Privacy policy

This Privacy Policy explains how JM380 Corp (“JM380,” “we,” “our,” “us”) collects, uses, shares, retains, and protects personal information through the website at jm380corp.com (the “Site”). It applies to information collected through the Site only; it does not apply to information you may share with us in person, by phone, or through other channels.

By using the Site, you acknowledge that you have read and understood this policy. If you do not agree with how we describe our practices, please do not use the Site.

JM380 Corp (legal name: J.M. 380 Corporation) is a family-owned Florida corporation operating the commercial property at 382–388 SE 2nd Avenue, Delray Beach, Florida 33483. We are the data controller responsible for the personal information collected through this Site.

We aim to collect as little personal information as possible. The categories below describe what we collect and how.

Information you provide directly. When you submit our contact form, we collect:

• Your name
• Your email address
• Your phone number
• The topic you select (leasing, investment, or other)
• The message you write

Information collected automatically. When you submit a form, we record the IP address and browser user-agent string of the request. This is used solely for spam prevention, rate limiting, and abuse forensics.

Aggregate site usage. We use Cloudflare Web Analytics, a privacy-friendly service that does not use cookies and does not collect personal information. It reports counts of page views, referrers, and approximate device class only.

We do not knowingly collect any other personal information. We do not collect Social Security numbers, financial-account information, biometric data, geolocation precise to you, or information about your children.

We use information for the following purposes:

• Respond to your inquiry. We read each submission, route it internally, and reply by the means you provided.
• Maintain a record of communications. We retain submissions for follow-up and to handle any future related inquiry from you.
• Prevent fraud and abuse. Rate limits, spam checks, and audit logging rely on technical metadata.
• Operate and improve the Site. Aggregate analytics tell us which pages are useful and which need work.
• Comply with legal obligations. We may retain or disclose information when required by law, regulation, or valid legal process.

Legal basis. Where applicable, we rely on our legitimate interests in operating a small business and communicating with the people who reach out to us. We do not sell personal information and we do not engage in advertising profiling.

We do not sell, rent, or trade personal information. We share it only with the small set of trusted service providers listed below, and only as needed to operate the Site.

• Cloudflare, Inc. — DNS, edge caching, DDoS protection, anti-spam (Turnstile), and privacy-friendly analytics. Acts as a processor.
• Resend, Inc. — delivers transactional email (the notification we receive when you submit the form, and the auto-reply we send back to you).
• Google LLC (Maps embed) — embeds the static map of our property location. Google may receive your IP address when the map loads in your browser.

Each provider has its own privacy practices. We selected them for their stable security posture, transparency, and minimal data collection.

We may also share information when required by subpoena, court order, or other valid legal process; to protect our rights, property, or safety, or those of others; or in connection with the sale, merger, or reorganization of our business (in which case the recipient will be bound by terms at least as protective as those described here).

The Site does not set first-party tracking cookies. We do not use advertising or analytics cookies.

Cloudflare may set short-lived security cookies (for example, a cookie that records that your browser has passed an automated bot challenge). These cookies cannot be used to track you across other websites and they expire automatically.

Cloudflare Turnstile, which protects our forms from automated abuse, may briefly load resources from challenges.cloudflare.com when you visit the contact page.

We retain contact-form submissions for as long as we may reasonably need them to follow up on the inquiry, plus a reasonable period afterward to handle related communications and meet recordkeeping obligations.

Audit logs (records of form submissions, backup events, and similar operational events) are retained as part of our security record and are reviewed periodically.

Backup copies of our database are retained on a 30-day daily + 12-month monthly rolling schedule and then automatically deleted.

We follow industry-standard practices, including:

• HTTPS (TLS) on every page and form
• A strict Content Security Policy and other security HTTP headers (HSTS, X-Frame-Options, Referrer-Policy, etc.)
• Rate limiting and bot-challenge on every public form
• Encrypted database backups stored in restricted-access cloud object storage
• Limited internal access — only the two principals of JM380 Corp can read submissions

No system is perfectly secure. If we ever discover a breach affecting your information, we will notify you promptly as required by applicable law.

Depending on where you live, you may have specific legal rights regarding your personal information. Where they apply, we honor:

• Access. Request a copy of the personal information we hold about you.
• Correction. Ask us to correct inaccurate or incomplete information.
• Deletion. Ask us to delete the submission you sent us. We will do so unless we have a legal basis to retain it (for example, ongoing legal proceedings).
• Objection. Object to our processing of your information for any specific purpose.
• Portability. Receive your information in a machine-readable format.
• Non-discrimination. We will not discriminate against you for exercising any of these rights.

To exercise any of these rights, please use our contact form and select “Something else” as the topic. Tell us which right you want to exercise and the email address you used when you contacted us, so we can verify it’s really your record. We aim to respond within 30 days.

If you are a California resident, the California Consumer Privacy Act (CCPA) and Consumer Privacy Rights Act (CPRA) give you the rights described in Section 9 above. We do not sell or share personal information for cross-context behavioral advertising as those terms are defined in California law.

You may exercise these rights using the contact form. We will not require you to create an account, and we will not retaliate for exercising any right.

The Site is not directed at children under 13, and we do not knowingly collect personal information from children. If you believe a child has submitted information to us, please reach out via the contact form and we will delete it promptly.

JM380 Corp is based in the United States and our service providers are based in the United States. If you submit information from outside the U.S., it will be transferred to and processed in the U.S. By using the Site, you understand and consent to that transfer.

We may update this policy from time to time. The “last updated” date at the top of the page reflects the most recent change. Material changes will be highlighted on the Site for a reasonable period.

For privacy-related requests or questions about this policy, please use our contact form and select “Something else” as the topic. We do not publish a direct email address for privacy inquiries — the form ensures your request is captured, logged, and routed to the right person.

Mailing address:
JM380 Corp
382–388 SE 2nd Ave
Delray Beach, FL 33483