Data Protection & Privacy Compliance

Scope of Collection

We collect minimal personal data necessary for project consultation: name, email, phone number, and project specifications. We do not engage in behavioral advertising or sell data to third parties. Our processing is governed by GDPR (EU) and CCPA (California) where applicable, with data sovereignty maintained in US-based SOC 2 Type II certified servers.

Cookies & Tracking

We use only functional cookies (e.g., session management, load balancing) and privacy-first analytics (Plausible, no cookies). No tracking pixels, fingerprinting, or cross-site tracking. Users can opt out of analytics via browser Do Not Track signals.

Data Retention & Erasure

Personal data is retained for the duration of the project plus 3 years for warranty and compliance purposes. Upon request, we erase data within 30 days unless retention is mandated by law (e.g., tax records).

Third-Party Processors

We use Microsoft 365 for encrypted email, Notion for project management (EU data region), and Zoho for CRM. Each processor is contractually bound to GDPR Standard Contractual Clauses.

User Rights

European users: Right to access, rectification, erasure, portability, and to object to processing. California users: Right to know and delete personal information under CCPA. All users can request data by emailing [email protected] with subject ‘DSR’.

Security Measures

We implement AES-256 encryption at rest, TLS 1.3 in transit, biometric access to office, and quarterly penetration testing by a third-party firm.