Legal
Effective: January 1st, 2026
Small Business Web Solutions, Inc. dba BlueDot ("BlueDot") has created this Privacy Policy in order to inform you of our commitment to privacy and to describe our policies for the collection, use, and disclosure of personal information that may be collected by BlueDot when you visit our websites or use our software products, applications, subscriptions, and cloud services (collectively "Service"). BlueDot is a technology company that provides immigration case and forms management software services to the immigration legal industry.
This privacy policy aims to give you information on how BlueDot collects and processes your personal data through your use of the Service. Our website and Services are not directed at children, and we do not knowingly collect, use, or process personal data from children. If we become aware that we have inadvertently collected personal data from a child without appropriate consent, we will take steps to delete such personal data as soon as reasonably practicable. If you are a parent or legal guardian and believe that a child has provided us with personal information without your consent, please contact us at privacy@bdot.ai.
BlueDot is the controller and responsible for your personal data. Data Protection Officer and Controller: BlueDot, Alejandro Mucino, 2202 N. West Shore Blvd Suite 200, Tampa, FL 33607. Email: privacy@bdot.ai. Our UK Representative: GDPR Local Ltd., Adam Brogden, contact@gdprlocal.com, Tel +44 1772 217800, 1st Floor Front Suite, 27-29 North Street, Brighton, England BN1 1EB. Our EU Representative: Instant EU GDPR Representative Ltd., Adam Brogden, contact@gdprlocal.com, Tel +35315549700, Office 2, 12A Lower Main Street, Lucan Co. Dublin K78 X5P8, Ireland.
We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other operational reasons. When we make updates, we will revise the "Effective Date" at the top of this Privacy Policy and make the updated version available on our website. Where changes are material, we will take reasonable steps to notify affected users through appropriate means, which may include in-application notifications, email communications, or prominent notices on our website.
This website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy policy of every website you visit.
We may collect, use, store and transfer different kinds of personal data about you including: Identity Data (first name, last name, business name, username or similar identifier, and title); Contact Data (billing address, delivery address, email address and telephone numbers); Financial Data (your payment information); Transaction Data (details about payments to and from you and other details of the Services you have purchased from us); Technical Data (internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform); Profile Data (your username and password, purchases or orders made by you, your interests, preferences, feedback and survey responses); Usage Data (information about how you use our website, products and services); and Marketing and Communications Data (your preferences in receiving marketing from us and your communication preferences).
Where we need to collect personal data by law, or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you. In this case, we may have to cancel a product or service you have with us but we will notify you if this is the case at the time.
We collect data through: Direct interactions — you may give us your Identity, Contact and Financial Data by filling in forms or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you apply for our Services, create an account on our website, subscribe to our Service, request marketing to be sent to you, or give us feedback. Automated technologies or interactions — as you interact with our website, we may automatically collect Technical Data about your equipment, browsing actions and patterns using cookies. Third parties — we may receive personal data from Google AdWords.
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data where we need to perform the contract we are about to enter into or have entered into with you; where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests; or where we need to comply with a legal or regulatory obligation. Generally, we do not rely on consent as a legal basis for processing your personal data other than in relation to sending third party direct marketing communications to you via email.
We may use your Identity, Contact, Technical, Usage and Profile Data to form a view on what we think you may want or need, or what may be of interest to you. You will receive marketing communications from us if you have requested information from us or purchased Services from us and you have not opted out of receiving that marketing. We do not share your personal data with any third-party companies for marketing purposes. You can ask us to stop sending you marketing messages at any time by following the opt-out links on any marketing message sent to you.
We use the following cookies: Strictly necessary cookies — required for the operation of our website, enabling you to log into secure areas, use a shopping cart or make use of e-billing services. Analytical/performance cookies — allow us to recognize and count the number of visitors and to see how visitors move around our website. Functionality cookies — used to make the Service work the way you expect, saving your settings and providing customizable and personalized services. Targeting cookies — record your visit to our website, the pages you have visited and the links you have followed. You may block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies.
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
We may have to share your personal data with the following third parties: Google AdWords, Stripe, Microsoft, Google Suite, Quick! (Efficient Technology, Inc.), SendGrid, Freshdesk, Zoom, and third parties to whom we may choose to sell, transfer, or merge parts of our business or our assets. We require all third parties to respect the security of your personal data and to treat it in accordance with the law. BlueDot may disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
We do not use any Google user data for developing, improving, or training any AI and/or machine learning (ML) models. Our app strictly utilizes user data only for its intended operational purposes. Our app does not use Google Workspace APIs for developing, improving, or training any AI/ML models. We do not transfer any Google user data to third-party AI tools for the development, improvement, or training of AI/ML models. Any personal data processed in connection with AI-assisted or automated features within the Service is protected by the same technical and organizational security measures described in the Data Security section.
Please note that the information you enter on the site may be transferred to and processed in countries outside of the European Economic Area ("EEA"), the United Kingdom, and/or Switzerland, including the United States, where BlueDot and its service providers operate. Where personal data originating from the EEA, the United Kingdom, or Switzerland is transferred outside of those regions, BlueDot relies on appropriate safeguards to ensure an adequate level of protection for such personal data. These safeguards may include the European Commission's Standard Contractual Clauses and, where applicable, the UK International Data Transfer Addendum. We also participate in and comply with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF).
Small Business Web Solutions, Inc. dba BlueDot complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. BlueDot has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF, and to the Swiss-U.S. Data Privacy Framework Principles with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. To learn more about the Data Privacy Framework Program (DPF Program), and to view our certification, please visit https://www.dataprivacyframework.gov/.
In compliance with the DPF Principles, BlueDot commits to resolve DPF Principles-related complaints about your privacy and our collection or use of your personal information. EU and Swiss individuals with inquiries or complaints regarding our handling of personal data in reliance on the DPF should first contact BlueDot at privacy@bdot.ai. BlueDot has further committed to refer unresolved DPF Principles-related complaints to BBB NATIONAL PROGRAMS. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed by us, please visit https://bbbprograms.org/programs/all-programs/dpf-consumers for more information and to file a complaint. This service is provided free of charge to you. If your DPF complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See https://www.dataprivacyframework.gov/framework-article/ANNEX-I-introduction for more information on this process.
If you are an EU or Swiss individual, where we transfer your personal data to third-party service providers who perform services for us or on our behalf, we are responsible for the processing of that data by them and shall remain liable if they process your personal data in a manner inconsistent with the DPF Principles, unless we prove that we are not responsible for the event giving rise to the damage.
With respect to personal data received or transferred pursuant to the DPF Program, BlueDot is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission. EU and Swiss individuals have the right to obtain our confirmation of whether we maintain personal information relating to you in the United States. Upon request, we will provide you with access to the personal information that we hold about you. You may also correct, amend, or delete the personal information we hold about you. Direct queries to privacy@bdot.ai. To request that we limit the use or disclosure of your personal data, please submit a written request to privacy@bdot.ai.
BlueDot has implemented appropriate technical and organizational measures designed to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. These measures include, where appropriate, access controls, authentication mechanisms, logging and monitoring, encryption in transit, network security controls, and operational safeguards. Access to personal data is strictly limited to employees, agents, contractors, and authorized service providers who have a legitimate business need to access such data. BlueDot maintains procedures to identify, assess, and respond to personal data breaches. Where required by applicable law, BlueDot will notify affected individuals, customers, and/or relevant supervisory authorities of a personal data breach within the legally mandated timeframes.
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
Under certain circumstances, you have rights under data protection laws in relation to your personal data including: Right of access — to request access to the personal data we hold about you; Right of rectification — to request correction of inaccurate or incomplete personal data; Right to erasure — to request deletion of your personal data in certain circumstances; Right to restriction of processing — to request that we limit the processing of your personal data in certain circumstances; Right to object to processing — to object to processing based on legitimate interests or for direct marketing purposes; Right to data portability — to receive your personal data in a structured, commonly used, machine-readable format. If you wish to exercise any of the rights set out above, please contact us at privacy@bdot.ai. We try to respond to all legitimate requests within one month.
We collect your mobile phone number and other contact details to send you important updates regarding your case status, document requests, meeting reminders, and other notifications directly related to the services we provide. Your Law Firm may send mobile messages only where the data subject has explicitly opted in to receive such communications. Consent is obtained through a clear, affirmative action at the point where the mobile phone number is collected. You may withdraw your consent at any time by contacting your Law Firm liaison. We do not share your mobile phone number with any third parties without your consent, except as necessary to provide our services or as required by law. All messages are sent in compliance with applicable privacy regulations, including the Telephone Consumer Protection Act (TCPA) and SOC2.
"Legitimate Interest" means the interest of our business in conducting and managing our business to enable us to give you the best Service and the best and most secure experience. We make sure we consider and balance any potential impact on you and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law). "Comply with a legal or regulatory obligation" means processing your personal data where it is necessary for compliance with a legal or regulatory obligation that we are subject to.
Contact our Data Protection Officer:
BlueDot — Alejandro Mucino
2202 N. West Shore Blvd Suite 200, Tampa, FL 33607
privacy@bdot.ai