Privacy Policy
Last updated: June 8, 2026
1. Who we are
Hay Hooks Farm(“Hay Hooks Farm,” “we,” “us,” or “our”) operates the website hayhooks.com to document and share evidence about the proposed contractor laydown yard at 19701 N Kluver Road in New Buffalo Township, Berrien County, Michigan, and to encourage public participation in the related planning process. We are the data controller of personal information collected through this site.
If you have any privacy question or want to exercise a right described below, contact us at privacy@hayhooks.com.
2. The short version
- We collect very little by default: anonymous server logs, plus an attribution cookie that records how you arrived at the site (e.g. from a search engine or social link).
- We only load analytics or advertising scripts after you opt in through our cookie banner. The defaults are off.
- If your browser sends Global Privacy Control (GPC), we treat that as a binding “do not sell or share” signal and block all marketing cookies and advertising platforms regardless of any previous choice.
- You can reopen the cookie banner at any time from the “Cookie Settings” link in the footer, or email privacy@hayhooks.com with any access, deletion, correction, or opt-out request.
3. Information we collect
3.1 Information you provide
We currently do not run forms on this site. If we add a way for you to send us a message, sign a petition, or RSVP for a meeting in the future, we will collect only the fields shown on that form (for example, name and email) and use them only for the purpose stated on the form.
3.2 Information collected automatically
- Server logs. Standard web server logs containing IP address, user-agent, requested URL, referrer, and timestamp. Logs are retained for up to 30 days and used only for security and debugging.
- Attribution cookie (
bb_attr). A first-party cookie set on your first visit that records the referring source, medium, campaign, and any UTM or click-ID parameters present in the URL (e.g.gclid,fbclid,li_fat_id,rdt_cid,msclkid,oppref). This cookie expires after 30 days. It is considered essential for measuring whether advertising and outreach are reaching the right audiences and is set even if you reject optional cookies. - Consent cookie (
bb_consent).Records your choices in the cookie banner so we don’t prompt you again on every visit. Contains only your toggles (analytics/marketing) and a timestamp. - Page-view records. When you view a page we record a server-side page-view row tied to an anonymous visitor ID (a random identifier in the attribution cookie, not your name or email). We keep these for 90 days and use them in aggregate to understand which evidence is reaching people.
4. Analytics
If you allow Analytics in the cookie banner, we use Google Analytics 4 to understand which pages are most useful and where visitors come from. Google Analytics sets its own first-party cookies (_ga, _gid, _gat). We have configured IP-anonymization where available. If you do not enable Analytics, no Google Analytics script is loaded.
5. Advertising platforms
If you allow Marketing in the cookie banner, and we have an active advertising campaign, we may load remarketing tags and send conversion events to the advertising platforms listed below. Each platform receives only the minimum data needed to attribute a visit or action to one of our advertisements; we do not sell information and we do not allow these platforms to use information about you for their own independent purposes other than what their own policies describe.
All advertising integrations are gated by (a) your explicit Marketing consent in the cookie banner, (b) the absence of a Global Privacy Control signal from your browser, and (c) the existence of an active campaign for the page you are viewing. If any of those three conditions is missing, no advertising scripts load, no conversion events are sent, and no audience-signal pixel fires.
| Platform | Cookies / identifiers | Purpose | Policy |
|---|---|---|---|
| Google (Google Ads, Google Analytics 4, Google Tag Manager) | _ga, _gid, _gat, NID, IDE, _gcl_au, _gac_*, FPGCLAW | Site analytics, search and display advertising measurement, remarketing audience building, conversion attribution via Google Ads Customer Match and the Google Ads Conversions API. | Read policy |
| Meta (Facebook and Instagram Ads) | _fbp, _fbc, fr | Audience building and conversion attribution for Facebook and Instagram advertising via the Meta Pixel and Meta Conversions API. | Read policy |
| LinkedIn (LinkedIn Ads) | li_fat_id, AnalyticsSyncHistory, lidc, bcookie | Audience building and conversion attribution via the LinkedIn Insight Tag and LinkedIn Conversions API. | Read policy |
| Reddit (Reddit Ads) | rdt_cid, rdt_uuid | Audience building and conversion attribution via the Reddit Pixel and Reddit Conversions API. | Read policy |
| Microsoft Ads (Bing) | MUID, _uetsid, _uetvid | Search and display advertising measurement, audience building, and conversion attribution via the Microsoft UET tag and Microsoft Ads Conversions API. | Read policy |
| OpenAI / ChatGPT Ads | set server-side; no first-party cookie issued from your browser | Conversion attribution for advertising shown inside OpenAI / ChatGPT products via the OpenAI Conversions API. | Read policy |
6. Server-side conversion API
In addition to (or instead of) browser-side pixels, we send conversion events to advertising platforms server-side through their respective Conversions APIs. Server-side events are sent only when an attribution cookie indicates a click from that platform (e.g. a gclid for Google, fbclid for Meta) AND you have given Marketing consent. We do not hash or share email/phone unless you have voluntarily submitted them through a form on the site, and even then only with your separate consent.
7. Cookie categories
- Essential— cannot be turned off because the site cannot function without them. Includes the consent cookie itself and the attribution cookie.
- Analytics— off by default. When on, loads Google Analytics 4.
- Marketing— off by default. When on, allows advertising-platform tags and audience signals as described above.
You can change these any time using the “Cookie Settings” link in the footer. Changing marketing from on to off triggers a page reload so any already-loaded advertising scripts are evicted immediately.
8. Global Privacy Control
If your browser sends the Sec-GPC: 1header (for example, Firefox with the “Tell websites not to sell or share my data” setting, Brave, DuckDuckGo, or a GPC browser extension in Chrome / Safari) we honor it as a binding Do Not Sell or Sharesignal under the California Privacy Rights Act (CPRA), the Colorado Privacy Act, the Connecticut Data Privacy Act, and equivalent laws. While GPC is active, we will not load advertising scripts and will not send conversion events to advertising platforms, regardless of any previous “Accept All” choice. Analytics consent is not overridden by GPC because GPC's scope is sale/sharing, not first-party analytics.
9. Your rights
Regardless of where you live, you can email privacy@hayhooks.com to ask us to:
- Tell you what information we hold about you.
- Correct anything that’s wrong.
- Delete what we hold (subject to lawful retention).
- Export it in a portable format.
- Stop processing your information for marketing measurement.
If you are in the European Economic Area, United Kingdom, or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR), including the right to object to processing, the right to restrict processing, and the right to lodge a complaint with your national data protection authority. Our legal bases for processing are: (a) your consent, for analytics and advertising; (b) our legitimate interest in keeping the site secure and functional, for server logs and the attribution cookie; and (c) compliance with a legal obligation where required.
If you are a California, Colorado, Connecticut, or other US-state resident with privacy rights, you have the additional right to opt out of the sale or sharing of your personal information for cross-context behavioral advertising. We honor Global Privacy Control as that opt-out (see above) and you can also email privacy@hayhooks.com with the words “Do Not Sell or Share” in the subject line. We do not knowingly “sell” personal information in the traditional sense; the use of advertising-platform pixels and conversion APIs may be considered “sharing” under CPRA and equivalent laws, and is gated by your consent and GPC as described.
10. Data we share with service providers
In addition to the advertising platforms above, we use the following service providers, each of whom processes information on our behalf and is contractually required to use it only for the purposes we direct:
- Vercel Inc.— website hosting and edge network. May process IP address and request metadata. Privacy Policy.
- Neon, Inc.— managed PostgreSQL database. Stores attribution records, page-view records, and CMS content. Privacy Policy.
- Vercel Blob— CDN-backed storage for images and video used on the site.
11. Data retention
- Server logs: up to 30 days.
- Attribution cookie: 30 days in your browser; the underlying attribution row in our database is retained for 365 days then deleted.
- Consent cookie: 365 days.
- Page-view records: 90 days, then deleted by a daily job.
- Audience-signal events: 90 days, then aggregated into non-identifying weekly rollups and the originals are deleted.
- Conversion-queue rows: retained as long as needed to deduplicate against the relevant advertising platform, typically 90 days, then deleted.
12. International data transfers
We are based in the United States and our service providers primarily process data in the United States. If you are visiting from outside the United States, by using the site you understand that your information will be transferred to and processed in the United States. Where required, we rely on the European Commission Standard Contractual Clauses or equivalent transfer mechanisms.
13. Security
We use industry-standard security measures including HTTPS everywhere, strict Content Security Policy headers, HSTS preload, timing-safe credential comparison for admin endpoints, server-side rate limiting, and rotation of secrets. No system is perfectly secure; if you believe you have found a security issue, please email privacy@hayhooks.com.
14. Children
This site is not directed at children under 16, and we do not knowingly collect personal information from children under 16. If you believe a child has provided us with personal information, email privacy@hayhooks.com and we will delete it.
15. Changes to this policy
We may update this policy as we add or change features on the site or in response to changes in law. The “Last updated” date at the top will reflect the most recent revision. Material changes will be highlighted in the cookie banner.
16. Contact
Hay Hooks Farm
privacy@hayhooks.com