| Database & Authentication Provider | Account credentials (encrypted at rest), deal analysis records, application data | Stores and manages user account data, SaaS platform records, and application data with AES-256 encryption at rest and TLS encryption in transit. |
| Payment Processing Provider | Billing name, payment confirmation, subscription status (no card numbers stored by DLG) | Processes all credit card transactions and subscription billing. DLG receives only transaction confirmations and subscription status notifications. |
| Website Delivery & Hosting Platform | Server access logs, page visit data, technical device information | Serves the DLG website and associated subdomains. Processes standard server-side access logs for performance monitoring and security purposes. |
| Appointment Scheduling Platform | Name, email address, meeting time preference | Manages consultation booking requests submitted through DLG's scheduling links. Data governed by that platform's own privacy terms. |
| Web Analytics Platform | Anonymised visitor behaviour, page performance metrics (aggregate only) | Measures website traffic and user behaviour patterns in aggregate form. No personally identifiable analytics data retained beyond 26 months. |
| Domain & DNS Infrastructure | Domain name system records, SSL certificate data | Manages domain registration and DNS routing for DLG's web properties. No personal data is processed beyond technical routing information. |
Clients who require a specific list of named technology sub-processors for their own compliance purposes — including under HIPAA, CCPA, GDPR, or a Business Associate Agreement — may request one by emailing hello@davidlifegroup.com with the subject line "SUB-PROCESSOR LIST REQUEST." DLG will respond within 10 business days with a current, accurate list of named platforms in each functional category. This list is treated as confidential business information and is shared under non-disclosure obligations consistent with any applicable service agreement.
4.2 Legal Requirements and Safety
DLG may disclose personal information if required by law, subpoena, court order, or governmental authority, or if we believe in good faith that disclosure is necessary to comply with a legal obligation, protect the rights or property of DLG, prevent or investigate potential wrongdoing, protect the safety of users or the public, or protect against legal liability.
4.3 Business Transfers
In the event that DLG is involved in a merger, acquisition, reorganisation, or sale of assets, your personal information may be transferred as part of that transaction. We will notify you via email and a prominent website notice of any such change in ownership, and describe the choices available to you at that time.
4.4 With Your Explicit Consent
We may share your information with third parties when you have given explicit, informed consent. You may withdraw such consent at any time by contacting us at hello@davidlifegroup.com.
05How Long We Retain Your Information
DLG retains personal information for as long as necessary to fulfil the purposes for which it was collected, provide our services, and comply with our legal obligations. The table below sets out retention periods by data category.
| Data Category | Retention Period | Basis for Retention |
|---|---|---|
| Website inquiry / contact form data | 3 years from submission | Extended to duration of engagement + 5 years if a client relationship is established |
| SaaS platform account data | Duration of active subscription + 2 years post-closure | Allows account reactivation; satisfies financial record-keeping obligations |
| Client business data (agency services) | Duration of service agreement + 3 years | Standard commercial record retention; extended where required by applicable law |
| Financial and payment records | 7 years | IRS and Florida state financial record-keeping requirements |
| Marketing email subscriptions | Until unsubscription; removed from active sends within 10 business days | Unsubscribe records retained indefinitely to honour opt-out history |
| PHI under a Business Associate Agreement | Per the applicable BAA; destroyed or returned at engagement end | HIPAA Breach Notification Rule and applicable BAA terms |
| Website analytics data | Aggregated: indefinitely. Individual-level: maximum 26 months | Analytics platform data retention policy; no PII retained beyond 26 months |
| Security and access logs | 90 days rolling (standard); extended under legal hold if applicable | Security monitoring and incident investigation purposes |
When personal data is no longer required, DLG deletes it securely or anonymises it so that it can no longer be attributed to any individual. Deletion requests submitted by data subjects are processed within 30 days as described in Section 7.
06How We Protect Your Information
DLG implements administrative, technical, and physical safeguards designed to protect your personal information from unauthorised access, disclosure, alteration, and destruction. Our security programme includes the following measures:
6.1 Technical Safeguards
- Encryption in Transit: All data transmitted between your browser and DLG's systems is encrypted using TLS 1.2 or higher. HTTPS is enforced across all DLG web properties.
- Encryption at Rest: User data stored in DLG's primary database is encrypted at rest using AES-256 encryption.
- Access Controls: Access to personal data and system infrastructure is restricted on a need-to-know basis. Multi-factor authentication is required for all DLG administrative accounts across all critical platforms.
- API Security: All third-party service integrations use private API keys stored as encrypted environment variables. No credentials are hardcoded or publicly exposed.
- Audit Logging: DLG maintains access and activity logs across its primary platforms to detect unauthorised access and support incident investigation.
6.2 Administrative Safeguards
- Data access is limited to personnel who require it to perform their specific job functions.
- DLG's team members and contractors are informed of their data protection obligations and bound by confidentiality terms.
- Client data used for AI system configuration is isolated per client and is not shared or commingled across other client accounts.
- DLG reviews its security practices periodically and updates them as the threat landscape and technology stack evolve.
6.3 Incident Response
In the event of a data breach reasonably likely to result in harm to affected individuals, DLG will: (a) contain and assess the breach within 72 hours of discovery; (b) notify affected individuals and, where required, regulatory authorities within the timeframes mandated by applicable law including Florida's Information Protection Act, the HIPAA Breach Notification Rule where applicable, and CCPA where applicable; and (c) implement remedial measures to prevent recurrence. To report a suspected security incident, contact hello@davidlifegroup.com with the subject line "SECURITY INCIDENT."
No method of electronic transmission or storage is 100% secure. While DLG employs commercially reasonable security measures, we cannot guarantee the absolute security of your personal information. You use our website and services at your own risk, and DLG's liability for security incidents is limited to the extent permitted by applicable law.
07Your Privacy Rights
Depending on your location and applicable law, you may have some or all of the following rights with respect to your personal information. DLG honours all substantive rights requests regardless of whether they are legally mandated in your specific jurisdiction, consistent with our commitment to privacy as a core value.
7.1 Universal Rights
- Right to Know / Access: Request a copy of the personal information DLG holds about you and information about how it is used and shared.
- Right to Correction: Request correction of any inaccurate or incomplete personal information.
- Right to Deletion: Request deletion of your personal information, subject to limited exceptions where retention is required by law or for active contract performance.
- Right to Restrict Processing: Request restriction of processing in certain circumstances, such as while you contest the accuracy of the data.
- Right to Data Portability: Where technically feasible and processing is by automated means, request a copy of your data in a structured, machine-readable format.
- Right to Object: Object to processing for direct marketing at any time. You may also object to other processing on grounds relating to your particular situation.
- Right to Withdraw Consent: Where processing is based on consent, withdraw it at any time without affecting the lawfulness of prior processing.
- Right Not to Be Discriminated Against: DLG will not deny services, charge different prices, or provide a different level of service based on the exercise of your privacy rights.
7.2 California Residents — CCPA / CPRA
California residents have additional rights under the California Consumer Privacy Act as amended by the California Privacy Rights Act, including the right to know the categories and specific pieces of personal information collected, the right to know categories of third parties with whom information is shared, the right to opt out of the sale or sharing of personal information (DLG does not sell or share personal information for cross-context behavioural advertising), the right to limit use of sensitive personal information, and the right to correct inaccurate personal information. Submit CCPA/CPRA requests to hello@davidlifegroup.com with subject line "CCPA REQUEST." DLG will respond within 45 days, with a further 45-day extension where reasonably necessary.
7.3 Florida Residents — FIPA
DLG complies with the Florida Information Protection Act (Section 501.171, Florida Statutes). In the event of a breach affecting Florida residents' personal information, DLG will provide notice as required under FIPA and notify the Florida Department of Legal Affairs where required.
7.4 Nigerian Residents — NDPA
DLG is mindful of the Nigeria Data Protection Act 2023 and applies its principles of purpose limitation, data minimisation, accuracy, security, and individual rights to the personal information of Nigerian residents and diaspora clients regardless of their geographic location. DLG will cooperate with the Nigeria Data Protection Commission as required.
7.5 How to Exercise Your Rights
- Email: hello@davidlifegroup.com — Subject line: "PRIVACY REQUEST"
- Response: DLG will acknowledge receipt within 5 business days and provide a substantive response within 30 calendar days. Extended timelines will be communicated with reasons.
- Identity verification: DLG will verify your identity before processing any access, deletion, or correction request to protect against unauthorised requests.
- No fee: Rights requests are processed free of charge unless manifestly unfounded or excessive, in which case DLG reserves the right to charge a reasonable administrative fee or decline to act, with written explanation.
08Children's Privacy
DLG's website and services are intended solely for adults aged 18 or older operating in a commercial or professional capacity. DLG does not knowingly collect, solicit, or process personal information from individuals under the age of 13. If we become aware that we have inadvertently collected such information, we will delete it immediately. If you believe a child under 13 has provided personal information to DLG, please contact hello@davidlifegroup.com immediately.
For individuals aged 13 to 17, use of our website and services requires verifiable parental or guardian consent. DLG is not responsible for minors who access the site without parental consent but will cooperate with any parental request to identify and delete a minor's data.
09Third-Party Websites and Links
Our website and communications may contain links to third-party websites and platforms not owned or controlled by DLG. DLG has no control over the content, privacy policies, or practices of any linked third-party site. We strongly encourage you to review the privacy policy of every website you visit. Your use of any third-party website is governed solely by that third party's own terms and privacy policy. Inclusion of any link does not constitute an endorsement by DLG.
10AI-Specific Privacy Provisions
Given that David Life Group operates as an AI agency deploying large language model-powered systems and intelligent automation platforms on behalf of clients, the following provisions specifically address the privacy implications of AI-powered services.
10.1 AI Chatbots and Conversational Agents
DLG deploys AI-powered chat and voice agents on behalf of client businesses. When you interact with one of these agents on a client's website or communication channel:
- DLG operates the agent as a data processor on behalf of the client business, which is the data controller for data collected through the interaction.
- Conversations may be logged and retained within our AI conversation platform for quality monitoring, troubleshooting, and service optimisation, in accordance with that platform's data retention policies. The specific platform used is available upon written request.
- AI conversational agents are powered by enterprise-tier AI language model services. The enterprise API terms governing those services prohibit the use of transmitted data to train general AI models without explicit consent.
- DLG-deployed agents are configured to avoid collecting sensitive personal information — such as social security numbers, full payment card details, or full medical records — through conversational interfaces.
- Agents deployed for healthcare clients are configured to direct users to qualified clinical staff for medical inquiries and to collect only the minimum information necessary for appointment scheduling or inquiry routing.
10.2 AI Model Training
DLG does not use personal information collected through its website, client engagements, or AI deployments to train its own AI models. DLG does not share client data or end-user conversation data with AI model providers for the purpose of general model training. All AI language model services engaged by DLG are subject to enterprise-tier data use terms that prohibit training on API-transmitted data.
DLG applies the principle of data minimisation as a standard practice across all AI deployments — configuring systems to collect only what is strictly necessary for the specified purpose of each deployment.
10.3 Automated Decision-Making
DLG's AI systems may produce automated recommendations — for example, Nexus Deal Engine generates AI-driven investment analysis and advisory outputs. These outputs are informational and advisory in nature. They do not constitute binding financial, investment, legal, or medical advice, and human review is always the appropriate final step in any consequential decision.
DLG does not deploy automated decision-making systems that produce legal or similarly significant effects on individuals without human oversight. If you believe you have been subject to an automated decision that significantly affects you, you have the right to request a human review by contacting hello@davidlifegroup.com with the subject line "AUTOMATED DECISION REVIEW."
10.4 Marketing Automation Systems
When DLG configures and manages marketing automation systems on behalf of client businesses, contact data belonging to that client's customers and prospects is processed within those systems. This data is provided by the client and is subject to the client's own privacy policy in addition to this one. DLG does not access client marketing data for DLG's own commercial purposes. All client data is isolated to each client's individual account and is not commingled with data from other clients.
10.5 Connecticut CTDPA — LLM Training Disclosure
In compliance with the Connecticut Data Privacy Act amendments effective July 1, 2026, DLG affirmatively states: DLG does not collect, use, or sell personal information for the purpose of training large language models (LLMs), whether directly or indirectly through third-party vendors or service providers. AI language model services engaged by DLG are subject to enterprise API terms that prohibit use of transmitted data for general model training purposes.
11International Operations and Data Transfers
David Life Group LLC is headquartered in Orlando, Florida, USA and primarily serves US-based clients. DLG also engages with clients and partners internationally, including in Nigeria and other countries, through its SaaS platform and diaspora-focused services.
Personal data processed by DLG and its technology service providers may be stored and processed in the United States and, in some cases, in other countries where those providers' infrastructure is located. If you access our services from outside the United States, please be aware that your personal information may be transferred to and processed in the United States, where data protection laws may differ from those in your jurisdiction.
For Nigerian residents and diaspora clients, DLG applies the principles of Nigeria's Data Protection Act 2023 including purpose limitation, data minimisation, accuracy, storage limitation, and individual rights, to all personal data regardless of subject location. By using our website or engaging our services from outside the United States, you consent to transfer of your information to the United States and to processing in accordance with this Privacy Policy.
12HIPAA Business Associate Agreements (Healthcare Clients)
This section applies exclusively to DLG's engagements with HIPAA Covered Entities, including medical practices, clinics, hospitals, and health plans. If you are not a healthcare provider or a patient of a healthcare provider using DLG's services, this section does not apply to you.
When DLG provides AI agency services to a HIPAA Covered Entity and those services involve access to, creation of, receipt of, maintenance of, or transmission of Protected Health Information (PHI), DLG functions as a Business Associate under HIPAA (45 CFR §160.103). In all such cases, DLG will execute a Business Associate Agreement (BAA) with the Covered Entity before any access to or processing of PHI occurs.
The BAA will specify, among other things: the permitted and required uses and disclosures of PHI; the categories and — where required by the Covered Entity — the specific names of sub-processors permitted to handle PHI; security and breach notification obligations; and data return or destruction procedures at the end of the engagement. DLG does not deploy AI systems for healthcare clients involving PHI without a signed BAA in place.
To request a Business Associate Agreement or to discuss HIPAA compliance requirements, contact hello@davidlifegroup.com with the subject line "BAA REQUEST."
13Updates to This Privacy Policy
DLG reviews and updates this Privacy Policy at least annually and whenever there is a material change to our data practices, services, technology infrastructure, or applicable law. The current version is always available at davidlifegroup.com/privacy-policy.
When material changes are made, DLG will update the Effective Date and Version number, post a prominent notice on the website, and where we hold your email address, send direct notification describing the nature of the changes. Continued use of our website or services after the effective date of any updated Policy constitutes acceptance of the changes. This Privacy Policy is Version 2.0, effective April 21, 2026. The next scheduled review is April 21, 2027.
14Contact Us
For any questions, concerns, rights requests, or notices related to this Privacy Policy or DLG's data practices, please contact us:
David Life Group LLC
Data Controller | Privacy Policy — Version 2.0
Email: hello@davidlifegroup.com
Website: davidlifegroup.com
Location: Orlando, Florida, USA
Privacy requests: subject line "PRIVACY REQUEST"
Sub-processor list: subject line "SUB-PROCESSOR LIST REQUEST"
HIPAA / BAA inquiries: subject line "BAA REQUEST"
Security incidents: subject line "SECURITY INCIDENT"
This Privacy Policy reflects David Life Group LLC's good-faith effort to describe its data practices accurately and transparently in compliance with applicable law. It does not constitute legal advice. DLG recommends that all parties with specific legal compliance questions consult a qualified attorney licensed in their jurisdiction. Nothing in this Policy creates or implies a partnership, joint venture, agency, franchise, or employment relationship between DLG and any third party.