How does a Sierra project start?

We start with a short call about what you need and why. I write up a plan with a fixed scope, a price, and a ship date, usually within a few days. Once you approve it I start building, and you see working software early instead of waiting until the end.

What can you build for me?

Custom apps, web apps, and SaaS products. Internal tools, customer portals, CRM and ERP connections, automations, and data dashboards. If it runs your business and off the shelf software does not fit, we can build it.

Do I own the software and the code when it is done?

You do. When we finish, the code and every account belong to you. No lock in, no monthly fee just to keep the lights on. You can host it yourself or hand it to any developer later.

How long until my software is live?

Most projects ship in 4 to 12 weeks, depending on scope. You see working software early, not after months of silence. Support afterward is there if you want it.

Sierra Strategic — Custom Apps, CRMs & Automations

Sierra Strategic Consulting LLC, doing business as "Sierra Strategic"
Last updated: June 14, 2026

This Privacy Policy (this "Policy") explains how Sierra Strategic Consulting LLC, a [CONFIRM: state of formation] limited liability company doing business as "Sierra Strategic" ("Sierra Strategic," "we," "us," or "our"), collects, uses, discloses, and otherwise processes personal information in connection with our website at sierra-strategic.com (the "Site"), our outbound business-to-business marketing, and the custom-software development services we provide to our clients (collectively, the "Services").

Sierra Strategic operates a custom-software development studio for small and mid-sized businesses, delivering internal tools, business automations, client and customer portals, booking systems, custom applications, and integrations. That work is delivered by our personnel and by vetted contractors and service providers engaged under confidentiality obligations.

This Policy is incorporated into and supplements our Terms of Service and, where an engagement exists, the signed Client Services Agreement and its attached Statement of Work. The work described in a Statement of Work is referred to as the "Scope." If any term of this Policy conflicts with the signed Client Services Agreement, the Client Services Agreement controls as between Sierra Strategic and the applicable client.

1. Scope and Application

1.1 Who this Policy covers. This Policy applies to the personal information of three groups of individuals (each, a "you" as the context requires):

(a) Site visitors — individuals who visit or interact with the Site;

(b) Prospects — individuals at businesses whom we contact, or who contact us, in connection with our outbound business-to-business marketing and sales activity; and

(c) Clients and client personnel — individuals who engage us, or who act on behalf of a business that engages us, including signatories, project points of contact, and end users whose information is made available to us in the course of a Blueprint, build, or Care Plan.

1.2 Business-to-business context. Sierra Strategic provides its Services to businesses, and most personal information it handles is business-contact and business-operational information processed in a commercial setting rather than information about individuals acting in a personal or household capacity.

1.3 Information we process on behalf of clients. When we perform a build, an integration, or a Care Plan, we may process personal information contained within a client's own systems, data sets, or end-user records. We process that information under the direction and instructions of the client, as set out in the Client Services Agreement and the Scope. This Policy governs information that Sierra Strategic collects and uses for its own purposes; the relevant client's own privacy notice and the Client Services Agreement govern personal information that we process on that client's behalf.

1.4 What this Policy does not cover. This Policy does not apply to third-party websites, products, or services that we do not control, including those reachable through links on the Site. See Section 13 (Third-Party Links).

2. Categories of Personal Information We Collect

2.1 We collect the following categories of personal information, drawn from the categories enumerated under the California Consumer Privacy Act, as amended by the California Privacy Rights Act (together, the "CCPA"):

(a) Identifiers — name, business email address, business postal address, business telephone number, company name and website, and online identifiers such as IP address and device identifiers.

(b) Customer records and commercial information — records of Services purchased or considered, billing and transaction history, and the contents of communications with us. We do not store full payment-card numbers; payment-card processing is handled by Stripe, as described in Section 5.1.

(c) Internet or other electronic network activity information — Site usage data such as pages viewed, referring and exit pages, approximate location derived from IP address, browser and device characteristics, and interactions with the Site, collected through cookies and similar technologies as described in Section 4.

(d) Professional or employment-related information — job title, role, and the business or organization on whose behalf a Prospect or client contact acts.

(e) Audio, electronic, or visual information — recorded video walkthroughs (for example, screen recordings such as Loom) and accompanying narration submitted or captured during a Blueprint intake, together with any business information and workflow details described in those recordings.

(f) Blueprint intake and project information — business information, workflow details, system descriptions, and other materials that a Prospect or client provides so that we can scope, audit, and deliver an engagement.

(g) Inferences — limited inferences drawn from the foregoing to determine the fit of our Services and to plan an engagement.

2.2 Sensitive personal information. We do not collect "sensitive personal information" as defined under the CCPA for purposes of inferring characteristics about an individual. We do not request government identifiers, financial-account credentials, precise geolocation, or information about health, sex life, sexual orientation, racial or ethnic origin, religious or philosophical beliefs, or union membership. If such information appears within materials a client provides for a build or Care Plan, we process it solely to perform the engagement and not to infer characteristics about any individual. [CONFIRM: whether any engagement requires intentional collection of sensitive personal information; if so, this Policy must be updated to add the limit-use disclosure.]

2.3 Children's information. See Section 12.

3. Sources of Personal Information

3.1 We collect personal information from the following sources:

(a) Directly from you — when you complete a form on the Site, request or undergo a Blueprint, schedule a call, correspond with us, sign a Client Services Agreement, or otherwise interact with us.

(b) Automatically — when you use the Site, through cookies and similar technologies, as described in Section 4.

(c) From our payment, scheduling, and productivity providers — transaction and scheduling metadata generated when you pay through Stripe or book through our scheduling tools, as described in Section 5.

(d) From public sources and business-data providers — for our outbound marketing, we collect business-contact information (company name, website, business email address, and business telephone number) from publicly available sources and from commercial business-data providers, in order to offer our Services. See Section 10.

(e) From a client — when a client provides us with information, including information about its own personnel or end users, so that we can perform an engagement.

4. Cookies, Analytics, and Tracking Technologies

4.1 Technologies used. The Site uses cookies, pixels, local storage, and similar technologies to operate the Site, remember preferences, measure traffic, and understand how visitors use the Site.

4.2 Categories. These technologies fall into two general categories: those strictly necessary to deliver the Site and its core functions, and analytics and performance technologies that help us understand Site usage and improve the Site.

4.3 Analytics and cookie providers. We use the following analytics and cookie providers: [CONFIRM: analytics/cookie providers]. We will identify each provider by name and describe its function once confirmed.

4.4 Your choices. You can refuse or delete cookies through your browser settings, and some browsers and extensions transmit an opt-out preference signal such as the Global Privacy Control. Disabling strictly necessary cookies may impair Site functionality. Where required by applicable law, we present a cookie banner or preference mechanism and honor the choices you make through it. If resolution of the question raised in Section 5.3 determines that any analytics or advertising technology constitutes a "sale" or "share" under the CCPA, we will treat opt-out preference signals, including the Global Privacy Control, as a valid request to opt out and will configure the Site to detect and honor them. [CONFIRM: whether a consent-management banner is deployed and which signals are honored.]

5. Disclosures to Service Providers and Contractors

5.1 We disclose personal information to the categories of recipients listed below. Each is engaged to perform functions on our behalf under a written contract that imposes confidentiality and data-protection obligations and restricts its use of the information to those functions.

(a) Payment processing — Stripe, Inc., which processes payments and handles payment-card data. Sierra Strategic does not store full payment-card numbers.

(b) Website hosting — our website host, currently Framer (and previously Cloudflare Pages), which hosts and serves the Site.

(d) Email and productivity — Google Workspace, which we use for email, document storage, and related productivity functions.

(e) Analytics — the analytics and cookie providers identified in Section 4.3 [CONFIRM: analytics/cookie providers].

(f) Our personnel and vetted contractors and service providers under confidentiality obligations — individuals and firms we engage to deliver the Services, each bound by confidentiality obligations and permitted to use personal information only to perform the work assigned to them.

5.2 Other disclosures. We may also disclose personal information to comply with applicable law, legal process, or a lawful request from a governmental authority; to enforce our agreements or protect the rights, property, or safety of Sierra Strategic, our clients, or others; and in connection with a merger, acquisition, financing, or sale of all or part of our business, in which case personal information may be among the assets transferred, subject to this Policy.

5.3 No sale or sharing of personal information. Sierra Strategic does not sell personal information, and does not "share" personal information for cross-context behavioral advertising, as those terms are defined under the CCPA. We have not done so in the preceding twelve months. The disclosures to the service providers and contractors described in Section 5.1 are made for business purposes under written contracts that restrict their use of the information and do not constitute a sale. [CONFIRM: do we sell/share? — including whether any analytics or advertising technology results in a "sale" or "share" under the CCPA.]

5.4 Categories disclosed in the preceding twelve months. In the twelve (12) months preceding the Last updated date, we disclosed for business purposes the categories of personal information identified in Sections 2.1(a) through 2.1(g) to the categories of recipients identified in Section 5.1. We did not disclose "sensitive personal information" (as defined under the CCPA) other than as incidentally contained in client-provided materials processed under Section 2.2.

6. How and Why We Use Personal Information

6.1 We use personal information to operate, maintain, secure, and improve the Site; to respond to inquiries and to schedule and conduct calls and meetings; and to scope and deliver engagements, including the Blueprint, fixed-price builds, integrations, and the Keep-Alive, Sierra Care+, and Growth Partner Care Plans. Following a Blueprint intake, we use the information provided to prepare and deliver a one-page blueprint and a fixed-price Statement of Work.

6.2 We also use personal information to process payments and administer billing through Stripe; to administer and renew recurring Care Plans, including the disclosures and consents described in Section 11; and to conduct outbound business-to-business marketing consistent with Section 10. Beyond those purposes, we use personal information to detect, investigate, and prevent fraud, security incidents, and misuse, and to enforce our terms and agreements; to comply with applicable legal obligations, including tax, accounting, and recordkeeping requirements; and for other purposes disclosed to you at the point of collection or to which you consent.

6.3 We do not use personal information to make decisions about an individual that produce legal or similarly significant effects through solely automated processing.

7. Data Retention

7.1 We retain personal information for as long as necessary to fulfill the purposes described in this Policy, including to provide the Services, maintain business and accounting records, resolve disputes, and comply with our legal obligations. We determine retention periods for each category of personal information identified in Section 2 by reference to the length of the engagement or relationship during which the information is used; whether the information is needed to comply with a legal, tax, or accounting obligation; whether retention is advisable in light of our legal position, including applicable statutes of limitation or an actual or threatened dispute; and any consent or instruction you or a client has provided. We do not retain personal information for longer than is reasonably necessary for the purpose for which it was collected.

7.2 Retention periods vary by category of information and context. Information relating to an active engagement is retained for the duration of that engagement. Billing and transaction records are retained for the period required by applicable tax and accounting rules. Blueprint intake materials and recorded walkthroughs are retained for the period necessary to scope and deliver the resulting work and to support any related warranty or Care Plan obligations. Prospect contact information is retained for so long as we may reasonably offer our Services, subject to any do-not-contact request under Section 10. [CONFIRM: specific retention periods for each category, to be finalized with counsel and aligned to our actual records-retention schedule.]

7.3 When personal information is no longer needed for a permitted purpose, we delete it or de-identify it, subject to any legal hold or backup-retention cycle.

8. Security

8.1 We maintain safeguards designed to protect personal information against unauthorized access, disclosure, alteration, and destruction, including organizational, technical, and physical measures appropriate to a studio of our size and the information we handle. Access is limited to personnel and contractors who need it for an engagement and who are bound by confidentiality; payment-card data is handled by Stripe rather than held by us; and the Site and our working files reside with the established providers identified in Section 5.

8.2 No safeguard can guarantee absolute security, and we do not warrant that personal information will never be subject to unauthorized access. You acknowledge that you provide information to us with that understanding. If we become aware of a security incident affecting your personal information, we will respond as required by applicable law.

9. California Privacy Rights

9.1 Application. This Section 9 applies to California residents and supplements the rest of this Policy. The rights described here are subject to the exceptions and verification requirements of the CCPA.

9.2 Your rights. Subject to applicable limits, you have the right to:

(a) Know and access — request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources, the business or commercial purposes for collecting it, and the categories of recipients to whom we have disclosed it;

(b) Delete — request that we delete personal information we have collected from you;

(d) Opt out of sale or sharing — direct us not to sell or share your personal information. As stated in Section 5.3, we do not sell or share personal information [CONFIRM: do we sell/share?]; and

(e) Limit the use of sensitive personal information — to the extent we use sensitive personal information to infer characteristics about you, direct us to limit that use to the purposes permitted under Section 1798.121 of the CCPA. As stated in Section 2.2, we do not use sensitive personal information to infer characteristics about any individual, and accordingly no separate limit-use mechanism is required at this time.

9.3 "Do Not Sell or Share My Personal Information." Sierra Strategic does not sell or share your personal information as those terms are defined under the CCPA. Because we do not engage in that activity, no opt-out is necessary. If this practice changes, we will update this Policy and provide a "Do Not Sell or Share My Personal Information" mechanism as required by law. [CONFIRM: do we sell/share?]

9.4 How to exercise your rights. You may submit a request by emailing hello@sierra-strategic.com with the subject line "California Privacy Request" and a description of the right you wish to exercise.

9.5 Verification. To protect your information, we will verify your identity before acting on a request to know, delete, or correct. Verification will generally require you to provide information sufficient for us to match it against information we already hold about you, in a manner proportionate to the sensitivity of the information and the risk of harm from unauthorized access. We will not use information collected for verification for any other purpose.

9.6 Authorized agents. You may designate an authorized agent to make a request on your behalf. Where an agent submits a request, we may require the agent to provide proof that you gave the agent signed permission to submit the request, or a valid power of attorney under California Probate Code sections 4000 through 4465. We may also require you to verify your own identity directly with us and to confirm that you provided the agent permission to submit the request. We may deny a request from an agent who does not submit proof of authorization.

9.7 Non-discrimination. We will not discriminate against you for exercising your privacy rights, including by denying Services, charging a different rate, or providing a different level or quality of Services. A difference in price or service is permitted only where it is reasonably related to the value provided by the relevant data, as the CCPA allows.

9.8 Response timing. We will acknowledge a verifiable request within the period required by the CCPA and respond within the time allowed by law, which we may extend where permitted. There is no fee for exercising your rights unless a request is manifestly unfounded or excessive, in which case we may charge a reasonable fee or decline to act as permitted by law.

10. Outbound Marketing and CAN-SPAM

10.1 Outbound business-to-business marketing. Sierra Strategic collects business-contact information (company name, website, business email address, and business telephone number) from publicly available sources and from commercial business-data providers in order to offer its Services, and sends commercial email to business recipients.

10.2 CAN-SPAM compliance. Our commercial email is consistent with the federal CAN-SPAM Act. Our messages identify Sierra Strategic accurately, do not use deceptive headers or subject lines, include a valid physical postal address, and provide a clear opt-out mechanism that we honor promptly.

10.3 Opt-out and do-not-contact. You may opt out of our commercial email at any time by using the unsubscribe link in any message or by emailing hello@sierra-strategic.com with the subject line "Do Not Contact." We honor opt-out requests within ten (10) business days of receipt, do not require any step beyond sending a reply or visiting a single web page to opt out, do not charge a fee, and do not sell, transfer, or use the opted-out address other than to maintain it on our suppression list. Our postal address for these purposes is Sierra Strategic Consulting LLC, 2108 N Street, Sacramento, California 95816, USA.

11. Recurring Care Plans and Automatic Renewal

11.1 Auto-renewal disclosure. Our optional monthly Care Plans (Keep-Alive, Sierra Care+, and Growth Partner) are subscription Services that automatically renew for successive billing periods until cancelled. Before you enroll, we present the renewal terms, the recurring nature of the charges, the billing frequency, and how to cancel, in a clear and conspicuous manner and in visual proximity to the request for your consent, consistent with California's Automatic Renewal Law and analogous laws, and as further set forth in the Refund & Payment Policy.

11.2 Affirmative consent. We obtain your affirmative consent to the automatic-renewal terms before the initial charge and as a condition of enrollment, and we retain a record of that consent.

11.3 Cancellation. You may cancel a Care Plan at any time, without charge for the act of cancellation, by any self-service or online method we make available and in any event by emailing hello@sierra-strategic.com; where you enrolled online, cancellation may be exercised online or through the same medium. A cancellation received before the next renewal date stops further renewals; the plan then remains active through the end of the billing period already paid, and no further charges are made, except as the Client Services Agreement otherwise provides. We will process a timely cancellation request without requiring you to take any step beyond those reasonably necessary to confirm the request and your identity. [CONFIRM: self-service/online cancellation method offered, which must be disclosed here if available.]

11.4 Post-enrollment acknowledgment. After you enroll in a Care Plan, we provide an acknowledgment that includes the automatic-renewal terms, the cancellation policy, and information on how to cancel, in a form you can retain. The specific scope, cadence, and pricing of each Care Plan are set out in the signed Client Services Agreement, which controls.

11.5 Changes and reminders. Where required by applicable law, we provide advance notice of any material change to the automatic-renewal terms, including any price increase, before that change takes effect, together with information on how to cancel, and we provide any renewal or cancellation reminders required by law, as further set forth in the Refund & Payment Policy. [CONFIRM: free-trial or promotional-period mechanics, if any, which trigger additional disclosure obligations under the Automatic Renewal Law.]

12. Children's Data

12.1 The Services are directed to businesses and are not intended for, or directed to, children under sixteen (16) years of age. We do not knowingly collect personal information from children under sixteen. If we learn that we have collected such information without the required consent, we will delete it. If you believe a child has provided us personal information, contact us at hello@sierra-strategic.com.

13. Third-Party Links

13.1 The Site and our communications may contain links to third-party websites, products, and services that we do not control. This Policy does not apply to those third parties. We are not responsible for their content or privacy practices, and we encourage you to review the privacy notices of any third party before providing personal information to it.

14. EEA and UK Privacy Rights

14.1 Application. Sierra Strategic markets and sells to businesses in the United States and does not direct the Services to individuals in the European Economic Area ("EEA") or the United Kingdom ("UK"). This Section 14 addresses the limited circumstances in which the EU General Data Protection Regulation or the UK General Data Protection Regulation (together, the "GDPR") may nonetheless apply to our processing of personal data of individuals located in the EEA or the UK. To the extent the GDPR applies, Sierra Strategic is the controller of the personal data it processes for its own purposes under this Policy. [CONFIRM: whether Sierra Strategic offers or targets Services to individuals in the EEA/UK; if not, confirm this Section may be narrowed.] [CONFIRM: whether Article 27 of the GDPR requires designation of an EU and/or UK representative; if so, identify the representative and contact details here.]

14.2 Lawful bases. Where the GDPR applies, we process personal data on one or more of the following lawful bases:

(a) Performance of a contract — to take steps at your request before entering into, and to perform, an engagement;

(b) Legitimate interests — to operate and secure the Site, to conduct business-to-business marketing of our Services, and to manage and grow our business, where those interests are not overridden by your interests or fundamental rights;

(c) Consent — where we rely on your consent, for example for certain cookies or communications, which you may withdraw at any time; and

(d) Legal obligation — to comply with applicable law.

Where the GDPR or applicable national implementing law (including the ePrivacy Directive and, in the United Kingdom, the Privacy and Electronic Communications Regulations) requires consent for direct marketing communications, we obtain that consent and do not rely on legitimate interests for those communications.

14.3 Data-subject rights. Subject to the conditions and exceptions in the GDPR, you may request access to, rectification of, or erasure of your personal data; restriction of or objection to processing; and data portability; and you may withdraw consent where processing is based on consent. You may exercise these rights by emailing hello@sierra-strategic.com. You also have the right to lodge a complaint with your local supervisory authority.

14.4 International transfers. We and our service providers may process personal data in the United States and in other countries whose data-protection laws differ from those of the EEA and the UK. Where we transfer personal data out of the EEA or the UK, we rely on an appropriate transfer mechanism recognized under the GDPR, such as the European Commission's Standard Contractual Clauses and the UK International Data Transfer Addendum, together with supplementary measures where appropriate. [CONFIRM: specific transfer mechanism(s) relied upon.]

14.5 Retention. We retain personal data for the periods described in Section 7 and as required to satisfy the lawful bases set out in Section 14.2.

14.6 Provision of data and automated decisions. Provision of certain personal data is necessary to enter into and perform an engagement; if you do not provide it, we may be unable to deliver the Services. As stated in Section 6.3, we do not make decisions producing legal or similarly significant effects about you through solely automated means within the meaning of Article 22 of the GDPR.

15. Changes to This Policy

15.1 We may revise this Policy as our practices or the law change. We will update the "Last updated" date above and, where the changes are material or notice is required by law, provide additional notice before the changes take effect. Use of the Site or the Services after the effective date of a revision is subject to the revised Policy to the extent permitted by law. Material changes will not apply retroactively, and where the law requires your consent to a change, we will obtain it before the change applies to you.

16. Contact, Notices, and Governing Law

16.1 All privacy requests, notices, and questions regarding this Policy may be directed to:

Sierra Strategic Consulting LLC
2108 N Street
Sacramento, California 95816, USA
Email: hello@sierra-strategic.com

16.2 The email address above is the designated address for privacy requests, including those described in Sections 9, 10, 11, and 14.

16.3 Governing law, dispute resolution, and severability. This Policy is governed by the laws of the State of California, without regard to conflict-of-laws principles, except to the extent the CCPA, the GDPR, or other mandatory law of the consumer's jurisdiction applies. Subject to that mandatory law, the exclusive jurisdiction and venue for any matter not otherwise subject to arbitration lie in the state and federal courts located in Sacramento County, California. Disputes arising under the Client Services Agreement are subject to the dispute-resolution terms of that agreement and, failing that, to the dispute-resolution provisions of the Terms of Service, including Section 13 (arbitration) thereof. If any provision of this Policy is held unenforceable, that provision will be limited or severed to the minimum extent necessary, and the remaining provisions will remain in full force and effect. Nothing in this Policy limits any non-waivable right you have under the CCPA or other applicable law.