Privacy Policy

Last Updated: January 14, 2026

Every day, dozens of property owners across Brooklyn face a common challenge: finding a flat roofing contractor they can trust, and that trust begins long before anyone climbs a ladder or measures a roof—it starts the moment someone decides to visit a website, pick up the phone, or send an email asking for help. Flat Top Brooklyn, operating out of 111 Montague St, has been answering those calls for years, and throughout that time, the business has maintained a simple philosophy: treat customer information with the same care and respect that goes into every roofing project undertaken.

Information flows into the company through several channels, each representing a different point of connection between potential customers and the services offered. Someone might discover the website through a search engine, typing in phrases like “flat roof repair Brooklyn” or “commercial roofing services near me,” and upon arriving at the digital storefront, their browser begins a silent exchange with the web server—technical details like device specifications, geographic indicators derived from network addresses, and navigation choices all get quietly recorded, not for surveillance purposes, but simply because that’s how modern web infrastructure functions, providing site operators with the feedback needed to understand whether pages load quickly enough, whether information is organized logically, and whether visitors find what they’re seeking or leave frustrated.

Active information sharing happens differently, through deliberate choices made by people who fill out contact forms or dial the phone number prominently displayed across marketing materials, and in these moments of outreach, individuals provide names, contact coordinates, property addresses, descriptions of roofing problems or installation needs, and sometimes even photographs documenting issues like ponding water or membrane deterioration. This voluntarily submitted material becomes the foundation for business relationships, enabling staff to respond intelligently, prepare accurate cost estimates reflecting actual project scope rather than vague guesswork, and schedule appointments at times convenient for busy property owners who often juggle multiple responsibilities beyond managing building maintenance.

Small text files called cookies deploy across visitor devices, performing useful but often misunderstood functions—some last only for single browsing sessions, disappearing automatically once someone closes their browser window, while others persist across days or weeks, remembering language preferences or display settings chosen during previous visits, and analytics cookies track aggregate behavior patterns like which service pages attract the most attention, how long typical visits last, and at what points navigation sequences commonly end, all contributing to ongoing site refinement efforts aimed at reducing friction and enhancing user experience. Browser manufacturers provide settings allowing individuals to block these files entirely, accept them selectively, or delete them periodically, though disabling cookies may cause certain interactive features to malfunction or force users to repeatedly input preferences that would otherwise be remembered automatically.

Information collected serves practical operational purposes rather than abstract corporate objectives—incoming inquiries require responses, and providing those responses necessitates having contact methods on file; preparing estimates demands understanding project specifics; coordinating appointments depends on knowing property locations; maintaining service history enables continuity across multiple interactions spanning months or years; website analytics inform decisions about content organization, feature development, and technical infrastructure investment; and compliance with various legal obligations—tax regulations, contractual requirements, dispute resolution procedures—often mandates retaining transaction records and communication histories for specified periods determined by statutory frameworks rather than arbitrary business preferences.

Sharing practices reflect both operational necessities and legal boundaries—certain vendors providing website hosting, email services, payment processing, or customer relationship management systems require access to relevant portions of the data ecosystem, though contractual agreements restrict their use of that access strictly to authorized purposes while imposing confidentiality obligations protecting against unauthorized disclosure. Law enforcement agencies or judicial bodies may compel information release through subpoenas, warrants, or court orders, and business succession scenarios involving mergers, acquisitions, or ownership changes typically transfer customer records along with other assets. Notably absent from this list: selling or renting customer lists to marketers, data brokers, or advertisers seeking to monetize personal details for purposes unrelated to original collection contexts, a practice the company categorically rejects as inconsistent with its values.

Security infrastructure layers multiple defensive measures, beginning with encryption protocols that scramble data during transmission between browsers and servers, rendering intercepted communications cryptographically useless to unauthorized parties lacking decryption keys; access controls then limit which employees can view sensitive records, with permissions granted based on job functions and responsibilities; regular security assessments identify vulnerabilities requiring remediation; and ongoing staff training reinforces awareness about protection best practices. Despite these efforts, perfect security remains theoretically impossible—determined attackers with sufficient resources and motivation sometimes breach even sophisticated defenses deployed by major corporations and government agencies—so rather than making absolute promises, the company commits to maintaining reasonable protections aligned with industry standards while acknowledging inherent limitations of digital security.

Individuals possessing rights regarding their personal data can exercise those rights through straightforward request procedures: asking to review what information exists generates responses containing relevant records; identifying inaccuracies triggers correction processes; requesting deletion initiates removal procedures subject to legal retention requirements; objecting to specific processing activities prompts reviews of whether legitimate grounds justify continued data use; and opting out of marketing communications immediately stops promotional messages, though transactional messages tied to active service relationships continue regardless of marketing preferences. Response timeframes typically fall within thirty days of receiving valid requests, with faster turnaround for simple inquiries and longer processing for complex situations requiring extensive record searches or legal review.

External website links occasionally appear, directing visitors toward manufacturer specifications, industry association resources, or social media profiles, and following those links means leaving company-controlled digital space and entering domains governed by separate privacy policies that may differ substantially from practices described here, so proceeding with awareness of that transition makes sense for anyone concerned about how their information gets handled once they’ve clicked away from this site.

Policy modifications happen occasionally as business operations evolve, legal frameworks change, or better practices emerge, with significant revisions triggering email notifications to customers whose contact information sits in active databases, while minor updates simply get posted alongside revised effective dates without fanfare. Periodically checking back to review current provisions helps maintain awareness of how data handling practices may have shifted since last reading through these paragraphs.

Legal disclaimers, required by counsel and customary in commercial contexts, clarify that website content and functionality come without warranties regarding accuracy, completeness, availability, or suitability for particular purposes; that liability for damages arising from website use or service provision remains limited, excluding indirect or consequential losses; that disputes arising from privacy practices fall under New York legal jurisdiction; and that invalid provisions, if identified through judicial review, get severed while remaining terms continue in force.

Questions, concerns, or requests for clarification find receptive ears by calling (929) 702-2949, visiting the office at 111 Montague St, or submitting inquiries through digital contact forms, with responsive staff generally replying within several business days depending on inquiry complexity and workload at the time requests arrive.