Privacy Policy for We’ll Do It LLC

Last Updated: July 22, 2025

1. Introduction: Who We Are and What This Policy Covers

Welcome to We’ll Do It LLC. We are committed to protecting your personal information and being transparent about what we do with it. This Privacy Policy explains how we collect, use, share, and protect your data.

• Who We Are: This policy is issued by We’ll Do It LLC, the company behind the website welldoit.solutions and the suite of services we offer. For the purposes of data protection law, we are the Data Controller of the personal information we process for our own business purposes.
• What This Policy Covers: This policy applies to you if you are a visitor to our website, a client who uses our services, or anyone else whose personal information we handle in the course of our business.
• Our Role as a Data Processor: For some of our services, such as when we resell certain technology solutions, we may act as a Data Processor on behalf of our clients. In these situations, our processing of your data is governed by our service agreement with the client (the Data Controller).

2. Our Lawful Basis for Processing Your Information

We only process your personal information when we have a valid legal reason to do so. These “lawful bases” include:

• Performance of a Contract: We process your data when it’s necessary to fulfill our contractual obligations to you. This includes using your contact details, service requirements, and payment information to deliver the services you’ve purchased.
• Legal Obligation: We process certain data because we are legally required to. For example, as holders of PTIN and ETIN credentials for tax services, we collect Social Security Numbers (SSNs) or Employer Identification Numbers (EINs) to comply with IRS regulations.
• Legitimate Interests: We process some data for our legitimate business interests, such as improving our website, monitoring for security threats, and conducting business analysis. We only do this when our interests do not override your fundamental rights and freedoms.
• Consent: For activities that are truly optional, like sending you marketing newsletters or placing non-essential advertising cookies on your device, we will always ask for your explicit consent first. You can withdraw this consent at any time.

3. The Personal Information We Collect and How We Collect It

We collect information from you in several ways: directly from you, automatically through our website, and from third-party sources. Here are the categories of information we collect:

• Identifiers: Your name, email address, shipping and billing address, phone number, IP address, and account username, password, and passcode.
• Commercial Information: Records of services you’ve purchased or considered and your transaction history with us.
• Internet or Other Electronic Network Activity: Information about how you interact with our website, such as your Browse history, collected through cookies and other tracking technologies.
• Professional or Employment-Related Information: Your job title, company name, industry, and other business information which may be collected in the course of providing business consulting or administration services.
• Sensitive Personal Information: This is data that receives higher protection. We only collect it when absolutely necessary for a specific service and with a clear legal basis. This includes:
• Government-Issued Identifiers (SSN, EIN, TIN, ect): Collected exclusively for legally mandated services like tax preparation.
• Financial Information (Bank Accounts, Credit Cards, Debit, ect): Required for payment processing and bookkeeping services.
• Third-Party Account Credentials: Account logins for social media or business software, collected only to perform a contracted service.

⚠️ A Special Note on “Delegated Access” Data

When you provide us with login credentials or financial account information, you are entrusting us with control over your digital and financial assets. We treat this responsibility with the highest level of care. We secure this data using stringent security controls, including encryption and strict access protocols. We strongly prefer using secure methods like API keys or OAuth tokens instead of storing raw passwords whenever possible. This data is used only for the specific purpose of delivering your requested service and is deleted promptly upon service termination.

A Note on Health Information

We do not routinely handle personal health information. In cases where a client’s project requires us to handle such information, we will establish a specific agreement to ensure our practices are compliant with the Health Insurance Portability and Accountability Act (HIPAA).

4. How and Why We Use Your Personal Information

We use your information for specific, explicit, and legitimate purposes. The table below outlines our main data processing activities.

Purpose of Processing	Categories of Personal Information Used	Lawful Basis (under GDPR)
To Provide Our Services and Manage Your Account	Identifiers; Commercial Information; Professional Information; Sensitive Personal Information (where essential).	Performance of a Contract
To Process Payments and Prevent Fraud	Identifiers; Commercial Information; Financial Information; Internet Activity.	Performance of a Contract; Legitimate Interests
To Comply with Legal and Regulatory Obligations	Identifiers; Financial Information; SSN/EIN.	Legal Obligation
For Marketing and Communications	Identifiers; Internet Activity.	Consent
For Analytics and Service Improvement	Internet Activity.	Legitimate Interests
To Respond to Inquiries and Provide Support	Identifiers; Commercial Information; any other info you provide.	Legitimate Interests

5. Data Sharing and Third-Party Disclosures

We do not sell your personal information. We only share it with trusted partners who help us operate our business and deliver our services. We require all partners to respect the security of your data and to treat it in accordance with the law. We have signed Data Processing Agreements (DPAs) with partners who handle personal data on our behalf.

We share data with the following categories of partners, including but not limited to:

• Cloud Hosting and Infrastructure Providers: To securely store our data and host our services.
• Payment Processors and Facilitators: To securely process payments and prevent fraud. 
• SaaS and Technology Solution Providers: To provision and support the software and technology services you purchase through us.
• Analytics and Marketing Service Providers: To help us understand website traffic, manage customer relationships, and conduct marketing campaigns (based on your consent).
• Professional Services Partners: To provide specialized services that are part of a client package.
• Government and Law Enforcement: To comply with valid legal requests and regulatory obligations.

6. Data Security, Retention, and International Transfers

Data Security

We have implemented comprehensive security measures to protect your information. These include:

• Technical Measures: Encryption of data in transit (SSL/TLS) and at rest, two-factor authentication, firewalls, and regular security scanning.
• Organizational Measures: Staff training on data protection, strict access controls (least privilege principle), and vendor security reviews.
• Data Storage: Your data is stored securely on remote cloud servers, including platforms like Google Workspace. For specific legal or operational purposes, we may be required to keep limited information in a secure physical file.
• Incident Response: A formal plan to contain and assess any data breach by shutting down systems and resetting passwords, and to notify you and relevant authorities in a timely manner as required by law (e.g., within 72 hours for GDPR).
• PCI DSS Compliance: As we facilitate payments, we adhere to the Payment Card Industry Data Security Standard (PCI DSS) to protect cardholder data.

Data Retention

We keep your personal information only for as long as necessary to fulfill the purposes for which it was collected. Our retention periods are determined by legal and operational requirements.

• Client & Transactional Data: Retained for ten years after our relationship ends to comply with tax and accounting laws.
• Analytics Records: Retained for one year.
• Contact Form Entries: Retained for six months for customer service purposes.
• Marketing Contacts: Retained until you unsubscribe, after which you are moved to a suppression list.

International Data Transfers

We are based in the United States, with operational capabilities in Canada, Jamaica, Mexico, and the EU. If you are accessing our services from outside the U.S., your information will be transferred to, stored, and processed in the U.S. and other countries where our partners operate. For data transferred from the EEA or UK, we use legal safeguards like Standard Contractual Clauses (SCCs) to ensure your data receives a level of protection equivalent to that under GDPR.

7. Your Privacy Rights and How to Exercise Them

You have rights over your personal information. Depending on your location, these may include:

• The Right to Know and Access: To request a copy of your data.
• The Right to Rectification (Correction): To have inaccurate information corrected.
• The Right to Erasure (Deletion): To have your data deleted, subject to certain exceptions.
• The Right to Restrict or Object to Processing: To limit how we use your data.
• The Right to Data Portability: To receive your data in a machine-readable format.
• The Right to Opt-Out of Sale or Sharing (for California residents).
• The Right to Limit the Use of Sensitive Personal Information (for California residents).
• The Right to Withdraw Consent: To withdraw consent at any time for processing that is based on consent.
• The Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.

How to Exercise Your Rights:

To make a request, please contact us using the method below. We will attempt to process requests instantly for data within our direct control, but we reserve a 30-day window to fully address your request. For data shared with our partners, deletion may take up to 120 days, and we will work with them to facilitate your request.

• Email: specialist@welldoit.solutions

We will need to verify your identity before we can fulfill your request.

8. Jurisdiction-Specific Information

Notice to Residents of California (CCPA/CPRA)

This section provides additional details for California residents.

• Your Rights: You have the right to know, delete, correct, opt-out of sale/sharing, and limit the use of your sensitive personal information.
• How to Opt-Out: You can opt out of the sale or sharing of your personal information by email us your request here: Do Not Sell or Share My Personal Information specialist@welldoit.solutions. We also honor opt-out requests sent via the Global Privacy Control (GPC) signal.
• Sensitive Information: You can limit our use of your sensitive personal information by putting in a request here: Limit the Use of My Sensitive Personal Information specialist@welldoit.solutions
• Data Collection and Sharing: In the past 12 months, we have collected the categories of information described in Section 3 and shared them for business purposes as described in Section 5. We do not “sell” personal information as traditionally defined. We do not have actual knowledge of selling or sharing the personal information of consumers under 16 years of age.

Notice to Individuals in the EEA, UK, and Canada

• Data Controller: We’ll Do It LLC is your data controller.
• Data Protection Officer (DPO): Lesford McKenzie Mckenzie@welldoit.solutions or 480-631-4324.
• EU Representative: Lesford McKenzie Mckenzie@welldoit.solutions or 480-631-4324..
• Privacy Officer (Canada):  Lesford McKenzie Mckenzie@welldoit.solutions or 480-631-4324. is responsible for our compliance with PIPEDA.
• Right to Lodge a Complaint: You have the right to lodge a complaint with your local data protection authority.

Notice to Residents of Mexico (LFPDPPP)

This notice will be updated to fully comply with the new Federal Law on Protection of Personal Data Held by Private Parties (LFPDPPP) effective in 2025. You have ARCO rights (Access, Rectification, Cancellation, and Opposition), which you can exercise using the methods described in Section 7.

9. Policy Governance

Children’s Privacy

Our services are not directed to individuals under the age of 16, and we do not knowingly collect personal information from them.

Updates to This Privacy Policy

We may update this policy from time to time. We will notify you of any material changes by posting a prominent notice on our website or by sending you an email.

How to Contact Us

If you have any questions, concerns, or requests regarding your privacy, please contact us:

• Email: specialist@welldoit.solutions

Mailing Address:
We’ll Do It LLC
2321 E. University Dr.
Phoenix, Az 85034
United States