Name: Freewave.Online
Address: Orcas, WA, 98280, US
Telephone: 321-222-0889
Price range: $

Privacy Policy

Last updated: March 24, 2026

Freewave.Online is a DBA of Carrot & Flower LLC, a Washington State limited liability company. This privacy policy explains how we collect, use, and protect your personal information when you use our website at freewave.online ("Site").

1. Information We Collect

Information you provide directly:

Contact and quote forms: Name, email address, phone number, service address, and any details you include in your message.
Support subscriptions: Name, email address, and phone number. Payment information (card number, billing address) is collected directly by Stripe and is never stored on our servers.
Appointment scheduling: Name, email address, phone number, service address, preferred date/time, and service details.
Fiber waitlist: Name, email address, service address, and phone number.

Information collected automatically:

IP address and browser user agent: Recorded when you submit a form, used for spam prevention and rate limiting.
Cookies: See Section 5 below.

Information we do not collect:

We do not use analytics or tracking scripts (no Google Analytics, Facebook Pixel, etc.).
We do not collect payment card information — all payments are processed by Stripe on their hosted checkout page.

2. How We Use Your Information

To respond to your inquiries and provide requested quotes.
To process payments and manage your support subscription.
To schedule and manage onsite support appointments.
To send transactional emails related to your account or service request (confirmation emails, login codes, subscription updates).
To notify fiber waitlist members when service becomes available.
To prevent spam and abuse through rate limiting and bot detection.

We do not send marketing or promotional emails. All emails from Freewave.Online are transactional — directly related to a service you requested or an action you took on the Site.

3. How We Share Your Information

We do not sell or share your personal information. We do not sell, rent, or trade your personal data to any third party for marketing, advertising, or any other purpose. This applies regardless of your state of residence, including under the California Consumer Privacy Act (CCPA) and the Washington Privacy Act (WPA).

We share data only with the following third-party services, strictly as necessary to operate the Site:

Stripe (stripe.com) — Payment processing. When you subscribe to a support plan or pay an invoice, your name, email, and phone number are sent to Stripe to create a customer record. Payment card details are collected directly by Stripe. See Stripe's Privacy Policy.
Cloudflare Turnstile (cloudflare.com) — Bot prevention on public forms. Cloudflare may collect your IP address and browser information to verify you are human. See Cloudflare's Privacy Policy.
AI service providers — We may use AI tools to assist with support delivery, troubleshooting, and internal operations. When AI tools are used, information relevant to your support request (such as your name, service details, or technical issue description) may be processed by the AI provider. We select AI providers with appropriate data handling practices and do not share your payment information with AI tools. See Section 7 of our Terms of Service for more details.

4. Data Storage and Security

Your information is stored in a database on our web server hosted by Namecheap. We use the following security measures:

HTTPS encryption on all pages.
Sensitive files and database blocked from direct web access.
Stripe webhook signatures verified to prevent tampering.
Admin access protected by passwordless authentication with rate limiting.
No payment card data is stored on our servers.

5. Cookies

The Site uses a minimal number of cookies:

Session cookie (PHPSESSID) — Used on the admin dashboard only. Required for authentication. Expires when the browser is closed.
Remember-me cookie (remember_token) — Optional, set only if an admin selects "Remember me." Expires after 30 days. Scoped to the /admin/ path.
Third-party cookies — Stripe and Cloudflare Turnstile may set their own cookies when their services load on the page. We do not control these cookies.

The public-facing pages of this Site do not set any first-party cookies. There are no advertising or analytics cookies.

6. Data Retention

Contact and quote submissions: Retained until the inquiry is resolved, then kept for up to 2 years for business records.
Subscription records: Retained for as long as your subscription is active, plus 2 years after cancellation for billing records.
Appointment records: Retained for up to 2 years after the appointment date.
Waitlist entries: Retained until fiber service launches in your area or you request removal.
IP addresses and rate-limiting data: Automatically deleted after a short period (typically within 1 hour).

7. Your Rights

Regardless of where you live, you may request to:

Access the personal data we hold about you.
Correct inaccurate information.
Delete your personal data from our records.
Opt out of communications — You may ask us to stop sending transactional emails beyond what is strictly required for an active subscription or pending appointment. We do not send marketing emails.

To make a request, email us at [email protected]. We will respond within 30 days. We will not discriminate against you for exercising any of these rights. If you have a Stripe subscription, deleting your data may require cancelling your subscription first.

8. Health-Related Information

Our forms may include free-text fields where you can describe your situation or service needs. If you choose to include health-related information (for example, describing a medical device that requires reliable internet), we treat that information with the same protections as all other personal data described in this policy. We do not request, require, or use health information to make decisions about your service. Under the Washington My Health My Data Act, you have the right to request deletion of any health-related information you may have provided.

9. Children's Privacy

The Site is not directed at children under 13 and we do not knowingly collect personal information from children under 13. If you believe a child has submitted information through our Site, please contact us and we will delete it promptly.

10. Third-Party Links

The Site contains links to third-party websites and services, including internet service providers, cell phone carriers, and other vendors. These links are provided for your convenience. We are not responsible for the privacy practices or content of third-party websites. We encourage you to review their privacy policies before providing any personal information.

11. Accessibility

We are committed to making our Site accessible to all visitors. We strive to follow Web Content Accessibility Guidelines (WCAG) 2.1 Level AA standards. If you experience any difficulty accessing our Site or have suggestions for improvement, please contact us at [email protected].

12. Changes to This Policy

We may update this privacy policy from time to time. Changes will be posted on this page with an updated "Last updated" date. Your continued use of the Site after changes are posted constitutes acceptance of the updated policy.

13. Contact Us

If you have questions about this privacy policy or how we handle your data:

Carrot & Flower LLC, DBA Freewave.Online
Orcas, WA 98280
Email: [email protected]
Phone: 321-222-0889
Web: Contact Form